Directiva Comúnitaria Proteção dados Pessoais = Objectivo da Directiva Comunitária dados pessoais + Requisitos das organização para compliance com a regulamentação + Como o fabricante Sophos pode ajudar a estar compliance com a regulamentação

1. 1
New EU Data
Protection Regulation
Proposed changes and what they mean for
your business

2. 2
Agenda
• Proposed EU Data Protection Regulation
• How to comply with the Regulation and minimize fines in the
event of a breach
• Stopping breaches in the first place
• NextGeneration data protection.
• How Sophos can help

3. 33
EU Data Protection
Regulation

4. 4
Amendments from
European Parliament
21 November 2013
(623 pages)
Q&A on EU DP reform
European Parliament
22 October 2013
Project of Regulation
European Commission
25 January 2012
(118 pages)
Press pack from the
European Commission
22 October 2013
Handbook on
European
data protection laws
Council of Europe
December 2013
Sources

5. 5
Establish a single, pan-European law to
replace the current inconsistent
patchwork of national laws.
Modernize the principles enshrined in the 1995 Data
Protection Directive
Goal

6. 6
Benefits of the new Regulation
Benefits for businesses
1. One EU market, one law
2. One-stop-shop – a single supervisory authority
3. Same rules for all companies
Benefits for EU citizens
1. Better data security
2. Putting people in control

7. 7
Data security focus
3 key Articles pertaining to data security :
1. Security of processing (Article 30)
a. prevent any unauthorized access to personal data
b. prevent any unauthorized disclosure, reading, copying, modification,
erasure or removal of personal data
2. Notification of a personal data breach to the supervisory
authority (Article 31)
3. Communication of a personal data breach to the data
subject (Article 32)

8. 8
What you need to know
• Organizations must:
￮ implement appropriate security measures to protect personal data
￮ have a clear data protection policy
￮ have a named Data Protection officer (except SMEs)
• Fines for unprotected data breaches will range up to €100
million or 5% of annual turnover.
• If you suffer a breach and can show that the personal data can’t
be accessed by unauthorized people (e.g. it was encrypted):
￮ The likelihood of being fined should be very greatly reduced
￮ You won’t need to notify affected data subjects of the breach

9. 9
The legislative process
• 25 January 2012 – Draft legislation first presented by EU
Commissioner Vivian Reding
• January 2012 – October 2013 – Extensive discussion and
amendment to the proposed bill
• 12 March 2014 – European Parliament voted overwhelmingly
in favor of the legislation (95%)
• The Regulation still needs to go through further steps.
However, it is widely anticipated that it will be adopted by
2015
9

10. 1010
How to ensure
compliance with the
Regulation

11. 11
Encryption is key
The Regulation will require organizations to:
1. Implement ‘appropriate security measures’ to protect personal data
Encryption is widely agreed to be the best data security measure
available
2. Notify affected parties in the event of a personal data breach
If you can prove the data was encrypted you don’t need to notify
the individuals concerned
3. Pay fines in the event of a personal data breach
If the data was encrypted it’s highly likely that no fines will be
imposed

12. 12
Encryption is key
But What? Where? When?

13. 13
Lost or Stolen Device
Unencrypted Encrypted
• Accidental loss or Theft of a device is a common
occurrence.
• Only authorized user should access devices.
• How many devices have you lost?

14. 14
Copy Files to Removable Media
• These tiny devices can store large amounts of data
and are easily misplaced.
• Block or protect?
• Where is your first USB stick and what was on it?

15. 15
Attach Files to E-Mail
• We all email & we all make mistakes (it happens)
• What’s the consequence of sending the wrong
attachment to the wrong person?
• Encrypt file attachments or examine at Gateway?

16. 16
Copy Files to a Network Share
• Today’s Operating Systems make sharing data on the
Network very simple.
• Protect against Internal Threats.
• Who is allowed to access company/user data?

17. 17
Copy Files to the Cloud
• Cloud Storage Services revolutionized the way we
share data between users and devices.
• What have you stored in the Cloud and what
happens if someone steals it?
• Encrypt the data before sending it to the Cloud.

18. 18
Rock solid data protection strategy
It’s all about the data
1. How does data flow into and
out of your organization?
2. How do end users use the
data?
3. Who has access to company
data?

19. 1919
Preventing breaches

20. 20
5 steps to stop data getting into the wrong hands
1. Keep patches up-to-date
Data-stealing malware often exploits known vulnerabilities.
2. Apply multi-layered entry-point protection
Secure against multiple vectors of attack with Web, Email and Malware
protection at the gateway.
3. Select Advanced Threat Protection
Choose a next-generation firewall that detects and blocks attacks directly
on the network.
4. Use Selective Sandboxing
Secure against slow-moving or delayed threats.
5. Limit dissemination of sensitive data
Deploy Application Control and Data Control

21. 2121
How Sophos can help

22. 22
Our award-winning encryption
solutions are appropriate security
measures to protect personal data

23. 23
SafeGuard Enterprise Encryption
• Encrypts data on multiple devices and operating systems
• Doesn’t slow you down – it’s built to match your organization’s
workflow and processes
• Includes central management of Microsoft’s BitLocker and
Apple’s FileVault
• Provides extensive reporting to demonstrate proof of compliance
SafeGuard ensures personal data is protected if a breach occurs

24. 24
SPX Email Encryption
• Email encryption and DLP solution
that protects the privacy,
confidentiality, and integrity of your
sensitive emails.
• Automatically detects sensitive
information leaving your
organization by email, and either
blocks it or encrypts it
• Takes security out of the hands of
your employees and looks after it
for them.
• Available in Sophos UTM and the
Sophos Email Appliance

25. 25
We can help you create a
data protection policy

26. 26
Sample data protection policy
Use the Sophos sample policy as the basis for your own.
Customize for your organization.

27. 27
And we can help you
prevent breaches in the first place

28. 28
Protecting against hackers and accidental loss
Sophos Endpoint Protection
￮ Patch assessment to
identify and prioritize
missing patches
￮ Application Control
￮ Data Control
￮ Advanced web protection
capabilities
Sophos UTM
￮ Advanced Threat
Protection capabilities
￮ Selective sandboxing
￮ Advanced web protection
capabilities
￮ Optional SPX email
encryption

29. 2929
El futuro de la protección de
datos: Next Generation Data
Protection

30. 30
Next Generation Data Protection
DLPDLP Reactive to
Integrity
Reactive to
Integrity
Continuous
Collaboration
Continuous
Collaboration
Simple &
Unobtrusive
Protection
Simple &
Unobtrusive
Protection

31. 3131
Summary

32. 32
Summary
• This legislation WILL go ahead
￮ It has already progressed very far, and with very high support. It will not
be allowed to fail.
• Key stakeholders want to move fast
￮ European Commission
￮ European Parliament
￮ Data Protection Authorities
￮ Individual Governments
• Media pressure is building up
￮ PRISM, large scale data thefts (e.g. Target)
￮ Confidence from citizens in online activities is eroding
• You need to be ready
￮ Implement appropriate data security measures
￮ Create and communicate your data protection policy

33. 33
Resources available to help you
• Sample Data Protection Policy
• 60-Second EU Data Security Compliance Check
• Whitepaper on EU Data Protection Regulation
• Try for Free: Sophos SafeGuard Enterprise and SPX email
encryption
All available at www.sophos.com/EU

34. 34© Sophos Ltd. All rights reserved.