SlideShare a Scribd company logo

DPO Circle 2018

Georges Ataya
Georges Ataya

Description of the Belgian GDPR professionals association, based on a presentation to the Belgian Federation of Enterprises.

Business
1 of 17
Download to read offline
Introduction to the DPO Circle Past and Planned activities Jennifer Salat, Secretary-General Georges Ataya, Co-founder 29 November 2018 © 2018 DPOCircle.eu DPOCIRCLE.EU
MEMBERS POTENTIAL PROFILE 1. Data Protection Officers (DPO) 2. Legal experts and Lawyers 3. Information Security and Information Technology experts 4. Enterprise and external auditors 5. Compliance Officers 6. General Managers and Financial Officers 7. Data Scientists and Data Management Professionals 8. Projects Managers 9. Enterprise Architects 10. Public Service personnel 11. Marketing Managers 12. Business Managers 13. Consultants THE PROGRAMME IN EUROPEAN DATA PROTECTION IS DEDICATED TO:
Primary Stakeholders Data protection Officer GDPR Compliance project manager Process Owner Additional Stakeholders Legal experts Chief information officer Chief information Security officer External Suppliers STAKEHOLDERS OF THE GDPR COMPLIANCE Data Subject Copyright ictc.eu DPOCIRCLE.EU
DPO Competences and Skills DPO DPOCIRCLE.EU
© 2018 Copyright ictc.eu FIVE DOMAINS OF KNOWLEDGE COMPLIANCE REQUIREMENTSCOMPLIANCE REQUIREMENTS D1. DATA PROTECTION MANAGEMENT REQUIREMENTS & PRIVACY IMPACT ASSESSMENT DATA PROTECTION MANAGEMENT REQUIREMENTS & PRIVACY IMPACT ASSESSMENTD2. COMPLIANCE TRANSFORMATION COMPLIANCE TRANSFORMATIOND3. INFORMATION SECURITY AND DATA PROTECTION INFORMATION SECURITY AND DATA PROTECTIOND4. COMPLIANCE OPERATIONS, MONITORING AND DATA BREACH MANAGEMENT COMPLIANCE OPERATIONS, MONITORING AND DATA BREACH MANAGEMENTD5. DPOCIRCLE.EU
Program in European Data Protection Started in 2016 as a research project with the ITMA asbl core team and the Belgian Privacy commission. Positioned today as a European leader in GDPR education. The body of knowledge is packaged to support a professional certification based on the ISO17024 standard. Solvay.edu/gdpr Coms.Solvay.edu/gdpr-modules DPOCIRCLE.EU
EDUCATION IS ALSO OFFERED AT FEB-VBO DPOCIRCLE.EU
Experience sharing, advocacy and development of toolbox, Up to two round table meeting in a month Association for Conferences with the involvement of Data Protection authorities (Belgian ADP, EU EDPS) and Secretary of state 300 members DPO and GDPR professionals DPOCIRCLE.EU
Conference on January 30 Followed by many members meetings up to two per months Conferences Inauguration Event in December 2017 DPOCIRCLE.EU
Annual Conference in Genval 25 October 2018 DPOCIRCLE.EU
DPO and GDPR professionals Various Round table meetings called DPOCircle Talks 15/5/20183/4/2018 Databreach risk evaluation Jennifer Salat 10/9/2018 3:59 PMNew!Reply Round table on the evaluation of data breaches was held by DPOcircle on the thursday 4 th if October in a cosy audience kindly made available by Solvay. An open and informal discussion covered varous topics: 1. Data breach recording and definition 2. Types of processes for breach reporting (centralised versus decentralised) 3. Methods of risk evaluation 4. Lessons learned 5. Challenges related to the implementationof data breach reporting requirements in practice 6. Uncertainties in relationto the interpretation of requirements 7. Other subjects (breach related and others) Data breach recording and definition It appears from the discussion that though some organisations have the data breach in place, some other still did not fully understood that besides the management of risk data breaches, controllers shall have documentation available about any data breach (not only those that were reported to DPA)a breach log to be available upon DPA request (art 33.5). Several participants use a summary table to comply with the art 33.5. Some organisation only record data breaches in this table, others record all incidents and evaluation (data breach or not). Data breach reporting process All participants have a knowledge of centralised processes; evaluation is done by DPO or by a panel, which includes DPO. Some organisation rely on contacts within units and departments to facilitate the reporting. Some organisation delegate this responsibility to data processors, which raises questions about the accountability. In some contexts, (hospital environment) processes may be much more complex given additional requirements (e.g. need to report to police on top of reporting to DPA) Methods of risk evaluation Only two participants applied an objective method for the risk evaluation – both are based on the ENISA recommendations (see references). The advantage seems to be the reproducibility of evaluationover time and in case of delegation. Other tool cited is a US tool (see references) and may be too simplistic for GDPR. In general, it is not easy to perform an objective risk evaluation. Lessons learned Data breaches under GDPR are not only related to the IT security, but can also come from other sources. It appears that the majority of breaches is of this other nature (e.g. lost paper file). Challenges Data breach reporting is the responsibility of data controller. However, it is not always easy to interpret the real cases and understanding of the role of each organisation within complex contexts (where contact covers several processing activities and responsibilities vary from one activity to another) is not straightforward. Specifically for legacy activities, where responsibilities where not documented using these terms and the update of contracts may be underway, but not finished yet. Other remarks in relationto the controller-processor subject: DPOCIRCLE.EU
DPOCIRCLE.EU
• Incident handling exercise (in cooperation with ISACA) • GDPR-RH de A à Z (1 jours): Comment créer le registre des traitements à travers des différents métiers en ressources humaines • GDPR-marketing de A à Z (1 jours): Comment créer le registre des traitements à travers des différents métiers en marketing • GDPR et Customer-Care : Comment créer le registre des traitements à travers des processus de qualité et de suivi des plaintes clients • GDPR et Gestion des fournisseurs : Comment créer le registre des traitements à travers des processus de Gestion des fournisseurs • GDPR et départements IT :Comment interagit la mise en place du GDPR avec les services et équipes informatique • Atelier: Protection Impact Assessment (2 jours): • Data Breach (1 jours) • Atelier Méthodologie de mise en place (2 jours) • Privacy by Design (1) PLANS FOR 2019 (FR – NL) DPOCIRCLE.EU
• Marketing Round table • HR Round table • Code of conducts for various professions/federations • The position of the DPO • Method and toolkits for DPO • GDPR skills and comptences • Healthcase Series DPOCIRCLE TALKS 2019 DPOCIRCLE.EU
DPOCIRCLE.EU
securityforum.pro 10/2018 cybersecurityconvention.be 10/2018 Participation in various events CEDPO Side event 10/2018 HELIVIEW conference 10/2018 BECI event 11/2018 DPOCIRCLE.EU
Join us at DPOCIRCLE.EU

Recommended

Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
EU Data Protection Regulation: Role of the Data Protection Officer
EU Data Protection Regulation: Role of the Data Protection OfficerEU Data Protection Regulation: Role of the Data Protection Officer
EU Data Protection Regulation: Role of the Data Protection Officer
MRS
 
MRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational MeasuresMRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational Measures
MRS
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project
DEFeND Project
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
Eryk Budi Pratama
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 

Recommended

Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
EU Data Protection Regulation: Role of the Data Protection Officer
EU Data Protection Regulation: Role of the Data Protection OfficerEU Data Protection Regulation: Role of the Data Protection Officer
EU Data Protection Regulation: Role of the Data Protection Officer
MRS
 
MRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational MeasuresMRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational Measures
MRS
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project
DEFeND Project
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
Eryk Budi Pratama
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
DATUM LLC
 
iKnow Solutions Laura Eisenhardt
iKnow Solutions Laura EisenhardtiKnow Solutions Laura Eisenhardt
iKnow Solutions Laura Eisenhardt
BigDataExpo
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
MRS
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
PECB
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance
Gabor Farkas
 
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Iron Mountain
 
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeo
Giulio Coraggio
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
daveGBE
 
Getting Your House in Order: Cost-effective Litigation Readiness
Getting Your House in Order: Cost-effective Litigation ReadinessGetting Your House in Order: Cost-effective Litigation Readiness
Getting Your House in Order: Cost-effective Litigation Readiness
Iron Mountain
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
Jean-Michel Franco
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
IT Governance Ltd
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1
Privacy Data Protection for Engineering
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
Sebastien Deleersnyder
 
Boldon James - SharePoint: information security's weakest link?
Boldon James - SharePoint: information security's weakest link?Boldon James - SharePoint: information security's weakest link?
Boldon James - SharePoint: information security's weakest link?
boldonjames
 
GDPR all concerned! Essential Issues of the General Data Protection Regulatio...
GDPR all concerned! Essential Issues of the General Data Protection Regulatio...GDPR all concerned! Essential Issues of the General Data Protection Regulatio...
GDPR all concerned! Essential Issues of the General Data Protection Regulatio...
EnjoyDigitAll by BNP Paribas
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
Symantec
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?
FactoVia
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR priorities
Alberto Canadè
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
Matt Stubbs
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
Peter Witsenburg
 

More Related Content

What's hot

GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
Getting Your House in Order: Cost-effective Litigation Readiness
Getting Your House in Order: Cost-effective Litigation ReadinessGetting Your House in Order: Cost-effective Litigation Readiness
Getting Your House in Order: Cost-effective Litigation Readiness
Iron Mountain
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
Jean-Michel Franco
 
Boldon James - SharePoint: information security's weakest link?
Boldon James - SharePoint: information security's weakest link?Boldon James - SharePoint: information security's weakest link?
Boldon James - SharePoint: information security's weakest link?
boldonjames
 

What's hot (17)

7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
iKnow Solutions Laura Eisenhardt
iKnow Solutions Laura EisenhardtiKnow Solutions Laura Eisenhardt
iKnow Solutions Laura Eisenhardt
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance
 
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
 
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeo
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
 
Getting Your House in Order: Cost-effective Litigation Readiness
Getting Your House in Order: Cost-effective Litigation ReadinessGetting Your House in Order: Cost-effective Litigation Readiness
Getting Your House in Order: Cost-effective Litigation Readiness
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
Boldon James - SharePoint: information security's weakest link?
Boldon James - SharePoint: information security's weakest link?Boldon James - SharePoint: information security's weakest link?
Boldon James - SharePoint: information security's weakest link?
 
GDPR all concerned! Essential Issues of the General Data Protection Regulatio...
GDPR all concerned! Essential Issues of the General Data Protection Regulatio...GDPR all concerned! Essential Issues of the General Data Protection Regulatio...
GDPR all concerned! Essential Issues of the General Data Protection Regulatio...
 

Similar to DPO Circle 2018

Technology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationTechnology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformation
at MicroFocus Italy ❖✔
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
Cloud Standards Customer Council
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementation
FERMA
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
ekyklos Κύκλος Ιδεών για τη Εθνική Ανασυγκρότηση
 

Similar to DPO Circle 2018 (20)

Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR priorities
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
 
EU GDPR: What You Really Need to Know
EU GDPR: What You Really Need to Know EU GDPR: What You Really Need to Know
EU GDPR: What You Really Need to Know
 
Privacy as a Career
Privacy as a CareerPrivacy as a Career
Privacy as a Career
 
IAB Europe's GDPR Compliance Primer
IAB Europe's GDPR Compliance PrimerIAB Europe's GDPR Compliance Primer
IAB Europe's GDPR Compliance Primer
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
 
Technology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationTechnology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformation
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?
 
Analytics in Action - Data Protection
Analytics in Action - Data ProtectionAnalytics in Action - Data Protection
Analytics in Action - Data Protection
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementation
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
 
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
 

Recently uploaded

Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Dipal Arora
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
lizamodels9
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 

Recently uploaded (20)

Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 

DPO Circle 2018

  • 1. Introduction to the DPO Circle Past and Planned activities Jennifer Salat, Secretary-General Georges Ataya, Co-founder 29 November 2018 © 2018 DPOCircle.eu DPOCIRCLE.EU
  • 2. MEMBERS POTENTIAL PROFILE 1. Data Protection Officers (DPO) 2. Legal experts and Lawyers 3. Information Security and Information Technology experts 4. Enterprise and external auditors 5. Compliance Officers 6. General Managers and Financial Officers 7. Data Scientists and Data Management Professionals 8. Projects Managers 9. Enterprise Architects 10. Public Service personnel 11. Marketing Managers 12. Business Managers 13. Consultants THE PROGRAMME IN EUROPEAN DATA PROTECTION IS DEDICATED TO:
  • 3. Primary Stakeholders Data protection Officer GDPR Compliance project manager Process Owner Additional Stakeholders Legal experts Chief information officer Chief information Security officer External Suppliers STAKEHOLDERS OF THE GDPR COMPLIANCE Data Subject Copyright ictc.eu DPOCIRCLE.EU
  • 5. © 2018 Copyright ictc.eu FIVE DOMAINS OF KNOWLEDGE COMPLIANCE REQUIREMENTSCOMPLIANCE REQUIREMENTS D1. DATA PROTECTION MANAGEMENT REQUIREMENTS & PRIVACY IMPACT ASSESSMENT DATA PROTECTION MANAGEMENT REQUIREMENTS & PRIVACY IMPACT ASSESSMENTD2. COMPLIANCE TRANSFORMATION COMPLIANCE TRANSFORMATIOND3. INFORMATION SECURITY AND DATA PROTECTION INFORMATION SECURITY AND DATA PROTECTIOND4. COMPLIANCE OPERATIONS, MONITORING AND DATA BREACH MANAGEMENT COMPLIANCE OPERATIONS, MONITORING AND DATA BREACH MANAGEMENTD5. DPOCIRCLE.EU
  • 6. Program in European Data Protection Started in 2016 as a research project with the ITMA asbl core team and the Belgian Privacy commission. Positioned today as a European leader in GDPR education. The body of knowledge is packaged to support a professional certification based on the ISO17024 standard. Solvay.edu/gdpr Coms.Solvay.edu/gdpr-modules DPOCIRCLE.EU
  • 7. EDUCATION IS ALSO OFFERED AT FEB-VBO DPOCIRCLE.EU
  • 8. Experience sharing, advocacy and development of toolbox, Up to two round table meeting in a month Association for Conferences with the involvement of Data Protection authorities (Belgian ADP, EU EDPS) and Secretary of state 300 members DPO and GDPR professionals DPOCIRCLE.EU
  • 9. Conference on January 30 Followed by many members meetings up to two per months Conferences Inauguration Event in December 2017 DPOCIRCLE.EU
  • 11. DPO and GDPR professionals Various Round table meetings called DPOCircle Talks 15/5/20183/4/2018 Databreach risk evaluation Jennifer Salat 10/9/2018 3:59 PMNew!Reply Round table on the evaluation of data breaches was held by DPOcircle on the thursday 4 th if October in a cosy audience kindly made available by Solvay. An open and informal discussion covered varous topics: 1. Data breach recording and definition 2. Types of processes for breach reporting (centralised versus decentralised) 3. Methods of risk evaluation 4. Lessons learned 5. Challenges related to the implementationof data breach reporting requirements in practice 6. Uncertainties in relationto the interpretation of requirements 7. Other subjects (breach related and others) Data breach recording and definition It appears from the discussion that though some organisations have the data breach in place, some other still did not fully understood that besides the management of risk data breaches, controllers shall have documentation available about any data breach (not only those that were reported to DPA)a breach log to be available upon DPA request (art 33.5). Several participants use a summary table to comply with the art 33.5. Some organisation only record data breaches in this table, others record all incidents and evaluation (data breach or not). Data breach reporting process All participants have a knowledge of centralised processes; evaluation is done by DPO or by a panel, which includes DPO. Some organisation rely on contacts within units and departments to facilitate the reporting. Some organisation delegate this responsibility to data processors, which raises questions about the accountability. In some contexts, (hospital environment) processes may be much more complex given additional requirements (e.g. need to report to police on top of reporting to DPA) Methods of risk evaluation Only two participants applied an objective method for the risk evaluation – both are based on the ENISA recommendations (see references). The advantage seems to be the reproducibility of evaluationover time and in case of delegation. Other tool cited is a US tool (see references) and may be too simplistic for GDPR. In general, it is not easy to perform an objective risk evaluation. Lessons learned Data breaches under GDPR are not only related to the IT security, but can also come from other sources. It appears that the majority of breaches is of this other nature (e.g. lost paper file). Challenges Data breach reporting is the responsibility of data controller. However, it is not always easy to interpret the real cases and understanding of the role of each organisation within complex contexts (where contact covers several processing activities and responsibilities vary from one activity to another) is not straightforward. Specifically for legacy activities, where responsibilities where not documented using these terms and the update of contracts may be underway, but not finished yet. Other remarks in relationto the controller-processor subject: DPOCIRCLE.EU
  • 13. • Incident handling exercise (in cooperation with ISACA) • GDPR-RH de A à Z (1 jours): Comment créer le registre des traitements à travers des différents métiers en ressources humaines • GDPR-marketing de A à Z (1 jours): Comment créer le registre des traitements à travers des différents métiers en marketing • GDPR et Customer-Care : Comment créer le registre des traitements à travers des processus de qualité et de suivi des plaintes clients • GDPR et Gestion des fournisseurs : Comment créer le registre des traitements à travers des processus de Gestion des fournisseurs • GDPR et départements IT :Comment interagit la mise en place du GDPR avec les services et équipes informatique • Atelier: Protection Impact Assessment (2 jours): • Data Breach (1 jours) • Atelier Méthodologie de mise en place (2 jours) • Privacy by Design (1) PLANS FOR 2019 (FR – NL) DPOCIRCLE.EU
  • 14. • Marketing Round table • HR Round table • Code of conducts for various professions/federations • The position of the DPO • Method and toolkits for DPO • GDPR skills and comptences • Healthcase Series DPOCIRCLE TALKS 2019 DPOCIRCLE.EU
  • 16. securityforum.pro 10/2018 cybersecurityconvention.be 10/2018 Participation in various events CEDPO Side event 10/2018 HELIVIEW conference 10/2018 BECI event 11/2018 DPOCIRCLE.EU