Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Lecture 5 gdpr compliance v.2


Published on

gdpr compliance

Published in: Education
  • Be the first to comment

  • Be the first to like this

Lecture 5 gdpr compliance v.2

  1. 1. A quick recap of Lecture 4… 1. Personal data can only be transferred outside of the EU when an adequate level of data protection is assured; certain countries have adequacy designation 2. The Privacy Shield oversees personal data transferred for commercial purposes from the EU to the US; created tighter controls 3. Data protection authorities independently investigate complaints, impose fines, and oversees compliance with the GDPR 4. Data subjects have the right to an effective legal remedy against data controllers and processors 5. Significant fines for infringement upon the principles of the Regulation
  2. 2. Lecture 5 GDPR Compliance What North American Companies Need to Know
  3. 3. In this lecture, you will learn: 1. Implementing a GDPR Compliance Roadmap 2. Technology solutions to demonstrate compliance
  4. 4. Who needs to comply? • All organizations that control data pertaining to EU residents need to be in compliance with the Regulation by May 25, 2018 • The Regulation encourages the use of technical safeguards such as pseudonymization, anonymization, and encryption
  5. 5. Consider its recommendations • The Regulation recommends the development of industry codes of conduct • Industry bodies can be accredited by national data protection authorities to monitor compliance with codes • Development of voluntary data protection compliance certifications, seals and marks is also encouraged
  6. 6. Compliance Roadmap Ki Design’s Recommendations for EU Regulatory Compliance
  7. 7. Compliance Roadmap • What personal data assets do you have across your company? Which divisions or services within your organization control data pertaining to EU residents? • Where is personal data stored? What processors do you engage to manage personal data? 1. Review data assets
  8. 8. Compliance Roadmap • Do you obtain affirmative, informed consent to process personal data? • Do you have procedures for requests for access, rectification, erasure, restriction, and portability of personal data? • Do you have breach management and notification protocols? 2. Review business processes
  9. 9. Compliance Roadmap • Is your published privacy policy consistent with the Regulation? • Is it written in clear, concise, plain language and easily accessible? • Consulting with a data protection expert to assess compliance is advisable. 3. Review Privacy Policy
  10. 10. Compliance Roadmap •Create a template contract with data processors using EC contractual clauses •Add these provisions as your contracts come up for renewal 4. Renew contracts
  11. 11. Compliance Roadmap • Consider adopting anonymization and/or pseudonymization to facilitate data use and sharing while strengthening data protection. 5. Anonymization and pseudonymization
  12. 12. Technology Solutions Defensible Solutions and Tools to Demonstrate Compliance
  13. 13. Secure Communications Secure clinical workflows and communications with a secure cloud-based solution for voice, video, and data. • Enhance internal/external collaboration • Keep emails secure across all devices • Share personal records through secure file sharing • Support secure on-demand conferencing and video calls
  14. 14. Anonymized Analytics Keep the data, share the analytics • Personal data can be analyzed for secondary uses (e.g., research) without compromising privacy • Anonymized analytics software doesn’t simply de- identify data, but allows analysts to query data without having access to individual-level records • Limit access to personal records to frontline staff
  15. 15. Data Masking Mask data on the fly • Masking solutions disguise essential personal data elements in datasets to be shared • Mask data on the fly or in static database copies • On-premise and in-cloud data exchange
  16. 16. Privacy Audits Manage internal and external compliance audits • Privacy breaches can be a disaster, and proving compliance can be complicated. Fully automated audit solutions help keep your institution secure, compliant, and vigilant of breaches and internal threats. • Capture real-time access to all personal records and quickly identify inappropriate or suspicious accesses • Automated audit solutions meet Ontario IPC requirements (order HO-013)
  17. 17. Anti-malware Detect and eliminate security threats with multi- scanning anti-malware engines • Standalone anti-malware engines may take hours or days to detect new malware • Multi-scanning solutions provide simultaneous access to multiple anti-malware engines, heuristics, data sanitization and additional threat protection technologies residing on a single system
  18. 18. Compliance Mapping Take control of personal data processing • Compliance with data protection regulations means knowing the requirements, and keeping track of what is actually being done across your organization • Mapping tools map actual personal data processing activities to EU data protection requirements, making it simpler to make the right choices about data protection
  19. 19. Consent Management Consent should be user-friendly • Ensure you have active and informed consent from individuals prior to personal data collection online or via mobile devices • Consent management toolkits offer rapid prototyping and optimization of user consent flow • Meet legal requirements for user notice, consent, logging, reporting, breach notice, and parental consent for children
  20. 20. Why KI Design? KI Design doesn’t have “clients.” When you choose KI Design, you will become our partner, part of a circle of innovation and product improvement. With a subject matter expert dedicated to ensuring your satisfaction, you will have access to in-depth support when you need it most. We offer on-demand support for: Compliance Project & Portfolio Management IT Strategies Data Governance Privacy in Design @drwhassan 416.579.8486 wael@kidesign.net20 @drwhassan