The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. GDPR is a hugely important piece of legislation designed to replace antiquated data protection rules with a new framework which accounts for recent technological advancements.
Fundamentally, GDPR is about protecting people: in this digital age, our world is awash with data and individuals are generating a continuous flow of personal information. This data can hold huge socio-economic value, from individual preference and personalisation, to understanding national health trends and global business insights. But while the digital age has brought forth huge possibilities and benefits, it also carries inherent dangers.
Some of the most powerful companies in the world have established a business model predicated on the basis of data capture. Increasingly, services like email, search and social media have become available free of charge, but this often involves a trade-off where user access comes at the cost of relinquishing control of data. As the value of this information has become clear, there has been growing recognition that a new framework is needed to police this delicate balance and restore ownership and control.
GDPR will significantly raise the bar of obligation and accountability, ensuring that all organisations which handle personal data adhere to strict regulations around privacy, security and consent. This conference will contextualise the changing regulatory landscape, explain the significance of incoming rules, and define the key areas that organisations need to be aware of.
Core conference topics include:
Key legal issues and obligations
Privacy Impact Assessments
Data security and breach notification
Privacy by design
DPO requirements
Practical strategy implementation
In May 2018, the European Union’s General Data Protection Regulation (GDPR) will take effect. Companies that do not comply might be fined 20M or 4% of the annual global turnover whichever is greater. Despite the evident threat, GDPR is also a huge opportunity to rethink how your business works and to turn that threat into an opportunity. GRAKN.AI – a knowledge base – provides all you need to turn the centralized record of users that GDPR is asking companies to create and use it to provide value to your users. Adding them to the knowledge base as well as your content or product opens many new perspectives.
Using GDPR to Transform Customer ExperienceMongoDB
Infosys and MongoDB – A strategic relationship
What is GDPR?
Overview of GDPR – Infosys PoV [Key Focus Areas, Own Journey]
Infosys Solution Framework to GDPR
What Organizations are doing to be GDPR Ready and Infosys’ Relevant experience
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
As GDPR enforcement approaches, companies around the world are making changes to their internal processes and systems to ensure they are compliant by May 2018. For many, getting started can be a daunting task, especially at larger organizations.
There’s no one-size-fits-all strategy for GDPR compliance, but there are some steps that every business should take:
1. Document the data and processes that power your organization
2. Assess the realistic compliance risks that you need to protect against
3. Keep your documentation up-to-date to demonstrate continuous compliance.
In this slide deck, you’ll read about a real-world example of a company that has started their compliance project and how they structured it.
A recording of this webinar is available for free here: http://bit.ly/2hMsQmu
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq
How do you build and sustain organisational resilience?
Beyond the cyber threats, data breaches, risks and compliance, where are the opportunities for digital transformation and innovation in a post GDPR world?
More info:
https://content.ardoq.com/ardoq-events-join_us
Event created together with Sympatico Consulting:
https://www.sympaticoconsulting.co.uk/
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...TrustArc
Watch the webinar on-demand: https://info.trustarc.com/benchmarking-gdpr-compliance-webinar.html
Register now to watch this on-demand webinar to learn:
- How companies are approaching the GDPR
- Where they are prioritizing their effort
- How much they expect to spend
- These benchmarks can help you position your own program internally and build a case for further investment.
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
Who Will Make the Grade?
With less than one year to go before the GDPR is enforced across Europe, how has the industry responded to the GDPR requirements and how many companies will make the grade by May 2018? Recent TrustArc research conducted by Dimensional Research found that over 61% of companies have not even started their GDPR Compliance programs. Of those that had started - the three challenges cited most by the privacy professionals surveyed were difficult to maintain and update privacy programs (57%), lack of appropriate tools and technology (56%), and lack of internal resources (54%).
In May 2018, the European Union’s General Data Protection Regulation (GDPR) will take effect. Companies that do not comply might be fined 20M or 4% of the annual global turnover whichever is greater. Despite the evident threat, GDPR is also a huge opportunity to rethink how your business works and to turn that threat into an opportunity. GRAKN.AI – a knowledge base – provides all you need to turn the centralized record of users that GDPR is asking companies to create and use it to provide value to your users. Adding them to the knowledge base as well as your content or product opens many new perspectives.
Using GDPR to Transform Customer ExperienceMongoDB
Infosys and MongoDB – A strategic relationship
What is GDPR?
Overview of GDPR – Infosys PoV [Key Focus Areas, Own Journey]
Infosys Solution Framework to GDPR
What Organizations are doing to be GDPR Ready and Infosys’ Relevant experience
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
As GDPR enforcement approaches, companies around the world are making changes to their internal processes and systems to ensure they are compliant by May 2018. For many, getting started can be a daunting task, especially at larger organizations.
There’s no one-size-fits-all strategy for GDPR compliance, but there are some steps that every business should take:
1. Document the data and processes that power your organization
2. Assess the realistic compliance risks that you need to protect against
3. Keep your documentation up-to-date to demonstrate continuous compliance.
In this slide deck, you’ll read about a real-world example of a company that has started their compliance project and how they structured it.
A recording of this webinar is available for free here: http://bit.ly/2hMsQmu
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq
How do you build and sustain organisational resilience?
Beyond the cyber threats, data breaches, risks and compliance, where are the opportunities for digital transformation and innovation in a post GDPR world?
More info:
https://content.ardoq.com/ardoq-events-join_us
Event created together with Sympatico Consulting:
https://www.sympaticoconsulting.co.uk/
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...TrustArc
Watch the webinar on-demand: https://info.trustarc.com/benchmarking-gdpr-compliance-webinar.html
Register now to watch this on-demand webinar to learn:
- How companies are approaching the GDPR
- Where they are prioritizing their effort
- How much they expect to spend
- These benchmarks can help you position your own program internally and build a case for further investment.
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
Who Will Make the Grade?
With less than one year to go before the GDPR is enforced across Europe, how has the industry responded to the GDPR requirements and how many companies will make the grade by May 2018? Recent TrustArc research conducted by Dimensional Research found that over 61% of companies have not even started their GDPR Compliance programs. Of those that had started - the three challenges cited most by the privacy professionals surveyed were difficult to maintain and update privacy programs (57%), lack of appropriate tools and technology (56%), and lack of internal resources (54%).
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
In May of 2018 the European Union’s General Data Protection Regulation (GDPR) will go into effect and organizations seeking to be ready by the deadline will need to move quickly. There are a multitude of considerations: policies, marketing programs, systems, operations and the overall information architecture. This session provides a primer on GDPR, the required data management capabilities, and how governance will need to evolve for compliance.
Presentation on key legal issues regarding use and developments of BOTs, AI - GDPR, Data Protection. Case study BRISbot. Presentation delivered at Epicenter 30 of May 2017 in partnership with BRIS and Microsoft.
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
To do effective data governance, analysts should preview the amount of data their organization is collecting and consider if it is all necessary information to run the business or just “nice to have” data. Today companies are collecting a variety of Personally identifiable information (PII), combining it with location information, and using it to both personalize their own services and to sell to advertisers for behavioral marketing. Data brokers are tracking cell phone applications and insurance companies are installing devices to monitor driving habits. At the same time, however, hackers are embedding malicious software in company computers, opening a virtual door for criminals to rifle through an organization’s valuable personal and financial information.
This presentation explores:
•What company data should be tagged as “sensitive” data?
•Who within the company has access to personal data?
•Is the company breaking any privacy laws by storing PII data?
•Is the data secure from both internal and external hackers?
•What happens if there is an external data breech?
Navigating the Complex World of Compliance GuidelinesDATAVERSITY
Regulatory guidelines include many mandates for organizations to interpret and implement to protect their data. You know that you’re supposed to be monitoring and auditing certain data elements to demonstrate compliance, but how can you be sure you’re auditing the right things and translating the requirements correctly? IDERA’s Kim Brushaber will help to simplify and address some of the compliance concerns for complex data environments.
70% of employees have access to data they should not…and that’s going to be a problem when GDPR takes affect in May 2018.
A strong data governance program ensures that you have the policies, standards, and controls in place to protect data effectively and access it for decision making. Data governance may become one of the most important functions of your data integration architecture when it comes to data agility.
Watch this on-demand webinar describing practical steps to data governance:
- Map personal data elements to data fields across systems using metadata
- Create workflows for data stewardship and manage end user computing
- Establish a data lake with native data quality for consent processing
- Track and manage data with audit trails and data lineage
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
You can watch the replay for this Geek Sync webcast in the IDERA Resource Center: http://ow.ly/tLtr50A5b4b
The General Data Protection Regulation (GDPR) is inevitable and goes live in the EU beginning May 25th 2018. It touches all technical and organizational measures as well as the design of internal systems and processes, and affects all companies around the world that have customers in the EU.
Join IDERA and Dr. Sultan Shiffa as he focuses on how data modeling, governance and collaboration help Executives, IT Managers, Architects, DBAs and Developers tackle the key challenges around data protection by design and by default, individual rights to access and erasure, valid consent, data protection roles and accountabilities, data breach notifications, and auditing the records of data processing activities. This session will also explore best practices and examples for how to master those challenges and assess the data protection impact. After this session, you can be prepared to become GDPR compliant ahead of the deadline and beyond.
Watch the webinar on-demand: https://info.trustarc.com/managing-gdpr-hipaa-apec-iso27001-compliance-webinar.html
While the GDPR has dominated the compliance agenda for the past two years, and will continue to be a major focus of attention for the foreseeable future, the reality is most companies have to address a wide range of other privacy regulations encompassing multiple jurisdictions and sectors.
Watch this on-demand webinar now where we review some of the top global compliance priorities and provide insights and best practices into how to balance multiple, complex compliance priorities across your organization.
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
https://info.trustarc.com/managing-gdpr-hipaa-apec-iso27001-compliance-webinar.html
Your Worst GDPR Nightmare - Unstructured DataDATAVERSITY
There’s no question that organizations across the globe are ramping up their efforts to prepare for the EU’s expansive General Data Protection Regulation. In a recent Veritas survey, over 92% of organizations admitted some degree of preparation, yet only 53% are confident they will be GDPR-ready when the go-live date hits in May 2018. Most organizations are launching their readiness efforts focused on structured data—the data they are most familiar with and have the most control over. The problem is that structured data only makes up one-fifth of all the data in a typical enterprise environment…what are these organizations going to do about the other 80% of unstructured data?
GDPR (and the stiff penalties that come with it) is the forcing mechanism that will finally drive organizations to take a proactive governance posture when it comes to unstructured data. This session will explore the key steps required for accelerating GDPR readiness by locating, searching, minimizing, protecting, and monitoring unstructured data. By attending this session, you will learn best-practices for staying off the regulator’s hit list and establishing the most effective workflows for ensuring ongoing unstructured data compliance.
ROI of Privacy: Building a Case for Investment [Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.truste.com/roi-of-privacy-webinar.html
When building a case for privacy investment, privacy pros need to arm themselves with as many ROI metrics of their privacy program as possible. How to get those metrics and how to present them (whether they tie to direct or indirect dollars) is an art form that everyone can work on perfecting.
IAPP and TRUSTe collaborated in the on-demand webinar to discuss the recently published IAPP report, “Getting to the ROI of Privacy”, which offers some persuasive reasons a solid privacy program is worth paying for. Emily Leach, CIPP/US IAPP’s Knowledge Manager were joined by privacy leaders to share their key insights.
To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
This guide will educate you on what GDPR is, who it applies to and what you should do about it in seven steps. As you read through, make some notes about who you feel should be responsible for each step so you can get the ball rolling with each team member.
Where are you in in your GDPR journey? Europe's data protection regulation will undergo the greatest change since its creation over 20 years ago. The GDPR is Europe's new framework for data protection laws, replacing the Data Protection Act (DPA).
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Delphix
With the California Consumer Privacy Act (CCPA) going into effect in 2020, organizations must comply with a new set of sweeping provisions designed to protect the privacy of consumer data. Organizations inside and outside of the state must assess their exposure to CCPA, then quickly transform how they process, share, and protect sensitive data.
Data Discovery & Search: Making it an Integral Part of Analytics, Compliance ...DATUM LLC
Gartner Data & Analytics Summit 2017 Learning Lab Presentation:
Discovery is the process of finding what data is available in the enterprise. Digital transformation has made the role of discovery a fundamental building block to establish trusted insights, compliance based solutions and generating greater accessibility of the right data within the enterprise. In this session, Manish Sharma, CTO for DATUM, will explain the critical capabilities of discovery and provide real life examples of DATUM’s Information Value Management Discovery Module in action.
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
Watch the free webinar on-demand NOW: https://info.trustarc.com/marketing-under-gdpr-webinar.html
Practical advice on what marketing activities can and can’t be done.
Marketing is an area that will be highly impacted by changes required under the GDPR, but there is a lack of clear guidance as to what the compliance requirements mean in practice. Do you need consent for everything? How can direct marketing practices comply with the GDPR and still meet business objectives?
This on-demand webinar will support privacy and marketing teams by providing practical advice on what marketing activities can and cannot be done.
#trustarcGDPRevents
Webinar Speakers
James Koons
Senior Privacy Consultant, TrustArc
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
In May of 2018 the European Union’s General Data Protection Regulation (GDPR) will go into effect and organizations seeking to be ready by the deadline will need to move quickly. There are a multitude of considerations: policies, marketing programs, systems, operations and the overall information architecture. This session provides a primer on GDPR, the required data management capabilities, and how governance will need to evolve for compliance.
Presentation on key legal issues regarding use and developments of BOTs, AI - GDPR, Data Protection. Case study BRISbot. Presentation delivered at Epicenter 30 of May 2017 in partnership with BRIS and Microsoft.
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
To do effective data governance, analysts should preview the amount of data their organization is collecting and consider if it is all necessary information to run the business or just “nice to have” data. Today companies are collecting a variety of Personally identifiable information (PII), combining it with location information, and using it to both personalize their own services and to sell to advertisers for behavioral marketing. Data brokers are tracking cell phone applications and insurance companies are installing devices to monitor driving habits. At the same time, however, hackers are embedding malicious software in company computers, opening a virtual door for criminals to rifle through an organization’s valuable personal and financial information.
This presentation explores:
•What company data should be tagged as “sensitive” data?
•Who within the company has access to personal data?
•Is the company breaking any privacy laws by storing PII data?
•Is the data secure from both internal and external hackers?
•What happens if there is an external data breech?
Navigating the Complex World of Compliance GuidelinesDATAVERSITY
Regulatory guidelines include many mandates for organizations to interpret and implement to protect their data. You know that you’re supposed to be monitoring and auditing certain data elements to demonstrate compliance, but how can you be sure you’re auditing the right things and translating the requirements correctly? IDERA’s Kim Brushaber will help to simplify and address some of the compliance concerns for complex data environments.
70% of employees have access to data they should not…and that’s going to be a problem when GDPR takes affect in May 2018.
A strong data governance program ensures that you have the policies, standards, and controls in place to protect data effectively and access it for decision making. Data governance may become one of the most important functions of your data integration architecture when it comes to data agility.
Watch this on-demand webinar describing practical steps to data governance:
- Map personal data elements to data fields across systems using metadata
- Create workflows for data stewardship and manage end user computing
- Establish a data lake with native data quality for consent processing
- Track and manage data with audit trails and data lineage
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
You can watch the replay for this Geek Sync webcast in the IDERA Resource Center: http://ow.ly/tLtr50A5b4b
The General Data Protection Regulation (GDPR) is inevitable and goes live in the EU beginning May 25th 2018. It touches all technical and organizational measures as well as the design of internal systems and processes, and affects all companies around the world that have customers in the EU.
Join IDERA and Dr. Sultan Shiffa as he focuses on how data modeling, governance and collaboration help Executives, IT Managers, Architects, DBAs and Developers tackle the key challenges around data protection by design and by default, individual rights to access and erasure, valid consent, data protection roles and accountabilities, data breach notifications, and auditing the records of data processing activities. This session will also explore best practices and examples for how to master those challenges and assess the data protection impact. After this session, you can be prepared to become GDPR compliant ahead of the deadline and beyond.
Watch the webinar on-demand: https://info.trustarc.com/managing-gdpr-hipaa-apec-iso27001-compliance-webinar.html
While the GDPR has dominated the compliance agenda for the past two years, and will continue to be a major focus of attention for the foreseeable future, the reality is most companies have to address a wide range of other privacy regulations encompassing multiple jurisdictions and sectors.
Watch this on-demand webinar now where we review some of the top global compliance priorities and provide insights and best practices into how to balance multiple, complex compliance priorities across your organization.
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
https://info.trustarc.com/managing-gdpr-hipaa-apec-iso27001-compliance-webinar.html
Your Worst GDPR Nightmare - Unstructured DataDATAVERSITY
There’s no question that organizations across the globe are ramping up their efforts to prepare for the EU’s expansive General Data Protection Regulation. In a recent Veritas survey, over 92% of organizations admitted some degree of preparation, yet only 53% are confident they will be GDPR-ready when the go-live date hits in May 2018. Most organizations are launching their readiness efforts focused on structured data—the data they are most familiar with and have the most control over. The problem is that structured data only makes up one-fifth of all the data in a typical enterprise environment…what are these organizations going to do about the other 80% of unstructured data?
GDPR (and the stiff penalties that come with it) is the forcing mechanism that will finally drive organizations to take a proactive governance posture when it comes to unstructured data. This session will explore the key steps required for accelerating GDPR readiness by locating, searching, minimizing, protecting, and monitoring unstructured data. By attending this session, you will learn best-practices for staying off the regulator’s hit list and establishing the most effective workflows for ensuring ongoing unstructured data compliance.
ROI of Privacy: Building a Case for Investment [Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.truste.com/roi-of-privacy-webinar.html
When building a case for privacy investment, privacy pros need to arm themselves with as many ROI metrics of their privacy program as possible. How to get those metrics and how to present them (whether they tie to direct or indirect dollars) is an art form that everyone can work on perfecting.
IAPP and TRUSTe collaborated in the on-demand webinar to discuss the recently published IAPP report, “Getting to the ROI of Privacy”, which offers some persuasive reasons a solid privacy program is worth paying for. Emily Leach, CIPP/US IAPP’s Knowledge Manager were joined by privacy leaders to share their key insights.
To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
This guide will educate you on what GDPR is, who it applies to and what you should do about it in seven steps. As you read through, make some notes about who you feel should be responsible for each step so you can get the ball rolling with each team member.
Where are you in in your GDPR journey? Europe's data protection regulation will undergo the greatest change since its creation over 20 years ago. The GDPR is Europe's new framework for data protection laws, replacing the Data Protection Act (DPA).
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Delphix
With the California Consumer Privacy Act (CCPA) going into effect in 2020, organizations must comply with a new set of sweeping provisions designed to protect the privacy of consumer data. Organizations inside and outside of the state must assess their exposure to CCPA, then quickly transform how they process, share, and protect sensitive data.
Data Discovery & Search: Making it an Integral Part of Analytics, Compliance ...DATUM LLC
Gartner Data & Analytics Summit 2017 Learning Lab Presentation:
Discovery is the process of finding what data is available in the enterprise. Digital transformation has made the role of discovery a fundamental building block to establish trusted insights, compliance based solutions and generating greater accessibility of the right data within the enterprise. In this session, Manish Sharma, CTO for DATUM, will explain the critical capabilities of discovery and provide real life examples of DATUM’s Information Value Management Discovery Module in action.
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
Watch the free webinar on-demand NOW: https://info.trustarc.com/marketing-under-gdpr-webinar.html
Practical advice on what marketing activities can and can’t be done.
Marketing is an area that will be highly impacted by changes required under the GDPR, but there is a lack of clear guidance as to what the compliance requirements mean in practice. Do you need consent for everything? How can direct marketing practices comply with the GDPR and still meet business objectives?
This on-demand webinar will support privacy and marketing teams by providing practical advice on what marketing activities can and cannot be done.
#trustarcGDPRevents
Webinar Speakers
James Koons
Senior Privacy Consultant, TrustArc
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
On the 25th May 2018, all businesses across Europe and the UK will face dramatic changes to Data Privacy Laws. With fines of up to 4% of revenue for noncompliance, GDPR has huge potential for disruption if not adhered to.
The GDPRforum was held on 24th November 2017 to gain valuable insight from Data Privacy experts, teach people how to prepare for the new laws, and how to turn a crisis into an opportunity.
GDPR Speakers:
David Lockie – Pragmatic – Founder
Dan Hedley – Irwin Mitchell – Partner
Gilbert Hill – Independent Privacy Technologist
Ben Westwood – eBay – Senior Privacy Manager & Data Protection Officer UK
Date: 15th November 2017
Location: AI Lab Theatre
Time: 16:30 - 17:00
Speaker: Elisabeth Olafsdottir / Santiago Castro
Organisation: Microsoft / Keyrus
Why care about GDPR and avoid over $20 million fines, even outside EU ?FactoVia
Yes, YOU are concerned with 20 000 000€ fines, even outside EU ! You've been watched by Global Data Regulation Privacy !
At first, I thought that was only a EU matter, but when traveling to the US, it is a serious topic that impacts many IT companies worldwide !
This presentation is an introduction on how to get structured rapidly and be ready for D-Day, and avoid HUGE fines... and make citizen's privacy at last secured !
Official Website : http://www.eugdpr.org
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
In this webcast, KuppingerCole´s Principal Analyst Martin Kuppinger will introduce the concept of Identity Management for the Internet of Things. Following Martin's opening talk, ForgeRock´s Gerhard Zehethofer will discuss how ForgeRock is now extending these capabilities into the areas of managed and unmanaged devices, enhancing the customer experience as well as security and privacy at scale for people, services, and things.
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
Digital Transformation and the opportunities to use data in Analytics and Machine Learning are growing exponentially, but so too are the business and financial risks in Data Privacy. The increasing number of privacy incidents and data breaches are destroying brands and customer trust, and we will discuss how business prioritization can be benefit from a finance-based data risk assessment (FinDRA).
More than 60 countries have introduced privacy laws and by 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations. We will discuss use cases in financial services that are finding a balance between new technology impact, regulatory compliance, and commercial business opportunity. Several privacy-preserving and privacy-enhanced techniques can provide practical security for data in use and data sharing, but none universally cover all use cases. We will discuss what tools can we use mitigate business risks caused by security threats, data residency and privacy issues. We will discuss how technologies like pseudonymization, anonymization, tokenization, encryption, masking and privacy preservation in analytics and business intelligence are used in Analytics and Machine Learning.
Organizations are increasingly concerned about data security in processing personal information in external environments, such as the cloud; and information sharing. Data is spreading across hybrid IT infrastructure on-premises and multi-cloud services and we will discuss how to enforce consistent and holistic data security and privacy policies. Increasing numbers of data security, privacy and identity access management products are in use, but they do not integrate, do not share common policies, and we will discuss use cases in financial services of different techniques to protect and manage data security and privacy.
Discovery, risk, and insight mean something different to every organization, even at different locations within the same company.
Do you find answers by trial and error? Do you stumble across information, or find it when it is too late to make good use of it? In this session Concept Searching and technology partner, Netwrix, give a detailed view of risk mitigation for data security, compliance, and operational intelligence.
With the combination of the conceptClassifier platform and Netwrix Auditor, see firsthand the automatic generation and use of semantic metadata. The overview of this state-of-the-art solution shows how to proactively prepare to mitigate risk, regardless of where or why it occurs.
Speakers:
Robert Piddocke – Vice President of Channel and Business Development at Concept Searching
Ilia Sotnikov – Vice President of Product Management at Netwrix
Jeff Melnick – Manager of Sales Engineering at Netwrix
Dovetail Software (hr.dovetailsoftware.com) sponsors this informative and important webinar hosting experts Grant D. Petersen (ogletree.com/) and Estella Cohen (trustarc.com/) who shared information with HR practitioners and Organizations that need to be GDPR compliant by May 25, 2018.
Here's the link to view the recording: http://hr.dovetailsoftware.com/dsadmin/2018/01/31/hr-gdpr-preparing-2018-compliance/
Launch of the #OYOD idea at the 2014 Computers, Privacy and Data Protection C...Bruno Segers
Launch of the Real Deal and the #OYOD (Own Your Own Data) idea during the Computers, Privacy and Data Protection Conference (CPDP) in January 2014 in Brussels
Παρουσίαση του κ. Κώστα Γκρίτση στην εκδήλωση που πραγματοποίησε ο Κύκλος Ιδεών για την Εθνική Ανασυγκρότηση σε συνεργασία με το Ίδρυμα Διεθνών Νομικών Μελετών- Καθηγητού Ηλία Κρίσπη και με την υποστήριξη της Ελληνοαμερικανικής Ένωσης, με θέμα:
«Προστασία Προσωπικών Δεδομένων - Ηλεκτρονική Ταυτοποίηση»
Διαχείριση Προσωπικών Δεδομένων μετά την υιοθέτηση του νέου Γενικού Κανονισμού (GDPR) και Ηλεκτρονική Ταυτοποίηση με τη χρήση του δικτύου eIDAS (eID_EU): Επιχειρησιακές, τεχνικές και θεσμικές συνέπειες
την Τετάρτη 14 Μαρτίου 2018, στο Θέατρο της Ελληνοαμερικανικής Ένωσης
Στη συζήτηση συμμετείχαν:
Λίλιαν Μήτρου, Πανεπιστήμιο Αιγαίου - Πολυτεχνική Σχολή
Κωνσταντίνος Χριστοδούλου, Πανεπιστήμιο Αθηνών - Νομική Σχολή
Αντώνης Στασής, Υπουργείο Διοικητικής Ανασυγκρότησης - Διεύθυνση Ηλεκτρονικής Διακυβέρνησης
Χρυσούλα Μιχαηλίδου, ΕΕΤΤ, Νομική Υπηρεσία
Γιώργος Παπασταματίου, FORTH-CRS
Κώστας Γκρίτσης, MICROSOFT
Φερενίκη Παναγοπούλου-Κουτνατζή, Πάντειο Πανεπιστήμιο – Σχολή Δημόσια Διοίκησης
Συντόνισε ο Πέτρος Καβάσαλης, Πανεπιστήμιο Αιγαίου - Πολυτεχνική Σχολή & Κύκλος Ιδεών για την Εθνική Ανασυγκρότηση
https://ekyklos.gr/ev/581-14-3-2018-prostasia-dedomenon-ilektroniki-taftopoiisi.html
The Summit will consider the role of leadership within the technology domain. Amidst a backdrop of uncertainty and disruption, the conference will discuss how you can help your organisation navigate change, overcome problems and accelerate innovation.
The programme will feature insights from an impressive array of technologists, founders, researchers and transformation specialists; contextualising the biggest challenges facing the industry and sharing practical advice, guidance and best-practice on how you can maximise your impact within your team.
Now in its seventh year, the Summit has established itself as the largest annual leadership event for Scotland’s Technology community, and an invaluable forum for knowledge exchange, discussion and high-level networking.
Core themes:
Trends: Digitalisation, agility, disruption and hybrid teams
Evolution: The changing nature of technology as a discipline
Leadership: Strategy, empowerment, communication, motivation and empathy
Culture: Creating a culture of inclusion, innovation and exploration
Impact: Technology as a driver of growth, innovation and improvement
The North of Scotland is in the midst of a full-scale transformation. Building on a well-established reputation as a global energy hub, the North is fast becoming a key destination for emerging innovation across an increasing range of sectors.
The DIGIT North Summit is designed to bring IT and Digital leaders together and drive practical innovation through shared learning. The event will facilitate cross pollination between key industries, from traditional sectors like Oil & Gas and Agriculture to high-growth fields like: Life Sciences, Biotech, Gaming, Fintech and Space.
The programme will contextualise the key emerging technologies and industry disruptors, and consider the vital role that IT and Digital leaders will play in ensuring organisations can thrive amid a backdrop of market change and economic volatility.
Organisations are changing, the rapid pace of the digital world has necessitated a fundamental shift in mindset. Digital has disintermediated markets; disrupted organisational structures, created new risks and new revenue streams and fundamentally altered the way businesses engage with their customer.
The most influential companies of our age share a common ability to understand two things effectively: people and technology. In these turbulent times, success is increasingly defined by the ability to respond to the fast-changing landscape, and exceed the expectations of the people we serve.
DT 2021 will contextualise the key technology trends and industry disruption amidst a backdrop of significant socio-economic upheaval. The event will also consider the role of IT and Digital leaders in driving positive transformation, exploring how we can help support operations, drive innovation, overcome challenges, and deliver tangible business benefits.
Core themes:
• Landscape: Uncertainty, Recovery, Sustainability, Remote Teams
• Process: Strategy, Structure, Optimisation, Agile, DevOps
• Design: Customer Centricity, UX, Functionality, Simplification
• Technology: Remote Tools, Data Analytics, AI, ML, RPA, Cloud
• People: Culture, Collaboration, Leadership, Diversity, Empowerment
The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May 2018 it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 18 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
SCOTLAND’S MUST-ATTEND IT & DIGITAL EVENT
The expo is the largest annual enterprise technology event run in Scotland, and a must-attend for senior technologists, digital innovators and IT leaders.
SCOTLAND’S LARGEST VENDOR SHOWCASE
DIGITExpo hosts Scotland’s largest exhibition of technology and solution providers, spanning: Cyber Security, Networking, Infrastructure, Cloud, Data & Analytics, Managed IT Services, Telecoms, Connectivity and much more.
TOP SPEAKERS AND INDUSTRY INSIGHT
Keynote and seminar theatres will host leading thinkers and innovators from some of the best known companies in the world. 2018 speakers include: Google, Twitter, Mclaren, RSB, Hill & Knowlton, CYBG, IBM, EasyJet and AmTrust.
SCOTLAND’S MUST-ATTEND IT & DIGITAL EVENT
The expo is the largest annual enterprise technology event run in Scotland, and a must-attend for senior technologists, digital innovators and IT leaders.
SCOTLAND’S LARGEST VENDOR SHOWCASE
DIGITExpo hosts Scotland’s largest exhibition of technology and solution providers, spanning: Cyber Security, Networking, Infrastructure, Cloud, Data & Analytics, Managed IT Services, Telecoms, Connectivity and much more.
TOP SPEAKERS AND INDUSTRY INSIGHT
Keynote and seminar theatres will host leading thinkers and innovators from some of the best known companies in the world. 2018 speakers included: Google, Twitter, Mclaren, RSB, Hill & Knowlton, CYBG, IBM, EasyJet and AmTrust.
Emerging technology is having a profound impact on the Financial Services sector; from mobile payments, APIs and Open Platforms to Machine Learning, Robo Investment and AI Chatbots.
The Summit will explore technological innovation across the financial services sector, from developments in established institutions to the disruptive innovators within the start-up community that are reshaping the FS market.
Core conference topics:
• Landscape: Trends, Culture, Trust, Transparency, Geo-political Climate
• Regulation: GDPR, MiFID II, PSD2, Open Banking, APIs
• Customer Strategy: Engagement, UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI, Payments, Automation
• National Strategy: Skills, Funding, Collaboration, Cyber Security
• Infrastructure: IT, Digital, Cloud, Mobile, XaaS
The modern enterprise is becoming an increasingly automated environment: technological advancements in AI, Machine Learning and RPA are allowing organisations to strip out layers of inefficiency, optimise process and enhance productivity. Right across the enterprise, operations are changing in line with new automation tools, from low-level administrative tasks to self-regulating Industrial IoT systems and customer service chatbots.
This conference will contextualise the role of intelligent automation within the enterprise, looking at how the increasing sophistication of AI, RPA and IoT technologies are transforming operations. The conference is geared towards senior IT and digital leaders, providing an insightful peer-led environment and a crucial forum for knowledge exchange, engagement and high-level networking
As technology has evolved IT has transitioned from a background support function to a core driver of value creation and competitive edge. This shift has placed senior technologists at the heart of the organisation where they are increasingly critical to decision making, strategy and leadership.
The DIGIT Leader Summit will explore the evolution of the IT & Digital profession, considering the key technology and business trends and the profound impact they are having on the role. The programme will also examine the crucial components of leadership, looking at culture; team building, upskilling and communication.
The Summit is geared for senior IT & Digital leaders, and designed to provide an opportune forum for practitioners to share their experiences, learn from their peers and discuss best-practice approaches to leadership.
Core topics
Trends: Key technology trends and business trends
IT Evolution: How the IT and Digital role is changing and evolving
Leadership: Empowering, engaging, motivating and inspiring teams
Culture: Creating a culture of inclusion, innovation and exploration
Impact: Technology as a driver of innovation, improvement and problem solving
IT Management: Investment, ITAM, cost control, vendor management
The Conference
The Energy sector is changing: the challenging economic landscape has forced businesses to scrutinise their operations in pursuit of greater productivity and asset efficiency. Meanwhile, the market is growing increasingly diverse as renewables mature and new entrants emerge.
Against this backdrop, digital is becoming increasingly pervasive as companies turn to technology to modernise processes and deliver competitive advantage; from remote monitoring and automation, to data analytics, Machine Learning, asset visualisation and HPC.
Now in its 6th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brings together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme will explore the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
Core Themes
Landscape: maximising economic recovery and cross industry collaboration
IT & Digital as a driver of efficiency, business improvement and problem solving
Analytics, data-driven decision making and business intelligence
Asset visibility: performance, conditioning, remote monitoring
Digitising processes and innovating on top of legacy systems
Emerging technologies, AI, IoT, Robotics, Drones, Blockchain
Infrastructure: SCADA, Cloud, hybrid architecture, managed services
Cyber Security, information governance, GDPR
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
Business is changing: digital technology has permeated every facet of the enterprise, completely transforming the way we work. Digital has disintermediated markets, disrupted organisational structures, created new risks and new revenue streams, while fundamentally altering the way businesses engage with their customer.
There is no coincidence that the most influential companies of our age share a common ability to harness technology effectively. In these exciting and turbulent times, success is increasingly defined by the ability to respond to the fast changing digital landscape, it has become a key distinguisher between growth and obscurity.
DT 2019 contextualised key digital trends and explored the underlying process of organisational change. The conference was geared towards senior technologists and digital leaders, providing an insightful peer-led environment and a crucial forum for knowledge exchange, discussion and high-level networking.
This is the largest annual Digital Transformation conference held in Scotland - with over 300 attendees in 2018. The event is supported by ScotlandIS and is free for qualifying delegates to attend.
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 6 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
Technology is completely changing the face of financial services, driving disruption, displacement and disintermediation within the sector. This has lowered the barriers to entry, opened the door to new market entrants and created fertile ground for innovation and growth.
These market disruptions have also forged new alliances between start-ups and incumbents, blurring the lines of distinction between finance and technology and creating a wave of cross-sector collaboration.
Fintech 2018 will explore technological innovation across the financial services sector, from developments in established tier-1 firms to the disruptive innovators within the start-up community that are reshaping the FS market.
Core conference topics will include:
• Landscape: Trends, Culture, Trust, Transparency, Geo-political Climate
• Regulation: GDPR, MiFID II, PSD2, Open Banking, APIs
• Customer Strategy: Engagement, UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI, Payments, Automation
• National Strategy: Skills, Funding, Collaboration, Cyber Security
• Infrastructure: IT, Digital, Cloud, Mobile, XaaS
This conference will contextualise the evolution of IT, examining the changing role of technology within the business and the inherent implications for IT personnel. The event is geared for senior IT, business and finance leaders, providing a unique forum for knowledge exchange, discussion and high-level networking.
Core topics
• IT Evolution: the changing role of IT within the business
• Leadership: strategy, culture and collaboration
• XaaS: the shift from asset to service-based consumption
• ITAM: IT Asset Management and procurement
• Managed Services: vendor management and Service Level Agreements
• Governance: information security, GDPR and data protection
• DevOps: Agile process, faster delivery, greater collaboration
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
20. @iconews
Keep in touch
Subscribe to our e-newsletter at www.ico.org.uk
or find us on…
ICO Scotland
45 Melville Street
Edinburgh EH3 7HL
T: 0131 244 9001 E: Scotland@ico.org.uk
27. Why?
GDPR Article 37 - DPO is needed in any case where:
• The processing is carried out by a public authority or body, except for
courts, or
• The core activities of the Data Controller or the Data Processor consist of
processing operations which, by virtue of their nature, their scope and / or
their purposes, require regular and systematic monitoring of data subjects
on a large scale, or
• The core activities of the Data Controller or the Data Processor consist of
processing large volumes of Special Categories of Data or information
about criminal convictions and offences.
28. Who?
The DPO must have
• expert knowledge of Data Protection law and practices.
• excellent understanding of the organisation’s governance structure
– “Get the Bored Board on Board”
• necessary resources to fulfil the relevant job functions
• certain level of independence and degree of protection against dismissal
or other sanctions on grounds that relate to their performance of their
DPO tasks.
29. Who?
The DPO must be
• familiar with organisation’s IT infrastructure and technology.
• employed (“internal DPO”) or have a service contract
(“external DPO”)
The DPO may have
• other tasks within the organisation, so long as no conflict of
interest with the DPO role.
WP29: DPO must not determine the purposes and the
means of the processing of personal data
30.
31. The role
• Statutory role:
– To inform and advise about obligations to comply with
GDPR and other data protection laws.
– To monitor compliance with the GDPR and other data
protection laws.
– To be the first point of contact for ICO and data subjects.
→ The go to source for data protection advice.
32. How to find a DPO…
GDPR experts are all around us…
“Beware of GDPR Snake Oil: It's amazing how many
GDPR experts have suddenly appeared on places like
Linkedin and my email in-box.”
(Richard Gough, Head of Group IT Operations & Security at Punter Southall Group)
33. …who meets all requirements?
• “Wanted: a qualified, experienced DPO…”
34. • Qualification? Not expressly in GDPR, but often asked for
• Don’t:
– give the job to an existing member of staff and expect them to learn
it on the job;
– nominate a figurehead and then expect the people s/he manages to
do the work → where’s the independence?
• Ensure reporting chain and accessibility
– DPO must report to senior management and be accessible to all
within and outwith organisation
35. Shared DPOs - the situation
• You need:
– An experienced data protection officer
• You are:
– A small(ish) organisation that still needs a DPO
• They cost:
– Up to £50,000 in large organisations (stop laughing at
the back)
The solution – an external, shared DPO?
37. The pros:
• No political or organisational baggage
• Easy to act in an unbiased manner without fear for their job
• No worries about favouring certain departments or individuals
• Listened to with more respect than an employed colleague
• Lower costs
38. The cons:
• More difficulty with accessibility to data subjects and readiness to
resolve any issues raised by the subject or Supervisory Authority.
• Not as easily accessible to all sharing parties
• Allocation of time and tasks - service contract?
• Institutions will still need to employ people ‘on the ground’ to ‘do the
doing’ internally
• No intimate knowledge of the workings of the individual institutions and
how these may vary from each other
• What if something happens in two organisations at the same time? What
if the DPO is sick/on holiday?
39. Time’s running out….
• DPO to implement changes for GDPR?
• Case study (Ken, don’t listen…) senior professors auto-forward emails
to private gmail accounts:
– what would you do – pick your battles??
40. Breach management
• Putting appropriate system in place
• “Personal data can be paper?? Really???”
• Ensure reporting process involving DPO at early
stage – triage of incident reporting
41. Effective collaboration
• Be hands-on if you want to achieve something. Don’t rely on
others to do the work.
• Have a good sense of humour!
• Two options:
– Human cloning or:
– Network of Data Protection Champions:
• Properly trained
• Doing triage within Departments
• Only contact DPO for difficult cases
42. The benefits of diplomacy
• Get endorsement from Service Managers etc to avoid
treading on toes!
69. ABERDEEN • EDINBURGH • GLASGOW • BRUSSELS www.brodies.com/GDPR
Beyond information security – what is GDPR about?
GDPR Scotland Summit
Martin Sloan, Partner
21 November 2017
Blog: http://techblog.brodies.com Twitter: @lawyer_martin
70. Outline
• Separating fact from fiction
• Embedding privacy and GDPR in your organisation
• Developing a plan for compliance
• Six months to go – key priorities
71.
72. A quick recap
• The biggest shake-up of data protection law in nearly 25 years
• The General Data Protection Regulation (GDPR)
– New EU-wide data protection law which will have direct effect in EU
member states
– Enters into force on 25 May 2018
– Greater consistency of regulatory treatment
– Stronger and more coherent data protection framework
– Backed by strong enforcement
• The Data Protection Act 1998 will be repealed
73. Evolutionary
Some concepts remain broadly similar
• Key concepts – personal data, sensitive personal data, processing, data
controllers, data processors etc
• Data protection principles – recognisable, but explicit reference to both
transparency and accountability
• Conditions for processing – similar, but some changes
• Data subject rights – broadly recognisable (subject access, rectification,
processing restrictions), but there are some new ones
• International transfers
• Basic data security obligations – BUT see new data security breach
notification requirements
• The ICO – still a UK national supervisory authority
74. What’s changing?
• Transparency – enhanced fair processing transparency requirements
• Consent – concept of consent tightened; easier for individuals to withdraw
• Accountability – obligation to demonstrate compliance; use of privacy
impact assessments; training; policies
• Administration – increased administration and record keeping
requirements
• Data subject rights – enhanced rights including subject access, increased
‘rights to be forgotten’ and data portability
• Organisational principles – data protection by design and by default
• Data processors – Statutory responsibility for data processors
• Data protection officers – mandatory for certain organisations
• Breach notification – mandatory breach notification for certain breaches
• Supervisory authorities – lead authority; formal consistency mechanism
• Sanctions – fines of up to 4% of worldwide turnover or €20M
75. Draft ePrivacy Regulation
• Current law:
– 2002 Directive/Privacy & Electronic Communications Regulations 2003
– Supplements DPA
• Draft ePrivacy Regulation published 10 January 2017
– Rules on electronic marketing largely unchanged – soft opt-in remains
– But incorporates definition of consent from GDPR
– Simplified rules on cookies/tracking tech – use of device settings
– New rules on identifying marketing calls
• Current status
77. Some GDPR myths
• GDPR is a revolution in data protection law
• The high fines will cause firms to go bust
• GDPR applies only to personal data processed after 25 May 2018
• Brexit means that we don’t need to worry about GDPR
• GPDR does not apply if personal data has been encrypted
• I can buy a product/service that will make me GDPR compliant
Image: https://iconewsblog.org.uk/
78. Some GDPR myths
• I can’t process personal data without consent
• There is an exemption for small business
• The right to be forgotten will stop my business from being able to provide
services to customers or employ my staff
• Every personal data breach will need to be reported to the ICO
• If I use the cloud then GDPR compliance is my service provider’s problem
• The ICO is still unlikely to take any enforcement action
Image: https://iconewsblog.org.uk/
80. Accountability
• Controllers are expected to be able to demonstrate that they comply
• New responsibilities include:
– Implementing ‘appropriate and effective measures’ for compliance
including appropriate data protection policies
– Data protection by design and default – building DP compliance (eg
data minimisation) into processing processes and activities
– Conducting privacy impact assessments for processing considered to
be ‘high risk’
– Detailed requirements to keep records of processing activities
– Express obligation to co-operate with regulators
Data Governance
81. Accountability
• Data processing activities, including:
– Purposes of the processing
– Description of the categories of data subjects and personal data
– Categories of recipients
– Details of data transfers outside the EEA
– Data retention periods
– General description of data security measures
• Register of data processors
• Register of personal data breaches
Record keeping
82. Accountability
• Mandatory for public authorities and controllers and processors whose core activities involve
– Regular processing of sensitive personal data
– Regular/systematic data monitoring of data subjects on a ‘large scale’
• Can be on group-wide basis so long as DPO is ‘easily accessible’
• DPO must
– have professional qualities and expert knowledge
– be allowed to perform responsibilities in an independent manner
– be supported and properly resourced
• Conflicts of interest
• DPO role – general advisory; compliance monitoring against GDPR and policies; training and
awareness; audits; privacy impact assessments; dealing with regulators – but NOT personally
responsible for compliance
• DPO may be an employee or a contractor
Data Governance – Data Protection Officers
83. Accountability
• Application
– GDPR requires DPIAs for “high risk” processing
– WP29 recommends DPIAs as an accountability tool in other situations
– WP29 considers the list of activities in article 35(3) to be non-exhaustive
– If no DPIA then you should document why it is not required
• Existing processing
– No need to carry out for existing processing – unless change to risk
• Timing, personnel and consultation
– Early stage and reviewed periodically (at least every three years)
– If you have a DPO then they must be involved
– Obtain views of data subjects (and if not document why)
• Publication
– WP29 recommends that data controllers should publish DPIAs
Data privacy impact assessments
84. Embedding privacy within your organisation
Policies and procedures and data protection by design
• Review and update your policies and procedures
– Employee facing policies and procedures (eg AUP, employee
monitoring)
– Employee training on data handling, breach reporting
– Team specific training/procedures?
– Data handling policies and procedures, eg
• DSARs, erasure, objections, portability
• Data retention
• Access controls
• New projects
– Data protection by design
– Use of privacy impact assessments
86. What if we’ve not yet started?
• Our 5 top recommendations
‒ Resource
‒ Data Mapping
‒ Data minimisation
‒ Review processing justifications
‒ Contract reviews
• Download our handy guide to preparing for GDPR:
http://brodi.es/PrepareForGDPR
87. Area Requirement/Impact Action
General
Resourcing Do you need to appoint/should you
appoint a DPO?
Increased requirements of GDPR will
place additional compliance
obligations on organisations
Ensure responsibility for GDPR is clear at board level.
Appoint a DPO quickly (if you’re appointing one)
Properly resource ongoing compliance. Is there sufficient
expertise within the organisation?
Consider establishment of central compliance function with
responsibility for handling regulatory queries, DSARs/other
individual requests, data security breaches, training etc
Data audit Any GDPR compliance programme
needs to be built on a complete
picture of what data is being
processed, why it is being processed
and by whom it is being processed to
establish where the organisation is not
GDPR compliant and to establish a
prioritised action plan
Conduct a data audit, remembering that the audit should
catch processing
Extra-territorial reach Extra territorial impact will catch
processing outside EU which targets
EU citizens even by organisations that
have no EU presence or nexus
For groups operating outside EU analyse any processing
by non-EU group companies for GDPR compliance.
Consider whether measures can be taken to avoid
unnecessary GDPR reach
88. Area Requirement/Impact Action
Accountability and Administration
Accountability More generally, organisations will
need to implement appropriate
policies and implement measures that
demonstrate compliance
Consider the adequacy of policies and measures. They
may need revamped and you may need new ones
Transparency GDPR requires more information to be
included in privacy notices
Privacy notices will need to be reviewed and updated.
Use layered and ‘just in time’ notices
Consent based processing Requirements for consent based
processing are tighter. Likely to
impact particularly in areas such as
marketing
Will existing consents be valid for GDPR purposes. If not,
will they need refreshed or can processing for grounded
on an alternative basis?
Data retention Requirement for greater transparency
mean that organisations will face
greater scrutiny around data retention
and destruction practices
Ensure that organisation has appropriate data retention
and destruction policies and procedures and that they are
being actioned both for new and legacy data
Privacy impact assessments PIAs will be on a statutory footing
under GDPR
Organisations must be prepared to carry out PIAs for ‘high
risk’ processing and those operations for which PIAs are
proscribed
Develop PIA process and methodology and appropriate
policies and procedures (see earlier)
Record keeping Many organisations will be required to
keep records of processing being
carried out
Review record keeping to ensure adequacy
Consider if exemption applies (organisations with less than
250 employees provided certain other conditions are met)
89. Area Requirement/Impact Action
Security
Data security Although data security standards are
broadly the same, the requirements
are more explicit - and the penalties
for data security breach are greater
Consider whether current data security standards are
adequate
Data breaches GDPR introduces requirements for
mandatory data security breach
notifications
Introduce clear policy and procedure for internal reporting
of data security breaches
Establish central breach management unit
Commercial
Contracts New requirements for data
processing agreements
Review data processing agreements which will run post
May 2018 and update contract templates
Technology refresh New GDPR requirements may
require additional functionality of
legacy IT systems
Review existing IT. is it up to scratch? Consider
contractual position before engaging with suppliers
Procurement Ensure that GDPR is factored into
new IT procurements
Ensure GDPR compliance is factored into procurement
decisions
Consider if a PIA is required
92. Six months to go - key actions
• Appoint or resource your DPO (if you need to have one)
• Review and update your privacy notices
• Develop a strategy for refreshing consents (especially for direct marketing)
• IT projects/development work:
– re-engineer data collection forms/privacy controls in apps and websites
– review/reconfigure IT systems
– tools for enabling data subject requests
• Start creating key records and registers:
– Data processing register
– Register of data processors
• Get contract amendments in place
• Update policies and procedures
• Staff training and awareness
101. 102strictly private & confidential
• Review existing privacy policies and statements in order to document how they compare with GDPR
requirements.
• Assess data subject rights to consent, use, access, correct, delete and transfer personal data.
• Discover and classify personal data assets and affected systems.
• Identify potential access risks.
Don’t forget the security requirements:
• Assess the current state of your security policies, identifying gaps, benchmarking maturity and
establishing conformance road maps.
• Identify potential vulnerabilities, supporting security, encryption and privacy by design.
• Discover and classify personal data assets and affected systems in preparation for designing security
controls.
112. 113strictly private & confidential
1. Securing your data is the new imperative
2. Manage access to critical data
3. Hack yourself to anticipate future attacks
4. Strengthen your weakest link: Humans
114. 115strictly private & confidential
’’Set priorities, focus energy and resources, strengthen operations,
ensure that employees and other stakeholders are working toward
common goals’’
117. 118strictly private & confidential
Training
• Issue a monthly GDPR bitesize comms throughout your organisation
• Provide supporting guides for your frameworks covering the basics in 60 seconds
• Drop in surgery
• Establish company wide e-learning to support your goals
• Get your IT department to sign up to sites such as: https://www.us-cert.gov/
https://csrc.nist.gov/ https://www.ncsc.gov.uk https://threatpost.com/
124. Privacy and data protection
• privacy: autonomy, conscience, enabling other rights and
democratic participation
• data protection: legal compliance, fairness, transparency
and accountability
• but it can get complicated
125. Challenges
Individual
• identifiability: is this personal data?
• complexity: can you explain your machine learning toy?
• micro targeting: fairness vs justice and risk pooling
• collective impacts: it's not who you are, but your data class
• mass manipulation: data, behavioural science and free will
Society
127. How is GDPR going to fix all
this?
• GDPR compliance
• but also about rights: information, access, rectification,
erasure
• limited rights: objection, profiling, portability
• Data protection is a fundamental right under EU law,
which shall be missed after Brexit
128. Impact of GDPR for rights?
• Should have some positive impact for individuals, e.g.:
• pseudonymous data
• know your data accountability principle
• More on day to day common problems
• Less on difficult collective and social issues
129. Effectiveness of GDPR
• enforcement by data protection authorities
• individuals know their new rights
• stronger powers for consumer groups
130. Who gets the value
• Data is not the new oil
• Fair compensation
• A market of personal information?
• Fairness is good, but also justice
132. Public interest & consent
• Data for a better functioning society and economy
• Promises may be excessive
• but some data can be a force for some good
133. Public interest and consent
• Consent is doubly abused
• Public interest does not require consent, but it’s very
limited for companies
• But I'm doing a public good with my traffic app!
134. Privacy by design
• Nobody really knows, but not an afterthought
• Beyond compliance
• Privacy impact assessments
• EU funded VIRT-EU project to develop privacy, ethical
and social impact assessments
135. Customer centric systems
• Control over their data
• personal data stores, vendor relationship management
and other systems have been around for some time
• managing consent, data access, portability, etc.
• ICO grant to develop tools, talk to us!
150. 151
Personal Data
Employment Information
Current and past employers
Position
Employee ID
Photographic Information
Family Photos
FamilyVideos
Student Photos
Employee Photos
Belief Information
Publicly Expressed Religion
Church Directory
Political or Philosophical beliefs
Political Donations
Biometric Information
Fingerprint
Retina scan
Facial image
DNA
Family Information
Spouse Name
Spouse Occupation
Children Names
ChildrenAges
Law Enforcement Information
Driving Record
ParkingTickets
Arrests
Convictions
Health Information
Claim forms
Health Insurance ID
Doctors notes
Medical condition
status
Demographic Information
Date of Birth
Height
Weight
Hair Colour
Government Issued ID
National ID
Driving License ID
Vehicle Registration
Password Number
Communication Information
IP Address
URL’s visited
Comments posted to websites
Email contents
185. Douglas Rintoul – Head of IT and Information Security
• Background in IT
• Focus on information security
• Privacy ties in with information security
• Currently DPO
CITP, CISSP, CISM, PC DP
188. The Client Journey
Take On Process
Client Created
on CRM system
Money
Laundering
checks
• DPA
• Privacy
Information
Individual or
business
agrees to
become a
client
189. The Client Journey
Business Lines
Audit
Business Advisory
Business Solutions
Consulting
Corporate Finance
Employer Solutions
Restructuring
Tax
Wealth
Provision of Services
Exec Teams
IT
Marketing
Business Development
HR
Learning and Development
Payroll
Health and Safety
Finance
192. GDPR Compliance Framework
DPA – Risk
Register
3rd Party
Processors
Privacy By
Design
Subject
Access
Requests
Incident
management/
Data Breach
Reporting
Data subject
Rights
TrainingPrivacy
Information
PIA
GDPR Policy
Information
Security
Policy
213. 20
Personal Data
Employment Information
Current and past employers
Position
Employee ID
Photographic Information
Family Photos
Family Videos
Student Photos
Employee Photos
Belief Information
Publicly Expressed Religion
Church Directory
Political or Philosophical beliefs
Political Donations
Biometric Information
Fingerprint
Retina scan
Facial image
DNA
Family Information
Spouse Name
SpouseOccupation
Children Names
Children Ages
Law Enforcement Information
Driving Record
ParkingTickets
Arrests
Convictions
Health Information
Claim forms
Health Insurance ID
Doctors notes
Medical condition
status
Demographic Information
Date ofBirth
Height
Weight
HairColour
Government Issued ID
National ID
Driving License ID
Vehicle Registration
Password Number
Communication Information
IPAddress
URL’s visited
Comments posted to websites
Email contents
240. In the words of the ICO
It’s evolution not revolution. And it’s an opportunity.
Those organisations which thrive in the changing environment will be the
ones that look at the handling of personal information with a mindset that
appreciates what citizens and consumers want and expect.
That means moving away from looking at data protection as a tick box
compliance exercise, to making a commitment to manage data sensitively
and ethically.
When you commit, compliance will follow.
Source: Elizabeth Denham, Information Commissioner at the Institute of Directors Digital Summit, 17th October 2017
241. Privacy by Design
• 7 Foundational Principles
• Proactive not reactive; preventative not remedial: anticipates and prevents
privacy invasive events before they happen
• Privacy as the default setting: maximum degree of privacy as standard –
individual need not do anything.
• Privacy embedded into design: privacy is integral to the system not a bolt on
after the fact
• Full functionality – positive sum not zero sum: you can have both privacy and
security – one does not have to suffer at the hands of the other.
242. Privacy by Design
• End to end security – full lifecycle protection: privacy having been there at the
birth extends through the whole lifecycle of the data.
• Visibility and transparency – keep it open: everything is visible so individuals
can see compliance with the rules
• Respect for user privacy – keep it user-centric: put the individual first – strong
privacy defaults, appropriate notice and empowering user friendly options.
244. Only 20% of UK public have trust and
confidence in companies and organisations
storing their personal information
Source: ICO Survey July 2017
245. ICO Survey
• UK citizens more likely trust public bodies than private companies or
organisations
• 61% have trust/confidence in NHS/GP using and storing their data
• 53% police
• 49% national government departments
• 12% social messaging platforms
• 8% have good understanding how personal data made available third
parties
• Older people more likely say have little trust and confidence.
246. ICO Survey
• “As personal information becomes the currency by which society does
business, organisations need to start making people’s data protection
rights a priority. Putting data protection at the centre of digital businesses
strategies is the key to improving trust and digital growth. ”
• “Changes to data protection legislation, which include the introduction of
the GDPR, offer organisations an opportunity to re-engage with their
customers about data. The new laws require organisations to be more
accountable for data protection and this is a real commitment to putting
the consumer at the heart of business.”
Steve Wood, Deputy Commissioner
247. GDPR Legal grounds
• Need a legal ground for processing personal information under GDPR plus
compliance with the GDPR principles
• GDPR Principles very similar to Data Protection Act Principles
• 6 legal grounds available under GDPR
• No hierarchy of legal grounds – all are equally valid
• Direct marketing activities – two most likely to use are consent and legitimate
interests
• Consent could be problematic
• Legitimate interests
• Others grounds are 1) performance of a contract, 2) necessary for compliance
with a legal obligation, 3) protect vital interest of an individual. 4) necessary for
public interest/official authority task
249. What is GDPR consent?
Consent of the data subject means any freely given, specific, informed and
unambiguous indication of the data subject's wishes by which he or she, by a
statement or by a clear affirmative action, signifies agreement to the
processing of personal data relating to him or her.
• Pre-ticked boxes will not be valid consent
• An end to conditional (tied-in) consent
• Must be collected in an ‘intelligible and easily accessible form, using
clear and plain language’
• Must be as easy to withdraw as to give consent
251. I would rather opt in
than opt out. Opting
out is a sneaky way
of doing business
I distrust companies who expect
you to opt out, rather than invite
their customers to opt in. This
may lead to smaller numbers of
customers, but they will be
much more positive about your
company.
Too many options to tick. This
sort of thing should be kept as
simple as possible so people are
not confused. They should ask if
you want to opt in not out.
252. Opt in boxes are
so much more
customer
friendly
Brilliant. Leaves
you in total
control whether
you want further
information
This positive answer is
much better. Clearer
and less ambiguous. It
feels less like the
company is trying to
trick you into saying yes!
253. At xxxxx, we have exciting offers and news about our
products and services that we hope you’d like to hear about.
We will treat your data with respect and you can find the
details of our Contact Promise here.
I’d like to receive updates by email from xxxx based on
my details
You can stop receiving our updates at any time and if you
prefer that we do not use your information to predict what
you might be interested in let us know here.
265. What is it?
Article 6 (1) (f):
Processing will be lawful if it is necessary for the purposes of the
legitimate interests pursued by the controller or a third party, except
where such interests are overridden by the interests or fundamental
rights and freedoms of the data subject which require protection of
Personal data, in particular where the data subject is a child
266. Use for direct marketing?
• Direct marketing recognised as a
legitimate interest in text of Regulation
• Cannot use it where fundamental rights
and freedoms of individuals override
rights of organisations - Need for
balancing test
• Provision of unsubscribe/.opt-out
normally satisfies test
• Cannot use it for processing personal
data about children
• Processing must be necessary for
purpose of legitimate interest pursued
• Requires a connection between the
processing and the interests pursued
• Need to consider if other less privacy
intrusive methods are available to
achieve legitimate interests
• DPN legitimate Interests guidance
268. Examples of legitimate interests – recitals 47 - 50
• where the data subject is in the
service of the controller
• where the data subject is a client
of the controller
• Intra-group transfers for internal
admin purposes
• fraud prevention
• network and information
security
• Direct marketing (maybe)
269. Further practical examples
• evidential purposes
• suppression lists
• bona fide service messages to
customers
• analytics
• employee relations
270. Legitimate Interests – in practice
Where a Controller wishes to rely on Legitimate Interests as the
legal basis for a processing operation, it will need to be able to
demonstrate to a Supervisory Authority and/or an individual,
when challenged, that Legitimate Interests is an appropriate
legal basis for that processing activity and be in a position to
defend the reasoning behind its decision to proceed with
processing.
• There are several factors to consider when making a
decision regarding whether an individual’s rights would
override a business Legitimate Interest. These include:
• the nature of the interests;
• the impact of processing;
• any safeguards which are or could be put in place.
271. Legitimate Interest Assessments (LIAs)
Whether a
Legitimate
Interest exists
Whether the
processing is
necessary
Balancing Test
272. Information rights
• Regardless of your ground for
processing personal data you do
need to provide the enhanced
information rights in your
privacy policy.
273. Transparency – Information
Requirements
• Who is the Data Controller?
• Their contact details
• What are the legal bases and
purposes of processing?
• Are Legitimate Interests being relied
upon by you or third parties?
• Who the recipients of the data may
be
• If the data will be transferred outside
the EU and how this is protected
• How long will it be stored?
• How to exercise rights
• The right to withdraw consent
• The right to complain to the
Supervisory Authority
• Whether data is required for
contractual purposes and the
consequences of refusing
• Whether profiling with legal effect
exists (also other profiling)
274. You will need to give some thought to how
best to tailor your consent requests and
methods to ensure clear and
comprehensive information without
confusing people or disrupting the user
experience – for example, by developing
user-friendly layered information and just-
in-time consents.
ICO Draft Consent Guidance
275. Example privacy policy wording
Privacy policy
We process personal information for certain legitimate business purposes, which include some or all of the
following:
• where the processing enables us to enhance, modify, personalise or otherwise improve our services /
communications for the benefit of our customers
• to identify and prevent fraud
• to enhance the security of our network and information systems
• to better understand how people interact with our websites
• to provide postal communications which we think will be of interest to you
• to determine the effectiveness of promotional campaigns and advertising.
Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in high
regard and take account of these rights. You have the right to object to this processing if you wish, and if you wish
to do so please click here. Please bear in mind that if you object this may affect our ability to carry out tasks above
for your benefit.
276. Data collection statements
You will need to update you data
statements wherever they appear,
offline and online to be clearer and
more transparent.
We may process your personal
information for carefully considered and
specific purposes which are in our
interests and enable us to enhance the
services we provide, but which we
believe also benefit our customers. Click
here to learn more about these
interests and when we may process
your information in this way.
278. • Bringing your customer database up to the standard required for whatever legal ground you are
using under the GDPR
• Updating your privacy policy with the information requirements.
• Updating data collection notices to be clear and transparent about the use of data.
Raising the bar to GDPR standards
279. • Consent under GDPR is a much higher standard than consent under Data Protection
Act and Privacy and Electronic Communications Regulations
• ICO draft GDPR Consent Guidance published for consultation Spring 2017. Final
version will not be published until December 2017 because of European level work.
• Consent must be:
• Unbundled
• Positive opt-in
• Granular
• Named
• Documented
• Easy to withdraw
• No imbalance in the relationship
Bringing data up to GDPR consent
280. • Easier task than bringing data up to consent standards
• Legitimate interests can be used for all marketing channels which operate currently on an
unsubscribe/opt-out basis
• Postal mail, live voice call telemarketing, email and SMS marketing if using existing customer/ soft opt-
in exemption
• DMA view – cannot use legitimate interests
• 1) where law requires you to use subscribe/opt-in consent such as charities sending email marketing
to donors/supporters
• 2) Where organisation is already using a subscribe/opt-in
.
Bringing data up to legitimate interests