Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Prevent million dollar fines - preparing for the EU General Data Regulation

401 views

Published on

On December 1st, Anthony Merry presented the proposed changes for the EU Data Protection Regulation (GDPR) and what this means for you as an organization.

Published in: Education
  • Be the first to comment

  • Be the first to like this

Prevent million dollar fines - preparing for the EU General Data Regulation

  1. 1. 11 The proposed EU Data Regulation and what this means for you • Anthony Merry • Director of Product Management
  2. 2. 2 Agenda • Proposed EU Data Protection Regulation • Survey results: European attitudes to data protection • How to comply with the Regulation and minimize fines in the event of a breach • Stopping breaches in the first place • Summary
  3. 3. 33 EU Data Protection Regulation
  4. 4. 4 Establish a single, pan-European law to replace the current inconsistent patchwork of national laws. Modernize the principles enshrined in the 1995 Data Protection Directive Goal
  5. 5. 5 Benefits of the new Regulation Benefits for businesses 1. One EU market, one law 2. One-stop-shop – a single supervisory authority 3. Same rules for all companies Benefits for EU citizens 1. Better data security 2. Putting people in control
  6. 6. 6 Data security focus 3 key Articles pertaining to data security : 1. Security of processing (Article 30) a. prevent any unauthorized access to personal data b. prevent any unauthorized disclosure, reading, copying, modification, erasure or removal of personal data 2. Notification of a personal data breach to the supervisory authority (Article 31) 3. Communication of a personal data breach to the data subject (Article 32)
  7. 7. 7 What you need to know • Organizations must: • implement appropriate security measures to protect personal data • have a clear data protection policy • have a named Data Protection officer (except SMEs) • Fines for unprotected data breaches will range up to €1 million or 2% of annual turnover. • If you suffer a breach and can show that the personal data can’t be accessed by unauthorized people (e.g. it was encrypted): • The likelihood of being fined should be very greatly reduced • You won’t need to notify affected data subjects of the breach
  8. 8. 88 How to ensure compliance with the Regulation
  9. 9. 9 Encryption is key The Regulation will require organizations to: 1. Implement ‘appropriate security measures’ to protect personal data Encryption is widely agreed to be the best data security measure available 2. Notify affected parties in the event of a personal data breach If you can prove the data was encrypted you don’t need to notify the individuals concerned 3. Pay fines in the event of a personal data breach If the data was encrypted it’s highly likely that no fines will be imposed
  10. 10. 10 Encryption is key But What? Where? When?
  11. 11. 11 Lost or Stolen Device Unencrypted Encrypted • Accidental loss or Theft of a device is a common occurrence. • Only authorized user should access devices. • How many devices have you lost?
  12. 12. 12 Copy Files to Removable Media • These tiny devices can store large amounts of data and are easily misplaced. • Block or protect? • Where is your first USB stick and what was on it?
  13. 13. 13 Attach Files to E-Mail • We all email & we all make mistakes (it happens) • What’s the consequence of sending the wrong attachment to the wrong person? • Encrypt file attachments or examine at Gateway?
  14. 14. 14 Copy Files to a Network Share • Today’s Operating Systems make sharing data on the Network very simple. • Protect against Internal Threats. • Who is allowed to access company/user data?
  15. 15. 15 Copy Files to the Cloud • Cloud Storage Services revolutionized the way we share data between users and devices. • What have you stored in the Cloud and what happens if someone steals it? • Encrypt the data before sending it to the Cloud.
  16. 16. 16 Rock solid data protection strategy It’s all about the data 1. How does data flow into and out of your organization? 2. How do end users use the data? 3. Who has access to company data and do they need it to perform their job? 4. How does data glow out of an organization?
  17. 17. 1717 Preventing breaches
  18. 18. 18 5 steps to stop data getting into the wrong hands 1. Keep patches up-to-date Data-stealing malware often exploits known vulnerabilities. 2. Apply multi-layered entry-point protection Secure against multiple vectors of attack with Web, Email and Malware protection at the gateway. 3. Select Advanced Threat Protection Choose a next-generation firewall that detects and blocks attacks directly on the network. 4. Use Selective Sandboxing Secure against slow-moving or delayed threats. 5. Limit dissemination of sensitive data Deploy Application Control and Data Control
  19. 19. 1919 Summary
  20. 20. 20 Summary • This legislation WILL go ahead • It has already progressed very far, and with very high support. It will not be allowed to fail. • Key stakeholders want to move fast • European Commission • European Parliament • Data Protection Authorities • Individual Governments • Media pressure is building up • PRISM, large scale data thefts (e.g. Target) • Confidence from citizens in online activities is eroding • You need to be ready • Implement appropriate data security measures • Create and communicate your data protection policy
  21. 21. 21 Resources available to help you • Sample Data Protection Policy • 60-Second EU Data Security Compliance Check • Whitepaper on EU Data Protection Regulation • Try the Sophos products for free All available at www.sophos.com/EU
  22. 22. 2222 Questions?
  23. 23. 23© Sophos Ltd. All rights reserved.

×