The challenges of Data Privacy for a company will now become even more relevant with the implementation of the General Data Protection Regulation (GDPR). Are you ready for it? What should you do? What should you consider?
Delivering the best in z services, software, hardware and training.Delivering the best in z services, software, hardware and training.
Delivering the best in z services, skills, security and software.
Data Privacy and GDPR
Rui Miguel Feio – Senior Technical Lead
• Data Privacy and Data Protection
• The Business of Data
• Companies and Data Privacy
• General Data Protection Regulation (GDPR)
• What Should You Do?
Who am I?
RUI MIGUEL FEIO
• Senior Technical Lead at RSM Partners
• Based in the UK but travels all over the world
• 18 years experience working with mainframes
• Started with IBM as an MVS Sys Programmer
• Specialist in mainframe security
• Experience in other platforms
The Data Protection Act controls how your
personal information is used by organisations,
businesses or the government.
Everyone responsible for using data has to follow
strict rules called ‘data protection principles’.
The UK Data Protection Act
• On a daily basis Google processes around 24 Petabytes of data
• This data is then stored and sold for advertisement
• A study published by the Wall Street Journal on Facebook:
– Each long-term user is worth $80.95
– Each friendship is worth $0.62
– A profile page is worth $1,800
– A business page and associated ad revenues are worth $3.1
A Ponemon Institute study for 2016 sponsored by IBM:
– Average total cost is $4 million (up 29% since 2013)
– Average cost per record breached is $158, but it ranges from:
• $355 for health care organisations
• $221 for Financial institutions
• $172 for retail industries
– 26% is the likelihood of a breach happening over 24 months
• General Data Protection Regulation to be enforced on 25 May 2018
• This regulation will impact any business, whether based in the EU
or not, that holds the personal data of EU citizens.
• GDPR is driven by two serious threats:
– Reputational damage
– Monetary fines (up to €20m max or 4% of total worldwide
annual turnover, whichever is higher)
• Mandatory for businesses of over 250 employees to appoint
a Data Protection Officer (DPO).
• GDPR has several rules such as ‘the right to be forgotten’
• 1 in 4 companies in the UK have stopped preparing for GDPR
• “If you process data about individuals in the context of selling goods
or services to citizens in other EU countries then you will need to
comply with the GDPR, irrespective as to whether or not you the
UK retains the GDPR post-Brexit.” *
• 84% of financial services firms are not prepared for GDPR**
The Brexit and GDPR
** 2016 Egress article
• Take data privacy and data protection seriously!!
• Prepare for GDPR (better late than never…)
• Identify, review, control and protect the data you store
• Classify your data
• Nominate “owners” responsible for the data
• Take security seriously!!
• It’s not about when or if you’ll be hacked, it’s about what will you
do when you are!
The 2016 study concluded:
– Appointing a CISO saved $7 per record
– Involving Business Continuity Management saved $9 per record
– Participation in threat sharing saved $9 per record
– Extensive use of encryption saved $13 per record
– An incident response team saved $16 per record