The document provides an overview of the main requirements of the General Data Protection Regulation (GDPR). It discusses definitions of personal data, genetic data, biometric data, and health data according to the GDPR. It also summarizes nine key GDPR requirements regarding the controller vs processor roles, right to erasure, consent requirements, right of access, right to data portability, data breach reporting, record keeping, data protection by design/default, and security of processing. The document further discusses data governance topics such as data collection, consent, anonymization/pseudonymization, right to be forgotten, data access control, and data export requirements.
GDPR for public sector DPO's seminar, April 2018, ManchesterBrowne Jacobson LLP
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
This presentation outlines the General Data Protection Regulation ("GDPR") and the key changes that will be brought about as of 25th May 2018 - ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
The recent Facebook-Cambridge Analytica scandal has stirred heated discussions on privacy around the globe. An estimated 87 million people are affected by the data breach. Although the majority of the affected users are in the United States, Facebook published that personal data of over 1 million users in the Philippines, United Kingdom, and Indonesia are also compromised.
For the people who ratified the General Data Protection Regulation (GDPR), the answer is a resounding NO.
As Reinis Papulis of KRONBERGS ČUKSTE DERLING points out, “today’s level of technological development and role of personal data in the provision of various services has made it impossible to ensure the protection of personal data (privacy of individuals) at an adequate level with a legal act that was adopted in the second half of the 90's.”
This has prompted the EU to overhaul its defences against data breaches. Technology changes fast and data collection is at its peak today. Out of the necessity to protect consumers and uphold data privacy, the General Data Protection Regulation is set to be in full effect beginning May 25, 2018.
The battle for data privacy is not lost. And the enforcement of GDPR shows that we can still put up a good fight against companies that treat our personal data as commodities. However, there’s still a long way ahead of us.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
GDPR for public sector DPO's seminar, April 2018, ManchesterBrowne Jacobson LLP
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
This presentation outlines the General Data Protection Regulation ("GDPR") and the key changes that will be brought about as of 25th May 2018 - ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
The recent Facebook-Cambridge Analytica scandal has stirred heated discussions on privacy around the globe. An estimated 87 million people are affected by the data breach. Although the majority of the affected users are in the United States, Facebook published that personal data of over 1 million users in the Philippines, United Kingdom, and Indonesia are also compromised.
For the people who ratified the General Data Protection Regulation (GDPR), the answer is a resounding NO.
As Reinis Papulis of KRONBERGS ČUKSTE DERLING points out, “today’s level of technological development and role of personal data in the provision of various services has made it impossible to ensure the protection of personal data (privacy of individuals) at an adequate level with a legal act that was adopted in the second half of the 90's.”
This has prompted the EU to overhaul its defences against data breaches. Technology changes fast and data collection is at its peak today. Out of the necessity to protect consumers and uphold data privacy, the General Data Protection Regulation is set to be in full effect beginning May 25, 2018.
The battle for data privacy is not lost. And the enforcement of GDPR shows that we can still put up a good fight against companies that treat our personal data as commodities. However, there’s still a long way ahead of us.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
Presentation at the COCIR annual meeting on 17 March 2016 regarding the top 7 operational impacts of the new EU General Data Protection Regulation for health IT companies.
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
Egypt has recently enacted the first Personal Data Protection Law (PDPL), which has been published in the Official Gazette on 15 July 2020 and has entered into force on 16 October 2020. The PDPL reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR). The Executive Regulations of the PDPL shall be issued within six (6) months from the entry into force of the PDPL. Organizations shall comply with the provisions of the PDPL and its Executive Regulations within a grace period of one (1) year from the issuance of the Executive Regulations.
The PDPL covers almost all aspects of personal data protection stated under the GDPR. In this presentation, you will find a summary of the important data protection provisions stipulated under the PDPL, and the similarities and differences between the GDPR and the PDPL.
The Personal Data Protection Bill 2018 is to be presented before the Parliament shortly with necessary amendments .This is bill applicable to India in lines of GDPR of the European uinion
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
This presentation deals with insights on how an offshore IT organization has to get ready to align with General Data Protection Regulation issued by European union
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
This presentation outlines the issue of Direct Marketing, including the use of cookies, the opt-out register and the e-Privacy Directive (and Regulation). The focus is around the Gibraltar Data Protection Act 2004, and how this will change under the General Data Protection Regulation ("GDPR") as of 25th May 2018 and the upcoming e-Privacy Regulation
ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
For more information visit https://www.brightpay.co.uk
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
Article 9: Special categories of data
Special categories of data are sensitive information about individual and need more protection.
Individuals‘ rights and freedoms are at increased risk when this type of data is processing. It may put them at risk of unlawful discrimination.
EU Medical Device Clinical Research under the General Data Protection RegulationErik Vollebregt
Presentation about medical devices patient data management under the EU General Data Protection Regulation at the Medical Device Clinical Research Conference in November 2015
Webcast title : GDPR: Protecting Your Data
Description : Find out why data protection and encryption is an essential component of preparing for your GDPR readiness process.
Specifically, we will cover:
What is considered "Personal Data" and why it needs to be "protected"
The Legal Aspects of Data Protection under GDPR.
The technical ways to protect/pseudonymization
In this Session you will learn from the leading experts:
- Ulf Mattsson: The father of database Encryption.
- Martyn Hope: The Co-Founder of the GDPR Institut.
- Mark Rasch: Former Chief Cybersecurity Evangelist at Verizon and led the DOJ's Cyber Crime Unit.
Presenter : Ulf Mattsson, Martyn Hope, Mark Rasch, David Morris
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
Presentation at the COCIR annual meeting on 17 March 2016 regarding the top 7 operational impacts of the new EU General Data Protection Regulation for health IT companies.
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
Egypt has recently enacted the first Personal Data Protection Law (PDPL), which has been published in the Official Gazette on 15 July 2020 and has entered into force on 16 October 2020. The PDPL reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR). The Executive Regulations of the PDPL shall be issued within six (6) months from the entry into force of the PDPL. Organizations shall comply with the provisions of the PDPL and its Executive Regulations within a grace period of one (1) year from the issuance of the Executive Regulations.
The PDPL covers almost all aspects of personal data protection stated under the GDPR. In this presentation, you will find a summary of the important data protection provisions stipulated under the PDPL, and the similarities and differences between the GDPR and the PDPL.
The Personal Data Protection Bill 2018 is to be presented before the Parliament shortly with necessary amendments .This is bill applicable to India in lines of GDPR of the European uinion
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
This presentation deals with insights on how an offshore IT organization has to get ready to align with General Data Protection Regulation issued by European union
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
This presentation outlines the issue of Direct Marketing, including the use of cookies, the opt-out register and the e-Privacy Directive (and Regulation). The focus is around the Gibraltar Data Protection Act 2004, and how this will change under the General Data Protection Regulation ("GDPR") as of 25th May 2018 and the upcoming e-Privacy Regulation
ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
For more information visit https://www.brightpay.co.uk
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
Article 9: Special categories of data
Special categories of data are sensitive information about individual and need more protection.
Individuals‘ rights and freedoms are at increased risk when this type of data is processing. It may put them at risk of unlawful discrimination.
EU Medical Device Clinical Research under the General Data Protection RegulationErik Vollebregt
Presentation about medical devices patient data management under the EU General Data Protection Regulation at the Medical Device Clinical Research Conference in November 2015
Webcast title : GDPR: Protecting Your Data
Description : Find out why data protection and encryption is an essential component of preparing for your GDPR readiness process.
Specifically, we will cover:
What is considered "Personal Data" and why it needs to be "protected"
The Legal Aspects of Data Protection under GDPR.
The technical ways to protect/pseudonymization
In this Session you will learn from the leading experts:
- Ulf Mattsson: The father of database Encryption.
- Martyn Hope: The Co-Founder of the GDPR Institut.
- Mark Rasch: Former Chief Cybersecurity Evangelist at Verizon and led the DOJ's Cyber Crime Unit.
Presenter : Ulf Mattsson, Martyn Hope, Mark Rasch, David Morris
Funded by City Bridge Trust, the #CyberSafeLambeth initiative offers free GDPR training for charities in Lambeth
Individuals that lead in IT within charities will be able to attend free General Data Protection Regulation (GDPR) compliance and cybersecurity training, where they will be given expert guidance, support and instruction, thanks to new funding by City Bridge Trust.
#CyberSafeLambeth is a training programme that educates IT Manager level staff in local charities about GDPR and offers insight and knowledge to overcome cybersecurity threats and work more effectively.
The in-depth training programme will run across a number of days and will educate Lambeth-based charity IT professionals about key aspects of cybersecurity and the implications of GDPR, which comes into force from 25 May 2018.
The programme, which is being funded by City Bridge Trust, will require all trainees to commit to help at least one other, smaller Lambeth charity through The Integrate Agency CIC’s innovative ‘Hire a Volunteer’ platform.
This world class training opportunity will be available for Lambeth-based IT manager level charity professionals. Each will be taught about threats and trends within the industry, providing them with the skills and know how to confidently meet the requirements for GDPR.
Eoin Heffernan, Founder of Integrate said: “We are delighted to be able to offer cybersecurity training to local charities and reach out to train charity IT professionals working in the London Borough of Lambeth.
Slides from Niall Rooney FP Logue presentation at Food & Drink Business Europe event at Citywest Dublin on 05/09/2019 - *For Information Only, Not Legal Advice*
Impact of the General Data Protection Regulation (GDPR) on Artificial Intelligence (AI)
Impact of the General Data Protection Regulation (GDPR) on Blockchain
Impact of the General Data Protection Regulation (GDPR) on IoT
An overview of GDPR data privacy and the impact on traditional information security practices, which was presented at SecureWorld Dallas, October, 2017
General Data Protection Regulation or GDPRNupur Samaddar
General Data Protection Regulation or GDPR,he way companies across the world will handle their customers' personal information and creating strengthened and unified data protection for all individuals within the EU.
General Data Protection Regulation comes into force across the EU on May 25, 2018. Investment fund complexes, distributors, fund administrators and depositaries with global reach will need to consider their controls and processes as they relate to personal data.
Our experts offer invaluable insight on:
- Main features of the regulation
- Obligations for the fund industry
- Practical guidance on “operationalizing” GDPR principles
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...pchutichetpong
M Capital Group (“MCG”) expects to see demand and the changing evolution of supply, facilitated through institutional investment rotation out of offices and into work from home (“WFH”), while the ever-expanding need for data storage as global internet usage expands, with experts predicting 5.3 billion users by 2023. These market factors will be underpinned by technological changes, such as progressing cloud services and edge sites, allowing the industry to see strong expected annual growth of 13% over the next 4 years.
Whilst competitive headwinds remain, represented through the recent second bankruptcy filing of Sungard, which blames “COVID-19 and other macroeconomic trends including delayed customer spending decisions, insourcing and reductions in IT spending, energy inflation and reduction in demand for certain services”, the industry has seen key adjustments, where MCG believes that engineering cost management and technological innovation will be paramount to success.
MCG reports that the more favorable market conditions expected over the next few years, helped by the winding down of pandemic restrictions and a hybrid working environment will be driving market momentum forward. The continuous injection of capital by alternative investment firms, as well as the growing infrastructural investment from cloud service providers and social media companies, whose revenues are expected to grow over 3.6x larger by value in 2026, will likely help propel center provision and innovation. These factors paint a promising picture for the industry players that offset rising input costs and adapt to new technologies.
According to M Capital Group: “Specifically, the long-term cost-saving opportunities available from the rise of remote managing will likely aid value growth for the industry. Through margin optimization and further availability of capital for reinvestment, strong players will maintain their competitive foothold, while weaker players exit the market to balance supply and demand.”
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
As Europe's leading economic powerhouse and the fourth-largest hashtag#economy globally, Germany stands at the forefront of innovation and industrial might. Renowned for its precision engineering and high-tech sectors, Germany's economic structure is heavily supported by a robust service industry, accounting for approximately 68% of its GDP. This economic clout and strategic geopolitical stance position Germany as a focal point in the global cyber threat landscape.
In the face of escalating global tensions, particularly those emanating from geopolitical disputes with nations like hashtag#Russia and hashtag#China, hashtag#Germany has witnessed a significant uptick in targeted cyber operations. Our analysis indicates a marked increase in hashtag#cyberattack sophistication aimed at critical infrastructure and key industrial sectors. These attacks range from ransomware campaigns to hashtag#AdvancedPersistentThreats (hashtag#APTs), threatening national security and business integrity.
🔑 Key findings include:
🔍 Increased frequency and complexity of cyber threats.
🔍 Escalation of state-sponsored and criminally motivated cyber operations.
🔍 Active dark web exchanges of malicious tools and tactics.
Our comprehensive report delves into these challenges, using a blend of open-source and proprietary data collection techniques. By monitoring activity on critical networks and analyzing attack patterns, our team provides a detailed overview of the threats facing German entities.
This report aims to equip stakeholders across public and private sectors with the knowledge to enhance their defensive strategies, reduce exposure to cyber risks, and reinforce Germany's resilience against cyber threats.
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
2. GDPR, Chapter 1, Article 1
CONFIDENTIAL 2
CHAPTER I
General provisions
Article 1
Subject-matter and objectives
1. This Regulation lays down rules relating to the protection of natural persons with regard to the
processing of personal data and rules relating to the free movement of personal data.
2. This Regulation protects fundamental rights and freedoms of natural persons and in particular
their right to the protection of personal data.
3. The free movement of personal data within the Union shall be neither restricted nor prohibited for
reasons connected with the protection of natural persons with regard to the processing of personal data.
4. GDPR Requirements Background: Data Types
4
1. Article 4 - https://www.privacy-regulation.eu/en/4.htm
’Personal data' means any information relating to an identified or identifiable natural person ('data
subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number, location data, an online identifier or to
one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social
identity of that natural person;
'genetic data' means personal data relating to the inherited or acquired genetic characteristics of a natural
person which give unique information about the physiology or the health of that natural person and which
result, in particular, from an analysis of a biological sample from the natural person in question;
'biometric data' means personal data resulting from specific technical processing relating to the physical,
physiological or behavioral characteristics of a natural person, which allow or confirm the unique
identification of that natural person, such as facial images or dactyloscopic data;
'data concerning health' means personal data related to the physical or mental health of a natural person,
including the provision of health care services, which reveal information about his or her health status;
5. GDPR Requirements
5
1. Controller vs Processor. (Art 24)
2. ‘Right to be forgotten’ / Right to Erasure. (Art 17)
3. Consent; Opt-Out / Opt-In. (Art 7)
4. Right of Access by the Data Subject / Access Control. (Art 15)
5. Right to Data Portability / Data Export. (Art 20)
6. Data Breach Alerts. (Art 33, Art 34)
7. Maintain Records of Processing Activity. Transfer of Data to a Third Party. (Art 30)
8. Data Protection by Design and by Default. (Art 25)
9. Security of processing. (Art 32)
6. GDPR Requirements –
Controller vs Processor
6
1. Controller = the natural or legal person, public authority, agency or other body which, alone or
jointly with others, determines the purposes and means of the processing of personal data.
2. Processor = a natural or legal person, public authority, agency or other body which processes
personal data on behalf of the controller.
7. GDPR Requirements –
Right to be Forgotten / Right to Erasure
7
1. Article 17 - https://www.privacy-regulation.eu/en/17.htm
“The data subject shall have the right to obtain from the controller the erasure of personal data
concerning him or her without undue delay and the controller shall have the obligation to erase
personal data without undue delay ….”
8. GDPR Requirements – Consent. Opt-out
8
1. Article 7 - https://www.privacy-regulation.eu/en/7.htm
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and
unambiguous indication of the data subject's agreement to the processing of personal data relating to
him or her, such as by a written statement, including by electronic means, or an oral statement.
This could include ticking a box when visiting an internet website, choosing technical settings for
information society services or another statement or conduct which clearly indicates in this context the
data subject's acceptance of the proposed processing of his or her personal data.
Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
Consent should cover all processing activities carried out for the same purpose or purposes.
9. GDPR Requirements –
Right of Access by the Data Subject
9
1. Article 15 - https://www.privacy-regulation.eu/en/15.htm
• The data subject shall have the right to obtain from the controller confirmation as to whether or not
personal data concerning him or her are being processed, and, where that is the case, access to the
personal data and the following information:
• (a) the purposes of the processing;
• (b) the categories of personal data concerned;
• (c) the recipients or categories of recipient to whom the personal data have been or will be
disclosed, in particular recipients in third countries or international organizations;
• (d) where possible, the envisaged period for which the personal data will be stored, or, if not
possible, the criteria used to determine that period; etc …
10. GDPR Requirements –
Right to Data Portability / Data Export
10
1. Article 20 - https://www.privacy-regulation.eu/en/20.htm
The data subject shall have the right to receive the personal data concerning him or her, which he or
she has provided to a controller, in a structured, commonly used and machine-readable format and
have the right to transmit those data to another controller without hindrance from the controller to
which the personal data have been provided
11. GDPR Requirements – Data Breach Alerts
11
1. Article 33 - https://www.privacy-regulation.eu/en/33.htm
2. Article 34 - https://www.privacy-regulation.eu/en/34.htm
In the case of a personal data breach, the controller shall without undue delay and, where feasible,
not later than 72 hours after having become aware of it, notify the personal data breach to the
supervisory authority …
12. GDPR Requirements –
Maintain Records of Processing Activity
12
1. Article 30 - https://www.privacy-regulation.eu/en/30.htm
Each controller and, where applicable, the controller's representative, shall maintain a record of
processing activities under its responsibility. That record shall contain all of the following information:
(a)the name and contact details of the controller and, where applicable, the joint controller, the
controller's representative and the data protection officer;
(b)the purposes of the processing;
(c)a description of the categories of data subjects and of the categories of personal data;
(d)the categories of recipients to whom the personal data have been or will be disclosed including
recipients in third countries or international organizations;
(e)where applicable, transfers of personal data to a third country or an international organization,
including the identification of that third country or international organization
13. GDPR Requirements –
Data Protection by Design & by Default
13
1. Article 25 - https://www.privacy-regulation.eu/en/25.htm
The controller shall, both at the time of the determination of the means for processing and at the time of
the processing itself, implement appropriate technical and organizational measures, such as
pseudonymisation, which are designed to implement data-protection principles, such as data
minimization, in an effective manner and to integrate the necessary safeguards into the processing in order
to meet the requirements of this Regulation and protect the rights of data subjects. …
14. GDPR Requirements –
Security of Processing
14
1. Article 32 - https://www.privacy-regulation.eu/en/32.htm
The controller and the processor shall implement appropriate technical and organizational measures to
ensure a level of security appropriate to the risk, including inter alia as appropriate:(a) the
pseudonymisation and encryption of personal data;(b) the ability to ensure the ongoing confidentiality,
integrity, availability and resilience of processing systems and services;(c) the ability to restore the
availability and access to personal data in a timely manner in the event of a physical or technical
incident;(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and
organizational measures for ensuring the security of the processing.
16. Data Governance
16
User Data Flow
Inbound Channels
– Self Registration (CRM, DBs?)
– Sales Organization (CRM, DBs?)
– Marketing Organization (CRM, DBs?)
– APIs i.e. oAuth, SSO. (DBs, CRM ?)
– Partners / Third Parties (DBs, CRM ?)
– Banks (DBs, CRM ?)
Outbound Channels
– Alerts
• Data Breach Alerts
– Reports
• Access Report (Who, What)
• Location Report (Where)
– Data Export
17. Data Governance
17
Self Registration
Sales Organization
Marketing Organization
APIs
Third Parties
Banks
CRM MDM
DBs
DBs
DBs
DBs
DBs
LogsConfig
Binary
Security, Monitoring, Data Breach Alerts
Reports
Customers
Alerts
Reports
Data Export
Data Export
18. Data Governance
18
Data Collection
1. Does the Service allow user Create/Edit/Delete ?
2. Is Personal Data (PD) Collected ?
3. Same for Genetic Data (GD), Biometric Data (BD),
Health related Data (HD).
4. Through what channel does every data type above
come in ?
5. Re all data types above: what is the Data Flow
between the Source (i.e. CRM, Registration Form) and
the Destination (i.e. DB Tables, Unstructured, etc).
Where is PD stored?
6. Is the Data above exposed through APIs, synchronous
or asynchronous messaging systems, backups, batch
transfers, etc, to systems out of the boundaries of
your service ?
CRM
19. Data Governance
19
Consent
1. Does the Service allow the user to Opt Out and Opt In
within a reasonable time interval ?
2. Does your Service rely on any central / external Opt
Out / Opt In system ?
3. Does your Service provide access to VMware's TOS
(Terms of Services) agreement ?
CRM
20. Data Governance
20
Anonymization & Pseudonymization
1. Does the Service convert PD into anonymized or
pseudonymized data ?
2. If Anomymization, describe. Source, Destination ?
3. If Pseudonymization, describe. Source, Destination ?
CRM
21. Data Governance
21
“Right to be Forgotten”
1. Does the Service provide a mechanism to delete all
the PD ?
2. Does the Service provide a mechanism to delete all
the pseudonymized data or disable the connection to
PD in a way that the profile of a natural person can
not be reconstructed based on that pseudonymized
data ?
CRM
22. Data Governance
22
Data Access Control
1. Does the Service provide a mechanism to report who
has access to PD ?
2. Is the monitoring continuous ?
CRM
23. Data Governance
23
Data Export
1. Does the Service provide a mechanism to identify and
create an archive of all Personal Data that belongs to a
certain user ?
2. Describe the Data Export mechanism (i.e. file format,
access, etc.)
CRM
24. Data Governance
24
Data Breach Monitoring and Reporting
1. Does the Service provide a mechanism to monitor for
Data Breaches ?
2. Can this monitoring mechanism provide alerts in a
timely manner, so the customer is made aware of the
data breach within 72h from detection ?
CRM
29. Risk Management
29
Continuous Aspect
1. Is your Service part of a Continuous Risk Assessment
program ?
2. Does your Service report the impact that a threat /
failure could have on your business, based on
standard metrics (i.e. financial, # of users, brand value,
etc.)