3. •
•
•
•
• Give citizens control on personal data
• Simplifying the regulatory
• Facilitate free movement of data within EU
Adopted by EU in April 2016, enforced from 25 May 2018
•
• Data Privacy Assessments
• Data Protection Officers
•
•
4. • Data Controller/Processor Data Subject
• Personal Data: Any
Bob Smith IP: 212.168.1.100 bob@smith.com Visa: 4532377152918810, Blond
7. • The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Automated decision making and profiling
12. In a violation act the following sanctions can be imposed:
•
•
• 10M EUR 2%
• 20M EUR 4%
13.
14. • Less than 1
• Adopt behavioral, technology and compliance change
•
•
•
15.
16. 72% narušení kyber bezpečnosti je způsobeno zranitelností
aplikací a zcizením uživatelských identit
Source of data breaches
Source: Based on aggregated data from IT Business Edge, Krebs on Security, Security Week, and CSO Online
20. Public Cloud – Sdílená odpovědnost ohledně zabezpečení
infrastruktury
CP Global
Infrastructure
Data Centers
Zones
Regions
Edge
Locations
Networking Services
Compute Database Storage
Deployment & Management
Client-Side Data
Encryption & Data
Integrity Authentication
Server-Side Encryption
(File System and/or
Data)
Network Traffic
Protection (Encryption,
Integrity, Identity)
Operating System, Network and Firewall
Configuration
Platform, Applications, Identity & Access
Management
Customer Data Customer’s responsibility
• Protecting the
confidentiality, integrity,
and availability of their
data in the cloud
• OS and
application-level security
Cloud Provider responsibility
• Providing a global secure
infrastructure and services
PhysicaltoHypervisorOSandApplication
CloudProviderCustomer
38. • Incorporate data protection as culture
• Put someone in charge
• Identify how the regulation is
• going to impact you
• Identity who is who (Data Processor/Owner)
• Consider people, processes & technology
• Do not address only legal aspects