SlideShare a Scribd company logo

General Data Protection Regulation (GDPR) and ISO 27001

O
Owako Rodah

The General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and organisations and data subjects alike are mostly in the dark about what it means and how it affects them This is a summary of the regulation and how businesses can leverage the implementation of international standards such as ISO 27001 to meet the requirements of the regulation.

Technology
1 of 12
Download to read offline
S E P T E M B E R 2 0 1 9 &
“ You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. ” FaceApp TERMS AND CONDITIONS EXTRACT A few months ago, this seemingly ‘fun’ app became the center of controversy as aspects of its Terms and conditions raised Data Privacy concerns. This is just an example of many instances of how it has become important for both businesses and users to identify Data Privacy and their Data Privacy and Protection obligations and needs respectively, and respond accordingly.
GDPR I N A N U T S H E L L GDPR constitutes the protection of personal data of employees, customers and others and broadens the rights of individuals with respect to their Personal Data.
Types of Data § Personally identifiable information, including names, addresses, date of births, social security numbers § Web-based data, including user location, IP address, cookies, and RFID tags § Health (HIPAA) and genetic data § Biometric data § Racial and/or ethnic data § Political opinions § Sexual orientation § The business has a presence in an EU country; § Even if there is no presence in the EU, the company still processes personal data of European residents; § There is more than 250 employees; and § (Even if there is fewer than 250 employees, if the data-processing impacts the rights and freedoms of its data subjects Could it be you? WHO NEEDS TO BE GDPR COMPLIANT?
DATA MAPPING In order for any organization to put in place an effective Data Protection regime, they have to identify and document all the data it processes, and the points at which the organization interacts with this data DATA DOCUMENTATION With the necessity to limit the retention of data and the kind of processing etc. it is necessary to maintain information regarding issues such as when data was collected, the reason for collection etc. DATA GOVERNANCE PRINCIPLES This is the foundation of data protection by design and default, where the organization needs to provide guidance on authorization and limitations to access to personal information based on for example, employee roles and responsibilities. MONITORING OF DATA This refers to the need for organizations to continuously monitor the security of data e.g. Instances of unauthorized access to systems in which data is stored etc. and out in place mechanisms that can allow response to such incidents and breach notification. GDPR K E Y C O N C E P T S
R I G H T S O F D A T A S U B J E C T S
o Liability and accountability of all Data Processors and Controllers. o Designation of a DPO. o Consent of the Data Subject. o New Principles to comply with. o Provision of the Rights of Data Subjects. o Mandatory Data breach Notification. GDPR I M P L I C A T I O N S T O B U S I N E S S
1. Enhanced Cybersecurity: Reduce the cost of Data Breaches and other downtime caused by loss/theft of data. 2. Improved Data Management: Know precisely which personal data you hold, where, why and who has access to it Etc. 3. Increase Marketing Return on Investment: You will do a clean up of your customer DB, KYC Data etc. 4. Customer Confidence: GDPR Compliance will help signify to customers that you care about the privacy of their data. 5. Data Security Culture Benefits of GDPR Compliance to Organizations
§ ISO 27001 is the International Standard for Information Security Management Systems. § It provides a systematic approach to determining: o What information needs to be protected, o The reason why it should be protected, o How to protect it ,and o What to protect it from. ISO 27001
Relationship Between GDPR & ISO 27001 ISO 27001 is an international information security standard that provides requirements for implementing, maintaining and improving an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes the legal, technical and physical controls involved in an organizations IT risk management processes. Compliance with ISO 27001 best practices helps organizations better manage its security risks, protect sensitive data, and identify the scope and limitations of their security programs. Compliance with standards such as ISO 27001 helps organization’s demonstrate compliance with ISO 27001 GDPR (Article 24). Assurance: GDPR recommends the use of standards as a way of providing assurance that the organization is managing information security risks. More than Personal Data: While the focus of GDPR is personal Data, ISO 27001 will provide a framework for the protection of the organization’s information assets as a whole. Controls and Security Framework: GDPR specifies the regulations but allows the organization to chose the appropriate technical and organizational controls to mitigate its data protection risks. Majority of these controls are addressed by ISO 27001. People, Processes and Technology: ISO 27001 approach to risk management is holistic and provides risk mitigation not only from a technology perspective, but also people and process risks. Accountability: Both Frameworks require accountability for Information Security and Data Protection from Top Management.
I. We have Certified Data Protection Officers. II. We have extensive experience in implementing Information security/cybersecurity Frameworks. Our consultants are trained in the recently released ISO/IEC 27701:2019 Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management I. We are ISO 27001 Certified. II. We can help your organization automate compliance with both GDPR and ISO 27001 using ISO Manager. III. We can automate GDPR and Information security Awareness Training for your organization using KnowBe4. IV. PECB, NITA, ISOManager Partners. GDPR W H Y C H O O S E S E N T I N E L A F R I C A T O P R O V I D E G D P R T R A I N I N G / C O N S U L T I N G S E R V I C E S ?
Thank You

Recommended

The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI complianceJisc
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Complianceaccenture
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policyCoi Xay
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
WB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillWB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillTrustArc
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 

Recommended

The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI complianceJisc
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Complianceaccenture
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policyCoi Xay
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
WB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillWB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillTrustArc
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS ComplianceSaumya Vishnoi
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architectureMubashirAslam5
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesSeccuris Inc.
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy FrameworksAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
How to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data QualityHow to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data QualityDATAVERSITY
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & EthicsKarthikeyan Dhayalan
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Come conformarsi al Regolamento DORA sulla cybersecurity
Come conformarsi al Regolamento DORA sulla cybersecurityCome conformarsi al Regolamento DORA sulla cybersecurity
Come conformarsi al Regolamento DORA sulla cybersecurityGiulio Coraggio
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Data protection
Data protectionData protection
Data protectionRaviPrashant5
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...
LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...
LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...Wellington Monaco
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 ayeshaurooj104
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxAdarsh748147
 

More Related Content

What's hot

Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architectureMubashirAslam5
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesSeccuris Inc.
 
How to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data QualityHow to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data QualityDATAVERSITY
 
Come conformarsi al Regolamento DORA sulla cybersecurity
Come conformarsi al Regolamento DORA sulla cybersecurityCome conformarsi al Regolamento DORA sulla cybersecurity
Come conformarsi al Regolamento DORA sulla cybersecurityGiulio Coraggio
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...
LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...
LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...Wellington Monaco
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 

What's hot (20)

Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
 
How to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data QualityHow to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data Quality
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
 
Come conformarsi al Regolamento DORA sulla cybersecurity
Come conformarsi al Regolamento DORA sulla cybersecurityCome conformarsi al Regolamento DORA sulla cybersecurity
Come conformarsi al Regolamento DORA sulla cybersecurity
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Data protection
Data protectionData protection
Data protection
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
 
LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...
LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...
LGPD - LEI GERAL DE PROTEÇÃO DE DADOS - SGPD - SISTEMA DE GESTÃO DE PROTEÇÃO ...
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Information classification
Information classificationInformation classification
Information classification
 

Similar to General Data Protection Regulation (GDPR) and ISO 27001

GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 ayeshaurooj104
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxAdarsh748147
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR prioritiesAlberto Canadè
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfCIOWomenMagazine
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The PhysicsJason Chapman
 
Privacy as a Career
Privacy as a CareerPrivacy as a Career
Privacy as a CareerDaviesParker
 
Data Protection and Data Privacy
Data Protection and Data PrivacyData Protection and Data Privacy
Data Protection and Data PrivacyIT Governance Ltd
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
 
ISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxcomstarndt
 
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docxambersalomon88660
 

Similar to General Data Protection Regulation (GDPR) and ISO 27001 (20)

GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptx
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
GDPR Compliance
GDPR ComplianceGDPR Compliance
GDPR Compliance
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
Responsible for information
Responsible for informationResponsible for information
Responsible for information
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR priorities
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The Physics
 
Privacy as a Career
Privacy as a CareerPrivacy as a Career
Privacy as a Career
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
 
Data Protection and Data Privacy
Data Protection and Data PrivacyData Protection and Data Privacy
Data Protection and Data Privacy
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical Guide
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process Information
 
ISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptx
 
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

General Data Protection Regulation (GDPR) and ISO 27001

  • 1. S E P T E M B E R 2 0 1 9 &
  • 2. “ You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. ” FaceApp TERMS AND CONDITIONS EXTRACT A few months ago, this seemingly ‘fun’ app became the center of controversy as aspects of its Terms and conditions raised Data Privacy concerns. This is just an example of many instances of how it has become important for both businesses and users to identify Data Privacy and their Data Privacy and Protection obligations and needs respectively, and respond accordingly.
  • 3. GDPR I N A N U T S H E L L GDPR constitutes the protection of personal data of employees, customers and others and broadens the rights of individuals with respect to their Personal Data.
  • 4. Types of Data § Personally identifiable information, including names, addresses, date of births, social security numbers § Web-based data, including user location, IP address, cookies, and RFID tags § Health (HIPAA) and genetic data § Biometric data § Racial and/or ethnic data § Political opinions § Sexual orientation § The business has a presence in an EU country; § Even if there is no presence in the EU, the company still processes personal data of European residents; § There is more than 250 employees; and § (Even if there is fewer than 250 employees, if the data-processing impacts the rights and freedoms of its data subjects Could it be you? WHO NEEDS TO BE GDPR COMPLIANT?
  • 5. DATA MAPPING In order for any organization to put in place an effective Data Protection regime, they have to identify and document all the data it processes, and the points at which the organization interacts with this data DATA DOCUMENTATION With the necessity to limit the retention of data and the kind of processing etc. it is necessary to maintain information regarding issues such as when data was collected, the reason for collection etc. DATA GOVERNANCE PRINCIPLES This is the foundation of data protection by design and default, where the organization needs to provide guidance on authorization and limitations to access to personal information based on for example, employee roles and responsibilities. MONITORING OF DATA This refers to the need for organizations to continuously monitor the security of data e.g. Instances of unauthorized access to systems in which data is stored etc. and out in place mechanisms that can allow response to such incidents and breach notification. GDPR K E Y C O N C E P T S
  • 6. R I G H T S O F D A T A S U B J E C T S
  • 7. o Liability and accountability of all Data Processors and Controllers. o Designation of a DPO. o Consent of the Data Subject. o New Principles to comply with. o Provision of the Rights of Data Subjects. o Mandatory Data breach Notification. GDPR I M P L I C A T I O N S T O B U S I N E S S
  • 8. 1. Enhanced Cybersecurity: Reduce the cost of Data Breaches and other downtime caused by loss/theft of data. 2. Improved Data Management: Know precisely which personal data you hold, where, why and who has access to it Etc. 3. Increase Marketing Return on Investment: You will do a clean up of your customer DB, KYC Data etc. 4. Customer Confidence: GDPR Compliance will help signify to customers that you care about the privacy of their data. 5. Data Security Culture Benefits of GDPR Compliance to Organizations
  • 9. § ISO 27001 is the International Standard for Information Security Management Systems. § It provides a systematic approach to determining: o What information needs to be protected, o The reason why it should be protected, o How to protect it ,and o What to protect it from. ISO 27001
  • 10. Relationship Between GDPR & ISO 27001 ISO 27001 is an international information security standard that provides requirements for implementing, maintaining and improving an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes the legal, technical and physical controls involved in an organizations IT risk management processes. Compliance with ISO 27001 best practices helps organizations better manage its security risks, protect sensitive data, and identify the scope and limitations of their security programs. Compliance with standards such as ISO 27001 helps organization’s demonstrate compliance with ISO 27001 GDPR (Article 24). Assurance: GDPR recommends the use of standards as a way of providing assurance that the organization is managing information security risks. More than Personal Data: While the focus of GDPR is personal Data, ISO 27001 will provide a framework for the protection of the organization’s information assets as a whole. Controls and Security Framework: GDPR specifies the regulations but allows the organization to chose the appropriate technical and organizational controls to mitigate its data protection risks. Majority of these controls are addressed by ISO 27001. People, Processes and Technology: ISO 27001 approach to risk management is holistic and provides risk mitigation not only from a technology perspective, but also people and process risks. Accountability: Both Frameworks require accountability for Information Security and Data Protection from Top Management.
  • 11. I. We have Certified Data Protection Officers. II. We have extensive experience in implementing Information security/cybersecurity Frameworks. Our consultants are trained in the recently released ISO/IEC 27701:2019 Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management I. We are ISO 27001 Certified. II. We can help your organization automate compliance with both GDPR and ISO 27001 using ISO Manager. III. We can automate GDPR and Information security Awareness Training for your organization using KnowBe4. IV. PECB, NITA, ISOManager Partners. GDPR W H Y C H O O S E S E N T I N E L A F R I C A T O P R O V I D E G D P R T R A I N I N G / C O N S U L T I N G S E R V I C E S ?