Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]


Published on

Skyword will be compliant with the EU General Data Protection Regulation (GDPR) when it goes into effect on May 25, 2018. We know that this is top of mind for all of you, and we have been working diligently for months to ensure our platform, policies, and procedures meet GDPR requirements.

Join Skyword's CMO, Tricia Travaline, and Chief Technology and Data Protection Officer, John Mihalik, delivered these slides in a webinar to provide an overview of Skyword's new data protection policies.

Published in: Marketing
  • Be the first to comment

Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]

  1. 1. Security, privacy, and GDPR compliance
  2. 2. 2 John Mihalik Chief Technology Officer Dave Sandborg Vice President, Engineering
  3. 3. • Skyword’s commitment to security: ISO 27001 compliance • Quick overview of General Data Protection Regulation (GDPR) • Privacy Shield • Skyword’s Action Plan Agenda 3
  4. 4. 4 ISO 27001
  5. 5. 5 ISO 27001 Security Framework Assets Threats Weakness Exposure Risk Controls endangered by that exploit resulting inleading to mitigated by to protect
  6. 6. Define the Scope Define the IS Policy Undertake Risk Assessment Selection of Controls Risk Treatment Plan Prepare SOA Treatment Planning Execute Risk Treatment Write Controls Implement Policies and Procedures Implement Training Manage Operations Implementation Define Metrics for Measurement Execute Operational Plan Regular Review of Effectiveness Review Level of Residual Risk Internal Audit Management Review Record Impact of ISMS Verification Implement Identified Improvement Take Corrective Action Apply Lessons Learned Communicate Results Execute ISMS Continuous Review Continuous Improvement Continuous Improvement ISO 27001 Implementation Process
  7. 7. The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared.
  8. 8. What is GDPR? 8 Definition of Personal Data Principles of Processing Lawfulness of Processing Personal Data Conditions of Consent Rights of the Data Subject Data Breach Notifications Data Protection Officer
  9. 9. 9 What is “Personal Data” as Defined by GDPR? “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;” - Article 4, GDPR
  10. 10. • Privacy Shield is an agreement between the EU and US allowing for the transfer of personal data from the EU to US. • The GDPR has specific requirements regarding the transfer of data out of the EU. • One of these requirements is that the transfer must only happen to countries deemed as having adequate data protection laws. • In general the EU does not list the US as one of the countries that meets this requirement. • Privacy Shield is designed to create an program whereby participating companies are deemed as having adequate protection, and therefore facilitate the transfer of information. • In short, Privacy Shield allows US companies, or EU companies working with US companies, to meet this requirement of the GDPR. What is the Privacy Shield? 11 What is the Privacy Shield?
  11. 11. 12 Skyword’s Action Plan
  12. 12. Assessment of Personal Data1 Implementation of Rights2 Verification3 PrivacyTrust Certification/Privacy Shield4 Ongoing Maintenance5
  13. 13. 14  Partnership with UK-based GDPR consulting firm  Comprehensive data audit and assessment  Partner/vendor GDPR compliance verification Assessment of Personal Data1
  14. 14. 15  Updated Privacy Policy and Terms of Service  Updated cookie policy  Explicit agreement to cookie and data collection on site and  Partner/vendor GDPR compliance verification Implementation of Rights2
  15. 15. 16  Skyword Tracking Tag • Pseudonymization • Anonymization • Exclusion  Database Encryption  Data retention Verification3
  16. 16. 17  Application submitted and pending final approval  Will display shield on our web site and platform PrivacyTrust Certification/Privacy Shield4
  17. 17. 18  Established Data Protection Officer  Developed process for privacy inquiries  Requiring GDPR compliance in all upcoming vendor contracts  Strict adherence to privacy and security policies Ongoing Maintenance5
  18. 18. 19 Questions