Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2017 - Data Privacy and GDPR (v1.1)

205 views

Published on

The challenges of Data Privacy for a company will now become even more relevant with the implementation of the General Data Protection Regulation (GDPR). Are you ready for it? What should you do? What should you consider?

Published in: Internet
  • Be the first to comment

  • Be the first to like this

2017 - Data Privacy and GDPR (v1.1)

  1. 1. Delivering the best in z services, software, hardware and training.Delivering the best in z services, software, hardware and training. Delivering the best in z services, skills, security and software. Data Privacy and GDPR Rui Miguel Feio – Senior Technical Lead
  2. 2. Agenda • Introduction • Data Privacy and Data Protection • The Business of Data • Companies and Data Privacy • General Data Protection Regulation (GDPR) • What Should You Do? • Q&A
  3. 3. Who am I? RUI MIGUEL FEIO • Senior Technical Lead at RSM Partners • Based in the UK but travels all over the world • 18 years experience working with mainframes • Started with IBM as an MVS Sys Programmer • Specialist in mainframe security • Experience in other platforms
  4. 4. Data Privacy and Data Protection
  5. 5. The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone responsible for using data has to follow strict rules called ‘data protection principles’. The UK Data Protection Act https://www.gov.uk/data-protection/the-data-protection-act
  6. 6. European Commission http://ec.europa.eu/justice/data-protection/
  7. 7. The Business of Data
  8. 8. • On a daily basis Google processes around 24 Petabytes of data • This data is then stored and sold for advertisement • A study published by the Wall Street Journal on Facebook: – Each long-term user is worth $80.95 – Each friendship is worth $0.62 – A profile page is worth $1,800 – A business page and associated ad revenues are worth $3.1 million
  9. 9. A Ponemon Institute study for 2016 sponsored by IBM: – Average total cost is $4 million (up 29% since 2013) – Average cost per record breached is $158, but it ranges from: • $355 for health care organisations • $221 for Financial institutions • $172 for retail industries – 26% is the likelihood of a breach happening over 24 months https://www-03.ibm.com/security/infographics/data-breach/
  10. 10. http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  11. 11. https://www.webpagefx.com/blog/general/what-are-data-brokers-and-what-is-your-data-worth-infographic/
  12. 12. https://www.webpagefx.com/blog/general/what-are-data-brokers-and-what-is-your-data-worth-infographic/
  13. 13. https://www.webpagefx.com/blog/general/what-are-data-brokers-and-what-is-your-data-worth-infographic/ “It knows who you are. It knows where you live. It knows what you do.” New York Times
  14. 14. Companies and Data Privacy
  15. 15. Privacy Policy / Terms & Conditions
  16. 16. Privacy Policy / Terms & Conditions
  17. 17. “[…] a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties” Google’s legal team
  18. 18. General Data Protection Regulation (GDPR)
  19. 19. • General Data Protection Regulation to be enforced on 25 May 2018 • This regulation will impact any business, whether based in the EU or not, that holds the personal data of EU citizens. • GDPR is driven by two serious threats: – Reputational damage – Monetary fines (up to €20m max or 4% of total worldwide annual turnover, whichever is higher) • Mandatory for businesses of over 250 employees to appoint a Data Protection Officer (DPO). • GDPR has several rules such as ‘the right to be forgotten’ GDPR Overview http://www.eugdpr.org/
  20. 20. • 1 in 4 companies in the UK have stopped preparing for GDPR • “If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with the GDPR, irrespective as to whether or not you the UK retains the GDPR post-Brexit.” * • 84% of financial services firms are not prepared for GDPR** The Brexit and GDPR * http://www.eugdpr.org/gdpr-faqs.html ** 2016 Egress article
  21. 21. What Should You Do?
  22. 22. • Take data privacy and data protection seriously!! • Prepare for GDPR (better late than never…) • Identify, review, control and protect the data you store • Classify your data • Nominate “owners” responsible for the data • Take security seriously!! • It’s not about when or if you’ll be hacked, it’s about what will you do when you are!
  23. 23. The 2016 study concluded: – Appointing a CISO saved $7 per record – Involving Business Continuity Management saved $9 per record – Participation in threat sharing saved $9 per record – Extensive use of encryption saved $13 per record – An incident response team saved $16 per record
  24. 24. Questions?
  25. 25. Rui Miguel Feio, RSM Partners ruif@rsmpartners.com mobile: +44 (0) 7570 911459 www.rsmpartners.com Contact www.linkedin.com/in/rfeio

×