The document summarizes key aspects of the upcoming EU General Data Protection Regulation (GDPR) as it relates to software development:
- The GDPR defines what organizations must do with personal data, but not how to implement it technically. Guidelines provide high-level principles like "privacy by design" but not specific tools or processes.
- To comply, developers must consider privacy throughout the design process using methods like data minimization, access controls, and encryption. Organizations must also be able to demonstrate and ensure ongoing compliance, such as through documentation and audits.
- The GDPR places new obligations on data controllers and processors around security, impact assessments, subcontractors, access requests, and accountability. While
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
GDPR will replace national data protection laws of all 28 EU member states in May 2018 and is applying to any organization that processes data of EU data subjects.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
An overview of the principles of GDPR and some tips to implement it in your organization. I would be more than happy to share my views with stakeholders in your company.
GDPR will replace national data protection laws of all 28 EU member states in May 2018 and is applying to any organization that processes data of EU data subjects.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
This webinar covers:
- An overview of the regulatory landscape and territorial scope
- Principles of the EU GDPR
- Breach notification rules
- Data subject rights
- Changes to consent
- Processor liabilities
- Role of the Data Protection Officer
A recording of this webinar is available here: https://www.youtube.com/watch?v=bEvXj2nhPd0
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
The upcoming General Data Protection Regulation (GDPR) that will be applicable to all data of EU citizens starting May 2018 enforces new data privacy obligations on the management and the retention of personally identifiable information (PII) including data collection, retention, protection, modification and deletion processes.
Learn what are the impacts on your business and how to prepare with IBM solutions
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
GDPR (EU 2016/679) and NIS are intended to strengthen data protection for people in the EU, replacing Directive 95/46/EC. Learn how HyTrust can help with compliance.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
In this Story, we follow Sophie in her life and job. In her new job, she meets Marco, who chose Microsoft Solutions to be as compliant as possible with GDPR.
If you want to hear the story behind the slides, feel free to get in touch via www.thedataprotectionoffice.eu
n this webinar, GDPR expert, Richard Hogg, answers the following questions:
What will the GDPR mean for my organization?
Where do I start on the journey to compliance?
What tools and technology are available to help?
Attendees: Operations, Finance, Compliance, Governance, IT
https://www.integro.com/recorded-webinar/nov-17-2016-gdpr
Presentation to Cyprus Computer Society Records Management event by Christoforos Christoforou, Risk and Strategic Planning Manager at Fileminders http://www.fileminders.com.cy/
Agenda:
1. Introduction to the General Data Protection Regulation (GDPR )
2.Data protection: Why all the fuss?
3. How does GDPR affect your business?
SureSkills GDPR - Discover the Smart Solution Google
In today’s digital business, information is currency. But is your data really protected and delivering value? How can you gain competitive advantage, while ensuring you stay compliant with the onerous upcoming EU General Data Protection Regulation?
GDPR and Security Culture: Measuring effectivenessKai Roer
Article 32 in GDPR states that organisations need to demonstrate the effectiveness of technical and organisational measures (controls) implemented to protect PII. This presentation show how the CLTRe Toolkit provide the solution to this requirement.
The leading conference on security culture is back for 2016! Join CIO/CISO/CSO/HR and others from around the world to learn and share how to build and maintain security culture at this annual conference in Oslo, Norway. Great speakers comes to share their knowledge, training courses are available, and networking opportunities aplenty! Sign up today for the best value!
This webinar covers:
- An overview of the regulatory landscape and territorial scope
- Principles of the EU GDPR
- Breach notification rules
- Data subject rights
- Changes to consent
- Processor liabilities
- Role of the Data Protection Officer
A recording of this webinar is available here: https://www.youtube.com/watch?v=bEvXj2nhPd0
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
The upcoming General Data Protection Regulation (GDPR) that will be applicable to all data of EU citizens starting May 2018 enforces new data privacy obligations on the management and the retention of personally identifiable information (PII) including data collection, retention, protection, modification and deletion processes.
Learn what are the impacts on your business and how to prepare with IBM solutions
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
GDPR (EU 2016/679) and NIS are intended to strengthen data protection for people in the EU, replacing Directive 95/46/EC. Learn how HyTrust can help with compliance.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
In this Story, we follow Sophie in her life and job. In her new job, she meets Marco, who chose Microsoft Solutions to be as compliant as possible with GDPR.
If you want to hear the story behind the slides, feel free to get in touch via www.thedataprotectionoffice.eu
n this webinar, GDPR expert, Richard Hogg, answers the following questions:
What will the GDPR mean for my organization?
Where do I start on the journey to compliance?
What tools and technology are available to help?
Attendees: Operations, Finance, Compliance, Governance, IT
https://www.integro.com/recorded-webinar/nov-17-2016-gdpr
Presentation to Cyprus Computer Society Records Management event by Christoforos Christoforou, Risk and Strategic Planning Manager at Fileminders http://www.fileminders.com.cy/
Agenda:
1. Introduction to the General Data Protection Regulation (GDPR )
2.Data protection: Why all the fuss?
3. How does GDPR affect your business?
SureSkills GDPR - Discover the Smart Solution Google
In today’s digital business, information is currency. But is your data really protected and delivering value? How can you gain competitive advantage, while ensuring you stay compliant with the onerous upcoming EU General Data Protection Regulation?
GDPR and Security Culture: Measuring effectivenessKai Roer
Article 32 in GDPR states that organisations need to demonstrate the effectiveness of technical and organisational measures (controls) implemented to protect PII. This presentation show how the CLTRe Toolkit provide the solution to this requirement.
The leading conference on security culture is back for 2016! Join CIO/CISO/CSO/HR and others from around the world to learn and share how to build and maintain security culture at this annual conference in Oslo, Norway. Great speakers comes to share their knowledge, training courses are available, and networking opportunities aplenty! Sign up today for the best value!
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
An overview of the Security Culture Framework, and the services around itKai Roer
In this presentation, we introduce the Security Culture Framework (the free and open framework to build and maintain security culture), and explain how the Community, 3rd party partners and The Roer Group works together to create a full ecosystem of security culture.
You can join the movement at https://scf.roer.com
GDPR 20161202 IRM Creative morning
Den nya dataskyddsförordningen, General Data Protection Regulation (GDPR) ersätter Personuppgiftslagen (PUL) i maj 2018. I stort sett alla organisationer som hanterar persondata i någon form behöver se över sin hantering och i många fall skapa nya policies, ansvar och rutiner. Det är lämpligt att sätta igång med arbetet redan nu. Vi berättar om den nya lagen och ger förslag på aktivitetsplan.
Här är några exempel på förändringar i och med den nya förordningen:
Personer ska få tillgång till sina egna uppgifter och kunna begära att bli raderade.
Tydligare krav på syftet med hanteringen och samtycke.
Tydligare krav på spårbarhet.
Strängare krav på den som hanterar persondata i andra hand.
Incidentrapportering vid dataintrång.
Böter på upp till 20 miljoner Euro eller 4 % av globala omsättningen.
Key highlights of the General Data Protection Regulation (GDPR), which organisations will need to consider when preparing for its coming into force on 25 May 2018.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
The upcoming General Data Protection Regulation (EU GDPR) will change the requirements for managing consumers’ personal data across the globe. The regulation’s scope is broad and also affects organizations outside of the EU. Striking a balance between meeting the new regulatory requirements and effectively serving customers in the age of Digital Transformation mandates a shift from siloed consumer data management to centralized Customer Identity Management platforms that support the balance between compliance, user consent, and optimizing the customer experience.
In this white paper — commissioned by Gigya from European analyst firm KuppingerCole and prepared by Fellow Analyst Dr. Karsten Kinast and Lead Analyst Ivan Niccolai — you will learn about:
*The history, framework, implementation and scope of the EU GDPR
*Key compliance elements of the EU GDPR
*The implications of the EU GDPR on Customer Identity Management and best-practice recommendations for strategy and implementation
Korte beschrijving seminar. De verstrekkende kansen en bedreigingen van de nieuwe Europese privacywetgeving voor uw klantcontactstrategie
Hoe gaan we om met de persoonlijke data van onze klanten en hoe zorg je dat de vergaande AVG/GDPR wetgeving een kans biedt voor de marketing activiteiten in plaats van een bedreiging?
Voor general en marketing managers. Voor niet juristen en waar compliance juist niet de invalshoek van een plan van aanpak is.
Wat is de inhoud en betekenis van de Algemene Verordening Gegevensbescherming (GDPR) voor uw bedrijf en welke stappen zijn nodig om compliant te zijn tegen mei 2018? Sirius Legal geeft u een bevattelijk overzicht.
Cyber Security & Data Protection Considerations for GDPR,
GDPR Overview,
Data Centric Quick Wins,
Streamlining with Technology,
Monitor and Measure GDPR Risks,
www.3grc.co.uk
With a fine of up to 4% of an organisation’s annual turnover on the line, Individuals accountable and responsible for data protection are actively seeking clarification and advice regarding the impending changes to the EU General Data Protection Regulation.
The question now? How prepared are you to meet the EU General Data Protection Regulation?
IRM’s resident Data Protection expert Paul Sexby, addresses the areas that need to be considered in order to prepare for the new requirements.
gdpr - avg algemene introductie voor marketeersThe CMR Agency
In tien sheets de basis beginselen van GDPR (General Data Protection Regulation) of AVG (Algemene Verordening van Gegevensbescherming), met als doelgroep: de marketeers.
8 Tips on Creating a Security Culture in the WorkplaceTripwire
October is National Cyber Security Awareness Month (NCSAM). We asked experts in the field how companies can motivate their workforce to help strengthen their IT security posture. Read the full article on The State of Security here: http://tripwire.me/2d2INVY
GDPR for operations and development teams. GDPR includes the data protection by default and data protection by design principles that can be troublesome if not taken into consideration in the beginning of the secure software development life cycle. What are the technical requirements to be considered as "satte of the art" that are mentioned in the regulation. What are the methods of implementation to the risk-based approach the general data protection regulation has.
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
Georgie Collins and Dan Hedley, Irwin Mitchell LLP presented, "Data breaches and the law, a practical guide" at Flight East 2018. For more information on Black Duck by Synopsys, please visit our website at www.blackducksoftware.com.
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Codemotion
L’Application Economy obbliga l’IT a correre alla stessa velocità del business. Nel contempo l’entrata in vigore di nuove stringenti normative in ambito sicurezza impone l’adeguamento del Software Delivery LifeCycle affinché queste possano essere implementate e testate già dalle fasi iniziale dello sviluppo, ottimizzando i tempi di delivery e minimizzando il time to market.
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
New Security Legislation & Its Implications for OSS Management Jerika Phelps
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
The Countdown is on: Key Things to Know About the GDPRCase IQ
The EU’s General Data Protection Regulation (GDPR) comes into effect on May 25th. This powerful legislation strengthens data privacy laws in Europe and has implications for companies all over the world that store, process or transfer the information of the EU’s citizens.
Failure to comply with the regulation can expose a company to fines based on global revenue and reputation damage, yet many companies are struggling to comply in time.
Join information security expert and CEO/Founder of AsTech Consulting, Greg Reber, as he walks participants through a plan for GDPR compliance.
DN18 | Privacy by Design for Blockchain | Silvan Jongerius | TechGDPR Dataconomy Media
About the Author:
Silvan Jongerius is the CEO and Founder of TechGDPR, a boutique consultancy for Data Protection and Privacy in tech-centric environments, such as Blockchain, AI and IoT. He has led Data Protection and security efforts since 2012, after spending 12 years in senior technology leadership, general management and innovation for large technology educators. In recent years, he has been particularly focused on Blockchain projects. He holds certifications from the Columbia Business School in Digital Strategies for Business, from the IAPP as Certified Information Privacy Professional (Europe/GDPR) and is TÜV certified Data Protection Officer (Datenschutzbeauftragter). He is the European Representative for DLT Labs, a Toronto-based blockchain development house. He is also a regular speaker, consultant and educator in GDPR, blockchain, innovation and technology, and is mentor and advisor for a number of innovative tech and blockchain projects.
How MongoDB can accelerate a path to GDPR complianceMongoDB
The timeline for compliance with the European Union’s General Data Protection Regulation (GDPR) is fast approaching. To help you ensure you’re prepared, we’re hosting an online discussion in advance of May 25th (when the regulation goes into effect). We’ll cover:
The specific requirements of GDPR
How these map to required database capabilities
How MongoDB can provide the core technology foundations to help organizations accelerate their path to compliance
Continuous PCI and GDPR Compliance With Data-Centric SecurityTokenEx
Continuous PCI and GDPR Compliance With Data-Centric Security describes how to develop a data security environment that is GDPR and/or PCI DSS compliant by utilizing tokenisation to pseudonymize sensitive data. Contact: Sales@tokenex.com
5 key steps for SMBs for reaching GDPR ComplianceGabor Farkas
In this GDPR Compliance presentation, you can learn more about the key steps to take for GDPR Compliance, including:
- What are data management processes and how to identify them at small and medium sized businesses
- What is personal data under the GDPR and how to establish a record of processing activities to map personal data
- How does encryption help with safeguarding personal data and ensuring GDPR compliance
- What your business should do to get ready for the new General Data Protection regulation on time
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
Learn more about the transfer of personal data across borders, including best practices for protecting your information against physical and virtual threats in order to maintain data integrity and confidentiality.
To view the on demand version of the webinar click here: https://symc.ly/2uLlDNf.
A Dynamic Intelligent Policies Analysis Mechanism for Personal Data Processin...Konstantinos Demertzis
The evolution of the Internet of Things is significantly a
ected by legal restrictions imposed for personal data handling, such as the European General Data Protection Regulation (GDPR).
The main purpose of this regulation is to provide people in the digital age greater control over their personal data, with their freely given, specific, informed and unambiguous consent to collect and process the data concerning them. ADVOCATE is an advanced framework that fully complies with the requirements of GDPR, which, with the extensive use of blockchain and artificial intelligence technologies, aims to provide an environment that will support users in maintaining control of their personal data in the IoT ecosystem. This paper proposes and presents the Intelligent Policies Analysis Mechanism (IPAM) of the ADVOCATE framework, which, in an intelligent and fully automated manner, can identify conflicting rules or consents of the user, which may lead to the collection of personal data that can be used for profiling. In order to clearly identify and implement IPAM, the problem of recording user data from smart entertainment devices using Fuzzy Cognitive Maps (FCMs) was simulated. FCMs are an intelligent decision-making system that simulates the processes of a complex system, modeling the correlation base, knowing the behavioral and balance specialists of the system. Respectively, identifying conflicting rules that can lead to a profile, training is done using Extreme Learning Machines (ELMs), which are highly ecient neural systems of small and flexible architecture that can work optimally in complex environments.
Riskienhallinta, järjestelmällistä riskienhallintaa, riskien hallinnan käsitteet, työpajan pitäminen, fasilitointi
Esitys pidetty tässä muodossa turvallisuusjohdon koulutusohjelman yhteydessä 2014
-“Facts” about NSA/Snowden/Prism
-data classification
-guideline to Safe use of “Cloud”:
-choosing and using Cloud
-open source, alternative cloud services
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
4. GDPR says “WHAT” , It doesn’t say “HOW”
Nothing about:
» specific tools to use
» specific processes to use
» specific standards to use
» examples or templates for solutions
» Best practices for development or guidelines
actual ”privacy engineering (privacy by default)”
Specs from GDPR??
7. Personal Data Flow – subcontractor management (example)
Cloud based
storage in USAApplication
server in Finland
Administration
and support in
India
Remote
connections to
systems
API
Data
analytics
HTTPS / SSL encryption
Finland USA
EU India
API
Contractor
Vendor
Vendors
subsidiary
In all boxes, note:
• Data retention
(Right to erasure)
• Minimisation
• Agreements
Application
development
partner
Outside EU/ETA
Aditro’s Customer
Aditro
Data Subject
HTTPS / SSL encryption, EULA, Input forms
8. 8
I mage: Based on PrivaOn presentation
* https://www.enisa.europa.eu/topics/data-protection/privacy-enhancing-technologies (PET)
• ”Privacy by Design” is today undefined
• Official privacy by design will be defined aftre precedent legal
cases
Privacy
requirements
Security
requirements
PET*a
Evidence collection for accountability, technology (log, authentication) process (test reports, memos)
Backlog
P-I-A
Privacy Architecture
Threat analyzes
Security testing
Implementation
Auditing
Certification
Data access process
Data retention
Backups