SlideShare a Scribd company logo

What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]

TrustArc
TrustArc

Watch the webinar on-demand: https://info.trustarc.com/what-gdpr-means-for-your-cybersecurity-strategy-webinar.html In this highly-connected world, there is potential for even the most secure networks to be compromised. With the GDPR bringing increased fines and heightened consumer expectations on how consumer data is handled, there’s additional pressure on your company’s cybersecurity strategy to stay one step ahead. A focus on preventative measures needs to become more sophisticated with a multi-layered approach to cybersecurity and ongoing risk management. Watch this on-demand webinar now to look at the role the CISO plays in managing GDPR compliance, the role of tools such as anonymisation and integrated assessments, and how the privacy team can partner effectively with the security team. To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/ https://info.trustarc.com/what-gdpr-means-for-your-cybersecurity-strategy-webinar.html

Law
1 of 27
Download to read offline
© 2018 TrustArc Inc Proprietary and Confidential Information PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program PRIVACY INSIGHT SERIES What the GDPR Means for your Cybersecurity Strategy November 28, 2018
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Thank you for joining the webinar “What the GDPR Means for your Cybersecurity Strategy” • We will be starting a couple minutes after the hour • This webinar will be recorded and the recording and slides sent out later today • Please use the GotoWebinar control panel on the right hand side to submit any questions for the speakers 2
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Today’s Speakers Andre Mintz, CISSP, CTPRP EVP, Chief Information Security Officer | Chief Privacy Officer Red Ventures 3 Martin Gomberg, CISSP, CIPP/E Senior Consultant TrustArc Margaret Alston, CIPP/G/C/M FIP Consulting Director TrustArc
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Today’s Agenda • Welcome & Introductions • Set the stage • Importance of Security in GDPR • Reasonable organizational and technical measures • CISO and CPO roles in delivering GDPR program • Recommendations – Next Steps • Questions 4
PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Setting the Stage 5
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Poll Question 6
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries7 Per cent of companies indicating they are in full compliance (600 companies polled) 20% Estimated to achieve compliance by year end 2018 60% Companies still unaware of obligations for compliance under GDPR Undetermined (miscellaneous sources) Comparative State of EU, UK and US Corporate Compliance (TrustArc, 2018) Comparative State of EU, UK and US Corporate Compliance (TrustArc, 2018) We should be done, but are we getting close?
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Who Owns GDPR? 8 LEGAL RISK ITCISO Operations GDPR
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries HIPAA CCPA SECNYDFS PIPEDA GDPR And we are getting numb…. 9 BRAZIL CHINA BELARUS SINGAPORE RUSSIA ISRAEL TAJIKISTAN KENYA UK
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Poll Question 10
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Are Cyber and Privacy controls the same? • Cyber controls: – Monitoring, testing, detection, analysis, correlation, response, review, reinforcement, and defense • Privacy controls: – Minimization (collection, retention, distribution, manipulation, transfer) – Obfuscation (encryption, hashing, pseudonymization, anonymization) – Informed choice (basis for consent, cookies and tracking, cookie wall, legitimate interests) – Individual data rights (view, access, correct, limit, stop, erase, port or withdraw consent) – Privacy by design 11
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Legacy Systems GDPR affords individual data subjects the right to know if we hold their data and to view, access, correct, limit or stop processing and ask that it be erased or returned. – SAR (Subject Access Rights) Requests – Can we find the data we hold? – Can traditional system design support this? – How effective our controls around the data we hold in general? 12
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Reasonable Organizational and Technical Measures – What Does That Mean? • They are undefined, but they are risk aligned • Proportional to the need and the investment • Where controls are lacking, compensating controls are applied sufficient to the risk • Measures may be technical devices, technical process, staffing, structure, or procedure • They address monitoring, testing, detection, analysis, correlation, response, review, reinforcement, defense, authorized use and behavior, and privacy controls 13
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries RISK ALIGNMENT OF REASONABLE MEASURES 14 Classified Intelligence Vital Systems, Apps, Data High Risk Systems, Apps, Data Moderate High-Risk Systems, Apps, Data Moderate Risk Systems, Apps, Data Low Risk Systems, Apps, Data Negligible Risk And/or Public Data Validated Secure Controls High Risk Controls Moderate High Risk Controls Moderate Risk Controls Low Risk Controls Negligible Risk Controls Examples of Reasonable Measures Technical Measures Reasonableness should apply to defenses, infrastructure investment, monitoring and detection, development, process and procedure. Organizational Measures Reasonableness should also apply to adequacy in staffing, and authorization of access and use, dictating who has access to specific data, what they are authorized to do, whether it can be transported, and required protection.
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries The CIA Triad and GDPR CIA governs our traditional approach to security. – Is the concept of CIA (Confidentiality, Integrity and Availability) sufficient for GDPR? 15
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Are our categories of risk sufficiently defining for GDPR? Corporate data can be high risk, but not in scope for GDPR. – Under GDPR, what data are considered in scope? – Does de-identification through encryption render data out of scope for GDPR? 16
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Cloud and GDPR • Cloud moves data out of direct control. Is it compatible with controller obligations? – Remote management – Effective controls – Contracts – Third party support 17
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Emerging Threats and GDPR • Ransomware • Social engineering • Spear Phishing • Nation State Actors • Malicious Data Exfiltration 18
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries GDPR – A Comprehensive View of Breach • Data loss • Exfiltration • Isolation • Manipulation • Destruction • Disclosure 19
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Challenges for emerging technologies and GDPR • AI • BlockChain • IOT • MedTech 20
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Poll Question 21
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries CISO and CPO roles in delivering GDPR program Can the CISO also be the DPO or CPO? – Skills compatibility? – Conflicts of interest? – Organizational reporting 22
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries If you haven’t started you need a plan • Evaluate • Advocate • Educate • Plan • Assess and mitigate • Operate • Document • Build a repeatable, demonstrable and reportable process 23
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Recommendations and Next Steps • Inventory networks, systems, data location, purpose, need, owners and controls • Assess business gaps to the law • Map business processes and movement of data • Risk assess data and system assets • Evaluate contracts, disclosures • Data owner choice, rights and controls • Correct deficiencies 24
PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Questions? 25
PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Contacts 26 Andre Mintz amintz@redventures.com Martin Gomberg mgomberg@trustarc.com Margaret Alston malston@trustarc.com
PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Thank You! Register now for the last webinar in our 2018 Summer / Fall Webinar Series “Privacy Management: Emerging Trends, Benchmarking and Best Practices” and is due to take place on December 19, 2018. See http://www.trustarc.com/insightseries for the 2018 Privacy Insight Series and past webinar recordings. 27

Recommended

Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...TrustArc
 
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...TrustArc
 
72 Hours Notice: Incident Response Management under the GDPR [Webinar Slides]
72 Hours Notice: Incident Response Management under the GDPR [Webinar Slides]72 Hours Notice: Incident Response Management under the GDPR [Webinar Slides]
72 Hours Notice: Incident Response Management under the GDPR [Webinar Slides]TrustArc
 
Demonstrating Compliance & the Role of Certification Under the GDPR [Webinar ...
Demonstrating Compliance & the Role of Certification Under the GDPR [Webinar ...Demonstrating Compliance & the Role of Certification Under the GDPR [Webinar ...
Demonstrating Compliance & the Role of Certification Under the GDPR [Webinar ...TrustArc
 
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]TrustArc
 
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]TrustArc
 
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]TrustArc
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementTrustArc
 

Recommended

Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...
Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Pra...TrustArc
 
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...TrustArc
 
72 Hours Notice: Incident Response Management under the GDPR [Webinar Slides]
72 Hours Notice: Incident Response Management under the GDPR [Webinar Slides]72 Hours Notice: Incident Response Management under the GDPR [Webinar Slides]
72 Hours Notice: Incident Response Management under the GDPR [Webinar Slides]TrustArc
 
Demonstrating Compliance & the Role of Certification Under the GDPR [Webinar ...
Demonstrating Compliance & the Role of Certification Under the GDPR [Webinar ...Demonstrating Compliance & the Role of Certification Under the GDPR [Webinar ...
Demonstrating Compliance & the Role of Certification Under the GDPR [Webinar ...TrustArc
 
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]TrustArc
 
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]TrustArc
 
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]TrustArc
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementTrustArc
 
ROI of Privacy: Building a Case for Investment [Webinar Slides]
ROI of Privacy: Building a Case for Investment [Webinar Slides]ROI of Privacy: Building a Case for Investment [Webinar Slides]
ROI of Privacy: Building a Case for Investment [Webinar Slides]TrustArc
 
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...TrustArc
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...TrustArc
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceCloudera, Inc.
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...TrustArc
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]TrustArc
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Delphix
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerCapgemini
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
GDPR 101
GDPR 101GDPR 101
GDPR 101Mafazo: Digital Solutions
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017Ray Bugg
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceMarketingArrowECS_CZ
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPRTripwire
 
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Jean-Michel Franco
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Blancco
 
2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy managementTrustArc
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 

More Related Content

What's hot

ROI of Privacy: Building a Case for Investment [Webinar Slides]
ROI of Privacy: Building a Case for Investment [Webinar Slides]ROI of Privacy: Building a Case for Investment [Webinar Slides]
ROI of Privacy: Building a Case for Investment [Webinar Slides]TrustArc
 
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...TrustArc
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...TrustArc
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceCloudera, Inc.
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...TrustArc
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]TrustArc
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Delphix
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerCapgemini
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017Ray Bugg
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceMarketingArrowECS_CZ
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPRTripwire
 
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Jean-Michel Franco
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Blancco
 

What's hot (20)

ROI of Privacy: Building a Case for Investment [Webinar Slides]
ROI of Privacy: Building a Case for Investment [Webinar Slides]ROI of Privacy: Building a Case for Investment [Webinar Slides]
ROI of Privacy: Building a Case for Investment [Webinar Slides]
 
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
GDPR 101
GDPR 101GDPR 101
GDPR 101
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR Compliance
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
 
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
 

Similar to What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]

2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy managementTrustArc
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilienceaccenture
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilienceaccenture
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallSplunk
 
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarDiscovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarConcept Searching, Inc
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionMike Wons
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Enterprise Management Associates
 
cryptography.pptx
cryptography.pptxcryptography.pptx
cryptography.pptxMhndHTaani
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 

Similar to What the GDPR Means for your Cybersecurity Strategy [Webinar Slides] (20)

2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
 
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarDiscovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
cryptography.pptx
cryptography.pptxcryptography.pptx
cryptography.pptx
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
Cyber Risk in the Energy Industry
Cyber Risk in the Energy IndustryCyber Risk in the Energy Industry
Cyber Risk in the Energy Industry
 

More from TrustArc

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowTrustArc
 

More from TrustArc (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
 

Recently uploaded

Divorce Procedure in India (Info) (1).pdf
Divorce Procedure in India (Info) (1).pdfDivorce Procedure in India (Info) (1).pdf
Divorce Procedure in India (Info) (1).pdfdigitalnikesh24
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书SS A
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Oishi8
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueSkyLaw Professional Corporation
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)Delhi Call girls
 
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881mayurchatre90
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxnyabatejosphat1
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in IndiaLegal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in IndiaFinlaw Consultancy Pvt Ltd
 
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhi
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | DelhiFULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhi
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhisoniya singh
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhaiShashankKumar441258
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书E LSS
 
Introduction to Corruption, definition, types, impact and conclusion
Introduction to Corruption, definition, types, impact and conclusionIntroduction to Corruption, definition, types, impact and conclusion
Introduction to Corruption, definition, types, impact and conclusionAnuragMishra811030
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptjudeplata
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 
Debt Collection in India - General Procedure
Debt Collection in India - General ProcedureDebt Collection in India - General Procedure
Debt Collection in India - General ProcedureBridgeWest.eu
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptzainabbkhaleeq123
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm2020000445musaib
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx2020000445musaib
 

Recently uploaded (20)

Divorce Procedure in India (Info) (1).pdf
Divorce Procedure in India (Info) (1).pdfDivorce Procedure in India (Info) (1).pdf
Divorce Procedure in India (Info) (1).pdf
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书
 
Rohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
 
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptx
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in IndiaLegal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
 
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhi
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | DelhiFULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhi
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhi
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书
 
Introduction to Corruption, definition, types, impact and conclusion
Introduction to Corruption, definition, types, impact and conclusionIntroduction to Corruption, definition, types, impact and conclusion
Introduction to Corruption, definition, types, impact and conclusion
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
Debt Collection in India - General Procedure
Debt Collection in India - General ProcedureDebt Collection in India - General Procedure
Debt Collection in India - General Procedure
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .ppt
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx
 

What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]

  • 1. © 2018 TrustArc Inc Proprietary and Confidential Information PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program PRIVACY INSIGHT SERIES What the GDPR Means for your Cybersecurity Strategy November 28, 2018
  • 2. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Thank you for joining the webinar “What the GDPR Means for your Cybersecurity Strategy” • We will be starting a couple minutes after the hour • This webinar will be recorded and the recording and slides sent out later today • Please use the GotoWebinar control panel on the right hand side to submit any questions for the speakers 2
  • 3. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Today’s Speakers Andre Mintz, CISSP, CTPRP EVP, Chief Information Security Officer | Chief Privacy Officer Red Ventures 3 Martin Gomberg, CISSP, CIPP/E Senior Consultant TrustArc Margaret Alston, CIPP/G/C/M FIP Consulting Director TrustArc
  • 4. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Today’s Agenda • Welcome & Introductions • Set the stage • Importance of Security in GDPR • Reasonable organizational and technical measures • CISO and CPO roles in delivering GDPR program • Recommendations – Next Steps • Questions 4
  • 5. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Setting the Stage 5
  • 6. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Poll Question 6
  • 7. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries7 Per cent of companies indicating they are in full compliance (600 companies polled) 20% Estimated to achieve compliance by year end 2018 60% Companies still unaware of obligations for compliance under GDPR Undetermined (miscellaneous sources) Comparative State of EU, UK and US Corporate Compliance (TrustArc, 2018) Comparative State of EU, UK and US Corporate Compliance (TrustArc, 2018) We should be done, but are we getting close?
  • 8. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Who Owns GDPR? 8 LEGAL RISK ITCISO Operations GDPR
  • 9. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries HIPAA CCPA SECNYDFS PIPEDA GDPR And we are getting numb…. 9 BRAZIL CHINA BELARUS SINGAPORE RUSSIA ISRAEL TAJIKISTAN KENYA UK
  • 10. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Poll Question 10
  • 11. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Are Cyber and Privacy controls the same? • Cyber controls: – Monitoring, testing, detection, analysis, correlation, response, review, reinforcement, and defense • Privacy controls: – Minimization (collection, retention, distribution, manipulation, transfer) – Obfuscation (encryption, hashing, pseudonymization, anonymization) – Informed choice (basis for consent, cookies and tracking, cookie wall, legitimate interests) – Individual data rights (view, access, correct, limit, stop, erase, port or withdraw consent) – Privacy by design 11
  • 12. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Legacy Systems GDPR affords individual data subjects the right to know if we hold their data and to view, access, correct, limit or stop processing and ask that it be erased or returned. – SAR (Subject Access Rights) Requests – Can we find the data we hold? – Can traditional system design support this? – How effective our controls around the data we hold in general? 12
  • 13. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Reasonable Organizational and Technical Measures – What Does That Mean? • They are undefined, but they are risk aligned • Proportional to the need and the investment • Where controls are lacking, compensating controls are applied sufficient to the risk • Measures may be technical devices, technical process, staffing, structure, or procedure • They address monitoring, testing, detection, analysis, correlation, response, review, reinforcement, defense, authorized use and behavior, and privacy controls 13
  • 14. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries RISK ALIGNMENT OF REASONABLE MEASURES 14 Classified Intelligence Vital Systems, Apps, Data High Risk Systems, Apps, Data Moderate High-Risk Systems, Apps, Data Moderate Risk Systems, Apps, Data Low Risk Systems, Apps, Data Negligible Risk And/or Public Data Validated Secure Controls High Risk Controls Moderate High Risk Controls Moderate Risk Controls Low Risk Controls Negligible Risk Controls Examples of Reasonable Measures Technical Measures Reasonableness should apply to defenses, infrastructure investment, monitoring and detection, development, process and procedure. Organizational Measures Reasonableness should also apply to adequacy in staffing, and authorization of access and use, dictating who has access to specific data, what they are authorized to do, whether it can be transported, and required protection.
  • 15. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries The CIA Triad and GDPR CIA governs our traditional approach to security. – Is the concept of CIA (Confidentiality, Integrity and Availability) sufficient for GDPR? 15
  • 16. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Are our categories of risk sufficiently defining for GDPR? Corporate data can be high risk, but not in scope for GDPR. – Under GDPR, what data are considered in scope? – Does de-identification through encryption render data out of scope for GDPR? 16
  • 17. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Cloud and GDPR • Cloud moves data out of direct control. Is it compatible with controller obligations? – Remote management – Effective controls – Contracts – Third party support 17
  • 18. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Emerging Threats and GDPR • Ransomware • Social engineering • Spear Phishing • Nation State Actors • Malicious Data Exfiltration 18
  • 19. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries GDPR – A Comprehensive View of Breach • Data loss • Exfiltration • Isolation • Manipulation • Destruction • Disclosure 19
  • 20. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Challenges for emerging technologies and GDPR • AI • BlockChain • IOT • MedTech 20
  • 21. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Poll Question 21
  • 22. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries CISO and CPO roles in delivering GDPR program Can the CISO also be the DPO or CPO? – Skills compatibility? – Conflicts of interest? – Organizational reporting 22
  • 23. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries If you haven’t started you need a plan • Evaluate • Advocate • Educate • Plan • Assess and mitigate • Operate • Document • Build a repeatable, demonstrable and reportable process 23
  • 24. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Recommendations and Next Steps • Inventory networks, systems, data location, purpose, need, owners and controls • Assess business gaps to the law • Map business processes and movement of data • Risk assess data and system assets • Evaluate contracts, disclosures • Data owner choice, rights and controls • Correct deficiencies 24
  • 25. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Questions? 25
  • 26. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Contacts 26 Andre Mintz amintz@redventures.com Martin Gomberg mgomberg@trustarc.com Margaret Alston malston@trustarc.com
  • 27. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Thank You! Register now for the last webinar in our 2018 Summer / Fall Webinar Series “Privacy Management: Emerging Trends, Benchmarking and Best Practices” and is due to take place on December 19, 2018. See http://www.trustarc.com/insightseries for the 2018 Privacy Insight Series and past webinar recordings. 27