SlideShare a Scribd company logo

The GDPR Is Only for Europe—Right?

Priyanka Aash
Priyanka Aash

The EU’s GDPR is the first major overall of data privacy requirements in the EU since the 1990s and is effective May 25, 2018. The GDPR is more than a regulation; it is a way of integrating data privacy and information security into day-to-day operations. This session will use case studies to bring alive the key issues to be addressed and best practices to address them whether in the EU or not. Learning Objectives: 1: Understand that the GDPR contains significant food for thought. 2: Learn how organizations can build on previous compliance and policy efforts. 3: Understand why doing business in Europe post-GPDR requires planning and privacy initiatives. (Source: RSA Conference USA 2018)

Technology
1 of 20
Download to read offline
SESSION ID: #RSAC Lawrence D. Dietz, Esq. THE GDPR IS ONLY FOR EUROPE – RIGHT? GRC-R02 General Counsel & Managing Director, Information Security @Colonel_Larry
# R S A C Why You Need to Pay Attention to GDPR 2 Financial Reasons You may have to comply with GDPR Extended Reach — EU Citizens Wherever They May Reside — Doing business with the EU Fines are very substantial: Up to 4% Annual Revenue or €20 Million Your multinational customers will make you comply to do business with them.
# R S A C It’s the right thing to do. 3 Proper Intent Give individuals more control over their personal data. Mitigate the risk of harm due to a breach. Others are relying on GDPR as a standard: Investors Customers Other Nations
# R S A C Universal Principles 4 Lawfulness, Fairness & Transparency Limitation of Purpose Specified, explicit & legitimate Data Minimization Adequate, relevant and limited Accuracy Storage Limitation Only as long as necessary for the purpose. Integrity & Confidentiality Appropriate technical & organizational security measures. Accountability
#RSAC ILLUSTRATIVE SCENARIOS – MINI CASE STUDIES
# R S A C Disclaimer 6 These are fictional vignettes designed to encourage discussion and raise issues where the GDPR may be relevant. This session is not intended to be legal advice which can only be obtained from licensed counsel with whom you have a relationship. Creativity is encouraged.
# R S A C Scenario 1 7 You work for a company that does business in many countries around the world. At the moment you do not have any offices in non-English speaking countries. The CEO’s favorite niece is on an assignment as an intern in the marketing department. Since she is majoring in Italian she wants to design a website in Italian. Will you have to comply with GDPR?
# R S A C Scenario 2 8 Sally Salesperson collects a dozen business cards from a conference in Rome. She immediately puts all the contact information into the corporate sales data base. What questions would you have to ask in order to determine if GDPR applies?
# R S A C Scenario 3 9 You work for Super Spuds in Pocatello, ID. Your company is very small, but it is famous for its specialty equipment used in potato farming. Would any of the following trigger GDPR? Hiring an answering service or opening an office in: — Paris — Zurich — Dublin
# R S A C Scenario 4 10 Big Tech Co is working on a major product launch. To ensure global appeal they temporarily transfer several employees from Europe to work on the project in the Corporate HQ in the United States. 1. Does this mean that BTC must comply with GDPR? 2. What if all the employees being transferred are American citizens?
# R S A C Scenario 5 11 • One of your former employees has moved to Germany. His performance was a bit sub-standard, but he was not fired. • After he is settled in Germany, he demands that you delete all of the information you have in his personnel file? 1. Are you compelled to do so? 2. What if he is an American citizen – does that change your answer?
# R S A C Scenario 6 12 Tiny Tidbit (TT) in Santa Cruz, CA produces gluten free, vegan snacks. They employ 10 people. The are negotiating with Daunting Distributors (DD) to carry their product worldwide. DD is a multi-national with HQ in Montreal, Canada. DD wants TT to sign a complicated contract containing terms and conditions to comply with the GDPR. Does TT have to agree to those terms? What if DD wants TT to translate their website and marketing materials into French because that is the law in Canada. — Does this sound any alarm bells?
# R S A C Scenario 7 13 Gerry is a German Citizen who is an engineer employed by Large Lens Co in Munich. The New Jersey manufacturing and assembly plant wants Gerry to help them with a 90 day project. He arrives with his company laptop, personal iPad, a company iPhone and a personal iPhone. What potential GDPR issues are there?
# R S A C Scenario 8 14 You are a newly hired CISO for Padlock Insurance company at their HQ in Chicago. Your boss, the CFO, is also relatively new. He stops you in the hall at 6 PM and asks “Hey, with SOX, HIPAA, HiTech, etc. do we really need to worry about GDPR?” He continues “Please give me 3 bullet points to take to the CEO tomorrow at 9 AM before his 10 AM Board meeting.”
# R S A C Scenario 9 15 You work for a company that manufacturers paper towels and toilet paper. You are asked to lead a team to implement a new digital marketing system designed to provide more detailed information about customers and prospects. 1. Are you compelled to perform a Data Privacy Impact Analysis? 2. Should you consider adopting a ‘privacy by design’ philosophy or just look for the lowest cost options?
# R S A C Scenario 10 16 You work for a chain of hospitals. You are asked to lead a team to implement a new patient and medication system. 1. Are you compelled to perform a Data Privacy Impact Analysis? 2. Should you consider adopting a ‘privacy by design’ philosophy or just look for the lowest cost options?
# R S A C Applying What You Have Learned Today – Part 1: Next Week 17 Form a Project Task Force With Clear Roles & Responsibilities Include: An Executive Sponsor and CFO, CIO, CISO, Legal & HR representation. Establish Data/Application Inventory Teams Determine if your organization has every performed a Data Audit Update subcontract, supplier, temporary employ and other appropriate contracts to include terms and conditions to comply with and implement GDPR principles.
# R S A C Applying What You Have Learned Today – Part 2: Next 60 Days 18 Initiate a Data Mapping and Inventory Project across the organization. Determine the nature and extent of data transfers in and out of the EU. Develop a project plan to initiate or improve data auditing to include: Validation of Data Subject Consent (Opt in or exemption) Source of Data Confirmation of legitimate use and data storage limitations Assess the nature of data sharing to include application and geography
# R S A C Applying What You Have Learned Today – Part 2: Next 6 Months 19 Review, revise and test breach notification procedures. Design and conduct a Table Top Exercise to test your breach discovery and notification process. Plan for an annual breach simulation exercise in 90 days.
# R S A C Thank You – Q & A 20 Lawrence D. Dietz, Esq. LDietz@talglobal.net

Recommended

Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityForgeRock
 
Is your business GDPR ready?
Is your business GDPR ready?Is your business GDPR ready?
Is your business GDPR ready?Gareth Miller
 
Pixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionPixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionTiago Henriques
 
What changes for Internet of Things technologies with the EU Data Protection ...
What changes for Internet of Things technologies with the EU Data Protection ...What changes for Internet of Things technologies with the EU Data Protection ...
What changes for Internet of Things technologies with the EU Data Protection ...Giulio Coraggio
 
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Black Duck by Synopsys
 
GDPR and What it means for Recruiting Agencies
GDPR and What it means for Recruiting Agencies GDPR and What it means for Recruiting Agencies
GDPR and What it means for Recruiting Agencies VENUS CONSULTING
 
The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017Tiago Henriques
 
Kin (Bright Policy)
Kin (Bright Policy)Kin (Bright Policy)
Kin (Bright Policy)Daniel Rosen
 

Recommended

Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityForgeRock
 
Is your business GDPR ready?
Is your business GDPR ready?Is your business GDPR ready?
Is your business GDPR ready?Gareth Miller
 
Pixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionPixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionTiago Henriques
 
What changes for Internet of Things technologies with the EU Data Protection ...
What changes for Internet of Things technologies with the EU Data Protection ...What changes for Internet of Things technologies with the EU Data Protection ...
What changes for Internet of Things technologies with the EU Data Protection ...Giulio Coraggio
 
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Black Duck by Synopsys
 
GDPR and What it means for Recruiting Agencies
GDPR and What it means for Recruiting Agencies GDPR and What it means for Recruiting Agencies
GDPR and What it means for Recruiting Agencies VENUS CONSULTING
 
The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017Tiago Henriques
 
Kin (Bright Policy)
Kin (Bright Policy)Kin (Bright Policy)
Kin (Bright Policy)Daniel Rosen
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdprExponential_e
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPRMissMarvel70
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
Privacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsPrivacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsTrustArc
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Ray Bugg
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know Maddie Malling-May
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowHannah Flynn
 
2018 Client Briefing GDPR
2018 Client Briefing GDPR2018 Client Briefing GDPR
2018 Client Briefing GDPRCarsted Rosenberg Advokatfirma
 
PreSeed Academy #26 - Anders Bach Waagstein
PreSeed Academy #26 - Anders Bach WaagsteinPreSeed Academy #26 - Anders Bach Waagstein
PreSeed Academy #26 - Anders Bach WaagsteinPreSeed Ventures
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is hereRichard Hogg,Global GDPR Offerings Evangelist
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.James Seville
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidsonCWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidsonCapgemini
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Complianceaccenture
 
GDPR - heads up!
GDPR - heads up!GDPR - heads up!
GDPR - heads up!Joe Mbaya
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdfLaLaBlaGhvgT
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to ActCathy Gilmartin
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies Benoît De Nayer
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 

More Related Content

Similar to The GDPR Is Only for Europe—Right?

Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPRMissMarvel70
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
Privacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsPrivacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsTrustArc
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Ray Bugg
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowHannah Flynn
 
PreSeed Academy #26 - Anders Bach Waagstein
PreSeed Academy #26 - Anders Bach WaagsteinPreSeed Academy #26 - Anders Bach Waagstein
PreSeed Academy #26 - Anders Bach WaagsteinPreSeed Ventures
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.James Seville
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidsonCWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidsonCapgemini
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Complianceaccenture
 
GDPR - heads up!
GDPR - heads up!GDPR - heads up!
GDPR - heads up!Joe Mbaya
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdfLaLaBlaGhvgT
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 

Similar to The GDPR Is Only for Europe—Right? (20)

Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slides
 
Privacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsPrivacy 2020: Recap & Predictions
Privacy 2020: Recap & Predictions
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To Know
 
2018 Client Briefing GDPR
2018 Client Briefing GDPR2018 Client Briefing GDPR
2018 Client Briefing GDPR
 
PreSeed Academy #26 - Anders Bach Waagstein
PreSeed Academy #26 - Anders Bach WaagsteinPreSeed Academy #26 - Anders Bach Waagstein
PreSeed Academy #26 - Anders Bach Waagstein
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidsonCWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Compliance
 
GDPR - heads up!
GDPR - heads up!GDPR - heads up!
GDPR - heads up!
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdf
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

The GDPR Is Only for Europe—Right?

  • 1. SESSION ID: #RSAC Lawrence D. Dietz, Esq. THE GDPR IS ONLY FOR EUROPE – RIGHT? GRC-R02 General Counsel & Managing Director, Information Security @Colonel_Larry
  • 2. # R S A C Why You Need to Pay Attention to GDPR 2 Financial Reasons You may have to comply with GDPR Extended Reach — EU Citizens Wherever They May Reside — Doing business with the EU Fines are very substantial: Up to 4% Annual Revenue or €20 Million Your multinational customers will make you comply to do business with them.
  • 3. # R S A C It’s the right thing to do. 3 Proper Intent Give individuals more control over their personal data. Mitigate the risk of harm due to a breach. Others are relying on GDPR as a standard: Investors Customers Other Nations
  • 4. # R S A C Universal Principles 4 Lawfulness, Fairness & Transparency Limitation of Purpose Specified, explicit & legitimate Data Minimization Adequate, relevant and limited Accuracy Storage Limitation Only as long as necessary for the purpose. Integrity & Confidentiality Appropriate technical & organizational security measures. Accountability
  • 6. # R S A C Disclaimer 6 These are fictional vignettes designed to encourage discussion and raise issues where the GDPR may be relevant. This session is not intended to be legal advice which can only be obtained from licensed counsel with whom you have a relationship. Creativity is encouraged.
  • 7. # R S A C Scenario 1 7 You work for a company that does business in many countries around the world. At the moment you do not have any offices in non-English speaking countries. The CEO’s favorite niece is on an assignment as an intern in the marketing department. Since she is majoring in Italian she wants to design a website in Italian. Will you have to comply with GDPR?
  • 8. # R S A C Scenario 2 8 Sally Salesperson collects a dozen business cards from a conference in Rome. She immediately puts all the contact information into the corporate sales data base. What questions would you have to ask in order to determine if GDPR applies?
  • 9. # R S A C Scenario 3 9 You work for Super Spuds in Pocatello, ID. Your company is very small, but it is famous for its specialty equipment used in potato farming. Would any of the following trigger GDPR? Hiring an answering service or opening an office in: — Paris — Zurich — Dublin
  • 10. # R S A C Scenario 4 10 Big Tech Co is working on a major product launch. To ensure global appeal they temporarily transfer several employees from Europe to work on the project in the Corporate HQ in the United States. 1. Does this mean that BTC must comply with GDPR? 2. What if all the employees being transferred are American citizens?
  • 11. # R S A C Scenario 5 11 • One of your former employees has moved to Germany. His performance was a bit sub-standard, but he was not fired. • After he is settled in Germany, he demands that you delete all of the information you have in his personnel file? 1. Are you compelled to do so? 2. What if he is an American citizen – does that change your answer?
  • 12. # R S A C Scenario 6 12 Tiny Tidbit (TT) in Santa Cruz, CA produces gluten free, vegan snacks. They employ 10 people. The are negotiating with Daunting Distributors (DD) to carry their product worldwide. DD is a multi-national with HQ in Montreal, Canada. DD wants TT to sign a complicated contract containing terms and conditions to comply with the GDPR. Does TT have to agree to those terms? What if DD wants TT to translate their website and marketing materials into French because that is the law in Canada. — Does this sound any alarm bells?
  • 13. # R S A C Scenario 7 13 Gerry is a German Citizen who is an engineer employed by Large Lens Co in Munich. The New Jersey manufacturing and assembly plant wants Gerry to help them with a 90 day project. He arrives with his company laptop, personal iPad, a company iPhone and a personal iPhone. What potential GDPR issues are there?
  • 14. # R S A C Scenario 8 14 You are a newly hired CISO for Padlock Insurance company at their HQ in Chicago. Your boss, the CFO, is also relatively new. He stops you in the hall at 6 PM and asks “Hey, with SOX, HIPAA, HiTech, etc. do we really need to worry about GDPR?” He continues “Please give me 3 bullet points to take to the CEO tomorrow at 9 AM before his 10 AM Board meeting.”
  • 15. # R S A C Scenario 9 15 You work for a company that manufacturers paper towels and toilet paper. You are asked to lead a team to implement a new digital marketing system designed to provide more detailed information about customers and prospects. 1. Are you compelled to perform a Data Privacy Impact Analysis? 2. Should you consider adopting a ‘privacy by design’ philosophy or just look for the lowest cost options?
  • 16. # R S A C Scenario 10 16 You work for a chain of hospitals. You are asked to lead a team to implement a new patient and medication system. 1. Are you compelled to perform a Data Privacy Impact Analysis? 2. Should you consider adopting a ‘privacy by design’ philosophy or just look for the lowest cost options?
  • 17. # R S A C Applying What You Have Learned Today – Part 1: Next Week 17 Form a Project Task Force With Clear Roles & Responsibilities Include: An Executive Sponsor and CFO, CIO, CISO, Legal & HR representation. Establish Data/Application Inventory Teams Determine if your organization has every performed a Data Audit Update subcontract, supplier, temporary employ and other appropriate contracts to include terms and conditions to comply with and implement GDPR principles.
  • 18. # R S A C Applying What You Have Learned Today – Part 2: Next 60 Days 18 Initiate a Data Mapping and Inventory Project across the organization. Determine the nature and extent of data transfers in and out of the EU. Develop a project plan to initiate or improve data auditing to include: Validation of Data Subject Consent (Opt in or exemption) Source of Data Confirmation of legitimate use and data storage limitations Assess the nature of data sharing to include application and geography
  • 19. # R S A C Applying What You Have Learned Today – Part 2: Next 6 Months 19 Review, revise and test breach notification procedures. Design and conduct a Table Top Exercise to test your breach discovery and notification process. Plan for an annual breach simulation exercise in 90 days.
  • 20. # R S A C Thank You – Q & A 20 Lawrence D. Dietz, Esq. LDietz@talglobal.net