SlideShare a Scribd company logo

General Data Protection Regulation

António Pinto
António Pinto

Short talk abou the new EU Regulation on data protection.

Data & Analytics
1 of 12
General Data Protection Regulation {OPOSEC - [0x37]} Ant´onio Pinto apinto@estg.ipp.pt 23 de novembro 2016
About me. . . Teacher at ESTG of the Polytechnic of Porto (Operating systems, Computer networks, Digital forensics) Researcher at CRACS/INESC TEC I like network security, digital forensics, data privacy (and some other stuff :) ) 2/12
Use of personal data may be ... Researchers used anonymous browsing logs to diagnose pancreatic cancer and compared it with real cancer diagnostics. Their results were better by 5 months in advance. (Good!) GIC release anonymized data on state employees (mid-1990’s) that showed every single hospital visit. Goal was to help researchers. Patient identifiers were deleted. Privacy assured by the Governor of Massachusetts. Someone cross checked it with local voters rolls, Governor’s data was identified. (Bad!) The end of anonymity is upon us! (Ugly!) 3/12
Should we regulate the use of personal data? USA are more liberal, it’s all business ($)! Northern countries (of Europe) view the state as friendly, making public use of private date accepted more easily. Portugal (and alike) view the state as foe! A conflicting view is the ownership of the data. It may belong to the data collector (USA) or to the data subject (EU). It’s a cultural issue! 4/12
General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 GDPR aims to strengthen and unify data protection for individuals within EU. 5/12
Key principles Regulation (EU) 2016/679 Data collection and processing must be done with: Lawfulness, fairness and transparency Purpose limitation Data minimization Accuracy (and up to date) Storage limitation Integrity and confidentiality Accountability 6/12
Rights of the data subject Regulation (EU) 2016/679, Chapter III To be informed using clear and plain language To be informed of data collection To access the collected personal data To rectify the personal data To be forgotten To restrict data processing To be informed of rectifications, erasures or restrictions To data portability To object (direct marketing, for instance) To not be subject to automated individual decision-making (including profiling) 7/12
General obligations of controllers Regulation (EU) 2016/679, Chapter IV Impose data protection by design and by default Only use processors providing guarantees of compliance Maintain records of processing activities Cooperate with the supervisory authority Implement a level of security appropriate to the risk Notify the supervisory authority of data breach (72h) Communicate data breach to the data subject (or publicly) Data protection impact assessment (previous,consultation) Designate a Data Protection Officer (DPO) 8/12
Data Protection Officer (DPO) Regulation (EU) 2016/679, Chapter IV, Section 4 To be involved in all issues relating to protection of personal data Report directly to highest management level Monitor compliance with GDPR Advice on data protection impact assessments Cooperate with the supervisory authority 9/12
Data transfers to outside EU Regulation (EU) 2016/679, Chapter V Transfers can occur to entities that comply with GDPR Commission may define third countries as compliant Transfers subject to appropriate safeguards are Ok 10/12
Remedies, liability and penalties Regulation (EU) 2016/679, Chapter VIII Fines: 20 million euros or 4% total worldwide annual turnover (highest) 11/12
References Regulation (EU) 2016/679 Screening for Pancreatic Adenocarcinoma Using Signals From Web Search Logs: Feasibility Study and Results John Paparrizos, Ryen W. White, Eric Horvitz DOI: 10.1200/JOP.2015.010504 (August 2016) “Anonymized” data really isn’t - and here’s why not Nate Anderson ars Technica, Blog post, 9/8/2009, 12:25 PM

Recommended

GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GreenRope
 
Box 8
Box 8Box 8
Box 8OmPrakash63906
 
Data Protection Factsheet
Data Protection FactsheetData Protection Factsheet
Data Protection Factsheet- Mark - Fullbright
 
Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new...
Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new...Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new...
Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new...Plan de Calidad para el SNS
 
451 Research - Data Platforms and Analytics Market Map 2015 - Exec Summary
451 Research - Data Platforms and Analytics Market Map 2015 - Exec Summary451 Research - Data Platforms and Analytics Market Map 2015 - Exec Summary
451 Research - Data Platforms and Analytics Market Map 2015 - Exec SummaryRoshan Methananda
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowSophos Benelux
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationJake DiMare
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 

Recommended

GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GreenRope
 
Box 8
Box 8Box 8
Box 8OmPrakash63906
 
Data Protection Factsheet
Data Protection FactsheetData Protection Factsheet
Data Protection Factsheet- Mark - Fullbright
 
Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new...
Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new...Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new...
Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new...Plan de Calidad para el SNS
 
451 Research - Data Platforms and Analytics Market Map 2015 - Exec Summary
451 Research - Data Platforms and Analytics Market Map 2015 - Exec Summary451 Research - Data Platforms and Analytics Market Map 2015 - Exec Summary
451 Research - Data Platforms and Analytics Market Map 2015 - Exec SummaryRoshan Methananda
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowSophos Benelux
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationJake DiMare
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy lawblogzilla
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1rtjbond
 
Employee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfEmployee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPRRobert Bond
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCybera Inc.
 
Towards Privacy by Design in Personal e-Health Systems
Towards Privacy by Design in Personal e-Health SystemsTowards Privacy by Design in Personal e-Health Systems
Towards Privacy by Design in Personal e-Health SystemsCARRE project
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?Sage HR
 
Odoo Experience 2018 - GDPR: How Odoo Can Help You with Complieance
Odoo Experience 2018 - GDPR: How Odoo Can Help You with ComplieanceOdoo Experience 2018 - GDPR: How Odoo Can Help You with Complieance
Odoo Experience 2018 - GDPR: How Odoo Can Help You with ComplieanceElínAnna Jónasdóttir
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...emermell
 
Privacy and Surveillance
Privacy and SurveillancePrivacy and Surveillance
Privacy and SurveillanceIrem Gokce Aydin
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersAdjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersTravis Greene
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchAn itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchMarlon Domingus
 
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010mleyden
 
ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR Annelore van der Lint
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM TyszkaJean-Michel Tyszka
 
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...Facultad de Informática UCM
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
 
3.5 Governance at scale - Hayden Thomas
3.5 Governance at scale - Hayden Thomas3.5 Governance at scale - Hayden Thomas
3.5 Governance at scale - Hayden ThomasNHS England
 
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad EscortsCall girls in Ahmedabad High profile
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 

More Related Content

Similar to General Data Protection Regulation

Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy lawblogzilla
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1rtjbond
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPRRobert Bond
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCybera Inc.
 
Towards Privacy by Design in Personal e-Health Systems
Towards Privacy by Design in Personal e-Health SystemsTowards Privacy by Design in Personal e-Health Systems
Towards Privacy by Design in Personal e-Health SystemsCARRE project
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?Sage HR
 
Odoo Experience 2018 - GDPR: How Odoo Can Help You with Complieance
Odoo Experience 2018 - GDPR: How Odoo Can Help You with ComplieanceOdoo Experience 2018 - GDPR: How Odoo Can Help You with Complieance
Odoo Experience 2018 - GDPR: How Odoo Can Help You with ComplieanceElínAnna Jónasdóttir
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...emermell
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersAdjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersTravis Greene
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchAn itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchMarlon Domingus
 
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010mleyden
 
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...Facultad de Informática UCM
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
 
3.5 Governance at scale - Hayden Thomas
3.5 Governance at scale - Hayden Thomas3.5 Governance at scale - Hayden Thomas
3.5 Governance at scale - Hayden ThomasNHS England
 

Similar to General Data Protection Regulation (20)

Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy law
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1
 
Employee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfEmployee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdf
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPR
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
 
Towards Privacy by Design in Personal e-Health Systems
Towards Privacy by Design in Personal e-Health SystemsTowards Privacy by Design in Personal e-Health Systems
Towards Privacy by Design in Personal e-Health Systems
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
 
Odoo Experience 2018 - GDPR: How Odoo Can Help You with Complieance
Odoo Experience 2018 - GDPR: How Odoo Can Help You with ComplieanceOdoo Experience 2018 - GDPR: How Odoo Can Help You with Complieance
Odoo Experience 2018 - GDPR: How Odoo Can Help You with Complieance
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
 
Privacy and Surveillance
Privacy and SurveillancePrivacy and Surveillance
Privacy and Surveillance
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization
 
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersAdjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchAn itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and research
 
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010
 
ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
 
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
Privacidad: La Tensión entre las Capacidades Tecnológicas y las Expectativas ...
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services Sector
 
3.5 Governance at scale - Hayden Thomas
3.5 Governance at scale - Hayden Thomas3.5 Governance at scale - Hayden Thomas
3.5 Governance at scale - Hayden Thomas
 

Recently uploaded

(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad EscortsCall girls in Ahmedabad High profile
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSAishani27
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxolyaivanovalion
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxfirstjob4
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxthyngster
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxolyaivanovalion
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationshipsccctableauusergroup
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiSuhani Kapoor
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceSapana Sha
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 

Recently uploaded (20)

(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICS
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptx
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 

General Data Protection Regulation

  • 1. General Data Protection Regulation {OPOSEC - [0x37]} Ant´onio Pinto apinto@estg.ipp.pt 23 de novembro 2016
  • 2. About me. . . Teacher at ESTG of the Polytechnic of Porto (Operating systems, Computer networks, Digital forensics) Researcher at CRACS/INESC TEC I like network security, digital forensics, data privacy (and some other stuff :) ) 2/12
  • 3. Use of personal data may be ... Researchers used anonymous browsing logs to diagnose pancreatic cancer and compared it with real cancer diagnostics. Their results were better by 5 months in advance. (Good!) GIC release anonymized data on state employees (mid-1990’s) that showed every single hospital visit. Goal was to help researchers. Patient identifiers were deleted. Privacy assured by the Governor of Massachusetts. Someone cross checked it with local voters rolls, Governor’s data was identified. (Bad!) The end of anonymity is upon us! (Ugly!) 3/12
  • 4. Should we regulate the use of personal data? USA are more liberal, it’s all business ($)! Northern countries (of Europe) view the state as friendly, making public use of private date accepted more easily. Portugal (and alike) view the state as foe! A conflicting view is the ownership of the data. It may belong to the data collector (USA) or to the data subject (EU). It’s a cultural issue! 4/12
  • 5. General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 GDPR aims to strengthen and unify data protection for individuals within EU. 5/12
  • 6. Key principles Regulation (EU) 2016/679 Data collection and processing must be done with: Lawfulness, fairness and transparency Purpose limitation Data minimization Accuracy (and up to date) Storage limitation Integrity and confidentiality Accountability 6/12
  • 7. Rights of the data subject Regulation (EU) 2016/679, Chapter III To be informed using clear and plain language To be informed of data collection To access the collected personal data To rectify the personal data To be forgotten To restrict data processing To be informed of rectifications, erasures or restrictions To data portability To object (direct marketing, for instance) To not be subject to automated individual decision-making (including profiling) 7/12
  • 8. General obligations of controllers Regulation (EU) 2016/679, Chapter IV Impose data protection by design and by default Only use processors providing guarantees of compliance Maintain records of processing activities Cooperate with the supervisory authority Implement a level of security appropriate to the risk Notify the supervisory authority of data breach (72h) Communicate data breach to the data subject (or publicly) Data protection impact assessment (previous,consultation) Designate a Data Protection Officer (DPO) 8/12
  • 9. Data Protection Officer (DPO) Regulation (EU) 2016/679, Chapter IV, Section 4 To be involved in all issues relating to protection of personal data Report directly to highest management level Monitor compliance with GDPR Advice on data protection impact assessments Cooperate with the supervisory authority 9/12
  • 10. Data transfers to outside EU Regulation (EU) 2016/679, Chapter V Transfers can occur to entities that comply with GDPR Commission may define third countries as compliant Transfers subject to appropriate safeguards are Ok 10/12
  • 11. Remedies, liability and penalties Regulation (EU) 2016/679, Chapter VIII Fines: 20 million euros or 4% total worldwide annual turnover (highest) 11/12
  • 12. References Regulation (EU) 2016/679 Screening for Pancreatic Adenocarcinoma Using Signals From Web Search Logs: Feasibility Study and Results John Paparrizos, Ryen W. White, Eric Horvitz DOI: 10.1200/JOP.2015.010504 (August 2016) “Anonymized” data really isn’t - and here’s why not Nate Anderson ars Technica, Blog post, 9/8/2009, 12:25 PM