Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CyNation: 7 Things You Should Know about EU GDPR

261 views

Published on

An overview of EU GDPR key characteristics, its origins and legal implications of non-compliance. It also provides the initial steps that an organisation needs to follow to operate in compliance with new cyber security regulatory landscape.

Published in: Law
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

CyNation: 7 Things You Should Know about EU GDPR

  1. 1. 7 things you should know about EU GDPR Shadi A. Razak 7th October 2016
  2. 2. Introduction • Shadi A. Razak – Chief Technology Officer – Head of Compliance and Cyber Security Solutions – 15 international experience in: • Cyber security, • Information compliance • Business digitalisation – Private and public Sector – SMEs and International blue chip corporations
  3. 3. Introduction We do that by providing innovative cyber security and information compliance solutions that encompass people, processes and technology, enabling organisations to become more resilient and effective against threats. We help organisations improve their compliance & security posture.
  4. 4. Introduction Fraud Detection CyNation’s offers the most powerful yet easy to use analysis tools for detecting and preventing invisible internal fraud, external theft and poor procedural compliance. Ubiquitous Monitoring Combining an innovative object persistent database, advanced ubiquitous data collector with data analytics and high visualisation to proactively monitor multiple data types in one configurable system. Secure Communications CyNation’s Secure Communication Platform (SCP) protects confidential information flows between employees and external parties through a secure communications application that looks like email and is as easy to use as the popular instant messaging clients. Cyber Security Literacy Tailor-made workshops and training sessions for Boards, C-suite executives & management from cyber security awareness to cyber crisis incident response planning and simulation. GRC (Compliance Management) Combining human expertise with advanced data monitoring, data analytics & visualisation to proactively manage and comply with technical, operational, financial and legal standards and regulations. Comprehensive Threat Insight Combining advanced solutions of data analytics and visualisation to proactively manage and avert threats. Ongoing Risk Assessment Combining business risk assessments, advanced vulnerability assessments and penetration testing with data analytics to proactively assess and manage cyber risk.
  5. 5. Agenda • The landscape • EU GDPR – Structure – Aim – Benefits – Consequences – Data Security • 7 things you should know • 7 Steps to be ready
  6. 6. The landscape $ V.S Different legal system across the world Personal data is valuable Contrast between Europe & US legislation
  7. 7. The landscape Source: UNCTD, 2016
  8. 8. EU GDPR European Union General Data Protection Regulation General Provisions (Articles 1-4) Principles (Articles 5-11) Rights of Data Subjects: 5 Sections (Articles 12-23) Controller and Processors: 5 Section (Articles 24-43) Transfer of Personal Data (Articles 44-50) Independent Supervisory Authorities (Articles 51-59) Cooperation and Consistency (Articles 60-76) Remedies, Liabilities and Penalties (Articles 77-84) Processing Situation Provisions (Article 85-91) Delegation and Implementation Act (Article 92&93) Final Provisions (Articles 94-99) 1 2 3 4 5 6 7 8 9 10 11 The core of the regulation How supervisory authorities at the EU are going to enforce the regulation
  9. 9. EU GDPR ConsequencesBenefits Aim
  10. 10. EU GDPR - Aim • One Regulation • Stronger enforcement body • Data Protection Impact Assessment (DPIA) • Include international suppliers in regulation scope • Diminish distinction between processor and controller
  11. 11. EU GDPR - Benefits • For business: – One market : one law – One stop shop – Same rules for all companies – No general registration requirement
  12. 12. EU GDPR - Benefits • For customers / citizens: – Better data security – Better control over your personal data: • Mandatory consent • Right to be forgotten • Right to object to profiling • Better subject access request (SAR) regime
  13. 13. EU GDPR - Consequences • Fine of €10million or 2% of global turnover, whichever is greater: ꟷ 8: Child’s consent ꟷ 11: Processing not requiring identification ꟷ 25: Data protection by design and by default ꟷ 26 - 30: Processing ꟷ 31: Cooperation with the supervisory authority ꟷ 32: Data security ꟷ 33: Notification of breaches to supervisory authority ꟷ 34: Communication of breaches to data subjects ꟷ 35: Data protection impact assessment ꟷ 36: Prior consultation ꟷ 37 -39: DPOs ꟷ 41(4): Monitoring approved codes of conduct ꟷ 42: Certification ꟷ 43: Certification bodies
  14. 14. EU GDPR - Consequences • Fine of €20million or 4% of global turnover, whichever is greater: – 5: Principles relating to the processing of personal data – 6: Lawfulness of processing – 7: Conditions for consent – 9: Processing special categories of personal data (i.e. sensitive personal data) – 12 - 22: Data subject rights – 44 - 49: Transfers to third countries – 58(1): Requirement to provide access to supervisory authority – 58(2): Orders/limitations on processing or the suspension of data flows
  15. 15. EU GDPR - Consequences Audit failure Fines & criminal charges Financial loss Loss of data confidentiality, integrity and/or availability Violation of employee privacy Loss of customer Trust Loss of brand reputation Loss of market share Damaged reputation Legal exposure CEO CFO/COO CIO CHRO CMO Greater Reputation Risk
  16. 16. EU GDPR – Data security • Chapter 4: – 4 Key articles: • Section 2: Security of personal data – Article 32: Security of Processing – Article 33: Notification of personal data breaches to the supervisory authority – Article 34: Communication of personal data breaches to the data subjects • Section 3: Data Protection Impact Assessment and Prior Consultation – Article 35: Data protection impact assessment
  17. 17. EU GDPR – Data security Organisation must Organisation will • greatly reduce the likelihood of being fined • will not need to notify affected data subjects of the breach • Implement appropriate security measures to protect personal data • Have a clear data protection policy • Have named a data protection officer
  18. 18. 7 Thing you should know EU GDPR is already a reality It is all about protecting the fundamental rights of natural person It applies to every organisation and every type of data Consent Rules Accountability and transparency are the organisation responsibility Data Protection Officer is needed Encryption is not the answer 1 2 3 4 5 6 7
  19. 19. 7 steps to get ready 1 • Audit your data 2 • Identify who is responsible for this data 3 • Design and implement appropriate measure to protect this data 4 • Develop processes to deal with breaches/incidents 5 • Designate a Data protection Officer (DPO) and supporting team 6 • Understand who is data you are controlling and/or processing 7 • Develop culture of Privacy by design wide across the organisation
  20. 20. 7 steps to get ready 1 • Audit your data 2 • Identify who is responsible for this data 3 • Design and implement appropriate measure to protect this data 4 • Develop processes to deal with breaches/incidents 5 • Designate a Data protection Officer (DPO) and supporting team 6 • Understand who is data you are controlling and/or processing 7 • Develop culture of Privacy by design wide across the organisation
  21. 21. EU GDPR Readiness • Get your organisation EU GDPR Readiness report - December 2016 (contact@cynation.com)
  22. 22. © Copyright CyNation Limited 2016. All rights reserved. Without the express prior written consent of the CyNation, the presentation and any information contained within it may not be (i) reproduced (in whole or in part), (ii) copied at any time, (iii)used for any purpose other than your evaluation of the company or (iv) provided to any other person, except your employees, and advisors with a need to know who are advised of the confidentiality of the information. The information contained in these materials is provided for informational purposes only, and is provided as is without warranty of any kind, express or implied. CyNation shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from CyNation or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of CyNation solutions and services. Product release dates and / or capabilities referenced in these materials may change at any time at CyNation’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. We would be delighted to talk to you: Shadi A. Razak shadi.razak@cynation.com T: +44(0)7768 686638

×