SlideShare a Scribd company logo

GDPR SECURITY ISSUES

Download as PPTX, PDF
S
Sylvain Martinez

A presentation given by Dr Kaleem Usmani from the MAURITIUS CERT on GDPR from the information security perspective

Technology
1 of 9
GDPR from the Information Security Perspective Dr. Kaleem Usmani kaleem.usmani@gmail.com kusmani@cert.ncb.mu (Alternate)
Personal Data Protection • Personal data protection plays an important role in the digital era. The right to privacy is expressly provided in Sections 3 and 9 of the Constitution of Mauritius and Article 22 of the Mauritian Civil Code. • Mauritius enacted the Data Protection Act in 2004. In light of the digital evolution in Mauritius, the Data Protection Act has been replaced by the new Data Protection Act 2017 which came into force on 15 January 2018. • The Act aims at strengthening the control and personal autonomy of data subjects over their personal data and for matters related thereto. It seeks to bring Mauritius data protection framework into line with the General Data Protection Regulation (Regulation (EU) 2016/679). 2
Why GDPR ? • The GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. • It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. • The GDPR also regulates the exportation of personal data outside the EU. 3
GDPR Impact on Organisations • It will have an impact on any organisation that processes personal data. • Breaches will apply to firms that do not have adequate customer consent for processing their personal data or violate the principle of the privacy- by-design concepts and model. • It is important to note that both data controllers and processors are subject to the rules, especially if they fail to either carry out a privacy impact assessment or notify the concerned authority about a breach. 4
Characteristics of GDPR 1.Scope: GDPR defines how EU citizens’ data must be handled by countries inside and outside the EU. 2.Consent: GDPR has changed and reinforced the conditions of consent in that it expects clear, plain language consent from data subjects in an easy, accessible and intelligible form. 3.Fines and Penalties: GDPR sanctions substantial fines of up to €20m or four percent of annual revenue whichever is greater. 5
Characteristics of GDPR ( Contd.) 4.Privacy by Design Processes will need to be amended to consider privacy by design whereby the controller must apply adequate technical and organisational procedures to fulfill the requirements of GDPR and protect the rights of individuals (data subjects) 5.Data Portability Personally identifiable data must be portable by open use of common file formats that are machine-readable when the data subject receives them. 6.Right to Access GDPR provides the right to data subjects to request the data controller to confirm whether their personally identifiable data is being processed, where, and for what purpose. In addition to this, the data controller must provide a free electronic copy of any personally identifiable data. 6
Characteristics of GDPR ( Contd.) 7.Right to be Forgotten The data subject is entitled to request that the data controller permanently or on-demand delete his/her personally identifiable data, cease further distribution of the data, and demand third parties halt processing of the data. 8.Breach Notification As a data breach is likely to result in a risk to the rights and freedoms of individuals, GDPR requires a mandatory breach notification to be submitted to the relevant authority within 72 hours of the organisation first becoming aware of the breach. 9.Data Protection Officer (DPO) It will be mandatory for data controllers and processors to appoint a DPO 7
Sum-up • IT Governance will be impacted by the requirements of the GDPR and will bring benefits as well. • The regulations will encourage organisations to have a more secure data management approach in place. • GDPR introduces several privacy arrangements and control mechanisms that are intended to safeguard personal identifiable data. • Many of those controls are also recommended by the ISO 27000 series of information security standards including ISO 27001:2013, ISO 27002:2013 as well as the COBIT 5 standards. 8
Thank You 9

Recommended

Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Sylvain Martinez
 
DPA and GDPR
DPA and GDPRDPA and GDPR
DPA and GDPRSabahtHussein
 
Introduction to gdpr
Introduction to gdprIntroduction to gdpr
Introduction to gdpr3GDR
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?Faidepro
 
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...MediaPost
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?David Erdos
 

Recommended

Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Sylvain Martinez
 
DPA and GDPR
DPA and GDPRDPA and GDPR
DPA and GDPRSabahtHussein
 
Introduction to gdpr
Introduction to gdprIntroduction to gdpr
Introduction to gdpr3GDR
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?Faidepro
 
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...MediaPost
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?David Erdos
 
Dai Davies - GDPR Presentation
Dai Davies - GDPR PresentationDai Davies - GDPR Presentation
Dai Davies - GDPR PresentationSagittarius
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-OverviewErica Walker
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Lauren Isaacs
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityDean Sappey
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveTrustArc
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRPriyab Satoshi
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance Tom Haynes
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 
The GDPR Armageddon – One year on
The GDPR Armageddon – One year onThe GDPR Armageddon – One year on
The GDPR Armageddon – One year onInsight Data
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPRTripwire
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPRSpoon London
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
 
EU US Privacy Shield vs. GDPR Infographic from TRUSTe
EU US Privacy Shield vs. GDPR Infographic from TRUSTeEU US Privacy Shield vs. GDPR Infographic from TRUSTe
EU US Privacy Shield vs. GDPR Infographic from TRUSTeTrustArc
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographicMarketing Team at Crown Worldwide Group
 
GDPR Compliance: What You Need to Know Before May 2018
GDPR Compliance: What You Need to Know Before May 2018GDPR Compliance: What You Need to Know Before May 2018
GDPR Compliance: What You Need to Know Before May 2018Infosec
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Alexander Davis
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQsTech Data
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key ChangesCraig Clark ITIL, CIS LI,EU GDPR P
 

More Related Content

What's hot

Dai Davies - GDPR Presentation
Dai Davies - GDPR PresentationDai Davies - GDPR Presentation
Dai Davies - GDPR PresentationSagittarius
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Lauren Isaacs
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityDean Sappey
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveTrustArc
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance Tom Haynes
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 
The GDPR Armageddon – One year on
The GDPR Armageddon – One year onThe GDPR Armageddon – One year on
The GDPR Armageddon – One year onInsight Data
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPRTripwire
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPRSpoon London
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
 
EU US Privacy Shield vs. GDPR Infographic from TRUSTe
EU US Privacy Shield vs. GDPR Infographic from TRUSTeEU US Privacy Shield vs. GDPR Infographic from TRUSTe
EU US Privacy Shield vs. GDPR Infographic from TRUSTeTrustArc
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
GDPR Compliance: What You Need to Know Before May 2018
GDPR Compliance: What You Need to Know Before May 2018GDPR Compliance: What You Need to Know Before May 2018
GDPR Compliance: What You Need to Know Before May 2018Infosec
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Alexander Davis
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQsTech Data
 

What's hot (19)

Dai Davies - GDPR Presentation
Dai Davies - GDPR PresentationDai Davies - GDPR Presentation
Dai Davies - GDPR Presentation
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
 
The GDPR Armageddon – One year on
The GDPR Armageddon – One year onThe GDPR Armageddon – One year on
The GDPR Armageddon – One year on
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPR
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
 
EU US Privacy Shield vs. GDPR Infographic from TRUSTe
EU US Privacy Shield vs. GDPR Infographic from TRUSTeEU US Privacy Shield vs. GDPR Infographic from TRUSTe
EU US Privacy Shield vs. GDPR Infographic from TRUSTe
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
GDPR Compliance: What You Need to Know Before May 2018
GDPR Compliance: What You Need to Know Before May 2018GDPR Compliance: What You Need to Know Before May 2018
GDPR Compliance: What You Need to Know Before May 2018
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs
 

Similar to GDPR SECURITY ISSUES

General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsHubilo
 
All you need to know about GDPR
All you need to know about GDPRAll you need to know about GDPR
All you need to know about GDPRHubilo
 
GDPR: Are you Ready?
GDPR: Are you Ready?GDPR: Are you Ready?
GDPR: Are you Ready?EngageHub
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPRNeha Patel
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protectionMRS
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaperJim Wilson
 
The GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farThe GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farPECB
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")Parsons Behle & Latimer
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paperGraeme Cross
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
General data protection regulation - European union
General data protection regulation - European unionGeneral data protection regulation - European union
General data protection regulation - European unionRohana K Amarakoon
 

Similar to GDPR SECURITY ISSUES (20)

General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
GDPR
GDPRGDPR
GDPR
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event Professionals
 
All you need to know about GDPR
All you need to know about GDPRAll you need to know about GDPR
All you need to know about GDPR
 
GDPR: Are you Ready?
GDPR: Are you Ready?GDPR: Are you Ready?
GDPR: Are you Ready?
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
 
Fasten Your Belts for #GDPR
Fasten Your Belts for #GDPRFasten Your Belts for #GDPR
Fasten Your Belts for #GDPR
 
Fasten Your Belts for GDPR
Fasten Your Belts for GDPRFasten Your Belts for GDPR
Fasten Your Belts for GDPR
 
Are You Prepared for the GDPR?
Are You Prepared for the GDPR?Are You Prepared for the GDPR?
Are You Prepared for the GDPR?
 
The GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farThe GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so far
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
General data protection regulation - European union
General data protection regulation - European unionGeneral data protection regulation - European union
General data protection regulation - European union
 

More from Sylvain Martinez

PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
INTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYSylvain Martinez
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSSylvain Martinez
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESSylvain Martinez
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWSylvain Martinez
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security AssessmentSylvain Martinez
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Sylvain Martinez
 
INCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONSINCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONSSylvain Martinez
 

More from Sylvain Martinez (20)

PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
INTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHY
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLES
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security Assessment
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
 
OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
 
Risk on Crypto Currencies
Risk on Crypto CurrenciesRisk on Crypto Currencies
Risk on Crypto Currencies
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
INCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONSINCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONS
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

GDPR SECURITY ISSUES

  • 1. GDPR from the Information Security Perspective Dr. Kaleem Usmani kaleem.usmani@gmail.com kusmani@cert.ncb.mu (Alternate)
  • 2. Personal Data Protection • Personal data protection plays an important role in the digital era. The right to privacy is expressly provided in Sections 3 and 9 of the Constitution of Mauritius and Article 22 of the Mauritian Civil Code. • Mauritius enacted the Data Protection Act in 2004. In light of the digital evolution in Mauritius, the Data Protection Act has been replaced by the new Data Protection Act 2017 which came into force on 15 January 2018. • The Act aims at strengthening the control and personal autonomy of data subjects over their personal data and for matters related thereto. It seeks to bring Mauritius data protection framework into line with the General Data Protection Regulation (Regulation (EU) 2016/679). 2
  • 3. Why GDPR ? • The GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. • It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. • The GDPR also regulates the exportation of personal data outside the EU. 3
  • 4. GDPR Impact on Organisations • It will have an impact on any organisation that processes personal data. • Breaches will apply to firms that do not have adequate customer consent for processing their personal data or violate the principle of the privacy- by-design concepts and model. • It is important to note that both data controllers and processors are subject to the rules, especially if they fail to either carry out a privacy impact assessment or notify the concerned authority about a breach. 4
  • 5. Characteristics of GDPR 1.Scope: GDPR defines how EU citizens’ data must be handled by countries inside and outside the EU. 2.Consent: GDPR has changed and reinforced the conditions of consent in that it expects clear, plain language consent from data subjects in an easy, accessible and intelligible form. 3.Fines and Penalties: GDPR sanctions substantial fines of up to €20m or four percent of annual revenue whichever is greater. 5
  • 6. Characteristics of GDPR ( Contd.) 4.Privacy by Design Processes will need to be amended to consider privacy by design whereby the controller must apply adequate technical and organisational procedures to fulfill the requirements of GDPR and protect the rights of individuals (data subjects) 5.Data Portability Personally identifiable data must be portable by open use of common file formats that are machine-readable when the data subject receives them. 6.Right to Access GDPR provides the right to data subjects to request the data controller to confirm whether their personally identifiable data is being processed, where, and for what purpose. In addition to this, the data controller must provide a free electronic copy of any personally identifiable data. 6
  • 7. Characteristics of GDPR ( Contd.) 7.Right to be Forgotten The data subject is entitled to request that the data controller permanently or on-demand delete his/her personally identifiable data, cease further distribution of the data, and demand third parties halt processing of the data. 8.Breach Notification As a data breach is likely to result in a risk to the rights and freedoms of individuals, GDPR requires a mandatory breach notification to be submitted to the relevant authority within 72 hours of the organisation first becoming aware of the breach. 9.Data Protection Officer (DPO) It will be mandatory for data controllers and processors to appoint a DPO 7
  • 8. Sum-up • IT Governance will be impacted by the requirements of the GDPR and will bring benefits as well. • The regulations will encourage organisations to have a more secure data management approach in place. • GDPR introduces several privacy arrangements and control mechanisms that are intended to safeguard personal identifiable data. • Many of those controls are also recommended by the ISO 27000 series of information security standards including ISO 27001:2013, ISO 27002:2013 as well as the COBIT 5 standards. 8