SlideShare a Scribd company logo

Developing a privacy compliance program

Download as PPTX, PDF
Raoul Miller
Raoul Miller

This document discusses developing a privacy compliance program. It begins by outlining key privacy regulations like GDPR and CCPA. It explains that compliance programs should identify the data an organization collects, implement systems to manage that data, and establish roles and processes around data security, access, and deletion. The document recommends using a records management platform to securely store customer data and define policies around data protection, security, and retention. It emphasizes that privacy compliance is important, widespread, and that starting a program does not need to be difficult by focusing first on identifying data and establishing management processes.

Technology
1 of 19
1
Developing a Privacy Compliance Program Staying in Compliance in a Rapidly Changing Landscape
Raoul Miller Director, Content Strategy & Advisory TEAM IM raoul.miller@teamim.com @ECM_Raoul 3
TEAM IM • Content and unstructured data specialists since 1999 • Oracle, M-Files, Microsoft, Elasticsearch, HelloSign, Frevvo, ABBYY, Smartlogic partners • Operate in US, Canada, Australia and New Zealand • Advisory and Strategy practice is one part of what we do. 4
5 Agenda • What’s your goal? • What is GDPR? • Who is covered? • What data is covered? • Staying in compliance (© Raoul Miller)
6 Better be despised for too anxious apprehensions than ruined by too confident security.‘’ -- Edmund Burke, Philosopher and Statesman
What’s Your Goal? • Do you need to be compliant? • Staying ahead of the curve? • General best practice • Understand your goals first • Make a plan • Execute that plan 7 (© Raoul Miller)
GDPR – General Data Protection Regulation • Came into effect May 2018 • EU / EEA / ”EU Data Subjects” • Principles • Lawful purpose for data • Consent & ability to withdraw • “Appropriate measures” • Disclosure and right to request • Date protection and breach reporting 8 (© Raoul Miller)
CCPA – California Consumer Privacy Act • Came into effect 1/1/20 • California residents • Principles • Disclosure of data collection • Ability to opt out of sales • Access to personal data • Request to delete data 9 (© Raoul Miller)
Other Countries and Jurisdictions • Canada – PIPEDA (2001) • Korea – PIPA (2011/20) • Japan – APPI (2003/17) • Australia – Privacy Act (1988) • China – Cybersecurity Law (2017) • Argentina – PDPL (2017) • Etc…. 10 Map from DLA Piper (https://www.dlapiperdataprotection.com)
Bottom Line • Privacy legislation is a growing issue • It will eventually cover your org • Plan and start now • Put platforms and processes in place 11 (© Raoul Miller)
Who is Covered? • Varies depending on law • Assume it’s anyone you are keeping data on • If you are concerned seek legal advice – It’s complicated 12 (© Raoul Miller)
What Data is Covered? 13 (© Raoul Miller) • Also varies based on which law • Some common themes • “Personal Data” – any information related to an identified or identifiable natural person • Name • ID number • Address (including IP address) • Phone number • Username • CCPA excludes publicly available information. Other laws do not
How to Stay Compliant 14 (© Raoul Miller) • Identify the data you have • Put systems in place to manage it • Records management platform and processes • Security and ownership on all data • Identify data roles within your org • Reporting and monitoring • Audit • Access
Staying Compliant 2 - Platforms 15 (© Raoul Miller) • Where is your customer data? • Database? • Managed systems? • Unmanaged systems – File Shares / Excel / CSV? • How do you report on data? • How do you search / expire / delete data? • You need good answers to all of these questions
Staying Compliant 3 - Processes 16 (© Raoul Miller) • Rethink how you collect, store, and manage personal data • Put in place processes to: • Securely age and delete data • Justify data collection • Respond to data access requests • Respond to audit enquiries • Identify these roles: • Data protection officer • Data controller • Security responsibilities • Usage responsibilities
Example Data Protection Policy • Some basic policy documents will help you • Data protection policy • Security policy • Data classification policy • Retention policy 17
Key Takeaways 18 (© Raoul Miller) • Privacy compliance is important and widespread • Costs of non-compliance are high ($$ and reputation) • It’s not difficult to get started • Identify your data • Store on managed platforms • Create / define processes • Document policies • Monitor and manage • Good luck!
Questions? Raoul Miller Director, Content Strategy and Advisory TEAM IM raoul.miller@teamim.com @ECM_Raoul (Twitter)

Recommended

GDPR introduction
GDPR introductionGDPR introduction
GDPR introductionRichard Shearwood-Porter
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebBoyd Neil
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentationRodonoghue72
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Steal This Data - Email Security and DLP
Steal This Data - Email Security and DLPSteal This Data - Email Security and DLP
Steal This Data - Email Security and DLPGalaxyTech International
 
Privacy, Security & Access to Data
Privacy, Security & Access to DataPrivacy, Security & Access to Data
Privacy, Security & Access to DataCybera Inc.
 

Recommended

GDPR introduction
GDPR introductionGDPR introduction
GDPR introductionRichard Shearwood-Porter
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebBoyd Neil
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentationRodonoghue72
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Steal This Data - Email Security and DLP
Steal This Data - Email Security and DLPSteal This Data - Email Security and DLP
Steal This Data - Email Security and DLPGalaxyTech International
 
Privacy, Security & Access to Data
Privacy, Security & Access to DataPrivacy, Security & Access to Data
Privacy, Security & Access to DataCybera Inc.
 
Lasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloudLasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloudukriders
 
xsecutive infosec 2015 final Eng
xsecutive infosec 2015 final Engxsecutive infosec 2015 final Eng
xsecutive infosec 2015 final EngRob Christ
 
Privacy in Bigdata Era
Privacy in Bigdata EraPrivacy in Bigdata Era
Privacy in Bigdata EraSrinath Perera
 
Living with gdpr
Living with gdprLiving with gdpr
Living with gdprSarah Chadbourne
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftDavid J Rosenthal
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor WebinarEthisphere
 
Your Employees and Information Security
Your Employees and Information SecurityYour Employees and Information Security
Your Employees and Information SecurityShred-it
 
Data protection compliance for tech startups
Data protection compliance for tech startupsData protection compliance for tech startups
Data protection compliance for tech startupsEkoInnovationCentre
 
GDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundationsGDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundationsJudyJordaan1
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge Pereira
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
IT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkIT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkShankar Subramaniyan
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updatedAdvent IM Ltd
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarConcept Searching, Inc
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The PhysicsJason Chapman
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 
Privacy Discusssion GM667 Saint Mary's University of MN
Privacy Discusssion GM667 Saint Mary's University of MNPrivacy Discusssion GM667 Saint Mary's University of MN
Privacy Discusssion GM667 Saint Mary's University of MNSaint Mary's University of Minnesota
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
DocuLynx Software Capabilities
DocuLynx Software CapabilitiesDocuLynx Software Capabilities
DocuLynx Software CapabilitiesDocuLynx
 
Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control Raoul Miller
 
CERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data ProtectionCERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data ProtectionEUDAT
 

More Related Content

What's hot

Lasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloudLasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloudukriders
 
xsecutive infosec 2015 final Eng
xsecutive infosec 2015 final Engxsecutive infosec 2015 final Eng
xsecutive infosec 2015 final EngRob Christ
 
Privacy in Bigdata Era
Privacy in Bigdata EraPrivacy in Bigdata Era
Privacy in Bigdata EraSrinath Perera
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftDavid J Rosenthal
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor WebinarEthisphere
 
Your Employees and Information Security
Your Employees and Information SecurityYour Employees and Information Security
Your Employees and Information SecurityShred-it
 
Data protection compliance for tech startups
Data protection compliance for tech startupsData protection compliance for tech startups
Data protection compliance for tech startupsEkoInnovationCentre
 
GDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundationsGDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundationsJudyJordaan1
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge Pereira
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
IT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkIT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkShankar Subramaniyan
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updatedAdvent IM Ltd
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarConcept Searching, Inc
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The PhysicsJason Chapman
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
DocuLynx Software Capabilities
DocuLynx Software CapabilitiesDocuLynx Software Capabilities
DocuLynx Software CapabilitiesDocuLynx
 

What's hot (20)

Lasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloudLasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloud
 
xsecutive infosec 2015 final Eng
xsecutive infosec 2015 final Engxsecutive infosec 2015 final Eng
xsecutive infosec 2015 final Eng
 
Privacy in Bigdata Era
Privacy in Bigdata EraPrivacy in Bigdata Era
Privacy in Bigdata Era
 
Living with gdpr
Living with gdprLiving with gdpr
Living with gdpr
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoft
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
 
Your Employees and Information Security
Your Employees and Information SecurityYour Employees and Information Security
Your Employees and Information Security
 
Data protection compliance for tech startups
Data protection compliance for tech startupsData protection compliance for tech startups
Data protection compliance for tech startups
 
GDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundationsGDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundations
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
IT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkIT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy Framework
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updated
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 Webinar
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your business
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The Physics
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPO
 
Privacy Discusssion GM667 Saint Mary's University of MN
Privacy Discusssion GM667 Saint Mary's University of MNPrivacy Discusssion GM667 Saint Mary's University of MN
Privacy Discusssion GM667 Saint Mary's University of MN
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for Care
 
DocuLynx Software Capabilities
DocuLynx Software CapabilitiesDocuLynx Software Capabilities
DocuLynx Software Capabilities
 

Similar to Developing a privacy compliance program

Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control Raoul Miller
 
CERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data ProtectionCERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data ProtectionEUDAT
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy IntroductionNiclasGranqvist
 
Cor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiCor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiRobust Marketing & Consulting (Pty) Ltd
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc
 
Tom tom - Location services and privacy | Simon Hania @ VINT symposium THINGS...
Tom tom - Location services and privacy | Simon Hania @ VINT symposium THINGS...Tom tom - Location services and privacy | Simon Hania @ VINT symposium THINGS...
Tom tom - Location services and privacy | Simon Hania @ VINT symposium THINGS...VINTlabs | The Sogeti Trendlab
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingRebecca Leitch
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingSecurity Innovation
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Peter GEELEN ✔
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protectionRachel Aldighieri
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceCILIPScotland
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)Kimberly Simon MBA
 
Choosing a new platform for records or document management
Choosing a new platform for records or document managementChoosing a new platform for records or document management
Choosing a new platform for records or document managementRaoul Miller
 
Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Peter GEELEN ✔
 

Similar to Developing a privacy compliance program (20)

Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control
 
CERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data ProtectionCERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data Protection
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy Introduction
 
Cor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiCor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popi
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data Graveyards
 
Tom tom - Location services and privacy | Simon Hania @ VINT symposium THINGS...
Tom tom - Location services and privacy | Simon Hania @ VINT symposium THINGS...Tom tom - Location services and privacy | Simon Hania @ VINT symposium THINGS...
Tom tom - Location services and privacy | Simon Hania @ VINT symposium THINGS...
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 
Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protection
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
 
Choosing a new platform for records or document management
Choosing a new platform for records or document managementChoosing a new platform for records or document management
Choosing a new platform for records or document management
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
 
Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)
 
Principles of Holistic Information Governance - Presented to ARMA Edmonton Ja...
Principles of Holistic Information Governance - Presented to ARMA Edmonton Ja...Principles of Holistic Information Governance - Presented to ARMA Edmonton Ja...
Principles of Holistic Information Governance - Presented to ARMA Edmonton Ja...
 
Where's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency ChallengeWhere's My Data? Managing the Data Residency Challenge
Where's My Data? Managing the Data Residency Challenge
 

More from Raoul Miller

Multitenancy on OCI - FinalRM.pptx
Multitenancy on OCI - FinalRM.pptxMultitenancy on OCI - FinalRM.pptx
Multitenancy on OCI - FinalRM.pptxRaoul Miller
 
GSA Presentation - MILLER 251-4.pdf
GSA Presentation - MILLER 251-4.pdfGSA Presentation - MILLER 251-4.pdf
GSA Presentation - MILLER 251-4.pdfRaoul Miller
 
A simple guide for moving your content systems to the cloud
A simple guide for moving your content systems to the cloudA simple guide for moving your content systems to the cloud
A simple guide for moving your content systems to the cloudRaoul Miller
 
WebCenter as a Cloud App on Exalogic
WebCenter as a Cloud App on ExalogicWebCenter as a Cloud App on Exalogic
WebCenter as a Cloud App on ExalogicRaoul Miller
 
Email Management Using Oracle WebCenter Content Records
Email Management Using Oracle WebCenter Content RecordsEmail Management Using Oracle WebCenter Content Records
Email Management Using Oracle WebCenter Content RecordsRaoul Miller
 
Repository Scalability - comparing SharePoint 2010 with Oracle UCM 11g
Repository Scalability - comparing SharePoint 2010 with Oracle UCM 11gRepository Scalability - comparing SharePoint 2010 with Oracle UCM 11g
Repository Scalability - comparing SharePoint 2010 with Oracle UCM 11gRaoul Miller
 

More from Raoul Miller (6)

Multitenancy on OCI - FinalRM.pptx
Multitenancy on OCI - FinalRM.pptxMultitenancy on OCI - FinalRM.pptx
Multitenancy on OCI - FinalRM.pptx
 
GSA Presentation - MILLER 251-4.pdf
GSA Presentation - MILLER 251-4.pdfGSA Presentation - MILLER 251-4.pdf
GSA Presentation - MILLER 251-4.pdf
 
A simple guide for moving your content systems to the cloud
A simple guide for moving your content systems to the cloudA simple guide for moving your content systems to the cloud
A simple guide for moving your content systems to the cloud
 
WebCenter as a Cloud App on Exalogic
WebCenter as a Cloud App on ExalogicWebCenter as a Cloud App on Exalogic
WebCenter as a Cloud App on Exalogic
 
Email Management Using Oracle WebCenter Content Records
Email Management Using Oracle WebCenter Content RecordsEmail Management Using Oracle WebCenter Content Records
Email Management Using Oracle WebCenter Content Records
 
Repository Scalability - comparing SharePoint 2010 with Oracle UCM 11g
Repository Scalability - comparing SharePoint 2010 with Oracle UCM 11gRepository Scalability - comparing SharePoint 2010 with Oracle UCM 11g
Repository Scalability - comparing SharePoint 2010 with Oracle UCM 11g
 

Recently uploaded

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Developing a privacy compliance program

  • 1. 1
  • 2. Developing a Privacy Compliance Program Staying in Compliance in a Rapidly Changing Landscape
  • 3. Raoul Miller Director, Content Strategy & Advisory TEAM IM raoul.miller@teamim.com @ECM_Raoul 3
  • 4. TEAM IM • Content and unstructured data specialists since 1999 • Oracle, M-Files, Microsoft, Elasticsearch, HelloSign, Frevvo, ABBYY, Smartlogic partners • Operate in US, Canada, Australia and New Zealand • Advisory and Strategy practice is one part of what we do. 4
  • 5. 5 Agenda • What’s your goal? • What is GDPR? • Who is covered? • What data is covered? • Staying in compliance (© Raoul Miller)
  • 6. 6 Better be despised for too anxious apprehensions than ruined by too confident security.‘’ -- Edmund Burke, Philosopher and Statesman
  • 7. What’s Your Goal? • Do you need to be compliant? • Staying ahead of the curve? • General best practice • Understand your goals first • Make a plan • Execute that plan 7 (© Raoul Miller)
  • 8. GDPR – General Data Protection Regulation • Came into effect May 2018 • EU / EEA / ”EU Data Subjects” • Principles • Lawful purpose for data • Consent & ability to withdraw • “Appropriate measures” • Disclosure and right to request • Date protection and breach reporting 8 (© Raoul Miller)
  • 9. CCPA – California Consumer Privacy Act • Came into effect 1/1/20 • California residents • Principles • Disclosure of data collection • Ability to opt out of sales • Access to personal data • Request to delete data 9 (© Raoul Miller)
  • 10. Other Countries and Jurisdictions • Canada – PIPEDA (2001) • Korea – PIPA (2011/20) • Japan – APPI (2003/17) • Australia – Privacy Act (1988) • China – Cybersecurity Law (2017) • Argentina – PDPL (2017) • Etc…. 10 Map from DLA Piper (https://www.dlapiperdataprotection.com)
  • 11. Bottom Line • Privacy legislation is a growing issue • It will eventually cover your org • Plan and start now • Put platforms and processes in place 11 (© Raoul Miller)
  • 12. Who is Covered? • Varies depending on law • Assume it’s anyone you are keeping data on • If you are concerned seek legal advice – It’s complicated 12 (© Raoul Miller)
  • 13. What Data is Covered? 13 (© Raoul Miller) • Also varies based on which law • Some common themes • “Personal Data” – any information related to an identified or identifiable natural person • Name • ID number • Address (including IP address) • Phone number • Username • CCPA excludes publicly available information. Other laws do not
  • 14. How to Stay Compliant 14 (© Raoul Miller) • Identify the data you have • Put systems in place to manage it • Records management platform and processes • Security and ownership on all data • Identify data roles within your org • Reporting and monitoring • Audit • Access
  • 15. Staying Compliant 2 - Platforms 15 (© Raoul Miller) • Where is your customer data? • Database? • Managed systems? • Unmanaged systems – File Shares / Excel / CSV? • How do you report on data? • How do you search / expire / delete data? • You need good answers to all of these questions
  • 16. Staying Compliant 3 - Processes 16 (© Raoul Miller) • Rethink how you collect, store, and manage personal data • Put in place processes to: • Securely age and delete data • Justify data collection • Respond to data access requests • Respond to audit enquiries • Identify these roles: • Data protection officer • Data controller • Security responsibilities • Usage responsibilities
  • 17. Example Data Protection Policy • Some basic policy documents will help you • Data protection policy • Security policy • Data classification policy • Retention policy 17
  • 18. Key Takeaways 18 (© Raoul Miller) • Privacy compliance is important and widespread • Costs of non-compliance are high ($$ and reputation) • It’s not difficult to get started • Identify your data • Store on managed platforms • Create / define processes • Document policies • Monitor and manage • Good luck!
  • 19. Questions? Raoul Miller Director, Content Strategy and Advisory TEAM IM raoul.miller@teamim.com @ECM_Raoul (Twitter)