The document discusses considerations for complying with the General Data Protection Regulation (GDPR) which takes effect in May 2018. It provides an overview of key GDPR aspects like penalties, timescales, and principles of lawful processing. An ideal approach is presented which involves understanding current gaps, prioritizing remediation, and maintaining compliance over time with tools and regular reviews. Common issues organizations face are also outlined, such as ineffective training and not properly identifying all data workflows. The last section discusses how technology from 3GRC can help streamline GDPR compliance through automated surveys, risk management, and progress monitoring.
n this webinar, GDPR expert, Richard Hogg, answers the following questions:
What will the GDPR mean for my organization?
Where do I start on the journey to compliance?
What tools and technology are available to help?
Attendees: Operations, Finance, Compliance, Governance, IT
https://www.integro.com/recorded-webinar/nov-17-2016-gdpr
GDPR will replace national data protection laws of all 28 EU member states in May 2018 and is applying to any organization that processes data of EU data subjects.
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
The upcoming General Data Protection Regulation (GDPR) that will be applicable to all data of EU citizens starting May 2018 enforces new data privacy obligations on the management and the retention of personally identifiable information (PII) including data collection, retention, protection, modification and deletion processes.
Learn what are the impacts on your business and how to prepare with IBM solutions
GDPR – The Practicalities of a New Reality Susan Moran
GDPR is fast becoming the new reality and will bring big implications for all companies in May 2018. As companies begin to prepare for GDPR, part 2 of our GDPR series will introduce you to some key the GDPR Directive and the changes that it will bring with it.
Presentation to Cyprus Computer Society Records Management event by Christoforos Christoforou, Risk and Strategic Planning Manager at Fileminders http://www.fileminders.com.cy/
Agenda:
1. Introduction to the General Data Protection Regulation (GDPR )
2.Data protection: Why all the fuss?
3. How does GDPR affect your business?
n this webinar, GDPR expert, Richard Hogg, answers the following questions:
What will the GDPR mean for my organization?
Where do I start on the journey to compliance?
What tools and technology are available to help?
Attendees: Operations, Finance, Compliance, Governance, IT
https://www.integro.com/recorded-webinar/nov-17-2016-gdpr
GDPR will replace national data protection laws of all 28 EU member states in May 2018 and is applying to any organization that processes data of EU data subjects.
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
The upcoming General Data Protection Regulation (GDPR) that will be applicable to all data of EU citizens starting May 2018 enforces new data privacy obligations on the management and the retention of personally identifiable information (PII) including data collection, retention, protection, modification and deletion processes.
Learn what are the impacts on your business and how to prepare with IBM solutions
GDPR – The Practicalities of a New Reality Susan Moran
GDPR is fast becoming the new reality and will bring big implications for all companies in May 2018. As companies begin to prepare for GDPR, part 2 of our GDPR series will introduce you to some key the GDPR Directive and the changes that it will bring with it.
Presentation to Cyprus Computer Society Records Management event by Christoforos Christoforou, Risk and Strategic Planning Manager at Fileminders http://www.fileminders.com.cy/
Agenda:
1. Introduction to the General Data Protection Regulation (GDPR )
2.Data protection: Why all the fuss?
3. How does GDPR affect your business?
GDPR is the most significant change to data protection in a generation and an imminent global issue that will dominate data privacy, management and regulation discussions in 2017. According to recent research, over half of businesses lack preparedness for GDPR. With a quarter of the EU’s grace period over and with fines of up to €20 million (or 4% of global turnover), there is a lot at stake for companies falling behind the May 2018 deadline. So, where do you start?
Join renowned information security consultant and GDPR expert, Brian Honan, along with Tim Erlin, Senior Director, Security and IT Risk Strategist at Tripwire as they walk you through the essential steps to accelerate your GDPR preparedness.
In this session you will learn:
• The key facts about the GDPR regulations
• The implications of the new rules and how they will impact your business
• Practical steps your business can take to prepare
• How your existing security frameworks (ISO/NIST/CSC) can help set the foundation
• How Tripwire can help
GDPR regulations are little over a year away and there are still many questions to be answered for IT. think S3 working with leading technology vendors are answering these questions and leading the way to compliance of IT environments. If you have questions regarding GDPR or want to assess if you are ready for GDPR we can help.
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
GDPR (EU 2016/679) and NIS are intended to strengthen data protection for people in the EU, replacing Directive 95/46/EC. Learn how HyTrust can help with compliance.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
In this Story, we follow Sophie in her life and job. In her new job, she meets Marco, who chose Microsoft Solutions to be as compliant as possible with GDPR.
If you want to hear the story behind the slides, feel free to get in touch via www.thedataprotectionoffice.eu
This webinar provides an overview of:
- The regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Risk management and the GDPR
- Legal requirement for a DPIA
- Why and how to conduct a data flow mapping exercise
- What are the challenges?
- What is an information flow?
- The questions to ask
- Data flow mapping techniques.
A recording of this webinar is available here:
https://youtu.be/EZFgrmzmPYE
Strengthening current personal data protection regulation (EU 95/46), GDPR lays down rules relating to protection of natural persons with regard to processing and free movement of personal data. It applies to all entities in EU member states processing personal data by automated means and processing which form part of a filing system. Application of GDPR will be supervised in Belgium by the privacy commission.
SureSkills GDPR - Discover the Smart Solution Google
In today’s digital business, information is currency. But is your data really protected and delivering value? How can you gain competitive advantage, while ensuring you stay compliant with the onerous upcoming EU General Data Protection Regulation?
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Security of personal data
- Data protection officer
View the webinar here: https://www.youtube.com/watch?v=u285y9hhgOo
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
GDPR is the most significant change to data protection in a generation and an imminent global issue that will dominate data privacy, management and regulation discussions in 2017. According to recent research, over half of businesses lack preparedness for GDPR. With a quarter of the EU’s grace period over and with fines of up to €20 million (or 4% of global turnover), there is a lot at stake for companies falling behind the May 2018 deadline. So, where do you start?
Join renowned information security consultant and GDPR expert, Brian Honan, along with Tim Erlin, Senior Director, Security and IT Risk Strategist at Tripwire as they walk you through the essential steps to accelerate your GDPR preparedness.
In this session you will learn:
• The key facts about the GDPR regulations
• The implications of the new rules and how they will impact your business
• Practical steps your business can take to prepare
• How your existing security frameworks (ISO/NIST/CSC) can help set the foundation
• How Tripwire can help
GDPR regulations are little over a year away and there are still many questions to be answered for IT. think S3 working with leading technology vendors are answering these questions and leading the way to compliance of IT environments. If you have questions regarding GDPR or want to assess if you are ready for GDPR we can help.
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
GDPR (EU 2016/679) and NIS are intended to strengthen data protection for people in the EU, replacing Directive 95/46/EC. Learn how HyTrust can help with compliance.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
In this Story, we follow Sophie in her life and job. In her new job, she meets Marco, who chose Microsoft Solutions to be as compliant as possible with GDPR.
If you want to hear the story behind the slides, feel free to get in touch via www.thedataprotectionoffice.eu
This webinar provides an overview of:
- The regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Risk management and the GDPR
- Legal requirement for a DPIA
- Why and how to conduct a data flow mapping exercise
- What are the challenges?
- What is an information flow?
- The questions to ask
- Data flow mapping techniques.
A recording of this webinar is available here:
https://youtu.be/EZFgrmzmPYE
Strengthening current personal data protection regulation (EU 95/46), GDPR lays down rules relating to protection of natural persons with regard to processing and free movement of personal data. It applies to all entities in EU member states processing personal data by automated means and processing which form part of a filing system. Application of GDPR will be supervised in Belgium by the privacy commission.
SureSkills GDPR - Discover the Smart Solution Google
In today’s digital business, information is currency. But is your data really protected and delivering value? How can you gain competitive advantage, while ensuring you stay compliant with the onerous upcoming EU General Data Protection Regulation?
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Security of personal data
- Data protection officer
View the webinar here: https://www.youtube.com/watch?v=u285y9hhgOo
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
GDPR will replace national data protection laws of all 28 EU member states in May 2018 and is applying to any organization that processes data of EU data subjects.
GDPR clinic - A strategic approach for compliance with the European General Data Protection regulation
Paolo Balboni Ph.D. - Founding Partner at ICT Legal Consulting & President of the European Privacy Association
Nicola Franchetto LL.M. - Associate at ICT Legal Consulting &
Fellow of the European Privacy Association
Korte beschrijving seminar. De verstrekkende kansen en bedreigingen van de nieuwe Europese privacywetgeving voor uw klantcontactstrategie
Hoe gaan we om met de persoonlijke data van onze klanten en hoe zorg je dat de vergaande AVG/GDPR wetgeving een kans biedt voor de marketing activiteiten in plaats van een bedreiging?
Voor general en marketing managers. Voor niet juristen en waar compliance juist niet de invalshoek van een plan van aanpak is.
Wat is de inhoud en betekenis van de Algemene Verordening Gegevensbescherming (GDPR) voor uw bedrijf en welke stappen zijn nodig om compliant te zijn tegen mei 2018? Sirius Legal geeft u een bevattelijk overzicht.
gdpr - avg algemene introductie voor marketeersThe CMR Agency
In tien sheets de basis beginselen van GDPR (General Data Protection Regulation) of AVG (Algemene Verordening van Gegevensbescherming), met als doelgroep: de marketeers.
CyNation: 7 Things You Should Know about EU GDPRIryna Chekanava
An overview of EU GDPR key characteristics, its origins and legal implications of non-compliance. It also provides the initial steps that an organisation needs to follow to operate in compliance with new cyber security regulatory landscape.
This webinar covers:
- An overview of the regulatory landscape and territorial scope
- Principles of the EU GDPR
- Breach notification rules
- Data subject rights
- Changes to consent
- Processor liabilities
- Role of the Data Protection Officer
A recording of this webinar is available here: https://www.youtube.com/watch?v=bEvXj2nhPd0
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
Recent surveys benchmarking the status of U.S. companies' efforts to meet the May 25 deadline for the EU Global Data Protection Regulation (GDPR) have revealed a startling lack of preparedness.
Companies not yet in compliance are likely to violate the directive if they don’t take immediate action, and fines can amount to 2-4 percent of a company’s annual gross revenue. Do you have the resources and information you need to comply?
View to learn:
--What GDPR means to your business
--Short, medium, and long-term actions you can take to protect regulated data and achieve compliance
--How you can streamline incident response and third-party risk management capabilities
--How to streamline the resources and technology needed to keep up with the evolving regulatory landscape
Don't fall behind on these compliance regulations. Take the steps needed to protect the data you collect.
This may feel like a long way off but the obligations on businesses are onerous and the time to prepare is now. The hefty fines that GDPR promises will come into force immediately so businesses are being given plenty of warning to put procedures in place to ensure they are compliant with the regulation. Read this essential guide to getting GDPR ready.
Will you be ready to comply with new EU Data Protection Regulation in time?Per Norhammar
No time to lose to comply with the new EU Data Protection Regulation - deadline is May 2018
Soon you will have to find, evaluate and categorize your company’s stored Personal Data (PD) in what may be thousands of databases. In order to be compliant with this new regulation, in due time, new processes have to be in order.
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...David Kearney
Information governance, records and information management, and data disposition policies are ways to help lower costs and mitigate risks for organizations. Policies and procedures to actively manage data are not just an IT "problem," they're a collaborative business initiative that is a must in today's "big data" environment. With electronic discovery rules, government regulations and the Sarbanes-Oxley Act, all organizations must proactively take steps to manage their data with well-governed processes and controls, or be willing to face the risks and costs that come along with keeping everything. Organizations must know what information they have, where it is located, the duration data must be retained and what information would be needed when responding to an event.
There have been numerous instances of severe legal penalties for organizations that did not have an electronic data strategy, tools, processes and controls to locate and understand their own data. In addition, the risks of unmanaged data include skyrocketing infrastructure and personnel costs and an increase in attorney time to manage massive amounts of data when a litigation event occurs.
Information governance is needed much like any business continuity and disaster recovery plans, but with an understanding of data: where data are located, how data are managed, event response, and regular testing of processes and procedures for preparedness.
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
Your master data is essential to the smooth operation of your business. But it is also valuable to others. Master data is vulnerable to both internal and external attacks. As the future of business and data is increasingly cloud-based, we explore five fundamentals to ensure the security of your data.
The Tsaaro Academy offers CT DPO Intermediate Certification to privacy enthusiasts who want to be certified to handle GDPR and ePrivacy compliance. Click here to learn more and get started today.
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfCIOWomenMagazine
In an increasingly digital world, where personal data has become a valuable commodity, data privacy compliance has emerged as a critical concern for organizations across industries.
Today’s organizations give predominant importance to increased privacy regulations, stakeholder’s profitability demands and the ever so changing consumer privacy expectations. As a result, the emphasis on personal data is growing and the companies are facing complicated reputational, regulatory and data privacy risk environment. It’s a sad fact that the frequency of critical data breaches are increasing and as a result the management administration and the IT departments focus on safeguarding their data systems more than ever before. Our experienced and expertise data security, privacy and information governance experts in UAE helps you to reduce the risks associated with various privacy compliance frameworks along with recognizing the value of your personal data.
General Data Protection Regulation (GDPR) Complianceaccenture
Whether you are at the beginning of your journey, or are already mid-way through, this document presents the key GDPR themes, priority areas, and business opportunities, which we feel are important considerations for any GDPR programme.
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
The General Data Protection Regulation (GDPR) represents significant challenges for financial institutions to comply with the new data processing and record keeping requirements. This Accenture Finance & Risk presentation explores the impact of GDPR on Canadian firms, including lessons learned from our work with clients and knowledge gained that can be used for an effective GDPR journey.
PrivacyOps is a new organizational model that automates and unifies privacy and access operations across functional areas, such as marketing, sales, service, finance, and HR. PrivacyOps utilizes the Privacy by Design framework in order to align an organization’s resources and processes, and to deliver privacy compliance while freeing up resources to focus on their key business objectives and increasing customer trust.
When applied effectively, PrivacyOps can lead to dramatically improved critical business metrics, including conversion rates, referrals, customer retention, and revenues.
PrivacyOps
Framework
Privacy and Access: operations are an increasingly important functional area in organizations and businesses that process personal data governed by privacy laws, such as GDPR, HIPAA, PIPEDA, and DPA.
In the Data Driven age – Privacy needs to work throughout the full data lifecycle in Marketing, Sales, Customer Service, HR, Finance and other organizational boundaries to drive growth. We call this Privacy Operations.
My keynote speech at the ISACA IIA Belgium software watch day in October 2014 in Brussels on the value of big data and data analytics for auditors and other assurance professionals
Marketer’s Guide to GDPR & Data Privacy Download Guide.
Get to Know Your Visitors the Right Way. Why Compliance Matters?
Companies may well have to invest considerable time and money integrating GDPR compliance into operational procedures.
This is because the EU has designed financial sanctions, so as to make GDPR non-compliance costly - up to €20 million or 4% of the global annual turnover
(whichever is higher).
Discover all you need to know about GDPR & Data Privacy. Check out our Hub to access articles, guides, checklists & more » https://www.visitor-analytics.io/en/resources/gdpr-and-data-privacy/
The EU, together with subordinate national data protection agencies, have ramped up enforcement efforts in recent years.
Severe Financial Penalties
Total GDPR fines have grown from $179 million to $1.2 billion
between January 2021 and January 2022 - a sevenfold increase.
Similar to 3GRC approach to GDPR V 0.1 www.3grc.co.uk (20)
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
1. Cyber Security & Data Protection
Steve Smith– CEO - 3GRC www.3grc.co.uk
Considerations for GDPR
2. Session Agenda
04
03
02
01
GDPR Overview
Ideal Approach
Common Issues
Questions
2018 Looms
Overview of the key aspects of
GDPR and how it is going to
impact SMEs on a foundational
level.
A Better Way We Make Mistakes
Mechanisms for getting the
business prepared and
developing matured data centric
methodologies.
Quiz Me
Opportunity to ask industry
specific points and share
experiences in GDPR
preparation.
Common mistakes experienced
by SMEs deploying a data centric
methodology to support GDPR
compliance.
3. GDPR Overview
Key Aspects of GDPR
Penalties
Timescales
Applicability
Scope
Taking effect in May
2018, with an
expectation that
businesses have
begun maturing their
data centric
workflows.
Potential fines locked
at up to 4% of global
turnover or €20m,
based on due
diligence measures
and scale of a data
breach/non
compliance.
European Individuals
data both internally
and through the
supply chain,
leveraging DPIAs for
sensitive data or large
scale processing.
Any organisation
exposed to personally
identifiable material
on a European
Individual, irrespective
of location.
Regional authorities
have the power to
impose and govern,
potentially providing a
local revenue stream
and local precedents.
Accountability
4. GDPR Overview 1. Lawfulness, Fairness & Diversity
Processed data lawfully, fairly and in a
transparent manner in relation to the data
subject – Opt-in
2. Purpose Limitation
Personal data must be collected and
leveraged for specific purposes. Processing
of PI for archiving purposes in the public
interest, or scientific and historical purposes
is ok. Article 83(1) outlines safeguards.
3. Data Minimisation
Personal data must be adequate, relevant
and limited to those which are necessary in
relation to the purposes for which they are
processed.
4. Accuracy
PI must be accurate and where necessary, kept up to date. Steps
taken to ensure inaccurate PI is erased or rectified without delay.
Scope
Doesn’t end at the perimeter and extends
to data flows and relationships with third
parties and even fourth parties.
7. Accountability
The controller shall be responsible for and
be able to demonstrate compliance with
these principles.
6. Integrity & Confidentiality
PI must be processed in a manner ensuring appropriate
security of personal data, including unlawful processing
and accidental loss, destruction or damage.
5. Storage Limitation
PI must be kept in a form which permits
identification of data subject for no longer than
necessary based on purposes for processing.
Key
Principles
5. Ideal Approach
Visibility
Remediation
Maintenance
Understanding the Gaps
Leverage GDPR surveys to identify non-
compliance. Identify disparate business unit as
there is likely to be variances in workflows.
Technology can drive efficient visibility. Seek
funding from the board for remediation.
Working to Compliance
Use standard remediation risk registers to
proactively address gaps and schedule
remediation timescales. Benchmark business
variance where necessary to foster competition
and identify stragglers.
Keeping the Consistency
Once ‘compliance’ is achieved, schedule
reviews bi-annually with disparate business
workflows to identify any lapses as they occur
over time. Continue testing and auditing.
Technology assists with this process.
Logical Methodology
Many organisations are fixing gaps in time for
2018. Informed data-centric tracking is key and
brings wider business benefit through informed
security controls rather than a traditional
perimeter. Internal data flow visibility is key.
6. Assign Data Protection Officer
Not always mandatory, but
recommended for executive buy
in
Adjust Contracts
Apply contract clauses for all
emerging contracts and track
renewals for amendment
Incident Management
Assess your IM process to ensure it
allows speedy identification, or at
least reaction
Audit Trails
Build the data centric audit
trail for future maturity
considering right to audit
Employee Awareness
Embed a ‘little and often’ training
approach for staff, for both risk
and knowledge
Ideal Approach
Data Centric Quick Wins
7. Ideal Approach
Data Governance
Data Silo
Controls
Cross
reference
data asset
maps against
security
mechanisms.
Don’t rely on
the perimeter
and consider
internal
access.
Long term aspirations should include the identification of data, treating PII as a critical data
set separate from a standard hardened perimeter. This good practice is largely transferrable
to any critical business dataset.
Privacy Impact
Assessments
Consider both
privacy by
design and right
to be forgotten
in any new
systems, and
develop plans
for legacy
systems to
include controls.
Subject Access
Requests
Cannot be
charged unless
excessive or
unfounded. 30
days for
delivery,
recommend
user ownership
or data
discovery tools.
Full Data Mapping
Regularly conduct
scheduled
surveys/discovery
scans to identify
data flows,
creating a live data
asset map of PII
attributes. This
includes quantity,
transfer, owner,
data attributes.
8. Common Issues
Training and Awareness
Emphasis on large scale training for
a tick box, then continuing to fight
for business change and
widespread adoption. Scare tactics
alone don’t help.
Data Protection Officer Skills
Having the wrong role spearheading data
protection. A DPO needs to be onboard and
suitably informed on both legislation and
logical good practice.
Data Workflow Identification
Keeping visibility static or focusing on
structured data solely. Not leveraging
business intelligence for ownership
Registered Regulatory Authority
Not considering which regulatory authority
will be responsible for the business.
Decision making location for infosec/data
management can be the locale, rather than
majority of data.
Silo Protection
Becoming focused on doing too much rather than
intelligently applying proportionate controls and
processes based on key risk areas. What works for
one BU doesn’t always work for another.