BCC - Solutions for IBM Collaboration Software, profile picture
Uploaded byBCC - Solutions for IBM Collaboration Software
PPTX, PDF4,977 views

General Data Protection Regulation

The document presents an overview of the General Data Protection Regulation (GDPR), detailing its implications for businesses that handle personal data of EU citizens, effective since May 25, 2018. It outlines the responsibilities of data controllers and processors, consent requirements, penalties for non-compliance, and recommended actions for organizations to ensure adherence. The presentation emphasizes the importance of privacy management and technical safeguards to protect personal data.

Embed presentation

Downloaded 233 times
MWLUG 2017 Moving Collaboration Forward General Data Protection Regulation. Ignoring this = Paying Fines! Tim Clark Stephanie Heit BCC Ltd.
MWLUG 2017 Moving Collaboration Forward Our Amazing Sponsors
MWLUG 2017 Moving Collaboration Forward Agenda • BCC, Stephanie & Tim • What is GDPR • Who it affects • What you have to do • Penalties • Summary • Where to find more information
MWLUG 2017 Moving Collaboration Forward Presenters • Tim Clark • Director Services & Support • IBM Champion 13-17 • Stephanie Heit • Director, BCC Ltd • 17 years with Notes & Domino
MWLUG 2017 Moving Collaboration Forward About BCC • Founded in 1996 • IBM Business Partner • Locations: Frankfurt (HQ), London, Boston • 800+ customers
MWLUG 2017 Moving Collaboration Forward BCC Solutions
MWLUG 2017 Moving Collaboration Forward • Europe – Personal self determination – Personal Data Protection – Laws, not directives • USA – Consumer focused – Treated fairly – Not Protected – Directives, not laws Cultural Differences
MWLUG 2017 Moving Collaboration Forward What is GDPR • General Data Protection Regulations – Regulation • (EU) 2016/679 (88 pages) – Directives • (EU) 2016/680 (43pages) • (EU) 2016/681 (18 pages) • Now the boring stuff is out of the way…..
MWLUG 2017 Moving Collaboration Forward What is it really to do with? • Single set of legislation across Europe that gives individuals get better control of their personal data • Became effective law in 2016 • 2 year grace period to get ready
MWLUG 2017 Moving Collaboration Forward Why worry about it now? “The GDPR is causing great concern for businesses, with 50 percent of global companies saying they will struggle to meet the rules set out by Europe unless they make significant changes to how they operate.” James Walker, UK MD, JAW Consulting UK https://www.scmagazineuk.com/preparing-for-the-eu-gdpr-what-you-need-to-know/article/531492/ Must be ready by Friday, May 25th 2018
MWLUG 2017 Moving Collaboration Forward Legal Glossary • Personal Data • Controllers & Processors • Data Protection Officers • Profiling • Breach & Notification • Data Subject Access Requests
MWLUG 2017 Moving Collaboration Forward Definition of ‘Personal Data’ “Any information relating to an person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.” A Summary of the EU General Data Protection Regulation: Peter Galdies DataIQ. 14th January 2016. www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation
MWLUG 2017 Moving Collaboration Forward Controllers & Processors • Controllers – Owners of the data – Responsible for data security – Make sure Processors are compliant • Processors – Work with the data – Must take responsible actions with the data • The relationship between Controllers and Processor must be documented
MWLUG 2017 Moving Collaboration Forward Legal Glossary (cont.) • Data Protection Officers – Public Authorities, Large scale processing of special types of personal data – Expert knowledge of DP laws – Can be made tighter by EU Member States • Profiling – Any automated processing of personal data to determine certain criteria about a person. “In particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”.
MWLUG 2017 Moving Collaboration Forward Legal Glossary (cont.) • Breach & Notification – “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” • Data Subject Access Request – The right of the individual to understand what is stored and how it is used
MWLUG 2017 Moving Collaboration Forward Brief Summary • If you collect any personal data of an EU citizen, you need to comply • Data subjects can – ask for data • There are Penalties for non-compliance
MWLUG 2017 Moving Collaboration Forward Who it affects • ANYONE who collects data about any EU citizen that is identifiable to them • Anywhere in the world • No boundaries
MWLUG 2017 Moving Collaboration Forward Privacy Management • Data protection safeguards to be ‘built in’ to systems. Data by Design • Privacy-friendly – pseudonymisation • Record keeping has increased emphasis – Answering auditors – Data Subject Access Requests • The right to be forgotten
MWLUG 2017 Moving Collaboration Forward Consent • Consent to collect the data has to be given – Does not have to be explicit – Purpose for data collection has to be explicit – Has to be demonstrable, how and when • Withdrawing consent has to be possible – Should be as easy as giving consent
MWLUG 2017 Moving Collaboration Forward Breaches & Notification • Breach & Notification – “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” • 72 hours to notify supervisory authority • May have to notify data subjects too
MWLUG 2017 Moving Collaboration Forward WARNING!!! • The next slide may make you sit up sharply in your seat. • You have been warned.
MWLUG 2017 Moving Collaboration Forward Penalties • Greater of €10 million or 2% of entity’s global gross revenue – Violation of record keeping, security, breach notifications & privacy impact assessment • Greater of €20 million or 4% of entity’s global gross revenue – Violations of legal justification for processing (consent), data subject rights and cross-border data transfers
MWLUG 2017 Moving Collaboration Forward Please be ready
MWLUG 2017 Moving Collaboration Forward Suggested minimum technical steps • Firewalls • User access control management functionality in Windows • Unique passwords of sufficient complexity and regular (but not too frequent) expiry on all devices • Regular software updates • Timely decommissioning and secure wiping of old software and hardware • Real-time protection anti-virus, anti-malware and anti-spyware software • Encryption of all portable devices ensuring appropriate protection of the key • Encryption of personal data in transit by using suitable encryption solutions • Implement secure configuration on all devices (including mobile phones) • Put in place intrusion detection and prevention • Data backup
MWLUG 2017 Moving Collaboration Forward What can you do now? 1. Make key departments aware 2. Work out what you have 3. Get you minimum technical steps in progress 4. Revise existing privacy notices 5. Review procedures for new rights 6. Plan how to handle requests 7. Document your legal basis for your use of data 8. Review how you get consent and record it 9. Procedures for data breaches and checks 10. Appoint a Data Protection Officer
MWLUG 2017 Moving Collaboration Forward Sources • EU General Data Protection Regulation ratified: KPMG 2016 assets.kpmg.com/content/dam/kpmg/pdf/2016/05/EU-General-Data-Protection-Regulation-ratified-18-04-2016.pdf • Guidance: what to expect and when: Information Commissioner’s Office. ico.org.uk/for-organisations/data-protection-reform/guidance-what-to-expect-and-when/ • Overview of the General Data Protection Regulation (GDPR): Information Commissioner’s Office ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/ • Preparing for the EU GDPR: What You Need To Know: James Walker. SC Media 4th March 2016. www.scmagazineuk.com/preparing-for-the-eu-gdpr-what-you-need-to-know/article/531492/ • A Summary of the EU General Data Protection Regulation: Peter Galdies DataIQ. 14th January 2016. www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation • EU Official Journal issue L 119 eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L:2016:119:FULL&from=EN • Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now. Information Commissioner’s Office 14th March 2016. ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf • IBM – Little Bee books - How it works – GDPR http://littlebeelibrary.com/pdfs/GDPR.pdf
MWLUG 2017 Moving Collaboration Forward Our Amazing Sponsors
MWLUG 2017 Moving Collaboration Forward Questions • Tim Clark • tim_clark@bcc.biz • TimsterC (Skype) • Stephanie Heit • stephanie_heit@bcc.biz • Stephanie Heit (Skype) http://bcchub.com

More Related Content

PPTX
skillcast-gdpr-training-presentation-q320.pptx
byRahulGarg294918
 
PPTX
GDPR: Training Materials by Qualsys
byQualsys Ltd
 
PPTX
GDPR
byGopi PD
 
PPTX
General Data Protection Regulations (GDPR): Do you understand it and are you ...
byCvent
 
PPTX
Introduction to GDPR
byPriyab Satoshi
 
PDF
GDPR for Dummies
byCaroline Boscher
 
PPTX
GDPR Presentation slides
byNaomi Holmes
 
PPTX
Presentation on GDPR
byDipanjanDey12
 
skillcast-gdpr-training-presentation-q320.pptx
byRahulGarg294918
 
GDPR: Training Materials by Qualsys
byQualsys Ltd
 
GDPR
byGopi PD
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
byCvent
 
Introduction to GDPR
byPriyab Satoshi
 
GDPR for Dummies
byCaroline Boscher
 
GDPR Presentation slides
byNaomi Holmes
 
Presentation on GDPR
byDipanjanDey12
 

What's hot

PPTX
GDPR Introduction and overview
byJane Lambert
 
PDF
GDPR Demystified
bySPIN Chennai
 
PDF
GDPR Basics - General Data Protection Regulation
byVicky Dallas
 
PPTX
General Data Protection Regulation (GDPR)
byExtentia Information Technology
 
PPTX
General Data Protection Regulation (GDPR)
byKimberly Simon MBA
 
PPTX
Data Privacy: What you need to know about privacy, from compliance to ethics
byAT Internet
 
PPTX
Gdpr presentation
bySudarsan Reddy
 
PPTX
GDPR Presentation
byCILIP Ireland
 
PPTX
Data transfers to countries outside the EU/EEA under the GDPR
byIT Governance Ltd
 
PPTX
Legal obligations and responsibilities of data processors and controllers und...
byIT Governance Ltd
 
PPTX
Unit 6 Privacy and Data Protection 8 hr
byTushar Rajput
 
PDF
Privacy by Design and by Default + General Data Protection Regulation with Si...
byPeter Procházka
 
PDF
GDPR Overview
byTrish McGinity, CCSK
 
PPTX
EU GDPR (training)
byElizabeth Baker, JD, CRCMP
 
PDF
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
byPriyanka Aash
 
PPTX
An Overview of GDPR
byThe Pathway Group
 
PPTX
Understanding the EU's new General Data Protection Regulation (GDPR)
byAcquia
 
PPTX
Security v. Privacy: the great debate
byDavid Strom
 
PPTX
Data protection ppt
bygrahamwell
 
PDF
Privacy and Data Security
byWilmerHale
 
GDPR Introduction and overview
byJane Lambert
 
GDPR Demystified
bySPIN Chennai
 
GDPR Basics - General Data Protection Regulation
byVicky Dallas
 
General Data Protection Regulation (GDPR)
byExtentia Information Technology
 
General Data Protection Regulation (GDPR)
byKimberly Simon MBA
 
Data Privacy: What you need to know about privacy, from compliance to ethics
byAT Internet
 
Gdpr presentation
bySudarsan Reddy
 
GDPR Presentation
byCILIP Ireland
 
Data transfers to countries outside the EU/EEA under the GDPR
byIT Governance Ltd
 
Legal obligations and responsibilities of data processors and controllers und...
byIT Governance Ltd
 
Unit 6 Privacy and Data Protection 8 hr
byTushar Rajput
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
byPeter Procházka
 
GDPR Overview
byTrish McGinity, CCSK
 
EU GDPR (training)
byElizabeth Baker, JD, CRCMP
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
byPriyanka Aash
 
An Overview of GDPR
byThe Pathway Group
 
Understanding the EU's new General Data Protection Regulation (GDPR)
byAcquia
 
Security v. Privacy: the great debate
byDavid Strom
 
Data protection ppt
bygrahamwell
 
Privacy and Data Security
byWilmerHale
 

Similar to General Data Protection Regulation

PDF
GDPR: how IT works
byMorris Dorfer
 
PPSX
Gdpr demystified - making sense of the regulation
byJames Mulhern
 
PDF
GDPR Is Coming - Get Over It Webinar
bySagittarius
 
PPTX
GDPR & The Opportunity
bySagittarius
 
PPTX
GDPR – what does it mean for charities and what you need to consider - Iain P...
bym-hance
 
PDF
GDPR for your Payroll Bureau
byBrightPay Payroll and Auto Enrolment Software
 
PDF
Sitecore 9 & GDPR: The Opportunity
bySagittarius
 
PDF
Legal update - Leeds
byRachel Aldighieri
 
PDF
Are You Prepared for the GDPR?
byPrivacyPolicies.com
 
PDF
GDPR- Get the facts and prepare your business
byMark Baker
 
PPTX
The Meaning and Impact of the General Data Protection Regulation
byJake DiMare
 
PDF
Public sector breakfast club - October 2017, Exeter
byBrowne Jacobson LLP
 
PPTX
GDPR Breakfast Briefing for Business Advisors
byHarrison Clark Rickerbys
 
PDF
GDPR - a view for the non experts
byClaudio Bolla, CISM
 
PPTX
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
byHarrison Clark Rickerbys
 
PPTX
Things to know about GDPR in 2018
byWebkul Software Pvt. Ltd.
 
PPTX
GDPR Breakfast Briefing for Business Advisors
byHarrison Clark Rickerbys
 
PPTX
Data Protection and Comnpliance with the GDPR Event 22 september 2016
byDr. Donald Macfarlane
 
PPTX
Gdpr action plan
byUlf Mattsson
 
PPTX
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
byHarrison Clark Rickerbys
 
GDPR: how IT works
byMorris Dorfer
 
Gdpr demystified - making sense of the regulation
byJames Mulhern
 
GDPR Is Coming - Get Over It Webinar
bySagittarius
 
GDPR & The Opportunity
bySagittarius
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
bym-hance
 
GDPR for your Payroll Bureau
byBrightPay Payroll and Auto Enrolment Software
 
Sitecore 9 & GDPR: The Opportunity
bySagittarius
 
Legal update - Leeds
byRachel Aldighieri
 
Are You Prepared for the GDPR?
byPrivacyPolicies.com
 
GDPR- Get the facts and prepare your business
byMark Baker
 
The Meaning and Impact of the General Data Protection Regulation
byJake DiMare
 
Public sector breakfast club - October 2017, Exeter
byBrowne Jacobson LLP
 
GDPR Breakfast Briefing for Business Advisors
byHarrison Clark Rickerbys
 
GDPR - a view for the non experts
byClaudio Bolla, CISM
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
byHarrison Clark Rickerbys
 
Things to know about GDPR in 2018
byWebkul Software Pvt. Ltd.
 
GDPR Breakfast Briefing for Business Advisors
byHarrison Clark Rickerbys
 
Data Protection and Comnpliance with the GDPR Event 22 september 2016
byDr. Donald Macfarlane
 
Gdpr action plan
byUlf Mattsson
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
byHarrison Clark Rickerbys
 

More from BCC - Solutions for IBM Collaboration Software

PPTX
Connections 5.x to 6.0 migration
byBCC - Solutions for IBM Collaboration Software
 
PDF
Systematisch: Von der alten in die neue Welt - Migrations-Szenarien
byBCC - Solutions for IBM Collaboration Software
 
PDF
MaRisk Andorderungen erfüllen - Analyse von Rechten und Rollen in IBM Domino ...
byBCC - Solutions for IBM Collaboration Software
 
PDF
Protect your IBM Domino data from leaks with BCC DominoProtect
byBCC - Solutions for IBM Collaboration Software
 
PPTX
IBM Connections Cloud Administration
byBCC - Solutions for IBM Collaboration Software
 
PPTX
IBM Connect 2016: Speaker Session with Teresa Deane, Senior Developer, BCC
byBCC - Solutions for IBM Collaboration Software
 
PDF
Dr. Strangelove, or how I learned to love plug-in development - SNoUG 2014
byBCC - Solutions for IBM Collaboration Software
 
PDF
Using Social Business Software and being compliant with EU data protection la...
byBCC - Solutions for IBM Collaboration Software
 
PDF
XPages Performance Master Class - Survive in the fast lane on the Autobahn (E...
byBCC - Solutions for IBM Collaboration Software
 
PDF
Keine Kompromisse! Mehr Sicherheit & Compliance für IBM Domino
byBCC - Solutions for IBM Collaboration Software
 
PDF
Honey, I shrunk the data - Mehr Platz am IBM Domino Server
byBCC - Solutions for IBM Collaboration Software
 
PDF
Wie schützen Sie Ihre Messaging- & Collaboration-Infrastruktur? Lessons learn...
byBCC - Solutions for IBM Collaboration Software
 
PDF
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
byBCC - Solutions for IBM Collaboration Software
 
PDF
Platz schaffen auf dem Domino - Compact, Compress, De-Duplicate - Ulrich Krau...
byBCC - Solutions for IBM Collaboration Software
 
PDF
XPages: Performance-Optimierung - Ulrich Krause (eknori) SNoUG 2013
byBCC - Solutions for IBM Collaboration Software
 
PDF
Deep Dive Domino Mail Routing - SMTP Cookbook - DNUG Herbstkonferenz 2013
byBCC - Solutions for IBM Collaboration Software
 
PDF
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
byBCC - Solutions for IBM Collaboration Software
 
PDF
Platz da! Platz schaffen auf dem Domino Server - Vortrag von Ulrich Krause be...
byBCC - Solutions for IBM Collaboration Software
 
PDF
Wie gewährleisten Sie die Einhaltung von Sicherheitsanforderungen an Ihre Mes...
byBCC - Solutions for IBM Collaboration Software
 
PDF
Wie schützen Sie Ihre E-Mail-Kommunikation? Kurzfristige Lösungsansätze bis z...
byBCC - Solutions for IBM Collaboration Software
 
Connections 5.x to 6.0 migration
byBCC - Solutions for IBM Collaboration Software
 
Systematisch: Von der alten in die neue Welt - Migrations-Szenarien
byBCC - Solutions for IBM Collaboration Software
 
MaRisk Andorderungen erfüllen - Analyse von Rechten und Rollen in IBM Domino ...
byBCC - Solutions for IBM Collaboration Software
 
Protect your IBM Domino data from leaks with BCC DominoProtect
byBCC - Solutions for IBM Collaboration Software
 
IBM Connections Cloud Administration
byBCC - Solutions for IBM Collaboration Software
 
IBM Connect 2016: Speaker Session with Teresa Deane, Senior Developer, BCC
byBCC - Solutions for IBM Collaboration Software
 
Dr. Strangelove, or how I learned to love plug-in development - SNoUG 2014
byBCC - Solutions for IBM Collaboration Software
 
Using Social Business Software and being compliant with EU data protection la...
byBCC - Solutions for IBM Collaboration Software
 
XPages Performance Master Class - Survive in the fast lane on the Autobahn (E...
byBCC - Solutions for IBM Collaboration Software
 
Keine Kompromisse! Mehr Sicherheit & Compliance für IBM Domino
byBCC - Solutions for IBM Collaboration Software
 
Honey, I shrunk the data - Mehr Platz am IBM Domino Server
byBCC - Solutions for IBM Collaboration Software
 
Wie schützen Sie Ihre Messaging- & Collaboration-Infrastruktur? Lessons learn...
byBCC - Solutions for IBM Collaboration Software
 
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
byBCC - Solutions for IBM Collaboration Software
 
Platz schaffen auf dem Domino - Compact, Compress, De-Duplicate - Ulrich Krau...
byBCC - Solutions for IBM Collaboration Software
 
XPages: Performance-Optimierung - Ulrich Krause (eknori) SNoUG 2013
byBCC - Solutions for IBM Collaboration Software
 
Deep Dive Domino Mail Routing - SMTP Cookbook - DNUG Herbstkonferenz 2013
byBCC - Solutions for IBM Collaboration Software
 
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
byBCC - Solutions for IBM Collaboration Software
 
Platz da! Platz schaffen auf dem Domino Server - Vortrag von Ulrich Krause be...
byBCC - Solutions for IBM Collaboration Software
 
Wie gewährleisten Sie die Einhaltung von Sicherheitsanforderungen an Ihre Mes...
byBCC - Solutions for IBM Collaboration Software
 
Wie schützen Sie Ihre E-Mail-Kommunikation? Kurzfristige Lösungsansätze bis z...
byBCC - Solutions for IBM Collaboration Software
 

Recently uploaded

PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PPTX
Real-Time KPI Dashboard Playbook: What to Track Live and What Not To
byvictorworkvebo
 
PDF
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Real-Time KPI Dashboard Playbook: What to Track Live and What Not To
byvictorworkvebo
 
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 

General Data Protection Regulation

  • 1.
    MWLUG 2017 Moving CollaborationForward General Data Protection Regulation. Ignoring this = Paying Fines! Tim Clark Stephanie Heit BCC Ltd.
  • 2.
    MWLUG 2017 Moving CollaborationForward Our Amazing Sponsors
  • 3.
    MWLUG 2017 Moving CollaborationForward Agenda • BCC, Stephanie & Tim • What is GDPR • Who it affects • What you have to do • Penalties • Summary • Where to find more information
  • 4.
    MWLUG 2017 Moving CollaborationForward Presenters • Tim Clark • Director Services & Support • IBM Champion 13-17 • Stephanie Heit • Director, BCC Ltd • 17 years with Notes & Domino
  • 5.
    MWLUG 2017 Moving CollaborationForward About BCC • Founded in 1996 • IBM Business Partner • Locations: Frankfurt (HQ), London, Boston • 800+ customers
  • 6.
    MWLUG 2017 Moving CollaborationForward BCC Solutions
  • 7.
    MWLUG 2017 Moving CollaborationForward • Europe – Personal self determination – Personal Data Protection – Laws, not directives • USA – Consumer focused – Treated fairly – Not Protected – Directives, not laws Cultural Differences
  • 8.
    MWLUG 2017 Moving CollaborationForward What is GDPR • General Data Protection Regulations – Regulation • (EU) 2016/679 (88 pages) – Directives • (EU) 2016/680 (43pages) • (EU) 2016/681 (18 pages) • Now the boring stuff is out of the way…..
  • 9.
    MWLUG 2017 Moving CollaborationForward What is it really to do with? • Single set of legislation across Europe that gives individuals get better control of their personal data • Became effective law in 2016 • 2 year grace period to get ready
  • 10.
    MWLUG 2017 Moving CollaborationForward Why worry about it now? “The GDPR is causing great concern for businesses, with 50 percent of global companies saying they will struggle to meet the rules set out by Europe unless they make significant changes to how they operate.” James Walker, UK MD, JAW Consulting UK https://www.scmagazineuk.com/preparing-for-the-eu-gdpr-what-you-need-to-know/article/531492/ Must be ready by Friday, May 25th 2018
  • 11.
    MWLUG 2017 Moving CollaborationForward Legal Glossary • Personal Data • Controllers & Processors • Data Protection Officers • Profiling • Breach & Notification • Data Subject Access Requests
  • 12.
    MWLUG 2017 Moving CollaborationForward Definition of ‘Personal Data’ “Any information relating to an person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.” A Summary of the EU General Data Protection Regulation: Peter Galdies DataIQ. 14th January 2016. www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation
  • 13.
    MWLUG 2017 Moving CollaborationForward Controllers & Processors • Controllers – Owners of the data – Responsible for data security – Make sure Processors are compliant • Processors – Work with the data – Must take responsible actions with the data • The relationship between Controllers and Processor must be documented
  • 14.
    MWLUG 2017 Moving CollaborationForward Legal Glossary (cont.) • Data Protection Officers – Public Authorities, Large scale processing of special types of personal data – Expert knowledge of DP laws – Can be made tighter by EU Member States • Profiling – Any automated processing of personal data to determine certain criteria about a person. “In particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”.
  • 15.
    MWLUG 2017 Moving CollaborationForward Legal Glossary (cont.) • Breach & Notification – “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” • Data Subject Access Request – The right of the individual to understand what is stored and how it is used
  • 16.
    MWLUG 2017 Moving CollaborationForward Brief Summary • If you collect any personal data of an EU citizen, you need to comply • Data subjects can – ask for data • There are Penalties for non-compliance
  • 17.
    MWLUG 2017 Moving CollaborationForward Who it affects • ANYONE who collects data about any EU citizen that is identifiable to them • Anywhere in the world • No boundaries
  • 18.
    MWLUG 2017 Moving CollaborationForward Privacy Management • Data protection safeguards to be ‘built in’ to systems. Data by Design • Privacy-friendly – pseudonymisation • Record keeping has increased emphasis – Answering auditors – Data Subject Access Requests • The right to be forgotten
  • 19.
    MWLUG 2017 Moving CollaborationForward Consent • Consent to collect the data has to be given – Does not have to be explicit – Purpose for data collection has to be explicit – Has to be demonstrable, how and when • Withdrawing consent has to be possible – Should be as easy as giving consent
  • 20.
    MWLUG 2017 Moving CollaborationForward Breaches & Notification • Breach & Notification – “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” • 72 hours to notify supervisory authority • May have to notify data subjects too
  • 21.
    MWLUG 2017 Moving CollaborationForward WARNING!!! • The next slide may make you sit up sharply in your seat. • You have been warned.
  • 22.
    MWLUG 2017 Moving CollaborationForward Penalties • Greater of €10 million or 2% of entity’s global gross revenue – Violation of record keeping, security, breach notifications & privacy impact assessment • Greater of €20 million or 4% of entity’s global gross revenue – Violations of legal justification for processing (consent), data subject rights and cross-border data transfers
  • 23.
    MWLUG 2017 Moving CollaborationForward Please be ready
  • 24.
    MWLUG 2017 Moving CollaborationForward Suggested minimum technical steps • Firewalls • User access control management functionality in Windows • Unique passwords of sufficient complexity and regular (but not too frequent) expiry on all devices • Regular software updates • Timely decommissioning and secure wiping of old software and hardware • Real-time protection anti-virus, anti-malware and anti-spyware software • Encryption of all portable devices ensuring appropriate protection of the key • Encryption of personal data in transit by using suitable encryption solutions • Implement secure configuration on all devices (including mobile phones) • Put in place intrusion detection and prevention • Data backup
  • 25.
    MWLUG 2017 Moving CollaborationForward What can you do now? 1. Make key departments aware 2. Work out what you have 3. Get you minimum technical steps in progress 4. Revise existing privacy notices 5. Review procedures for new rights 6. Plan how to handle requests 7. Document your legal basis for your use of data 8. Review how you get consent and record it 9. Procedures for data breaches and checks 10. Appoint a Data Protection Officer
  • 26.
    MWLUG 2017 Moving CollaborationForward Sources • EU General Data Protection Regulation ratified: KPMG 2016 assets.kpmg.com/content/dam/kpmg/pdf/2016/05/EU-General-Data-Protection-Regulation-ratified-18-04-2016.pdf • Guidance: what to expect and when: Information Commissioner’s Office. ico.org.uk/for-organisations/data-protection-reform/guidance-what-to-expect-and-when/ • Overview of the General Data Protection Regulation (GDPR): Information Commissioner’s Office ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/ • Preparing for the EU GDPR: What You Need To Know: James Walker. SC Media 4th March 2016. www.scmagazineuk.com/preparing-for-the-eu-gdpr-what-you-need-to-know/article/531492/ • A Summary of the EU General Data Protection Regulation: Peter Galdies DataIQ. 14th January 2016. www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation • EU Official Journal issue L 119 eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L:2016:119:FULL&from=EN • Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now. Information Commissioner’s Office 14th March 2016. ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf • IBM – Little Bee books - How it works – GDPR http://littlebeelibrary.com/pdfs/GDPR.pdf
  • 27.
    MWLUG 2017 Moving CollaborationForward Our Amazing Sponsors
  • 28.
    MWLUG 2017 Moving CollaborationForward Questions • Tim Clark • tim_clark@bcc.biz • TimsterC (Skype) • Stephanie Heit • stephanie_heit@bcc.biz • Stephanie Heit (Skype) http://bcchub.com

Editor's Notes

  • #13 So in many cases online identifiers including IP address, cookies and so forth will now be regarded as personal data if they can be (or are capable of being) without undue effort linked back to the data subject. To be clear there is no distinction between personal data about individuals in their private, public or work roles – the person is the person.