Key highlights of the General Data Protection Regulation (GDPR), which organisations will need to consider when preparing for its coming into force on 25 May 2018.
Conducting a self-audit of data protection complianceFintan Swanton
The document outlines the process and key areas of focus for conducting a data protection audit. It involves interviewing departments to assess compliance with data protection legislation and policies. The audit aims to identify weaknesses, commend strengths, and recommend remedial actions. Key areas examined include data protection policies and procedures, data collection and handling processes, data sharing and security, staff training, and response to subject access requests.
The document discusses preparing organizations for compliance with the EU General Data Protection Regulation (GDPR). It provides an overview of key GDPR requirements, such as obtaining consent for personal data use, implementing privacy by design, and responding to data breaches. The document recommends developing a GDPR action plan that includes conducting privacy impact assessments and audits. Overall, the summary emphasizes the need for organizations to understand how they use personal data and ensure they can meet GDPR requirements for data protection.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
EU General Data Protection Regulation - Update 2017Cliff Ashcroft
This free Lasa webinar looks at why data protection is important in a digital world, and what practical things charities and civil society organisations can do to prepare for when the EU General Data Protection Regulations come into force in May 2018.
It is vital charities use the next 12 months to understand their new responsibilities and put the required processes in place.
Our webinar gives you the opportunity to ensure you are prepared for what’s to come by putting your #GDPR questions to our data protection expert and published author, Paul Ticher.
Lasa does lots more charity tech help and advice - find out more at: Twitter: @lasaict
Acknowledgements:
Lasa actively promotes and supports the Way Ahead – Civil Society at the Heart of London. See www.citybridgetrust.org.uk/publications/way-ahead/
This webinar is supported by the City of London Corporation's charity, City Bridge Trust. www.citybridgetrust.org.uk
The GDPR introduces significant new compliance obligations for any organization handling personal data of EU individuals. It increases fines for non-compliance up to 4% of global annual turnover and strengthens the rights of individuals. Key changes include new consent requirements, breach notification timelines, data protection officers, privacy by design principles, documentation requirements, and extraterritorial jurisdiction. Organizations must review their data protection practices and ensure appropriate technical and organizational security measures are implemented to protect personal data.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Conducting a self-audit of data protection complianceFintan Swanton
The document outlines the process and key areas of focus for conducting a data protection audit. It involves interviewing departments to assess compliance with data protection legislation and policies. The audit aims to identify weaknesses, commend strengths, and recommend remedial actions. Key areas examined include data protection policies and procedures, data collection and handling processes, data sharing and security, staff training, and response to subject access requests.
The document discusses preparing organizations for compliance with the EU General Data Protection Regulation (GDPR). It provides an overview of key GDPR requirements, such as obtaining consent for personal data use, implementing privacy by design, and responding to data breaches. The document recommends developing a GDPR action plan that includes conducting privacy impact assessments and audits. Overall, the summary emphasizes the need for organizations to understand how they use personal data and ensure they can meet GDPR requirements for data protection.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
EU General Data Protection Regulation - Update 2017Cliff Ashcroft
This free Lasa webinar looks at why data protection is important in a digital world, and what practical things charities and civil society organisations can do to prepare for when the EU General Data Protection Regulations come into force in May 2018.
It is vital charities use the next 12 months to understand their new responsibilities and put the required processes in place.
Our webinar gives you the opportunity to ensure you are prepared for what’s to come by putting your #GDPR questions to our data protection expert and published author, Paul Ticher.
Lasa does lots more charity tech help and advice - find out more at: Twitter: @lasaict
Acknowledgements:
Lasa actively promotes and supports the Way Ahead – Civil Society at the Heart of London. See www.citybridgetrust.org.uk/publications/way-ahead/
This webinar is supported by the City of London Corporation's charity, City Bridge Trust. www.citybridgetrust.org.uk
The GDPR introduces significant new compliance obligations for any organization handling personal data of EU individuals. It increases fines for non-compliance up to 4% of global annual turnover and strengthens the rights of individuals. Key changes include new consent requirements, breach notification timelines, data protection officers, privacy by design principles, documentation requirements, and extraterritorial jurisdiction. Organizations must review their data protection practices and ensure appropriate technical and organizational security measures are implemented to protect personal data.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
GDPR Basics - General Data Protection RegulationVicky Dallas
The General Data Protection Regulation (GDPR) is a new EU privacy law that strengthens and unifies data protection for individuals within the European Union. It aims to give EU citizens more control over their personal data and to simplify regulations for international businesses. Key aspects of the GDPR include individuals having the right to access, correct and delete their personal data. It also introduces strict rules on obtaining consent and heightened requirements for companies to protect customer data. The GDPR will be enforced beginning May 25, 2018.
The document discusses the General Data Protection Regulation (GDPR) which takes effect in May 2018. It provides an overview of the GDPR and its key requirements, including data subject rights, security obligations, accountability, and potential fines for noncompliance. It then discusses technical and architectural preparedness, offering a framework for GDPR compliance. Finally, it outlines initial steps organizations can take, such as data mapping, discovery, and risk assessment.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
This document provides an overview of the EU General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It discusses the issues with how organizations currently manage data and how GDPR aims to better protect consumer data. Key points include expanded definitions of personal data, increased rights for data subjects, higher fines for non-compliance, and new requirements for consent, transparency, accountability, and breach notification. It outlines four steps businesses need to take, including reviewing policies, establishing a legal basis for processing, demonstrating compliance, and considering appointing a data protection officer.
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
The document provides a summary of the key aspects of the General Data Protection Regulation (GDPR) in 3 pages. It discusses the basic principles of GDPR, how it may impact technology systems, and software tools that can help with compliance. Some of the main topics covered include the definition of personal and sensitive data, data subject rights, privacy by design, security requirements, and obligations for controllers and processors. The summary emphasizes the need for businesses to review their data protection practices and ensure they are prepared to comply with GDPR requirements that take effect in May 2018.
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
This document provides an overview of key aspects of complying with the General Data Protection Regulation (GDPR), including:
- Demonstrating compliance through maintaining records of processing activities, implementing security measures, and appointing a data protection officer.
- The role and responsibilities of data protection officers to advise on compliance, monitor activities, and act as a point of contact.
- Responsibilities of controllers and processors around security, joint controllership, and contracts with processors.
- Requirements around breach notification to supervisory authorities and data subjects in certain circumstances.
- Steps for preparing for the GDPR through guidance from the Information Commissioner's Office on privacy notices, data portability, and identifying lead authorities
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
This document discusses how HyTrust Workload Security can help organizations address challenges related to the EU's General Data Protection Regulation (GDPR) and Network Information Security (NIS) Directive. It outlines key areas like privileged user misuse, data breaches, audit compliance that are affected by these regulations. HyTrust provides capabilities like encryption, logging, and policy enforcement across multiple clouds to help ensure data protection, demonstrate compliance, and respond rapidly to incidents in a way that reduces organizations' GDPR and NIS-related risks and pain points.
The document provides an overview of the key aspects of the European Union's General Data Protection Regulation (GDPR). It discusses definitions like personal data, the rights of individuals as data subjects, and key principles of GDPR around consent, data breaches, international transfers, the right to be forgotten, and privacy by design. It outlines actors like controllers and processors, their obligations, and components of GDPR compliance like impact assessments, authorities, and fines for non-compliance.
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
With a fine of up to 4% of an organisation’s annual turnover on the line, Individuals accountable and responsible for data protection are actively seeking clarification and advice regarding the impending changes to the EU General Data Protection Regulation.
The question now? How prepared are you to meet the EU General Data Protection Regulation?
IRM’s resident Data Protection expert Paul Sexby, addresses the areas that need to be considered in order to prepare for the new requirements.
EY General Data Protection Regulation: Are you ready?VYTIS MALECKAS
The document discusses the new EU General Data Protection Regulation (GDPR) which introduces more stringent data protection rules and fines of up to 4% of global annual revenue. It will apply from 2018, replacing the previous directive. Organizations need to review their compliance and determine what investments are needed to address the new requirements regarding rights for individuals, accountability, security, and more. The GDPR will have a significant impact and those unprepared risk substantial fines.
This document discusses cyber privacy insurance and the General Data Protection Regulation (GDPR). It provides an overview of data breach costs by industry. GDPR fines can be up to 20 million Euros or 4% of annual global turnover for breaches. Under GDPR, breaches must be reported to regulators within 72 hours and affected individuals if there is a high risk. The document also summarizes common cyber insurance coverage types like crisis management, cyber extortion, data asset protection, and business interruption. It analyzes past insurance claims payouts and causes of loss. Websites for cyber insurance quotes and resources are also listed.
The document provides an overview of an upcoming presentation on the General Data Protection Regulation (GDPR). It begins with introductions and disclaimers from the presenter and VMware. It then outlines the areas that will be covered in the 30 minute presentation, including timeframes for GDPR compliance, key changes from the previous Data Protection Directive, myths about GDPR requirements, potential fines, and VMware products that can help with GDPR compliance.
GDPR is the most significant change to data protection in a generation and an imminent global issue that will dominate data privacy, management and regulation discussions in 2017. According to recent research, over half of businesses lack preparedness for GDPR. With a quarter of the EU’s grace period over and with fines of up to €20 million (or 4% of global turnover), there is a lot at stake for companies falling behind the May 2018 deadline. So, where do you start?
Join renowned information security consultant and GDPR expert, Brian Honan, along with Tim Erlin, Senior Director, Security and IT Risk Strategist at Tripwire as they walk you through the essential steps to accelerate your GDPR preparedness.
In this session you will learn:
• The key facts about the GDPR regulations
• The implications of the new rules and how they will impact your business
• Practical steps your business can take to prepare
• How your existing security frameworks (ISO/NIST/CSC) can help set the foundation
• How Tripwire can help
This document provides an introduction to the General Data Protection Regulation (GDPR). It begins by defining GDPR and explaining why it is important. It describes the evolution of GDPR from earlier data protection directives and regulations. It then defines several key terms related to GDPR, such as personal data, sensitive data, processing, pseudonymisation, and anonymisation. It outlines the structure of GDPR including its 11 chapters and 99 articles. It also describes various roles defined in GDPR such as controller, processor, data protection officer, and supervisory authority. Finally, it summarizes the six key GDPR principles and six lawful bases for processing personal data.
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
GDPR The New Data Protection Law coming into effect May 2018. What does it mean for hospitals?
Anthe Papageorgiou, Compliance Officer & Data Protection Officer at Henry Dunant Hospital Center
General Data Protection Regulations (GDPR) Summary Compliance3
GDPR is an EU regulation that will apply to any business with its customers based within the EU. It is a transformative piece of legislation. Compliance3 has released a summarising document so you can interpret it how you please and see what the impact will be on your business.
The document provides an overview of the new General Data Protection Regulation (GDPR) that takes effect in May 2018 and impacts all businesses in the EU. It outlines key aspects of the regulation including requirements for appropriate security of personal data, restrictions on processing of biometric and sensitive data, rights of data subjects to access and correct their data, rules around breach notification, and penalties for noncompliance that can reach 4% of global annual turnover. It also requires the appointment of an independent data protection officer at organizations that conduct large-scale processing of personal data.
GDPR Basics - General Data Protection RegulationVicky Dallas
The General Data Protection Regulation (GDPR) is a new EU privacy law that strengthens and unifies data protection for individuals within the European Union. It aims to give EU citizens more control over their personal data and to simplify regulations for international businesses. Key aspects of the GDPR include individuals having the right to access, correct and delete their personal data. It also introduces strict rules on obtaining consent and heightened requirements for companies to protect customer data. The GDPR will be enforced beginning May 25, 2018.
The document discusses the General Data Protection Regulation (GDPR) which takes effect in May 2018. It provides an overview of the GDPR and its key requirements, including data subject rights, security obligations, accountability, and potential fines for noncompliance. It then discusses technical and architectural preparedness, offering a framework for GDPR compliance. Finally, it outlines initial steps organizations can take, such as data mapping, discovery, and risk assessment.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
This document provides an overview of the EU General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It discusses the issues with how organizations currently manage data and how GDPR aims to better protect consumer data. Key points include expanded definitions of personal data, increased rights for data subjects, higher fines for non-compliance, and new requirements for consent, transparency, accountability, and breach notification. It outlines four steps businesses need to take, including reviewing policies, establishing a legal basis for processing, demonstrating compliance, and considering appointing a data protection officer.
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
The document provides a summary of the key aspects of the General Data Protection Regulation (GDPR) in 3 pages. It discusses the basic principles of GDPR, how it may impact technology systems, and software tools that can help with compliance. Some of the main topics covered include the definition of personal and sensitive data, data subject rights, privacy by design, security requirements, and obligations for controllers and processors. The summary emphasizes the need for businesses to review their data protection practices and ensure they are prepared to comply with GDPR requirements that take effect in May 2018.
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
This document provides an overview of key aspects of complying with the General Data Protection Regulation (GDPR), including:
- Demonstrating compliance through maintaining records of processing activities, implementing security measures, and appointing a data protection officer.
- The role and responsibilities of data protection officers to advise on compliance, monitor activities, and act as a point of contact.
- Responsibilities of controllers and processors around security, joint controllership, and contracts with processors.
- Requirements around breach notification to supervisory authorities and data subjects in certain circumstances.
- Steps for preparing for the GDPR through guidance from the Information Commissioner's Office on privacy notices, data portability, and identifying lead authorities
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
This document discusses how HyTrust Workload Security can help organizations address challenges related to the EU's General Data Protection Regulation (GDPR) and Network Information Security (NIS) Directive. It outlines key areas like privileged user misuse, data breaches, audit compliance that are affected by these regulations. HyTrust provides capabilities like encryption, logging, and policy enforcement across multiple clouds to help ensure data protection, demonstrate compliance, and respond rapidly to incidents in a way that reduces organizations' GDPR and NIS-related risks and pain points.
The document provides an overview of the key aspects of the European Union's General Data Protection Regulation (GDPR). It discusses definitions like personal data, the rights of individuals as data subjects, and key principles of GDPR around consent, data breaches, international transfers, the right to be forgotten, and privacy by design. It outlines actors like controllers and processors, their obligations, and components of GDPR compliance like impact assessments, authorities, and fines for non-compliance.
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
With a fine of up to 4% of an organisation’s annual turnover on the line, Individuals accountable and responsible for data protection are actively seeking clarification and advice regarding the impending changes to the EU General Data Protection Regulation.
The question now? How prepared are you to meet the EU General Data Protection Regulation?
IRM’s resident Data Protection expert Paul Sexby, addresses the areas that need to be considered in order to prepare for the new requirements.
EY General Data Protection Regulation: Are you ready?VYTIS MALECKAS
The document discusses the new EU General Data Protection Regulation (GDPR) which introduces more stringent data protection rules and fines of up to 4% of global annual revenue. It will apply from 2018, replacing the previous directive. Organizations need to review their compliance and determine what investments are needed to address the new requirements regarding rights for individuals, accountability, security, and more. The GDPR will have a significant impact and those unprepared risk substantial fines.
This document discusses cyber privacy insurance and the General Data Protection Regulation (GDPR). It provides an overview of data breach costs by industry. GDPR fines can be up to 20 million Euros or 4% of annual global turnover for breaches. Under GDPR, breaches must be reported to regulators within 72 hours and affected individuals if there is a high risk. The document also summarizes common cyber insurance coverage types like crisis management, cyber extortion, data asset protection, and business interruption. It analyzes past insurance claims payouts and causes of loss. Websites for cyber insurance quotes and resources are also listed.
The document provides an overview of an upcoming presentation on the General Data Protection Regulation (GDPR). It begins with introductions and disclaimers from the presenter and VMware. It then outlines the areas that will be covered in the 30 minute presentation, including timeframes for GDPR compliance, key changes from the previous Data Protection Directive, myths about GDPR requirements, potential fines, and VMware products that can help with GDPR compliance.
GDPR is the most significant change to data protection in a generation and an imminent global issue that will dominate data privacy, management and regulation discussions in 2017. According to recent research, over half of businesses lack preparedness for GDPR. With a quarter of the EU’s grace period over and with fines of up to €20 million (or 4% of global turnover), there is a lot at stake for companies falling behind the May 2018 deadline. So, where do you start?
Join renowned information security consultant and GDPR expert, Brian Honan, along with Tim Erlin, Senior Director, Security and IT Risk Strategist at Tripwire as they walk you through the essential steps to accelerate your GDPR preparedness.
In this session you will learn:
• The key facts about the GDPR regulations
• The implications of the new rules and how they will impact your business
• Practical steps your business can take to prepare
• How your existing security frameworks (ISO/NIST/CSC) can help set the foundation
• How Tripwire can help
This document provides an introduction to the General Data Protection Regulation (GDPR). It begins by defining GDPR and explaining why it is important. It describes the evolution of GDPR from earlier data protection directives and regulations. It then defines several key terms related to GDPR, such as personal data, sensitive data, processing, pseudonymisation, and anonymisation. It outlines the structure of GDPR including its 11 chapters and 99 articles. It also describes various roles defined in GDPR such as controller, processor, data protection officer, and supervisory authority. Finally, it summarizes the six key GDPR principles and six lawful bases for processing personal data.
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
GDPR The New Data Protection Law coming into effect May 2018. What does it mean for hospitals?
Anthe Papageorgiou, Compliance Officer & Data Protection Officer at Henry Dunant Hospital Center
General Data Protection Regulations (GDPR) Summary Compliance3
GDPR is an EU regulation that will apply to any business with its customers based within the EU. It is a transformative piece of legislation. Compliance3 has released a summarising document so you can interpret it how you please and see what the impact will be on your business.
The document provides an overview of the new General Data Protection Regulation (GDPR) that takes effect in May 2018 and impacts all businesses in the EU. It outlines key aspects of the regulation including requirements for appropriate security of personal data, restrictions on processing of biometric and sensitive data, rights of data subjects to access and correct their data, rules around breach notification, and penalties for noncompliance that can reach 4% of global annual turnover. It also requires the appointment of an independent data protection officer at organizations that conduct large-scale processing of personal data.
This document discusses the key aspects of the EU General Data Protection Regulation (GDPR) as it relates to processors. It defines key terms such as controllers, processors, and personal data. It outlines the requirements for processors under the GDPR, including having appropriate contracts with controllers, using sub-processors only with consent, cooperating with controllers and data protection authorities, maintaining security, and more. It also discusses data protection officers, international data transfers, data subject rights, and sanctions for non-compliance including large fines.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
The document discusses the key aspects and requirements of the General Data Protection Regulation (GDPR). It notes that the GDPR strengthens and unifies data protection for individuals within the European Union. It applies to all companies processing personal data of EU residents, regardless of the company's location. The GDPR requires organizations to implement measures regarding data processing activities, data subject rights, security, breaches, and accountability. Non-compliance can result in significant fines of up to 4% of annual global turnover or €20 million. The GDPR has important implications for financial institutions and other organizations in how they manage personal data.
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years. The GDPR comes into effect on 25 May 2018. The new framework is ambitious, complex and strict. It presents any organization that has so far failed to begin preparations with a steep challenge to become GDPR compliant in time.
We have summarized the key issues in our GDPR brochure.
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
The document provides an overview and analysis of Bahrain's Personal Data Protection Law (PDPL). Some key points:
- The PDPL is Bahrain's primary data protection law, modeled after the EU's GDPR. It aims to establish requirements for processing personal data.
- The law applies to entities processing personal data of Bahraini residents, regardless of location. It provides for data subject rights and sets guidelines for processing, transfers, compliance, and penalties for violations.
- An analysis compares features of the PDPL to the GDPR, finding similarities in scope, rights, and legal bases for processing but less stringent penalties under the PDPL.
- The conclusion states that companies must evaluate the
This document discusses accountability and penalties related to data privacy laws. It outlines obligations for transferring personal information, and penalties for violations of data privacy laws, including fines ranging from 0.25-3% of annual gross income. It also discusses requirements for notifying the NPC and affected individuals of data breaches within 72 hours, and penalties for failure to notify or delays in notification.
General Data Protection Regulation (GDPR) is taking effect in May 2018
What does GDPR actually mean for organizations and data?
What's in Scope?
When must organizations be ready?
Article 15: Right of Access
Article 16: Right of Correction
Article 17: Right to be forgotten
Article 20: Right of Portability
Article 21: Right to object
Article 8: Children under 16
Article 24: Responsibility of the controller
Article 28: Data processor
Article 32: Technical measures
The document summarizes the key requirements for complying with the Philippines' Data Privacy Act of 2012. It outlines the structure and objectives of the law, as well as the obligations and penalties for personal information controllers and processors. The main compliance obligations include appointing a data protection officer, adhering to privacy principles when processing data, maintaining security of data, reporting breaches within 72 hours, and registering with the National Privacy Commission. Non-compliance could result in penalties such as fines and imprisonment.
This document discusses how the GDPR will require organizations to have a unified "customer 360" view of all customer data in order to comply with data subject rights like access, rectification, and erasure. It summarizes how the DataStax Enterprise graph database can help organizations integrate siloed customer data sources to provide a real-time, contextual view of each customer to facilitate GDPR compliance and enable features like personalization. The presentation covers how DSE graph can model complex customer relationships, support analytics, and guarantee access to customer data anywhere while maintaining high performance and availability required for real-time use cases.
20131008 agoria big data vs data protectionJos Dumortier
The document discusses proposed reforms to European Union data protection laws and how these may affect big data. Key points include: (1) The proposed regulation would create a single data protection law across the EU; (2) Companies would be supervised by a single authority rather than multiple authorities; (3) The laws could apply to non-EU companies processing EU citizens' data. The proposal aims to better enforce basic data protection rules through penalties and clarify responsibilities. It also seeks to abolish general notification obligations, require data officers, make consent explicit, and give citizens new rights around data portability and security breach notifications.
This document discusses Nigeria's Data Protection Regulation (NDPR) and issues around cybersecurity and data privacy. It provides an overview of the key aspects of the NDPR, including its objectives, coverage, definitions, principles of data processing, rights of data subjects, and implementation guidelines. It also examines challenges around NDPR implementation and compliance, as well as perspectives on data legislation internationally. Cybersecurity threats are discussed as a major issue, with vulnerabilities in systems and networks posing risks like data and intellectual property theft. The takeaway is on the importance of compliance with the NDPR and addressing cybersecurity challenges to data privacy.
This week, Europe's data protection rules will undergo their largest reform in several decades. The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive, effective as of May 25, 2018.
General data protection regulation GDPRAfraAlZadjali
The document discusses email marketing regulations under the GDPR. It states that email marketing is only allowed with the consent of individuals or a statutory justification. Companies may have a legitimate interest in email marketing to existing customers. However, the ePrivacy Directive currently only allows email marketing with consent. The interaction between the GDPR and ePrivacy Directive on this issue remains unclear until updates to the ePrivacy regulation.
Similar to GDPR - Fail to Prepare, Prepare to Fail! (20)
The Building Blocks of QuestDB, a Time Series Databasejavier ramirez
Talk Delivered at Valencia Codes Meetup 2024-06.
Traditionally, databases have treated timestamps just as another data type. However, when performing real-time analytics, timestamps should be first class citizens and we need rich time semantics to get the most out of our data. We also need to deal with ever growing datasets while keeping performant, which is as fun as it sounds.
It is no wonder time-series databases are now more popular than ever before. Join me in this session to learn about the internal architecture and building blocks of QuestDB, an open source time-series database designed for speed. We will also review a history of some of the changes we have gone over the past two years to deal with late and unordered data, non-blocking writes, read-replicas, or faster batch ingestion.
Global Situational Awareness of A.I. and where its headedvikram sood
You can see the future first in San Francisco.
Over the past year, the talk of the town has shifted from $10 billion compute clusters to $100 billion clusters to trillion-dollar clusters. Every six months another zero is added to the boardroom plans. Behind the scenes, there’s a fierce scramble to secure every power contract still available for the rest of the decade, every voltage transformer that can possibly be procured. American big business is gearing up to pour trillions of dollars into a long-unseen mobilization of American industrial might. By the end of the decade, American electricity production will have grown tens of percent; from the shale fields of Pennsylvania to the solar farms of Nevada, hundreds of millions of GPUs will hum.
The AGI race has begun. We are building machines that can think and reason. By 2025/26, these machines will outpace college graduates. By the end of the decade, they will be smarter than you or I; we will have superintelligence, in the true sense of the word. Along the way, national security forces not seen in half a century will be un-leashed, and before long, The Project will be on. If we’re lucky, we’ll be in an all-out race with the CCP; if we’re unlucky, an all-out war.
Everyone is now talking about AI, but few have the faintest glimmer of what is about to hit them. Nvidia analysts still think 2024 might be close to the peak. Mainstream pundits are stuck on the wilful blindness of “it’s just predicting the next word”. They see only hype and business-as-usual; at most they entertain another internet-scale technological change.
Before long, the world will wake up. But right now, there are perhaps a few hundred people, most of them in San Francisco and the AI labs, that have situational awareness. Through whatever peculiar forces of fate, I have found myself amongst them. A few years ago, these people were derided as crazy—but they trusted the trendlines, which allowed them to correctly predict the AI advances of the past few years. Whether these people are also right about the next few years remains to be seen. But these are very smart people—the smartest people I have ever met—and they are the ones building this technology. Perhaps they will be an odd footnote in history, or perhaps they will go down in history like Szilard and Oppenheimer and Teller. If they are seeing the future even close to correctly, we are in for a wild ride.
Let me tell you what we see.
The Ipsos - AI - Monitor 2024 Report.pdfSocial Samosa
According to Ipsos AI Monitor's 2024 report, 65% Indians said that products and services using AI have profoundly changed their daily life in the past 3-5 years.
Predictably Improve Your B2B Tech Company's Performance by Leveraging DataKiwi Creative
Harness the power of AI-backed reports, benchmarking and data analysis to predict trends and detect anomalies in your marketing efforts.
Peter Caputa, CEO at Databox, reveals how you can discover the strategies and tools to increase your growth rate (and margins!).
From metrics to track to data habits to pick up, enhance your reporting for powerful insights to improve your B2B tech company's marketing.
- - -
This is the webinar recording from the June 2024 HubSpot User Group (HUG) for B2B Technology USA.
Watch the video recording at https://youtu.be/5vjwGfPN9lw
Sign up for future HUG events at https://events.hubspot.com/b2b-technology-usa/
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data LakeWalaa Eldin Moustafa
Dynamic policy enforcement is becoming an increasingly important topic in today’s world where data privacy and compliance is a top priority for companies, individuals, and regulators alike. In these slides, we discuss how LinkedIn implements a powerful dynamic policy enforcement engine, called ViewShift, and integrates it within its data lake. We show the query engine architecture and how catalog implementations can automatically route table resolutions to compliance-enforcing SQL views. Such views have a set of very interesting properties: (1) They are auto-generated from declarative data annotations. (2) They respect user-level consent and preferences (3) They are context-aware, encoding a different set of transformations for different use cases (4) They are portable; while the SQL logic is only implemented in one SQL dialect, it is accessible in all engines.
#SQL #Views #Privacy #Compliance #DataLake
Enhanced Enterprise Intelligence with your personal AI Data Copilot.pdfGetInData
Recently we have observed the rise of open-source Large Language Models (LLMs) that are community-driven or developed by the AI market leaders, such as Meta (Llama3), Databricks (DBRX) and Snowflake (Arctic). On the other hand, there is a growth in interest in specialized, carefully fine-tuned yet relatively small models that can efficiently assist programmers in day-to-day tasks. Finally, Retrieval-Augmented Generation (RAG) architectures have gained a lot of traction as the preferred approach for LLMs context and prompt augmentation for building conversational SQL data copilots, code copilots and chatbots.
In this presentation, we will show how we built upon these three concepts a robust Data Copilot that can help to democratize access to company data assets and boost performance of everyone working with data platforms.
Why do we need yet another (open-source ) Copilot?
How can we build one?
Architecture and evaluation
Natural Language Processing (NLP), RAG and its applications .pptxfkyes25
1. In the realm of Natural Language Processing (NLP), knowledge-intensive tasks such as question answering, fact verification, and open-domain dialogue generation require the integration of vast and up-to-date information. Traditional neural models, though powerful, struggle with encoding all necessary knowledge within their parameters, leading to limitations in generalization and scalability. The paper "Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks" introduces RAG (Retrieval-Augmented Generation), a novel framework that synergizes retrieval mechanisms with generative models, enhancing performance by dynamically incorporating external knowledge during inference.
2. The General Data Protection Regulation is
the most extensive change to EU data
protection law since the 1995 directive.
In 1995, Mark Zuckerberg was eleven years
old . . .
GDPR passed by European
Parliament in April 2016.
To come into effect on
25 May, 2018 in all member
states.
3. REGULATION (EU) 2016/679 OF
THE EUROPEAN PARLIAMENT AND
OF THE COUNCIL of 27 April 2016
on the protection of natural
persons with regard to the
processing of personal data and on
the free movement of such data,
and repealing Directive 95/46/EC
4. Personal data must:
1. Be fairly obtained & processed
2. For specified, explicit &
legitimate purpose(s)
3. Not be processed in a manner
incompatible with those
purpose(s)
4. Be kept safe & secure
5. Be kept accurate, complete &
up-to-date
6. Be adequate, relevant & not
excessive
7. Not be retained for longer than
is necessary
8. Be provided on request to the
data subject
5. Definition of personal
data
Accountability
Consent
Access requests
Joint data controllership
Controller / Processor
relationship
Breach notification
Data Protection Impact
Assessments
Mandatory Data
Protection Officers
Right to compensation
and liability
Financial penalties
6. Current definition:
Data relating to a
living individual who is
or can be identified
either from the data
or from the data in
conjunction with other
information that is in,
or is likely to come
into the possession of
the Data Controller.
S.1 Data Protection Act, 1988
GDPR redefinition:
any information
relating to ... an
identified natural
person or a natural
person who can be
identified, directly or
indirectly, by means
reasonably likely to be
used by the controller
or by any other natural
or legal person...
Art. 4(1), GDPR
8. “any freely given,
specific, informed and
unambiguous indication
of… wishes…”
Must be given “by a
statement or by a clear
affirmative action
signifying agreement”
Art. 4(11)
9. No fee unless request “manifestly
unfounded or excessive”
Requests can be made and must,
where appropriate, be responded
to electronically
Standard time limit 1 month
May take up to 3 months, but must
notify data subject within 1
month, giving reasoned
justification for delay
As well as personal data, other
info. such as sources, processing
purposes & right to complain to
DPA must be provided.
Art. 12 & 15 Janet McKnight
10. Where two or more controllers jointly
determine the purposes and means of the
processing of personal data, they are joint
controllers.
They shall in a transparent manner
determine their respective responsibilities
for compliance with the obligations under
this Regulation.
Art. 26
11. The carrying out of processing by a
processor shall be governed by a contract
or other legal act under Union or Member
State law, binding the processor to the
controller, setting out the subject matter
and duration of the processing, the
nature and purpose of the processing,
the type of personal data and categories
of data subjects.
The processor and any person acting under
the authority of the controller or of the
processor who has access to personal data
shall not process them except on
instructions from the controller, unless
required to do so by Union or Member
State law.
Art. 28
11
12. In the case of a personal data breach, the controller
shall without undue delay and, where feasible, not
later than 72 hours after having become aware of it,
notify the personal data breach to the supervisory
authority, unless the personal data breach is unlikely
to result in a risk for the rights and freedoms of
individuals. The notification to the supervisory
authority shall be accompanied by a reasoned
justification in cases where it is not made within 72
hours.
When the personal data breach is likely to result in a
high risk for the rights and freedoms of individuals
the controller shall communicate the personal data
breach to the data subject without undue delay.
Art. 33
13. DPIA is mandatory “where processing is likely to
result in a high risk”.
DPIA must include at least:
systematic description of envisaged processing and
the purposes of the processing, including where
applicable the legitimate interest pursued;
assessment of necessity and proportionality of
processing;
assessment of the risks to the rights and freedoms
of data subjects;
measures envisaged to address the risks.
Controller must consult DPA where processing would
result in high risk in absence of mitigating measures.
Art. 35
14. The controller or processor must designate a data protection officer in
any case where:
the processing is carried out by a public authority or body; or
the core activities of the controller or processor consist of
processing operations which because of their nature, scope or their
purposes, require regular and systematic monitoring of data
subjects on a large scale; or
the core activities of the controller or the processor consist of
processing on a large scale of sensitive personal data.
A group of undertakings may appoint a single data protection officer
provided that a data protection officer is easily accessible from each
establishment
Where the controller or processor is a public authority or body, a
single data protection officer may be designated for several of them,
taking account of their organisational structure and size.
Art. 37, 38 & 39
15. DPOs must have “expert” knowledge,
training and experience.
DPOs must report directly to the
highest level of management.
DPOs must be completely
independent in the performance of
their duties.
DPOs may be directly employed staff
or external service providers.
DPOs must be involved in a proper
and timely manner in all
organisational personal data
protection matters.Office of the Privacy Commissioner Canada
16. DPOs shall have at least these tasks:
Informing and advising the
organisation and its staff on
compliance.
Monitoring organisational data
protection compliance.
Advising on data protection impact
assessments.
Acting as the contact point for and
cooperating with the DPC.
Acting as the contact point for data
subjects.
May have other duties, provided they
aren’t incompatible with DPO role.Office of the Privacy Commissioner Canada
17. Current situation:
Collins v FBD Insurance
(Ireland)
Google v Vidal-Hall (UK)
In the GDPR:
Any person who has
suffered material or
non-material damage as
a result of an
infringement of this
Regulation shall have
the right to receive
compensation from the
controller or processor
for the damage
suffered.
Art 82.1
18. Where more than one controller or
processor or a controller and a processor
are involved in the same processing and,
where they are responsible for any
damage caused by the processing ... each
controller or processor shall be held
liable for the entire damage, in order to
ensure effective compensation of the
data subject.
Art 82.4
19. Two tier structure:
Greater of €10m or 2% of turnover
Greater of €20m or 4% of turnover
Each supervisory authority shall
ensure that the imposition of
administrative fines . . . shall in each
individual case be effective,
proportionate and dissuasive.
Art. 83
Most infringements in principle subject to
fines
Bruno Gencarelli, Head of Data Protection Unit, DG Justice
Not exhaustive - “edited highlights”
Leap Card & Eircode
Documented policies, standards & procedures, with evidence that they’re adhered to.
Think about WhatsApp and Uber - no “opt out”
Electronic response where electronic request, unless data subject indicates otherwise
[HOLD!]
Do exercise on p. 55 of Manual
L/A & Gardai re CCTV.
Other specific detail needed in contract, such as undertakings to follow instructions, assist with exercise by data subjects of rights, destruction of data on termination, etc
Core activities - main revenue generating activities?
DPO is not a mini DPA
Bavaria and the IT Manager, HR, internal audit - IAPP estimate
BTW, no personal liability in GDPR
Emphasise main risk is not enforcement, e.g., TalkTalk.