Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
What is GDPR and why does it matter to me? Desynit
An introduction to the most radical changes to data protection in the last 10 years. Stephan Chandler-Garcia from Digital Catapult gives you an overview of the General Data Protection Regulation and how you can stay ahead of the curve as a Salesforce user. We will be looking at new ways of thinking about your customers data and new ways of managing consent.
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
My presentation for SUG Hungary presented on 26.06.2018 with topic Privacy by Design and by Default and General Data Protection Regulation with Sitecore
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
As the European Union (EU) has enacted the General Data Protection Regulation (GDPR), it is easy to perceive this regulation would apply to only multinational or European companies. GDPR will certainly impact businesses in EU; but it will extend its applicability for international businesses, even those based in the United States.
In this webinar, Daniel Cohen-Dumani and Anupam Goradia of Withum cover what exactly GDPR is and why it is important to your business. We also share practical tips and best practice on how to ensure your compliance.
Changes to EU data protection legislation are imminent and could have potentially devastating consequences for your business. Don’t be caught by surprise!
The DMA is keeping in close touch with developments as the European Parliament and Council prepare to debate this business-critical piece of legislation this autumn.
Caroline Roberts, Director of Public Affairs at the DMA will provide an update on the draft EU Data Protection Regulation and the DMA's lobbying activity.
Kathryn Wynn, Senior Associate at Pinsent Masons will discuss Big Data: Identifying the Opportunities and Overcoming the Legal Obstacles
The European Union General Data Protection Regulation (“EU-GDPR”) will come into effect on May, 25th. Your company may think it does not have to worry about this because you are located in the United States, and you may be wrong. If your company processes or holds personal data for a person residing in a European Union country, your company will have to comply.
For small businesses who feel overwhelmed with all the attention and threatening articles, here is a very easy GDPR-compliance checklist you can go through.
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. This policy directive was adopted in May 2016 to make Europe fit for the digital age. How does it affect small businesses?
The GDPR brings a lot of extra work for organizations that are considered to process Personal Data. For small businesses who feel overwhelmed with all the attention and threatening articles, here is a very easy GDPR-compliance checklist you can go through.
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
This presentation covers what you as a business owner need to do in order to be ready and compliant for GDPR. It shows you all of the different lawful basis that you can use for processing personal data, so that you do not have to rely on consent.
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
Remote sensing and monitoring are changing the mining industry for the better. These are providing innovative solutions to long-standing challenges. Those related to exploration, extraction, and overall environmental management by mining technology companies Odisha. These technologies make use of satellite imaging, aerial photography and sensors to collect data that might be inaccessible or from hazardous locations. With the use of this technology, mining operations are becoming increasingly efficient. Let us gain more insight into the key aspects associated with remote sensing and monitoring when it comes to mining.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
Enterprise Excellence is Inclusive Excellence.pdfKaiNexus
Enterprise excellence and inclusive excellence are closely linked, and real-world challenges have shown that both are essential to the success of any organization. To achieve enterprise excellence, organizations must focus on improving their operations and processes while creating an inclusive environment that engages everyone. In this interactive session, the facilitator will highlight commonly established business practices and how they limit our ability to engage everyone every day. More importantly, though, participants will likely gain increased awareness of what we can do differently to maximize enterprise excellence through deliberate inclusion.
What is Enterprise Excellence?
Enterprise Excellence is a holistic approach that's aimed at achieving world-class performance across all aspects of the organization.
What might I learn?
A way to engage all in creating Inclusive Excellence. Lessons from the US military and their parallels to the story of Harry Potter. How belt systems and CI teams can destroy inclusive practices. How leadership language invites people to the party. There are three things leaders can do to engage everyone every day: maximizing psychological safety to create environments where folks learn, contribute, and challenge the status quo.
Who might benefit? Anyone and everyone leading folks from the shop floor to top floor.
Dr. William Harvey is a seasoned Operations Leader with extensive experience in chemical processing, manufacturing, and operations management. At Michelman, he currently oversees multiple sites, leading teams in strategic planning and coaching/practicing continuous improvement. William is set to start his eighth year of teaching at the University of Cincinnati where he teaches marketing, finance, and management. William holds various certifications in change management, quality, leadership, operational excellence, team building, and DiSC, among others.
Explore our most comprehensive guide on lookback analysis at SafePaaS, covering access governance and how it can transform modern ERP audits. Browse now!
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...Kumar Satyam
According to TechSci Research report, “India Orthopedic Devices Market -Industry Size, Share, Trends, Competition Forecast & Opportunities, 2030”, the India Orthopedic Devices Market stood at USD 1,280.54 Million in 2024 and is anticipated to grow with a CAGR of 7.84% in the forecast period, 2026-2030F. The India Orthopedic Devices Market is being driven by several factors. The most prominent ones include an increase in the elderly population, who are more prone to orthopedic conditions such as osteoporosis and arthritis. Moreover, the rise in sports injuries and road accidents are also contributing to the demand for orthopedic devices. Advances in technology and the introduction of innovative implants and prosthetics have further propelled the market growth. Additionally, government initiatives aimed at improving healthcare infrastructure and the increasing prevalence of lifestyle diseases have led to an upward trend in orthopedic surgeries, thereby fueling the market demand for these devices.
3. Agenda
09:30 Welcome
09:40 Alex Saunders, Leathes Prior
Tom Parsley, Selesti
John Gostling, Breakwater IT
10:30 Refreshment Break & Exhibition
Darren Chapman, CyberScale
Panel Q&A
11:45 Host close
12.00 Free networking, light refreshments & speaker drop-in
12.15 Optional workshops
13.00 Event close
4. No fire drills – Exits are marked
Toilets outside this room
Phones on silent
Feel free to tweet
House keeping
@norfolkchamber #NorfolkGDPR
WIFI: The Space Password: 5pac3002
8. GDPR Overview
Replaces the existing Data Protection Act 1998
Due to come into force on 25 May 2018
Most fundamental change to data protection law in almost 20 years?
Covers the use of “personal data” – any information that can identify a living individual
Introduces various key new concepts and expands on existing concepts
Applies to:
Organisations operating within EU
Non-EU organisations offering goods/services within the EU
Enforced in UK by Information Commissioner’s Office (“ICO”)
Impact of Brexit?
10. Principles Continuity
DPA 1998
Fair and lawful processing
Specific purposes
Adequate, relevant and not excessive
Accuracy
Retain only as long as necessary
Respect data subjects’ rights
Security
Transfers outside EEA
GDPR
Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
(See lawfulness above)
11. Lawful Processing Basis for processing
CONSENT: you can process personal data where the subject has
given consent to the processing for one or more specified purpose
CONTRACT WITH INDIVIDUAL: you can process personal data,
without consent, where required under a contract with the data
subject
E.g. employment contract, contract for sale of goods or services
VITAL INTERESTS: you can process personal data, without consent,
if it’s necessary to protect someone’s life
12. Lawful Processing Basis for processing (cont…)
PUBLIC TASK: you can process personal data, without consent, to
carry out your official functions or a task in the public interest – and
where you have a legal basis for the processing under UK law
If public authority, likely to apply to most of your processing activities
LEGITIMATE INTEREST: you can process personal data, without
consent, if you have a genuine and legitimate reason to do so
Legitimate interest can be for commercial benefit
GDPR recitals – direct marketing could be a legitimate interest
BUT exception if your interests are outweighed by harm to the individual’s
rights and interests
13. Lawful Processing Is “consent” always necessary?
MYTH: Consent is always necessary to process personal data
FACT: Consent is one way to comply with the GDPR, not the only way
“Consent” is only one of six lawful basis for processing personal data
Organisations will need to identify on which ground they are processing personal data
Will only be appropriate to use consent where other grounds do not apply
14. Consent under GDPR When is consent appropriate?
Consent may be required if you are…
Direct marketing
Using or sharing personal data in a way that is
potentially intrusive or unusual – e.g. selling database
Transferring personal data outside the EEA
Consent will not be appropriate if…
You are in a position of power over the individual (employer)
Consent is a pre-condition of using the service
You would still process personal data using a different basis
even if consent was withdrawn
15. Consent under GDPR Key changes?
DPA 1998
“any freely given specific and informed
indication of his wishes by which the data
subject signifies his agreement to personal
data relating to him being processed”
GDPR
“any freely given, specific, informed and
unambiguous indication of the data subject's
wishes by which he or she, by a statement or
by a clear affirmative action, signifies
agreement to the processing of personal data
relating to him or her”
Guidance: “Silence, pre-ticked boxes or inactivity should therefore not constitute consent”
GDPR sets a higher standard for obtaining consent
16. Consent Practical Changes
DON’T
Identify basis of processing
Ensure consent is the most appropriate basis for the processing. Any other grounds?
Clear and plain language
Use language that is easy to understand when obtaining consent. Avoid legal jargon!
Third parties
Give details of any third parties who will be relying on the consent.
Keep records
Who gave consent? When and how was consent given? Review consents regularly.
Withdrawal
Make withdrawal of consent straightforward and simple. Same method as given.
DO
17. X Don’t bundle consent
Keep separate from other terms. Don’t make it a pre-condition of signing up to a service.
X Blanket consent
Get separate consent for separate things where possible. Do not rely on a blanket consent
X Don’t use pre-ticked boxes
It should be an active opt-in. Don’t rely on implied consent.
X Penalising withdrawal
Do not penalise individuals who withdraw their consent.
X Public authorities
Take extra care to show consent has been freely given. Avoid over-reliance on consent.
Consent Practical Changes
DON’T
18. Action Points What now?
Undertake a review of the personal data held by your organisation
If not, consider whether consent meets the GDPR standard. Do you need to obtain
fresh GDPR-compliant consent?
Identify what data is being processed on the basis of consent. Are there any other
lawful basis for processing?
Ensure that there are proper procedures in place for recording consent and giving
customers the right to withdraw
19. THANK YOU
Please feel free to get in touch with any questions:
E: asaunders@leathesprior.co.uk
T: 01603 281141
41. INTRODUCTION
About me;
• Worked in IT since 1998
• Nearly 20 years!
• Worked at Breakwater since 2012
• Regularly see different hacks, breaches and attempts at fraud
42. PERSONAL DATA BREACH
• What is a breach?
“A personal data breach means a breach of security leading to the accidental or
unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal
data. This includes breaches that are the result of both accidental and deliberate causes. It
also means that a breach is more than just about losing personal data.”
43. PERSONAL DATA BREACH
• What is a breach?
“A personal data breach means a breach of security leading to the accidental or
unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal
data. This includes breaches that are the result of both accidental and deliberate causes. It
also means that a breach is more than just about losing personal data.”
44. PERSONAL DATA BREACH
• What is a breach?
“A personal data breach means a breach of security leading to the accidental or
unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal
data. This includes breaches that are the result of both accidental and deliberate causes. It
also means that a breach is more than just about losing personal data.”
45. BREACH EXAMPLES
• Carphone Warehouse
• Fined £400,000 in January
• Records for approximately 3,348,869 customers of a number of mobile phone providers
• Records for 389 customers across two other companies
• Historic transaction details for the period March 2010 – April 2010
• Records of approx. 100 employees
46. BREACH EXAMPLES
• What is a vulnerability?
A vulnerability is a weakness which allows an attacker to reduce a system's information
assurance. Vulnerabilities are the intersection of three elements: a system susceptibility or
flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a
vulnerability, an attacker must have at least one applicable tool or technique that can
connect to a system weakness. In this frame, vulnerability is also known as the attack
surface.
49. BREACH EXAMPLES
• Uber
• Details of 2.7 million UK drivers and riders
• Details of 57 million people worldwide
• Email addresses and phone numbers
• US Driver license numbers
50. BREACH EXAMPLES
• Uber - How did they get in?
• Password stored on Github
• What is Github?
• Cover up!
• ICO Response
51. BREACH EXAMPLES
• Uber – ICO Response
“Uber has confirmed its data breach in October 2016 affected approximately 2.7million user accounts in the UK. Uber
has said the breach involved names, mobile phone numbers and email addresses.
On its own this information is unlikely to pose a direct threat to citizens. However, its use may make other scams, such
as bogus emails or calls appear more credible. People should continue to be vigilant and follow the advice from the
NCSC.”
52. BREACH EXAMPLES
• Leicester County Council
• Email sent to 27 different taxi firms
• Accidentally included a large spreadsheet
• The spreadsheet contained personal data of thousands of children
53. PREVENT A BREACH
• Vulnerability testing & Penetration testing
• Password Management
• Risk assess
• Two Factor Authentication
• Utilise DLP features on key documents
• Data Protection training
54. USEFUL LINKS
• Elizabeth Denham Blog - http://bit.ly/2tcP5uA
• Carphone Warehouse Monetary Penalty Notice -
http://bit.ly/2oR86xs
• ICO Statement on Uber Breach - http://bit.ly/2juR7y4
• BBC Article on Leicester City Council - http://bbc.in/2D3V8C9
57. GDPR & Cyber Security
GDPR Conference 13th March, 2018
Darren Chapman
Director & Principal Security Consultant
Pragmatic IT Security
58. (Why) Does Cyber Security Matter?
“Cyber security and data protection are inextricably linked“
CBI Cyber Security Conference, 13 September, 2017
59. “Processing” Personal Data
“Processing” means any operation or set of operations which is performed on
personal data or on sets of personal data, whether or not by automated means,
such as collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination
or otherwise making available, alignment or combination, restriction, erasure or
destruction;
60. Cyber Security – GDPR Regulations
“the controller and the processor shall
implement appropriate technical and
organisational measures to ensure a level of
security appropriate to the risk”
…Article 32, GDPR
61. Cyber Security – GDPR in practice
“A personal data breach can be broadly
defined as a security incident that has
affected the confidentiality, integrity or
availability of personal data”
ICO Website – Personal Data Breaches
62. Cyber Security Fundamentals
• For DATA, we use C.I.A.
▫ Confidentiality
▫ Integrity
▫ Availability
• Risk based approach
▫ Understand what is critical to your business
▫ Understand the vulnerabilities and threats
▫ Assess the risks and impacts
▫ Apply controls to reduce or mitigate
• For reducing risks, we consider
▫ People, Process & Technology
64. Data – What are the threats?
Malware Ransomware Viruses Worms Trojans Phishing Smishing
Fire Theft Flood
Hardware
failure
Human error DOS Attack RAT’s
Backdoors Corruption Insider threats
Zero day
attacks
Fileless
Malware
Man in the
middle attacks
Credential
stealing
Keyloggers SQL Injection XSS Bluejacking
Spear
Phishing
Whaling
“.. accidental or unlawful destruction, loss, alteration, unauthorised disclosure of,
or access to personal data transmitted, stored or otherwise processed”
..Article 32, GDPR
66. Cyber Security Personal Data Security
“.. the ability to ensure the ongoing
confidentiality, integrity, availability and
resilience of processing systems and services”
…Article 32, GDPR
Cyber Security Personal Data Security (GDPR)
CIA CIA
Risk Based Approach - DATA Risk based Approach – PERSONAL DATA
No formal requirement Demonstrable
Incident Response Plan Breach Response Plan
69. Common Gaps
Checking backups AV coverage Copies of data Cloud Security Policies
Contracts & SLA’s Staff training
Password
Management
Multi Factor
Authentication
Encryption (All
Devices)
BYOD Management
Individual User
Accounts
Monitoring &
Auditing
Updating
Applications
Least Privilege
DOCUMENTATION!
Incident Response
Plan
70. If things do go wrong….
Under the GDPR there is a
requirement for organisations to
report a personal data breach that
affects people’s rights and freedoms,
without undue delay and, where
feasible, not later than 72 hours after
having become aware of it
74. Workshops
Workshop A -
A Practical Marketing Approach
to GDPR
Workshop B – Appointing a
Data Protection
@norfolkchamber #NorfolkGDPR
www.slido.com #GDPR