Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IS/DPP for staff #3a - Data

47 views

Published on

An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on the concept of data, reasons for protecting data, personal data and data processing.
The slides come with notes that in short explain the visuals on the slides.

Published in: Education
  • Be the first to comment

  • Be the first to like this

IS/DPP for staff #3a - Data

  1. 1. - Internal - IS/DPP Baseline Training E-learning – Part 3 – Data & Classification
  2. 2. Data in the Center Environment Physical Human Device Application Repository Carrier Network Data 3rd Parties
  3. 3. 3 - Internal - Page No Data, No Worries: Data Minimization
  4. 4. 4 - Internal - Page Don’t Spread the Word
  5. 5. Information Classification
  6. 6. 6 - Internal - Page Why?
  7. 7. 7 - Internal - Page Data is everywhere, we organise it, to be able to manage it
  8. 8. 8 - Internal - Page Levels of Organising data 1,267.04 EURCardholder C Shop N249.99 EUR 319.00 EUR 1,415.00 EUR 14/8 20/8 26/8 2/8 x 0.5 loyalty points 3,251.03 EUR 1,625 Shop M Shop O Shop P Total for August Loyalty points
  9. 9. 9 - Internal - Page Data / Information
  10. 10. 10 - Internal - Page Data that gives ABC a Competitive Advantage  Indicator: “confidential” nature
  11. 11. 11 - Internal - Page Data that gives ABC a Competitive Advantage  Examples “in scope”: – Creative Ideas – Strategy  Indicator: “confidential” nature
  12. 12. 12 - Internal - Page Data that gives ABC a Competitive Advantage  Examples “in scope”: – Creative Ideas – Strategy – Contracts with customers – Policies on rebates, complaint compensation,…  Indicator: “confidential” nature
  13. 13. 13 - Internal - Page Data that gives ABC a Competitive Advantage  Examples “in scope”: – Creative Ideas – Strategy – Contracts with customers – Policies on rebates, complaint compensation,… – Personal Data (PDP Act / GDPR)  Information related to identified or identifiable natural person – Cardholder data (PCI-DSS)  Transaction data  Indicator: “confidential” nature
  14. 14. 14 - Internal - Page Data that gives ABC a Competitive Advantage  Examples “in scope”: – Creative Ideas – Strategy – Contracts with customers – Policies on rebates, complaint compensation,… – Personal Data (PDP Act)  Information related to identified or identifiable natural person – Cardholder data (PCI-DSS)  Transaction data  Indicator: “confidential” nature
  15. 15. 15 - Internal - Page Processing personal data HAVE TO: Data Protection Act / GDPR
  16. 16. 16 - Internal - Page Data Protection Act - Personal data Any information relating to an identified or identifiable natural person.
  17. 17. 17 - Internal - Page Data Protection Act - Personal data In general not legal persons (e.g. limited companies) BUT - In some countries similar regime for legal persons - Next to personal data protection there may be a (professional) duty of confidentiality. e.g. consumer customers, staff members, individuals related to corporations (legal representatives, UBOs, …), Any information relating to an identified or identifiable natural person
  18. 18. 18 - Internal - Page Data Protection Act - Personal data An identifiable person is one who can be identified, directly or indirectly, in particular by reference to • An identification number or •To one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Any information relating to an identified or identifiable natural person
  19. 19. 19 - Internal - Page Data Protection Act - Personal data Any information relating to an identified or identifiable natural person
  20. 20. 20 - Internal - Page Data Protection Act - Personal data Any information relating to an identified or identifiable natural person
  21. 21. 21 - Internal - Page Data Protection Act - Personal data Any information relating to an identified or identifiable natural person
  22. 22. 22 - Internal - Page Data Subject Processing personal data Data Protection Act – Data Subject
  23. 23. 23 - Internal - Page Data Protection Act - Personal data (perception of) “sensitivity”/”intimacy” is irrelevant Any information relating to an identified or identifiable natural person
  24. 24. 24 - Internal - Page Your CardYour Card and how you use it
  25. 25. 25 - Internal - Page Your CardYour Card and how you use it
  26. 26. 26 - Internal - Page Your CardYour Card and how you use it
  27. 27. 27 - Internal - Page Your Search Results
  28. 28. 28 - Internal - Page Your Phone Number
  29. 29. 29 - Internal - Page Your Location
  30. 30. 30 - Internal - Page Your Heartbeat
  31. 31. 31 - Internal - Page Your Keystroke Speed
  32. 32. 32 - Internal - Page Your Shoe Size
  33. 33. 33 - Internal - Page Data Protection Act / GDPR - Personal data Any information relating to an identified or identifiable natural person.
  34. 34. 34 - Internal - Page Data Protection - Processing digital AND paper
  35. 35. 35 - Internal - Page Data Protection - Processing Collection, recording, organization, Storage, Adaptation or alteration, rectification, retrieval, consultation, use, Disclosure by transmission, dissemination or otherwise making available, alignment or combination, Blocking, erasure or destruction
  36. 36. 36 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR – Data Controller
  37. 37. 37 - Internal - Page Processing personal data Data Protection Act / GDPR – Data Controller Data Subject Data Controller Bank ABC Application form
  38. 38. 38 - Internal - Page Control Processing personal data Data Protection Act / GDPR – Control in 4 Pillars Data Subject Data Controller
  39. 39. 39 - Internal - Page Control Processing personal data Finality Data Protection Act / GDPR – Control in 4 Pillars Respect the (original) purpose Data Subject Data Controller Legitimacy Have one of the legal bases
  40. 40. 40 - Internal - Page Control Processing personal data Finality Legitimacy Transparency Data Protection Act / GDPR – Control in 4 Pillars Respect the (original) purpose Have one of the legal bases Inform data subject and sometimes authorities Data Subject Data Controller
  41. 41. 41 - Internal - Page Control Processing personal data Finality Legitimacy Transparency Organisation Data Protection Act / GDPR – Control in 4 Pillars Respect the (original) purpose Have one of the legal bases Inform data subject and sometimes authorities Accountability and technical and organisational measures Data Subject Data Controller

×