This document discusses the General Data Protection Regulation (GDPR) which will come into force in the UK and EU on May 25th, 2018. It notes that the GDPR will form part of UK law after Brexit and that UK rules around data protection are intended to remain aligned with the GDPR. It provides an overview of the key aspects of the GDPR, including expanded definitions of personal data and new rights for data subjects. It also discusses actions organizations need to take to comply with the GDPR such as conducting data audits and risk assessments, updating privacy policies and procedures, and ensuring appropriate data protection practices regarding things like data transfers and third parties.
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Security of personal data
- Data protection officer
View the webinar here: https://www.youtube.com/watch?v=u285y9hhgOo
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
In this Story, we follow Sophie in her life and job. In her new job, she meets Marco, who chose Microsoft Solutions to be as compliant as possible with GDPR.
If you want to hear the story behind the slides, feel free to get in touch via www.thedataprotectionoffice.eu
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Security of personal data
- Data protection officer
View the webinar here: https://www.youtube.com/watch?v=u285y9hhgOo
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
In this Story, we follow Sophie in her life and job. In her new job, she meets Marco, who chose Microsoft Solutions to be as compliant as possible with GDPR.
If you want to hear the story behind the slides, feel free to get in touch via www.thedataprotectionoffice.eu
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
This webinar provides an overview of:
- The principle of accountability and what it means
- Applying the principle of accountability
- Developing policies and procedures that comply with the Regulation
- Raising GDPR awareness and providing employees with training
- The board's responsibility to appoint a dedicated data privacy team of DPO
- The requirement to conduct data privacy audits and impact assessments
A recording of this webinar is available here:
https://www.youtube.com/watch?v=6KGeMwz7jro&feature=youtu.be
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
This webinar discusses the following:
- The specific situation in which organisations are required to appoint a DPO
- The DPO's relation to the controller, processor and senior management/the board
- The responsibilities of the DPO
- The function of data protection impact assessment under the GDPR
- The legal requirements for appointing a DPO
A recording of this webinar is available here:
https://www.youtube.com/watch?v=U06aooC-MRU
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
January 2018 welcomes the Kingston Smith and IBB Solicitors annual charities update to bring you up to speed with the legal and regulatory developments in the Charity Sector.
For advice on developments in the Charity Sector please see:
https://www.ibblaw.co.uk/sector/charities
For charity law experts see:
https://www.ibblaw.co.uk/service/charities
Rosie Brass, senior solicitor in the Charities team at IBB, will provide an overview of the legal framework for the GDPR. Then Dan Fletcher, Director (Fundraising), at Kingston Smith, will guide attendees on how to make the most of the GDPR and use the changes to improve their data management. Dan will also discuss practical ways to use the changes to improve fundraising and marketing for the better. For more information on GDPR please see: https://www.ibblaw.co.uk/insights/blog/are-you-ready-general-data-protection-regulation
In the second half of the seminar, Mahmood Ramji and Luke Holt from the Kingston Smith Charities team will provide an update on accounting, including looking at the recent SORP information sheet and the expected future timeline for new SORP iterations, followed by an overview of another 2017 hot topic - charity fraud, including cybercrime. Mahmood will also share details of the most pertinent areas we have been discussing with our clients during 2017. Looking forward into 2018, Luke will highlight the main points from the Lords Select Committee on Charities and how the sector may adapt as a result. Following the release of the third edition of the Charity Governance Code, Luke will also discuss the main areas of consideration and significant changes from previous versions. They will then conclude with a look at the new CC32 Independent Examination guidance and its key amendments.
The last part of the presentation will be provided by Paul Ridout, who heads the IBB Charities practice and will talk briefly about some recent regulatory action by the Charity Commission, including the deployment of some of the new powers brought in by the Charities (Protection and Social Investment) Act 2016. He will also address the tricky issue of serious incident reporting, in the light of the Commission’s recent changes to its guidance to trustees about what needs to be reported, and when.
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Data breaches
- Notification rules
- Supervisory authorities
- EU Data Protection Board
View the webinar here: https://www.youtube.com/watch?v=eww0D_y6Hfo
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
GDPR will replace national data protection laws of all 28 EU member states in May 2018 and is applying to any organization that processes data of EU data subjects.
To become compliant with upcoming GDPR, organisations cannot rely solely on rules, these will protect against the known threats, while Machine Learning protects from the unknown.
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
This webinar illustrates:
- The responsibility to appoint a CISO
- Application security program (internal and external) and review by the CISO
- Overview of the risk assessment policy and procedures
- Setting up a program specific to your organization's information systems and business operations
- Identifying cyber threats and how to incorporate controls
- Maintaining an audit trail to include detection and responses to cybersecurity events
- How ISO 27001 and vsRisk can provide the right tools to help you implement a successful program that meets compliance requirements
A recording of the webinar can be found here:
https://www.youtube.com/watch?v=URfAd2E37Eo
The recent Facebook-Cambridge Analytica scandal has stirred heated discussions on privacy around the globe. An estimated 87 million people are affected by the data breach. Although the majority of the affected users are in the United States, Facebook published that personal data of over 1 million users in the Philippines, United Kingdom, and Indonesia are also compromised.
For the people who ratified the General Data Protection Regulation (GDPR), the answer is a resounding NO.
As Reinis Papulis of KRONBERGS ČUKSTE DERLING points out, “today’s level of technological development and role of personal data in the provision of various services has made it impossible to ensure the protection of personal data (privacy of individuals) at an adequate level with a legal act that was adopted in the second half of the 90's.”
This has prompted the EU to overhaul its defences against data breaches. Technology changes fast and data collection is at its peak today. Out of the necessity to protect consumers and uphold data privacy, the General Data Protection Regulation is set to be in full effect beginning May 25, 2018.
The battle for data privacy is not lost. And the enforcement of GDPR shows that we can still put up a good fight against companies that treat our personal data as commodities. However, there’s still a long way ahead of us.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
The Countdown is on: Key Things to Know About the GDPRCase IQ
The EU’s General Data Protection Regulation (GDPR) comes into effect on May 25th. This powerful legislation strengthens data privacy laws in Europe and has implications for companies all over the world that store, process or transfer the information of the EU’s citizens.
Failure to comply with the regulation can expose a company to fines based on global revenue and reputation damage, yet many companies are struggling to comply in time.
Join information security expert and CEO/Founder of AsTech Consulting, Greg Reber, as he walks participants through a plan for GDPR compliance.
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
This webinar provides an overview of:
- The principle of accountability and what it means
- Applying the principle of accountability
- Developing policies and procedures that comply with the Regulation
- Raising GDPR awareness and providing employees with training
- The board's responsibility to appoint a dedicated data privacy team of DPO
- The requirement to conduct data privacy audits and impact assessments
A recording of this webinar is available here:
https://www.youtube.com/watch?v=6KGeMwz7jro&feature=youtu.be
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
This webinar discusses the following:
- The specific situation in which organisations are required to appoint a DPO
- The DPO's relation to the controller, processor and senior management/the board
- The responsibilities of the DPO
- The function of data protection impact assessment under the GDPR
- The legal requirements for appointing a DPO
A recording of this webinar is available here:
https://www.youtube.com/watch?v=U06aooC-MRU
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
January 2018 welcomes the Kingston Smith and IBB Solicitors annual charities update to bring you up to speed with the legal and regulatory developments in the Charity Sector.
For advice on developments in the Charity Sector please see:
https://www.ibblaw.co.uk/sector/charities
For charity law experts see:
https://www.ibblaw.co.uk/service/charities
Rosie Brass, senior solicitor in the Charities team at IBB, will provide an overview of the legal framework for the GDPR. Then Dan Fletcher, Director (Fundraising), at Kingston Smith, will guide attendees on how to make the most of the GDPR and use the changes to improve their data management. Dan will also discuss practical ways to use the changes to improve fundraising and marketing for the better. For more information on GDPR please see: https://www.ibblaw.co.uk/insights/blog/are-you-ready-general-data-protection-regulation
In the second half of the seminar, Mahmood Ramji and Luke Holt from the Kingston Smith Charities team will provide an update on accounting, including looking at the recent SORP information sheet and the expected future timeline for new SORP iterations, followed by an overview of another 2017 hot topic - charity fraud, including cybercrime. Mahmood will also share details of the most pertinent areas we have been discussing with our clients during 2017. Looking forward into 2018, Luke will highlight the main points from the Lords Select Committee on Charities and how the sector may adapt as a result. Following the release of the third edition of the Charity Governance Code, Luke will also discuss the main areas of consideration and significant changes from previous versions. They will then conclude with a look at the new CC32 Independent Examination guidance and its key amendments.
The last part of the presentation will be provided by Paul Ridout, who heads the IBB Charities practice and will talk briefly about some recent regulatory action by the Charity Commission, including the deployment of some of the new powers brought in by the Charities (Protection and Social Investment) Act 2016. He will also address the tricky issue of serious incident reporting, in the light of the Commission’s recent changes to its guidance to trustees about what needs to be reported, and when.
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Data breaches
- Notification rules
- Supervisory authorities
- EU Data Protection Board
View the webinar here: https://www.youtube.com/watch?v=eww0D_y6Hfo
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
GDPR will replace national data protection laws of all 28 EU member states in May 2018 and is applying to any organization that processes data of EU data subjects.
To become compliant with upcoming GDPR, organisations cannot rely solely on rules, these will protect against the known threats, while Machine Learning protects from the unknown.
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
This webinar illustrates:
- The responsibility to appoint a CISO
- Application security program (internal and external) and review by the CISO
- Overview of the risk assessment policy and procedures
- Setting up a program specific to your organization's information systems and business operations
- Identifying cyber threats and how to incorporate controls
- Maintaining an audit trail to include detection and responses to cybersecurity events
- How ISO 27001 and vsRisk can provide the right tools to help you implement a successful program that meets compliance requirements
A recording of the webinar can be found here:
https://www.youtube.com/watch?v=URfAd2E37Eo
The recent Facebook-Cambridge Analytica scandal has stirred heated discussions on privacy around the globe. An estimated 87 million people are affected by the data breach. Although the majority of the affected users are in the United States, Facebook published that personal data of over 1 million users in the Philippines, United Kingdom, and Indonesia are also compromised.
For the people who ratified the General Data Protection Regulation (GDPR), the answer is a resounding NO.
As Reinis Papulis of KRONBERGS ČUKSTE DERLING points out, “today’s level of technological development and role of personal data in the provision of various services has made it impossible to ensure the protection of personal data (privacy of individuals) at an adequate level with a legal act that was adopted in the second half of the 90's.”
This has prompted the EU to overhaul its defences against data breaches. Technology changes fast and data collection is at its peak today. Out of the necessity to protect consumers and uphold data privacy, the General Data Protection Regulation is set to be in full effect beginning May 25, 2018.
The battle for data privacy is not lost. And the enforcement of GDPR shows that we can still put up a good fight against companies that treat our personal data as commodities. However, there’s still a long way ahead of us.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
The Countdown is on: Key Things to Know About the GDPRCase IQ
The EU’s General Data Protection Regulation (GDPR) comes into effect on May 25th. This powerful legislation strengthens data privacy laws in Europe and has implications for companies all over the world that store, process or transfer the information of the EU’s citizens.
Failure to comply with the regulation can expose a company to fines based on global revenue and reputation damage, yet many companies are struggling to comply in time.
Join information security expert and CEO/Founder of AsTech Consulting, Greg Reber, as he walks participants through a plan for GDPR compliance.
This webinar covers:
-An overview of the regulatory landscape and territorial scope
-Principles of the EU GDPR
-Breach notification rules
-Data subject rights
-Changes to consent
-Processor liabilities
-Role of the Data Protection Officer
-International transfers
-Regulators and pan-European consistency
You can watch the webinar here https://www.youtube.com/watch?v=DPeJc_zfW3M&list=PLJr1Ghqr5f2i7drhKBNgRD_M4ZIt0mxn4&index=2
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...Mailjet
GDPR will affect everyone working with EU citizens as of May 2018. You will have to be compliant with this new regulation and align your digital strategy.
Here are some tips to help you get your marketing department GDPR compliant.
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
Learn what the EU Global Data Protection Regulation means for your business – Carrot or Stick its your choice but with fines of €20m or up to 4% of Global Revenue (whichever is the larger) being applied for every data breach and every data mis-use after May 2018 the carrot is the better option.
Are you aware? Are you prepared? Do you comply?
To book a free non sales consultation about GDPR with Ian West contact us enquiry@digitalenterprisefest.com
[Srijan Wednesday Webinars] Is Your Business Ready for GDPRSrijan Technologies
Speaker: Matt Skinner, Head of Digital Strategy and Data, Proctor + Stevenson
The General Data Protection Regulation represents the biggest change to European data laws in decades. It comes into effect on May 25th, 2018, and if you haven’t already chalked out a compliance roadmap, it’s high time you did. The regulation has far-reaching effects and will have a significant impact on any firm that does business in the EU.
This session is designed to give you a complete overview of GDPR and what it entails. Get an understanding of the regulations introduced, and what it means for your business: data security as well as marketing communications. Join the webinar to plan out your seamless transition into GDPR compliance.
Who's This For
- Technology professionals
- Senior marketing professionals
- Anyone working with agencies and clients in the EU, looking to understand the complete impact of GDPR
What's In It for You
- General overview of GDPR, what it means
- Know how enterprises should prepare for it
- Understand its impacts on data collection, websites, and comms
- Review data security and GDPR’s potential long-term impact on the marketing industry
View our complete series of webinars at: www.srijan.net/webinar/past webinars
The GDPR’s impact on your business and preparing for complianceIT Governance Ltd
These slides will cover:
-An overview of the regulatory landscape and territorial scope
-Principles of the EU GDPR
-Breach notification rules
-Data subject rights
-Changes to consent
-Processor liabilities
-Role of the Data Protection Officer
-International transfers
-Regulators and pan-European consistency
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...pchutichetpong
M Capital Group (“MCG”) expects to see demand and the changing evolution of supply, facilitated through institutional investment rotation out of offices and into work from home (“WFH”), while the ever-expanding need for data storage as global internet usage expands, with experts predicting 5.3 billion users by 2023. These market factors will be underpinned by technological changes, such as progressing cloud services and edge sites, allowing the industry to see strong expected annual growth of 13% over the next 4 years.
Whilst competitive headwinds remain, represented through the recent second bankruptcy filing of Sungard, which blames “COVID-19 and other macroeconomic trends including delayed customer spending decisions, insourcing and reductions in IT spending, energy inflation and reduction in demand for certain services”, the industry has seen key adjustments, where MCG believes that engineering cost management and technological innovation will be paramount to success.
MCG reports that the more favorable market conditions expected over the next few years, helped by the winding down of pandemic restrictions and a hybrid working environment will be driving market momentum forward. The continuous injection of capital by alternative investment firms, as well as the growing infrastructural investment from cloud service providers and social media companies, whose revenues are expected to grow over 3.6x larger by value in 2026, will likely help propel center provision and innovation. These factors paint a promising picture for the industry players that offset rising input costs and adapt to new technologies.
According to M Capital Group: “Specifically, the long-term cost-saving opportunities available from the rise of remote managing will likely aid value growth for the industry. Through margin optimization and further availability of capital for reinvestment, strong players will maintain their competitive foothold, while weaker players exit the market to balance supply and demand.”
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
2. Soft or hard Brexit, GDPR is coming into force on 25 May
2018 and firms need to prepare…
Marjane Moghimi Nov 2017
The Queen’s Speech has confirmed that the General Data Protection
Regulation will form part of UK law following the country’s withdrawal from
the European Union. The Speech noted that “Over 70% of all trade in
services are enabled by data flows, meaning that data protection is critical
to international trade.” 22 June 2017
3. And after Brexit ?
Marjane Moghimi Nov 2017
• On 21 June 2017 the UK Government revealed its legislative programme for the
coming two years. As well as pressing ahead with the UK’s withdrawal from the
European Union, the Government has confirmed its intention to bring the EU
General Data Protection Regulation (the “GDPR”) into UK law, ensuring the
country’s data protection framework is “suitable for our new digital age, allowing
citizens to better control their data.”
• Therefore it seems that the after Brexit rules will be compatible and aligned with
the EU GDPR.
► But some of the EU based clients may ask for the localisation of databases in EU.
► So where the data (server, data centre, cloud) is stored needs some reflexion.
4. UK
Marjane Moghimi Nov 2017
UK Current
• Current legislation
• DPA 1998
25 May 2018
• Future legislation
• GDPR
Map
• Cross Map the change from current law to new regulation
• Will give you the picture of ‘As is’ and ‘To Be’
5. GDPR overview
Marjane Moghimi Nov 2017
Data
Controller
Data
Processor
Data
Subject
Aim is to protect a natural
person living in the EU
(include EEA) by expanding
the definition of personal
data and giving more
rights to privacy
Impose new duties
and obligation on
6. Initial assessment
• Data Controller
– Is in direct contact with Data
Subject
– It is ultimately responsible for
the application of Data
Protection principals
– Must provide privacy notice
when collecting data
– Must inform the data subject in
case of data breach
• Data Processor
– Has direct responsibility under
GDPR
– Must assure the security of
processing operations,
– Must name a Data Protection
Officer,
– Must notify any breach of data
protection obligations to the
Data Controller.
Marjane Moghimi Nov 2017
7. New rights of Data Subject
• The aim is to give to Data Subject the ownership of their own data
• the data subjects' rights :
– right to be informed,
– right to object to the accuracy of the information
– right of access (free)
– right to be forgotten (exceptions do exist)
– right to give consent and withdraw it easily
– The consents need to specific for each usage of data
– Right to be informed if a data breach occurred without undue delay
– Etc.
Marjane Moghimi Nov 2017
8. What is the new definition of Personal Data ?
• The GDPR broadens the definition of “personal data.”
• Sensitive data such as biometric and genetic data will be subject to a
higher standard.
• Under the terms of GDPR, personal data refers to anything that could be
used to identify an individual, such as :
– name,
– email address,
– IP address,
– social media profiles
– Phone numbers
– Social security numbers
– Etc.
Marjane Moghimi Nov 2017
9. GDPR for HR
• Your past, current and future employees are Data Subject
• Under GDPR they have extended rights such as: right to rectification and erasure, right of
portability of their data and subject access request (without fee )
• Action points, data audit:
– What data you have?
– Where it is located?
– Why such data is collected? Is it up to date?
– To and From where is transferred (in the company, outside 1/3 parties, outside EU and
EEA)? Which data points are transferred?
– How long is kept?
– On which basis ? Legitimate business ? If not erase.
– Consents need to be reviewed
►Data mapping and flow charts help to have a global view of the flow of Data from and into
various systems
►A gap analysis will highlight areas of concern you need to look at.
Marjane Moghimi Nov 2017
10. Data audit
What Staff data
do you have
Where is come
from?
Where /How is
stored?
What happens
with it in your
organization?
When/How is
it deleted?
Is it up to date?
It is transferred
outside the
firm?
Identify the
Stakeholders
HR
Finance
Payroll
Third parties
Etc.
Marjane Moghimi Nov 2017
Expand on each point
till you have a clear
picture and cover it
completely
11. Personal Data mapping -1
Why a firm is
processing
personal data?
1- Staff administration
2- Client administration
3- For safety and security
4- To meet legal obligation
5- To provide service to 1/3 parties
6- To improve services/businesses
7- For direct marketing
8- Etc.
Marjane Moghimi Nov 2017
12. Personal Data mapping -2
For each reason
defined, you
need to precise
each activities
that it covers
1- Staff administration
Recruitment (recruitment agency, reference etc.)
Payroll
Benefit (pension, private medical health, insurance etc.)
Appraisal
Record of attendance, leave, holidays
Correspondence related to the employment
Etc.
Marjane Moghimi Nov 2017
13. Personal Data mapping -3
Then define
each category,
sub category of
data you collect
Examples:
Job candidates
Current staff/contractors
Former staff/contractors
Emergency contact/relatives
Third party benefit providers
Contacts at suppliers
Etc.
Marjane Moghimi Nov 2017
14. Action list for compliance with GDPR
After the Data mapping:
1. Run a GDPR compliance gap
– Run a review of all of your data entries ( online, 1/3 parties etc.)
– Analysis of your operations, IT, processes, systems, procedures
• Data flow (in, out, from, to)
• Vendors and 1/3 parties data review
2. Create a GDPR Risk Register
3. Define areas for change: Processes, People, Technology
– Prioritize work according to the Risk Register
– Plan communication with data subject (consents, breach notification)
– Update your data protection compliance procedures
– Keep an audit trail of all your activities in order to comply with the regulation
4. Highlight and act on areas overlapping with other regulations (if applicable to
your industry)
Marjane Moghimi Nov 2017
16. Certification
• GDPR recommend certification schemes
Certification is voluntary. Currently there is no official certification body for GDPR
• ISO 27001 is such certification
– Is an information security management standard
– Follow international best practices
– Focus on information security (firms and their customers)
– Based on formal risk assessment
– 3 aspects to information security
• People
• Processes
• Technology
– Data protection arrangements and processes are similar to GDPR
recommendation
– It can be used as a reference on complying with GDPR regulation
Marjane Moghimi Nov 2017
17. We already comply with DPA 1998, what more should we do?
• Cross-map GDPR to DPA 1998:
– Focus your action to area of changes
• If you choose to apply ISO 27001:
– Cross-map GDPR to DPA 1998 and ISO 27001
– Highlight areas of changes
– Highlight high risk areas
– Prioritize the work on the most sensitive areas
• Change Management needs to cover
– People
– IT
– Processes and Procedures
– Training for staff
– Communication about GDPR and raising awareness about data security
Marjane Moghimi Nov 2017
18. GDPR in others European countries
If you have activities in EU you need to be aware of local GDPR application:
• France : CNIL is in forefront of GDPR application
– https://www.cnil.fr/
– https://www.cnil.fr/fr/node/15798
• Luxembourg
– https://cnpd.public.lu/en.html
• Offshore Isle of Man, Jersey, Guernsey (Third Country) have secured a Adequacy
status
– http://ec.europa.eu/justice/data-protection/international-
transfers/adequacy/index_en.htm
Marjane Moghimi Nov 2017
19. GDPR in Financial industry
• GDPR is overlapping with other regulation such as MIFID 2, PRIIPS, PSD2
• Firms need to separate 3 sort of data:
– Employees, professionals clients, non professional clients (under the definition
of MIFID 2)
• Personal data of employees
• Personal Data of professional clients and Non professional clients
• Personal Data of retail clients
• Interactions between various IT systems (backups systems are in the loop too)
• While banks and other financial firms are familiar with various regulations,
adhering to GDPR requires the collection of large amounts of customer data,
which is then collated and used for various activities, such as client on-boarding,
KYC, relationship management, trade-booking, accounting, etc.
• During these processes, customer data is exposed to a large number of different
people, systems at different stages, and this is the challenge.
Marjane Moghimi Nov 2017
20. Regulation Overlap: MIFID II and GDPR
MIFID II (3 Jan 2018)
• RTS 4 and ESMA Q&A Oct 2017:
The requirement to identify the clients and
clients of clients in transaction and position
reporting can not be waived.
• For natural persons, the important
identifiers are: passport number and
CONCAT code combining nationality, first
name and surname of position holder.
• If a person is used, that person must be
identified by their ID number, passport
number, tax or national insurance number,
depending on their nationality.
• In the absence of this information, a
concatenated code can be used consisting
of date of birth, the first five characters of
first name and the first five characters of
surname.
GDPR (25 May 2018)
• Under GDPR investments firms are Data
Controller.
• Under MIFID II they are required to report
disaggregated (i.e. Client, Client of Client
etc.) reports.
• Firms need to take steps to ensure that
the data they report is accurate, and that
appropriate consent is obtained to using
individual’s data as part of transaction
reporting, in a way that meets data
protection requirements.
• The safety, security and confidentiality of
clients information stay with the
investments firms
Marjane Moghimi Nov 2017
21. Regulation Overlap: MIFID II and GDPR
MIFID II
The name and date of birth in both side
of the trade are mandatory part of trade,
transaction and position reporting duties
• Buyer
• Buyer Decision Maker
• Seller
• Seller Decision Maker
GDPR
• Employees information are held in HR
database
• Counterparties information in
Counterparty Data base.
• Clients information in Client database
►You need to have specific consent from those data subject concerned by MIFID II
►Consents from all 1/3 parties are necessary if you have a legitimate interest in
collecting their data
Marjane Moghimi Nov 2017
22. e-privacy
• Is a Regulation coming into force the same date as GDPR
• Will replace the current Directive
• Its aim is high level of privacy and data protection
• The new regulation will bring significant changes:
– concern to all providers of electronic communication services
• Include Facebook Messenger, Whatsapp, etc.
– will apply to content and meta data
– Simpler rules regarding cookies and spam
– Needs for specific and free consents ; which can easily withdraw.
– Put the emphasis on confidentiality of electronic communications data
including while in transit and cover storage providers (including ’cloud’)
• The regulation is still not finalised so some changes may come into light later.
Marjane Moghimi Nov 2017