The fines for EU General Data Protection Regulation (GDPR) came into force on the 25th of May 2018. Think it doesn’t affect you? It affects those providing products or services to EU customers, and to those who process and hold their data.GDPR is not just about securing data, data management, the justification for keeping it, and how it can be removed is all part of the bigger GDPR picture. We will walk you through a scenario explaining the guiding principles of GDPR, how it may affect your organisation, how you can secure your Domino environment to comply with the regulations – without it being as boring as watching paint dry.

1. Domino in a GDPR World
• Tim Clark
www.bcchub.com
contact@bcc.biz

2. Presenters
• Tim Clark
• Director Services &
Support
• IBM Champion

3. Before we start
• All characters are fictitious
• Characters, locations &
other MCU references are
© Marvel
• Monster site/logo ©
Monster Worldwide
• Portal art by Matt Akin
https://www.artstation.com/mattakin

4. GDPR ≠ watching paint dry

5. GDPR the basics
The EU General Data Protection Regulation
(GDPR) replaces the Data Protection Directive
95/46/EC and was designed to harmonize data
privacy laws across Europe, to protect and
empower all EU citizens data privacy and to
reshape the way organizations across the region
approach data privacy.
https://www.eugdpr.org/the-regulation.html

6. GDPR the basics
• April 2016 laws passed
• May 2018 fines active
• Affects EVERYBODY that
holds Personal
Identifiable Information
on EU Citizens
(Data Subject)
• Data is OWNED by the
organization
• Data can be PROCESSED
by anyone
• Security by design not
by accident
• Opt-in & Data Search
• Right to be forgotten

7. Today’s Scenario
• Dr. Strange has applied
for a job at S.H.I.E.L.D.
• Stephen has been called
to S.H.I.E.L.D. for
interview
• Stephen is a UK Citizen
• The S.H.I.E.L.D. HQ is in
Washington, DC

8. Data Entry / Processing
Personal Information
• Data entry by user
• Data owned by Monster
but passed to
S.H.I.E.L.D.
Authorized Personnel
• Data Processor
• No single authority

9. Data Processing / DLP
Authorized Application
• Email confirmation
• New hire procedure
• Additional personal
data collection

10. Data Removal
Dr Strange leaves S.H.I.E.L.D.
• Data removal process
• Right to be forgotten

11. Data Entry / Processing
Personal Information
• Data entry by user
• Data owned by Monster
passed to S.H.I.E.L.D.
Authorized Personnel
• Data Processor
• No single authority
Personal Information
• Define how you store it
• What you use it for
• Who uses it
Authorized Personnel
• Defined roles
• Full access admin

12. Data Processing / DLP
Authorized Application
• Domino workflow
• Each procedure
documented
• Designated data owner
Authorized Application
• Email confirmation
• New hire procedure
• Additional personal
data collection

13. Data Removal
Dr Strange leaves S.H.I.E.L.D.
• Data removal process
• Right to be forgotten
Dr Strange leaves S.H.I.E.L.D.
• Define data retention
procedure
• Domain catalog search
• Anonymize data

14. Summary
GDPR requirements
• Data Protection
• Access Protection
• No God Access
• Data Loss Prevention
• Right to be Forgotten

15. Questions?

16. Contact us
Tim Clark
tim_clark@bcc.biz
TimsterC
Stephanie Heit
stephanie_heit@bcc.biz
StephanieHeit
BCC
BCC_Ltd
BCCAdminTools
www.bcchub.com
contact@bcc.biz