This material was presented at Orang Siber Indonesia regular webinar.
Content:
> Understanding privacy management
> Global privacy news
> Understanding privacy regulations and frameworks
> Data Privacy Program Management practices
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
Presented at CDEF 16th Meetup at 18 August 2022.
Title:
Privacy-ready Data Protection Program Implementation
Topics:
- Why data protection is important
- Data Privacy Program Domain
- Operationalize Data Privacy Program
- Privacy-aligned Information Security Framework
- Roadmap to Protect Personal Data
- Privacy Management Technology
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
Presented at Orang Siber Indonesia webinar.
11 July 2020
Topic: Data Protection: Basic Regulation and Technical Aspects
This presentation covers:
> Indonesia Data Protection Bill
> Data Masking
> Identity & Access Management
> Data Loss Prevention
Join us (for Indonesian):
t.me/orangsiber
t.me/dataprotectionid
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
Sosialisasi UU Pelindungan Data Pribadi untuk sektor kesehatan.
Webinar Serial TIK I-2022
Diselenggarakan oleh:
*INDOHCF - KREKI - IODTI - FORKOMTIKNAS - Z-COURSE*
TOPIK:
*Implikasi UU PDP (Perlindungan Data Pribadi) Terhadap Tata Kelola Data di Sektor Kesehatan*
Rancangan Undang - Undang (RUU) Perlindungan Data Pribadi (PDP) telah resmi disahkan menjadi Undang-Undang (UU) dalam Rapat Paripurna DPR RI pada tanggal 20 Sept 2022. Sambil menunggu peraturan pelaksanaannya, maka perlu lebih mencermati isi regulasi tsb dan mendiskusikan bagaimana implikasinya bagi sektor kesehatan baik Faskes, BPJS, Masyarakat dan stakeholder kesehatan lainnya
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
Presented at APTIKNAS (Indonesia ICT Business Association) DKI Jakarta regular webinar.
Title:Data Loss Prevention: Fundamental Concept in Enabling DLP System
2 July 2020
Data Leakage is an important concern for the business organizations in this increasingly networked world these days. Unauthorized disclosure may have serious consequences for an organization in both long term and short term. Risks include losing clients and stakeholder confidence, tarnishing of brand image, landing in unwanted lawsuits, and overall losing goodwill and market share in the industry.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
Presented at CDEF 16th Meetup at 18 August 2022.
Title:
Privacy-ready Data Protection Program Implementation
Topics:
- Why data protection is important
- Data Privacy Program Domain
- Operationalize Data Privacy Program
- Privacy-aligned Information Security Framework
- Roadmap to Protect Personal Data
- Privacy Management Technology
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
Presented at Orang Siber Indonesia webinar.
11 July 2020
Topic: Data Protection: Basic Regulation and Technical Aspects
This presentation covers:
> Indonesia Data Protection Bill
> Data Masking
> Identity & Access Management
> Data Loss Prevention
Join us (for Indonesian):
t.me/orangsiber
t.me/dataprotectionid
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
Sosialisasi UU Pelindungan Data Pribadi untuk sektor kesehatan.
Webinar Serial TIK I-2022
Diselenggarakan oleh:
*INDOHCF - KREKI - IODTI - FORKOMTIKNAS - Z-COURSE*
TOPIK:
*Implikasi UU PDP (Perlindungan Data Pribadi) Terhadap Tata Kelola Data di Sektor Kesehatan*
Rancangan Undang - Undang (RUU) Perlindungan Data Pribadi (PDP) telah resmi disahkan menjadi Undang-Undang (UU) dalam Rapat Paripurna DPR RI pada tanggal 20 Sept 2022. Sambil menunggu peraturan pelaksanaannya, maka perlu lebih mencermati isi regulasi tsb dan mendiskusikan bagaimana implikasinya bagi sektor kesehatan baik Faskes, BPJS, Masyarakat dan stakeholder kesehatan lainnya
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
Presented at APTIKNAS (Indonesia ICT Business Association) DKI Jakarta regular webinar.
Title:Data Loss Prevention: Fundamental Concept in Enabling DLP System
2 July 2020
Data Leakage is an important concern for the business organizations in this increasingly networked world these days. Unauthorized disclosure may have serious consequences for an organization in both long term and short term. Risks include losing clients and stakeholder confidence, tarnishing of brand image, landing in unwanted lawsuits, and overall losing goodwill and market share in the industry.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
The General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and organisations and data subjects alike are mostly in the dark about what it means and how it affects them This is a summary of the regulation and how businesses can leverage the implementation of international standards such as ISO 27001 to meet the requirements of the regulation.
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
Due to an increase in the collection of consumer data, high-profile data breaches have become common.
Currently, there are 128 countries all over the world that have already put in place regulations to secure the protection of data and privacy.
The webinar covers:
Data protection, a global development
Introduction to the GDPR, ePrivacy & ISO/IEC 27701
GDPR & ISO/IEC 27701mapping
ePrivacy & ISO/IEC 27701 mapping
Recorded Webinar: https://youtu.be/oVhIoHAGGwk
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Data Protection Officer Dashboard | GDPRCorporater
Data Protection Officers (DPOs) have a very critical role to play in today's organizations, especially with the implementation of GDPR. Data Protection Officer dashboards are an essential aid to DPOs to stay on top of GDPR compliance activities, and to implement and monitor GDPR projects.
The presentation gives insight into the essentials of a DPO dashboard.
The Tsaaro Academy offers CT DPO Intermediate Certification to privacy enthusiasts who want to be certified to handle GDPR and ePrivacy compliance. Click here to learn more and get started today.
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
The General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and organisations and data subjects alike are mostly in the dark about what it means and how it affects them This is a summary of the regulation and how businesses can leverage the implementation of international standards such as ISO 27001 to meet the requirements of the regulation.
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
Due to an increase in the collection of consumer data, high-profile data breaches have become common.
Currently, there are 128 countries all over the world that have already put in place regulations to secure the protection of data and privacy.
The webinar covers:
Data protection, a global development
Introduction to the GDPR, ePrivacy & ISO/IEC 27701
GDPR & ISO/IEC 27701mapping
ePrivacy & ISO/IEC 27701 mapping
Recorded Webinar: https://youtu.be/oVhIoHAGGwk
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Data Protection Officer Dashboard | GDPRCorporater
Data Protection Officers (DPOs) have a very critical role to play in today's organizations, especially with the implementation of GDPR. Data Protection Officer dashboards are an essential aid to DPOs to stay on top of GDPR compliance activities, and to implement and monitor GDPR projects.
The presentation gives insight into the essentials of a DPO dashboard.
The Tsaaro Academy offers CT DPO Intermediate Certification to privacy enthusiasts who want to be certified to handle GDPR and ePrivacy compliance. Click here to learn more and get started today.
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
On-demand recording link:https://info.trustarc.com/WB-2019-06-19-GDPR-Compliance-Convince-Customers-Partners-Board.html?utm_source=slideshare
Many companies have invested significant time and resources trying to design and implement GDPR compliance programs. Internally, they may have generated hundreds or thousands of pages of project plans, policies, processes and reports – including records of processing, DPIA reports and much more. But how can you demonstrate to internal stakeholders, clients and partners that you have a comprehensive program and that your processes and products are GDPR-compliant?
This webinar will provide these key takeaways:
-The current state of an official GDPR certification and codes of conduct
-Case studies of how companies are demonstrating compliance
-The benefits of an external third party GDPR validation
For more information visit https://www.thesaurus.ie or https://www.brightpay.ie
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Payroll bureaus process large amounts of personal data, not least in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this CPD accredited webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How it will impact payroll bureaus
How to prepare for GDPR
How we are working to help you
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
Today’s organizations give predominant importance to increased privacy regulations, stakeholder’s profitability demands and the ever so changing consumer privacy expectations. As a result, the emphasis on personal data is growing and the companies are facing complicated reputational, regulatory and data privacy risk environment. It’s a sad fact that the frequency of critical data breaches are increasing and as a result the management administration and the IT departments focus on safeguarding their data systems more than ever before. Our experienced and expertise data security, privacy and information governance experts in UAE helps you to reduce the risks associated with various privacy compliance frameworks along with recognizing the value of your personal data.
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties.
Amongst others, the webinar covers:
Importance of Data Protection
Understanding Data Collection and Challenges
Introduction to GDPR
Key Principles of GDPR
Who does GDPR Apply to and Its Global Implications
Introduction to ISO/IEC 27701
Implementing ISO/IEC 27701
Privacy by Design
Dealing with IT on a Daily Basis
Building Awareness and Training
Audit, Data Discovery, and Risk Assessments
Presenters:
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Lisa Goldsmith
Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders.
Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East.
Date: June 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/lfJrSLaGDtc
Website: https://bit.ly/437GOnG
Robert Stoicescu - GDPR: Principalele provocari identificate de PwC in RomaniaAvaelgo
PwC Romania va prezenta principalele provocări cu care marea majoritate a companiilor din România se confruntă, lipsuri și nevoi identificate în urma unor procese complexe de audit.
De la concepte teoretice de bună practică, până la procese și funcționalități. De la conștientizarea angajatilor în privința răspunderii lor și până la punerea în aplicare a unor reguli de bază în securitatea informațiilor.
GETTINGGDPR-READY MEANS SETTING UP A PRIVACY MANAGEMENT SYSTEM,
BEING ABLE TO SHOW IT AND KEEPING IT EFFECTIVE
A management system is a “living” entity which adapts to business context (new markets-products-services, M&A, demerge, law/policies changes, … ) and improves over time
For more information visit thesaurus.ie or brightpay.ie
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsTrustArc
CCPA is in full effect and - as of July 1, 2020 - is being fully enforced. The “wait and see” game is officially over and organizations must be fully compliant in order to avoid regulatory fines and negative publicity. There are many requirements set forth by the CCPA, and building a strong compliance plan can be daunting. Not only does the compliance plan need to be set-up for future growth and changes, but it also needs the flexibility to produce on-demand, customized reports to provide to stakeholders.
TrustArc has helped organizations of all sizes and maturity with CCPA compliance from simple assessments to full automation. Investing time upfront to perform the proper analysis and planning is key to feeling confident that your CCPA compliance program will efficiently and effectively mitigate risk while meeting business objectives.
Join this webinar to see how TrustArc CCPA solutions help organizations of all sizes and maturity achieve and maintain compliance.
This webinar will review:
-Stages of CCPA program maturity
-TrustArc CCPA solutions for every stage of compliance
For more information visit https://www.brightpay.co.uk
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
Data Privacy: The Hidden Beast within Mergers & AcquisitionsTrustArc
Today, growing an organization through Mergers & Acquisitions (M&A) has become a popular business practice. This can lead to great success but it can also cause a potential liability to the acquirer if global data privacy laws and regulations are not considered during the acquisition. Businesses that adopt this strategy need to be aware of how to handle the data involved in the acquisitions.
Between new and evolving data privacy laws, an increased focus on regulators, and increased liability on the acquirer, incorporating data privacy practices is necessary for the M&A transaction process.
Learn how our Advisory Services team guides customers through two critical processes. The first is the process of assessing where you are today and the second is the process of building a stronger privacy program for tomorrow customized to your organization.
This new document explores how Accenture can help financial services firms use a holistic data-centric approach to compliance and to respond to the requirements and challenges to the General Data Protection Regulation. Learn more: https://accntu.re/2uq8ANV
Similar to Common Practice in Data Privacy Program Management (20)
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIEryk Budi Pratama
UU No 27 Tahun 2022 tentang Pelindungan Data Pribadi (“UU PDP”) telah disahkan pada bulan Oktober 2022 dan saat ini telah memasuki masa tenggang. Ketiadaan peraturan teknis / turunan membuat banyak organisasi masih ragu dalam menetapkan arah dan mengimplementasikan UU PDP sesuai dengan peraturan perundang-undangan yang berlaku. Salah satu aspek penting dalam UU PDP adalah terkait penunjukan Pejabat/Petugas yang melaksanakan fungsi Pelindungan Data Pribadi (PPDP) atau Data Protection Officer (DPO) seperti yang diamanatkan oleh UU PDP Pasal 53 dan 54.
Melalui Keputusan Menteri Ketenagakerjaan Republik Indonesia Nomor 103 Tahun 2023 tentang Penetapan Standar Kompetensi Kerja Nasional Indonesia Kategori Informasi dan Komunikasi Golongan Pokok Aktivitas Pemrograman, Konsultasi Komputer dan Kegiatan yang Berhubungan dengan Itu (YBDI) Bidang Keahlian Pelindungan Data Pribadi yang ditetapkan pada tanggal 23 Juni 2023, maka standar kompetensi PPDP/DPO telah sah untuk dapat dijadikan rujukan dalam menentukan kompetensi SDM, kebutuhan rekrutmen, pelatihan, dan sertifikasi terkait dengan Pelindungan Data Pribadi.
Ringkasan Standar Kompentensi / SKKNI Pelindungan Data Pribadi ini disusun untuk memudahkan masyarakat dalam memahami secara ringkas 4 Fungsi Kunci, 8 Fungsi Utama, dan 19 Fungsi Dasar yang telah disusun oleh Tim Perumus dan Kementerian Komunikasi dan Informatika Republik Indonesia, serta disahkan oleh Menteri Ketenagakerjaan Republik Indonesia. Semoga ringkasan SKKNI PDP ini dapat bermanfaat dan memberikan panduan secara ringkas tidak hanya perihal kompetensi PPDP/DPO, namun juga hal-hal yang dapat dilakukan oleh organisasi dalam menerapkan Program Pelindungan Data Pribadi.
Salam,
Eryk Budi Pratama, CIPM, CIPP/E, FIP
Chairman - Institute of Digital Trust Indonesia (IODTI)
Tim Perumus SKKNI Pelindungan Data Pribadi
Tim Perumus Rancangan Peraturan Pemerintah Pelindungan Data Pribadi (“RPP PDP”)
eryk@digitaltrustid.org
Modern IT Service Management Transformation - ITIL IndonesiaEryk Budi Pratama
Presented at Online ITIL Indonesia Webinar #5.
Content:
> Setting up the context
> Understanding holistic IT Management point of view
> IT Service Management Transformation
> Key Performance Indicator (KPI)
> IT Service Catalogue
> IT Sourcing
> Agile Incident Management
Presented at National Webinar of ISACA Student Group, Universitas Kristen Satya Wacana, indonesia.
Title: Cyber Resilience: Post COVID-19 - Welcoming New Normal
2 July 2020
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
Presented at Absolut Data Event, 17 Dec 2019, at GoWork Kuningan.
Event URL: https://www.eventbrite.com/e/panel-discussion-what-will-you-prepare-with-data-in-2020-tickets-84851546259
My presentation summarized the two of KPMG publication related to Trust in Data & Analytics. The focus of this event was panel discussion.
Ref 1 : https://assets.kpmg/content/dam/kpmg/xx/pdf/2016/10/building-trust-in-analytics.pdf
Ref 2: https://assets.kpmg/content/dam/kpmg/xx/pdf/2018/02/guardians-of-trust.pdf
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
Presented at Indonesia Honeynet Project (IHP) meetup. This presentation covering:
1. Overview of Industry 4.0
2. IoT Security Model
3. How to Secure IoT
4. Research in IoT
Other emerging technology risk area that will be covered in my professional services:
1. Cloud
2. Mobile
3. Artificial Intelligence / Intelligent Automation
4. Data & Analytics
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
Respresenting Cyber Defense Community (cdef.id) to present and share my view on Secure DevOps / DevSecOps. Through this presentation, I shared several insights about:
1. How to balance the risk and controls in the "great shift left" paradigm (agile)
2. DevOps activities
3. How to seamlessly integrate security into DevOps
4. How to "shift left" the security"
5. Get started with Secure DevOps / DevSecOps
6. Case Study about DevSecOps implementation
For further discussion, especially how to secure digital and agile transformation in your organization, don't hesitate to contact me :)
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
(re-upload)
Capability assessment of IT Governance using COBIT 5 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordinary And Special Businesses And Ordinary And Special Resolutions with Companies (Postal Ballot) Regulations, 2018
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Massimo Talia
This guide aims to provide information on how lawyers will be able to use the opportunities provided by AI tools and how such tools could help the business processes of small firms. Its objective is to provide lawyers with some background to understand what they can and cannot realistically expect from these products. This guide aims to give a reference point for small law practices in the EU
against which they can evaluate those classes of AI applications that are probably the most relevant for them.
Common Practice in Data Privacy Program Management
1. 11
Eryk B. Pratama
IT Advisory & Cyber Security Consultant at Global Consulting Firm
Komunitas Data Privacy & Protection Indonesia
29 Aug 2020 | 20.00
OSI Webinar
Common Practice in Data Privacy
Program Management
7. RUU Perlindungan Data Pribadi
Regulation
Key Highlight
▪ Explicit Consent is required from the data owner for
personal data processing.
▪ Responding timelines for Data subject rights have been
separately called out in the RUU PDP.
▪ Data controller to notify the data owner and the Minister
within 3 days of data breach.
▪ Penalties for non-compliance may range from Rp 20 Billion
to Rp 70 Billion or Imprisonment ranging from 2 to 7 years
Data Owner Data Controller Data Processor Data Protection Officer
8. COVID-19 Impact on Privacy and Data Protections
Global Privacy News
Source: TrustAcrc – Global Privacy Benchmarks Survey 2020
The Pandemic had forced a global response including lockdowns in Europe, Asia and North America. Some 42% of companies expected to
have either a decrease or steep decrease in revenues as a result. When asked what percent of their company's workforce had switched to
working from home as a result of COVID–19, 62% indicated that more than half their workforce had done so. Over half of all respondents
believe the Pandemic has increased risk across a number of areas
9. Types of Privacy Assessment
Global Privacy News
Source: IAPP TrustArc - Measuring Privacy Operations 2019
There’s less of a difference between highly regulated and unregulated firms when it comes to the types of privacy assessments they
conduct, other than a slight up-tick in GDPR-related assessments among unregulated firms, which are more likely to be doing business in
the EU regardless of where they are located.
10. Data Privacy Framework
Regulations & Frameworks
NIST Privacy KPMG PrivacyISO/IEC 27701
▪ Information Lifecycle Management
▪ Governance and Operating Model
▪ Inventory/Data Mapping
▪ Regulatory Management
▪ Risk and Control
▪ Policies
▪ Processes, Procedures and
Technology
▪ Security for Privacy
▪ Third Party Oversight
▪ Training and Awareness
▪ Monitoring
▪ Incident Management
▪ Inventory and Mapping
▪ Data Processing Ecosystem Risk
Management
▪ Governance Policies, Processes, and
Procedures
▪ Awareness and Training
▪ Monitoring and Review
▪ Data Processing Management
▪ Communication
▪ Data Security
▪ Protective Technology
▪ Detection Processes
▪ Respond Processes
▪ Recovery Processes
▪ Conditions for collection and
processing
▪ Obligations to PII principals
▪ Privacy by design and privacy by
default
▪ PII sharing, transfer, and disclosure
▪ PIMS-specific requirements related
to ISO/IEC 27001
▪ PIMS-specific requirements related
to ISO/IEC 27002
▪ Additional ISO/IEC 27002 guidance
for PII controllers
▪ Additional ISO/IEC 27002 guidance
for PII processors
Data Privacy Framework
11. Privacy Program Management - IAPP
Privacy Program Management Practice
▪ Privacy Vision & Mission
▪ Privacy Program Scope
▪ Develop & Implement Framework
▪ Develop Privacy Strategy
▪ Privacy Team & Governance Model
▪ Inventories & Record
▪ Record of Processing Activities
▪ Impact Assessment
▪ Vendor/Third Party Assessment
▪ Privacy in Mergers, Acquisitions, &
Divestiture
Privacy Policy
▪ Privacy Notices & Policies
▪ Choice, Consents, and Opt-out
▪ Data Subject Request
▪ Handling Complaint
Training & Awareness
Privacy by Design &
Privacy by Default
Incident Management
Monitoring & Auditing Program Performance
Privacy Governance Data Assessment Data Subject Rights
Privacy Program Management is the structured approach of combining several disciplines into a framework that allows an organization to
meet legal compliance requirements and the expectations of business clients or customer while reducing the risk of a data breach. The
framework follows program management principles and considers privacy regulations from around the globe.
12. Privacy Management Area - Practical
Privacy Program Management Practice
Research & Program Maturity Privacy Program Management Privacy Rights & Consent
Regulatory Research
Track the Evolving Privacy Landscape
Awareness Training
Train Employees on Privacy Best Practices
Maturity & Planning
Track Program Maturity Over Time
Program Benchmarking
Compare Maturity to Similar Organizations
Data Mapping
Understand Your Data Processing
Automated Assessment
Automate PIAs, DPIAs, and Privacy by
Design
Vendor Risk Management
Centralized Assessments, Contracts, & DPAs
Incident Response
Plan for and Respond to Incidents &
Breaches
Policy & Notice Management
Centrally Manage & Host Privacy Policies
Privacy Rights (DSAR)
Manage Request from Intake to Fulfillment
Cookie Consent
Automate Valid Consent on Web Properties
Mobile App Consent
Scan & Capture Consent in Mobile Apps
Universal Consent & Preferences
Compares Maturity to Similar Organizations