SlideShare a Scribd company logo

GPDR_Get-Data-Protection-Right

James '​-- Mckinlay
James '​-- Mckinlay

This document discusses preparations for the General Data Protection Regulation (GDPR) which takes effect in May 2018. It begins by outlining how GDPR compliance was previously viewed, with most companies believing they were unprepared. It then discusses key aspects of GDPR including higher fines, strengthened consent requirements, privacy by design, mandatory breach reporting, expanded obligations for processors, and mandatory data protection officers. Finally, it provides recommendations for steps companies can take to prepare such as forming a steering group, training, conducting data discovery and impact assessments, updating policies, and creating breach response plans. The overall message is that early preparation is important to avoid noncompliance under the new, stricter GDPR requirements.

Technology
1 of 36
Download to read offline
GPDR == get.data.protection.right(!) James Mckinlay – CSO Praetorian Consulting International
#whoami  Electoral Role  Landline  Broadband  Mobile Phone  Gas Electric  TV licence  Passport  Inland Revenue  High Street Bank  Online Retailers  Online webmail  Companies House  Online accountant  Births & Marriages Register  Hospital records / GP records Husband, Father, Son Cyber Consulting <-IT Security <- IT Solutions https://uk.linkedin.com/in/jmck4cybersecurity  Shares / Child ISA  Pension  Car Insurance  House Insurance  Flight Records (ARINC)  Mortgage  Postcode Address File  University Records  Water / Utilities  Council Tax  Driving Licence  Car registration  Equifax Experian Callcredit
Published Agenda * Know what you know * Know what you don't know * Know where your going * Get started @CisoAdvisor We could debate this from now until xmas but we only have 20 minutes so I have revised the agenda “Everything should be as simple as it can be, but not simpler”
@CisoAdvisor Now let’s pick up the pace  Actual Agenda * How it was * Where it is going * What (I suggest) you can do
 (1) Before we go any further, I feel I should first point out that everything I’m about to say is obviously just my personal opinion, which you are of course entitled to take with the appropriate pinch of salt. I would expect that if you asked someone else who was considering the same points, they might have very different things that they are looking for.  (2) I am not currently in the GPDR region  (but …...)  (3) I am not a lawyer  {but …..} Disclaimer
* Section 1: How It was Revolution Quote 1: “You will not be able to stay home, brother. You will not be able to plug in, turn on and cop out. You will not be able to lose yourself on skag and Skip out for beer during commercials, Because the revolution will not be televised.” - Gil Scott-Heron (1949 –2011)
AppointaDPO FilloutICOregistration SendICOcheques Updateregistration(e.g.ANPR) Talktolegaldepartment Lookforsomeexternaltraining Hopenothinggoeswrong AddaDPA98moduletoLMS
ISO comments on P7a  The Data Protection Act says that: This is the seventh data protection principle. In practice, it means you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised. In particular, you will need to:  design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach;  be clear about who in your organisation is responsible for ensuring information security;  make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and  be ready to respond to any breach of security swiftly and effectively. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
ISO comments on P7b  What needs to be protected by information security arrangements?  It is important to understand that the requirements of the Data Protection Act go beyond the way information is stored or transmitted. The seventh data protection principle relates to the security of every aspect of your processing of personal data.  So the security measures you put in place should seek to ensure that:  only authorised people can access, alter, disclose or destroy personal data;  those people only act within the scope of their authority; and  if personal data is accidentally lost, altered or destroyed, it can be recovered to prevent any damage or distress to the individuals concerned. Credit : https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/ Remember: The domain google.com was registered on September 15, 1997. They formally incorporated their company, Google, on September 4, 1998
Any Questions No is a valid answer
* Section 2: Where It is going Revolution quote 2: “The first revolution is when you change your mind about how you look at things, and see there might be another way to look at it that you have not been shown. What you see later on is the results of that, but that revolution, that change that takes place will not be televised.” - Gil Scott-heron (1949 –2011)
Two year count down The two-year countdown to the General Data Protection Regulation (GDPR) is underway, and the consensus seems to be that most companies haven't got a clue how they're going to approach it. Research from Egress found that 87 percent of CIOs believe they would be exposed if the regulations came into force today, while research by YouGov for Netskope found that 80 percent of IT professionals in medium and large organisation were not confident of ensuring compliance by 25 May 2018. "It's 2 years away, but 2 years with any IT project is actually very short," he says. "Most businesses where they are running April to April will have already spent their budget for this year. So you are looking at preparing to spend budget on it next year.“ – Guy Bunker @ Clearswift Credit: http://www.cbronline.com/news/cybersecurity/data/2-years-to-gdpr- how-you-can-prepare-for-the-eu-data-protection-regulation-4903975
How to lie with statistics https://www.amazon.com/How-Lie-Statistics-Darrell-Huff/dp/0393310728 https://en.wikipedia.org/wiki/List_of_cognitive_biases https://blog.osvdb.org/
Higher Fines – breaches of the GDPR can result in fines up to 4% of a business’ global turnover or €20M EUR (whichever is greater). Consent – Businesses will need to be able to demonstrate that active consent has been given for any personal information they collect or process and that they provide very clear information beforehand on how this personal information will be stored and used (privacy notices). Privacy by Design – increasingly, Businesses will need to be able to demonstrate that they have actively considered privacy and adequately addressed any associated information security risks and that this is built into the DNA of their organization Mandatory Notification – there will be a mandatory duty under GPDR to promptly report data protection breaches that put the rights and freedoms of individuals at risk (within 72 hours). Data Processors – at present only organisations acting as Data Controllers have legal obligations for looking after personal information under the UK Data Protection Act. The GPDR aims to extend some of the direct legal obligations on to Data Processors as well as Data Controllers. Sensitive personal data – the definition of sensitive personal data has been widened to include genetic and biometric data and there will be stricter rules for processing this kind of (medical) information. Data Subjects Rights – generally, individuals will have stronger rights to request the transfer of their personal information from one service provider to another and also when requesting their “right to be forgotten” Data Protection Officers – Data Protection Officers will become mandatory for organisations whose primary purpose involves processing sensitive personal data or who monitor data subjects regularly on a large scale. Credit: fruition blog Feb 2016
Higher Fines – breaches of the GDPR can result in fines up to 4% of a business’ global turnover or €20M EUR (whichever is greater). Consent – Businesses will need to be able to demonstrate that active consent has been given for any personal information they collect or process and that they provide very clear information beforehand on how this personal information will be stored and used (privacy notices). Privacy by Design – increasingly, Businesses will need to be able to demonstrate that they have actively considered privacy and adequately addressed any associated information security risks and that this is built into the DNA of their organization Mandatory Notification – there will be a mandatory duty under GPDR to promptly report data protection breaches that put the rights and freedoms of individuals at risk (within 72 hours). Data Processors – at present only organisations acting as Data Controllers have legal obligations for looking after personal information under the UK Data Protection Act. The GPDR aims to extend some of the direct legal obligations on to Data Processors as well as Data Controllers. Sensitive personal data – the definition of sensitive personal data has been widened to include genetic and biometric data and there will be stricter rules for processing this kind of (medical) information. Data Subjects Rights – generally, individuals will have stronger rights to request the transfer of their personal information from one service provider to another and also when requesting their “right to be forgotten” Data Protection Officers – Data Protection Officers will become mandatory for organisations whose primary purpose involves processing sensitive personal data or who monitor data subjects regularly on a large scale.
Mandatory Notification – there will be a mandatory duty under GPDR to promptly report data protection breaches that put the rights and freedoms of individuals at risk (within 72 hours). https://www.visaeurope.com/media/pdf/security%20compromise%20factsheet% 20-%20march%202015.pdf Immediately Bank + PCI-PFI
Mandatory Notification – there will be a mandatory duty under GPDR to promptly report data protection breaches that put the rights and freedoms of individuals at risk (within 72 hours). https://usa.visa.com/dam/VCOM/download/merchants/cisp-what-to-do-if-compromised.pdf 72hrs Actual or suspected Report sent to Visa
Mandatory Notification – there will be a mandatory duty under GPDR to promptly report data protection breaches that put the rights and freedoms of individuals at risk (within 72 hours). http://www.theregister.co.uk/2016/09/01/talktalk_appeal_against_ico_data_breach_fine_dismissed/ 24hrs Report sent to ICO
Converge with Information Security Quality Management LegalRecruitment Other disciplines talk about it more than us !
Any Questions No is a valid answer
* Section 3: What You can do Revolution quote 3: “There can't be any large-scale revolution until there's a personal revolution, on an individual level. It's got to happen inside first.” - Jim Morrison (1943 - 1971)
Disclaimer  I haven’t yet tried this next bit ;)
ISO27001 PCIDSSv3.2 AML / TCF TOP20 CC NSA MNP Remember DPA98:Pr7 from part one ISO9001 ISO27002 SOC_I SOC_II
Company CEO Group Security Office
Mubadala Group Injazat CEO Data Protection / Data Security “Tone at the Top” Directive from CEO Data Protection Management Policy Scope of ICO registration Data Governance Forum (Steering Group) - Charter and Minutes GovernanceManagement Data Protection Strategy Paper & sub-plans DPO Measurement Plan Data Quality Management Information Asset Register Privacy Impact Analysis Project (RA) Data Discovery with Business Impact Analysis DPO Annual Objectives 05.Sep.16 b a d c 1 2 3 5 6 7 8 9 Company CEO Group Security Office DPO Annual Audit Plan DPO Communications Plan DSARs/Complaints DPO Data Breach Plan4
Short cycle error correction (F3) Variations, F2T2E : Find, Fix, Target, Track, and Execute F2T2EA : Find, Fix, Track, Target, Engage, Assess F2T2 : Find Fix Track Target F3EAD : Find, Fix, Finish, Exploit, Analyze and Disseminate FIND FIX FINISH If your interested in military tactics that might support Cyber Security look into http://www.pogoarchives.org/straus/shaping-and-adapting-boyd-20150422.pdf And F3EAD paper - http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf
Data Discovery BC / DR Team Vulnerability Scanner IT Ops / ITIL HR / Legal / Finance ICO registration
Information Asset Register Where you are Data Controller Where you outsource https://www.linkedin.com/pulse/25-exciting-things-do-information-asset- register-reynold-leming?trk=hp-feed-article-title-like
Information Asset Register by Reynold Leming  1. Understanding Relationships: A related series of records sharing the same purpose (a "master asset" if you will) might have a variety of constituent entities ("sub assets") in different formats - e.g. physical records, digital content, database records. Identifying these within an IAR will enable an understanding of their relationships and purpose over time.  2. Security Classification: Assets can be classified within the IAR to an approved security classification / protective marking scheme, with current protective measures recorded, in order to identify if there are in any risks relating to the handling of confidential personal or commercially sensitive information.  3. Personal Data: Specifically you can identify confidential personal information to ensure that data protection / privacy obligations are met, for example in terms of security and disposal.  4. Ownership: The ability to know - who owns what? Also to understand who owns both in terms of corporate accountability and ownership of the actual information itself.
Internal Training (1) Does the data enables you to identify directly the person? YES NO It is personal data Does the data enables you to identify the person indirectly? NO YES It is personal data It is not personal data
Internal Training (2) Fair and lawful processing Proportionate processing Accurate and up to date Data retention limitation Data transfers limitation
Privacy Impact Assessment  Name of the processing service  Date of service implementation  Name of the software/ application used  Key contact internal  Key contact external  List of data collected and processed (detailed)  Purpose of the processing (detailed)  Period during which data are stored and processed  Persons who need to have access (detailed R&R)  Does the processing need development or maintenance by a third party?  Does the processing imply transfer out of EU within the company?  Does the processing imply to transfer out of EU to a third party?  How will data transfers be secured to provide adequate level of protection? Are you a Data Controller Are you a Data Processor
Data Breach Planning https://otalliance.org/resources/data-breach-protection
Summary  There are many overlaps in the ISMF and managing Data Protection in the Enterprise  Establish a Data Protection Steering Group  Choose a DPO  Find and Classify the data, assigning a business owner  Prepare internal training  Prepare a holistic Data Breach Plan – not just a technical response  Use this activity to enforce better Information Security Controls  E.g. Data classification, Information Asset Register, Data retention cleanup + evidence
Takeaways  Take it seriously we’ve had 18 years to get this  Get started if you haven’t already  Use what has been learnt from years of ISMS governance and certification  Tailor it to your organisation (size and maturity)  Learn from other disciplines (collaborate or die)  Challenge conference organisers on GPDR agendas  Network with likeminded peers
Time is precious thank you for yours James

Recommended

Good-cyber-hygiene-at-scale-and-speed
Good-cyber-hygiene-at-scale-and-speedGood-cyber-hygiene-at-scale-and-speed
Good-cyber-hygiene-at-scale-and-speed
James '​-- Mckinlay
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber Hygiene
GAURAV. H .TANDON
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
centralohioissa
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
Julius Clark, CISSP, CISA
 
Personal Digital Hygiene
Personal Digital HygienePersonal Digital Hygiene
Personal Digital Hygiene
Lars Hilse Global Thought Leader in #CyberSecurity, #CyberTerrorism, #CyberDefence, #CyberCrime
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
 

Recommended

Good-cyber-hygiene-at-scale-and-speed
Good-cyber-hygiene-at-scale-and-speedGood-cyber-hygiene-at-scale-and-speed
Good-cyber-hygiene-at-scale-and-speed
James '​-- Mckinlay
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber Hygiene
GAURAV. H .TANDON
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
centralohioissa
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
Julius Clark, CISSP, CISA
 
Personal Digital Hygiene
Personal Digital HygienePersonal Digital Hygiene
Personal Digital Hygiene
Lars Hilse Global Thought Leader in #CyberSecurity, #CyberTerrorism, #CyberDefence, #CyberCrime
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
MissMarvel70
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
AIIM International
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategy
Prof. Jacques Folon (Ph.D)
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11
Skillspire LLC
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
 
What you will take away from this session
What you will take away from this sessionWhat you will take away from this session
What you will take away from this session
Digital Transformation EXPO Event Series
 
Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7
James Nesbitt
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13
Skillspire LLC
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
Graham Mann
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
Jisc
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
Advanced Imaging Solutions & Pinnacle
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
Symantec
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
Morris Dorfer
 

More Related Content

What's hot

Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
MissMarvel70
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
AIIM International
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategy
Prof. Jacques Folon (Ph.D)
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11
Skillspire LLC
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
 
What you will take away from this session
What you will take away from this sessionWhat you will take away from this session
What you will take away from this session
Digital Transformation EXPO Event Series
 
Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7
James Nesbitt
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13
Skillspire LLC
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
Graham Mann
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
Jisc
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
Advanced Imaging Solutions & Pinnacle
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
 

What's hot (20)

Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategy
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
What you will take away from this session
What you will take away from this sessionWhat you will take away from this session
What you will take away from this session
 
Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 

Similar to GPDR_Get-Data-Protection-Right

The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
Symantec
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
Morris Dorfer
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
Dr. Donald Macfarlane
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
Symantec
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0
Aaron Banham
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?
MediaPost
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
Jake DiMare
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
Symantec
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charities
Tech Trust
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
Case IQ
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
Zuckerman Law Whistleblower Protection Law Firm
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
Exponential_e
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect Everyone
Thomas Goubau
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR Implementation
Joseph V. Moreno
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
audrey miguel
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
MediaPost
 

Similar to GPDR_Get-Data-Protection-Right (20)

The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charities
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect Everyone
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR Implementation
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
 

More from James '​-- Mckinlay

Cracking for the Blue Team
Cracking for the Blue TeamCracking for the Blue Team
Cracking for the Blue Team
James '​-- Mckinlay
 
Security at the speed of dev ops v3
Security at the speed of dev ops v3Security at the speed of dev ops v3
Security at the speed of dev ops v3
James '​-- Mckinlay
 
40 things to do before you spend $1 on AI
40 things to do before you spend $1 on AI40 things to do before you spend $1 on AI
40 things to do before you spend $1 on AI
James '​-- Mckinlay
 
Securing Smart Cities
Securing Smart CitiesSecuring Smart Cities
Securing Smart Cities
James '​-- Mckinlay
 
cybersecurity-workforce-papers
cybersecurity-workforce-paperscybersecurity-workforce-papers
cybersecurity-workforce-papers
James '​-- Mckinlay
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsBsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devops
James '​-- Mckinlay
 
Metrics evolution breakfast edition
Metrics evolution breakfast editionMetrics evolution breakfast edition
Metrics evolution breakfast edition
James '​-- Mckinlay
 
IGPC Data Breach Planning braindump
IGPC Data Breach Planning braindumpIGPC Data Breach Planning braindump
IGPC Data Breach Planning braindump
James '​-- Mckinlay
 
Living with Determined Attackers MOSI Edition
Living with Determined Attackers MOSI EditionLiving with Determined Attackers MOSI Edition
Living with Determined Attackers MOSI Edition
James '​-- Mckinlay
 
ELITE.BCS-Cloud-and-Mobile-Risk-Assessments
ELITE.BCS-Cloud-and-Mobile-Risk-AssessmentsELITE.BCS-Cloud-and-Mobile-Risk-Assessments
ELITE.BCS-Cloud-and-Mobile-Risk-Assessments
James '​-- Mckinlay
 
Living with the threat of Determined Attackers - RANT0214
Living with the threat of Determined Attackers - RANT0214Living with the threat of Determined Attackers - RANT0214
Living with the threat of Determined Attackers - RANT0214
James '​-- Mckinlay
 

More from James '​-- Mckinlay (11)

Cracking for the Blue Team
Cracking for the Blue TeamCracking for the Blue Team
Cracking for the Blue Team
 
Security at the speed of dev ops v3
Security at the speed of dev ops v3Security at the speed of dev ops v3
Security at the speed of dev ops v3
 
40 things to do before you spend $1 on AI
40 things to do before you spend $1 on AI40 things to do before you spend $1 on AI
40 things to do before you spend $1 on AI
 
Securing Smart Cities
Securing Smart CitiesSecuring Smart Cities
Securing Smart Cities
 
cybersecurity-workforce-papers
cybersecurity-workforce-paperscybersecurity-workforce-papers
cybersecurity-workforce-papers
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsBsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devops
 
Metrics evolution breakfast edition
Metrics evolution breakfast editionMetrics evolution breakfast edition
Metrics evolution breakfast edition
 
IGPC Data Breach Planning braindump
IGPC Data Breach Planning braindumpIGPC Data Breach Planning braindump
IGPC Data Breach Planning braindump
 
Living with Determined Attackers MOSI Edition
Living with Determined Attackers MOSI EditionLiving with Determined Attackers MOSI Edition
Living with Determined Attackers MOSI Edition
 
ELITE.BCS-Cloud-and-Mobile-Risk-Assessments
ELITE.BCS-Cloud-and-Mobile-Risk-AssessmentsELITE.BCS-Cloud-and-Mobile-Risk-Assessments
ELITE.BCS-Cloud-and-Mobile-Risk-Assessments
 
Living with the threat of Determined Attackers - RANT0214
Living with the threat of Determined Attackers - RANT0214Living with the threat of Determined Attackers - RANT0214
Living with the threat of Determined Attackers - RANT0214
 

Recently uploaded

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 

Recently uploaded (20)

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 

GPDR_Get-Data-Protection-Right

  • 1. GPDR == get.data.protection.right(!) James Mckinlay – CSO Praetorian Consulting International
  • 2. #whoami  Electoral Role  Landline  Broadband  Mobile Phone  Gas Electric  TV licence  Passport  Inland Revenue  High Street Bank  Online Retailers  Online webmail  Companies House  Online accountant  Births & Marriages Register  Hospital records / GP records Husband, Father, Son Cyber Consulting <-IT Security <- IT Solutions https://uk.linkedin.com/in/jmck4cybersecurity  Shares / Child ISA  Pension  Car Insurance  House Insurance  Flight Records (ARINC)  Mortgage  Postcode Address File  University Records  Water / Utilities  Council Tax  Driving Licence  Car registration  Equifax Experian Callcredit
  • 3. Published Agenda * Know what you know * Know what you don't know * Know where your going * Get started @CisoAdvisor We could debate this from now until xmas but we only have 20 minutes so I have revised the agenda “Everything should be as simple as it can be, but not simpler”
  • 4. @CisoAdvisor Now let’s pick up the pace  Actual Agenda * How it was * Where it is going * What (I suggest) you can do
  • 5.  (1) Before we go any further, I feel I should first point out that everything I’m about to say is obviously just my personal opinion, which you are of course entitled to take with the appropriate pinch of salt. I would expect that if you asked someone else who was considering the same points, they might have very different things that they are looking for.  (2) I am not currently in the GPDR region  (but …...)  (3) I am not a lawyer  {but …..} Disclaimer
  • 6. * Section 1: How It was Revolution Quote 1: “You will not be able to stay home, brother. You will not be able to plug in, turn on and cop out. You will not be able to lose yourself on skag and Skip out for beer during commercials, Because the revolution will not be televised.” - Gil Scott-Heron (1949 –2011)
  • 8. ISO comments on P7a  The Data Protection Act says that: This is the seventh data protection principle. In practice, it means you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised. In particular, you will need to:  design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach;  be clear about who in your organisation is responsible for ensuring information security;  make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and  be ready to respond to any breach of security swiftly and effectively. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • 9. ISO comments on P7b  What needs to be protected by information security arrangements?  It is important to understand that the requirements of the Data Protection Act go beyond the way information is stored or transmitted. The seventh data protection principle relates to the security of every aspect of your processing of personal data.  So the security measures you put in place should seek to ensure that:  only authorised people can access, alter, disclose or destroy personal data;  those people only act within the scope of their authority; and  if personal data is accidentally lost, altered or destroyed, it can be recovered to prevent any damage or distress to the individuals concerned. Credit : https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/ Remember: The domain google.com was registered on September 15, 1997. They formally incorporated their company, Google, on September 4, 1998
  • 10. Any Questions No is a valid answer
  • 11. * Section 2: Where It is going Revolution quote 2: “The first revolution is when you change your mind about how you look at things, and see there might be another way to look at it that you have not been shown. What you see later on is the results of that, but that revolution, that change that takes place will not be televised.” - Gil Scott-heron (1949 –2011)
  • 12. Two year count down The two-year countdown to the General Data Protection Regulation (GDPR) is underway, and the consensus seems to be that most companies haven't got a clue how they're going to approach it. Research from Egress found that 87 percent of CIOs believe they would be exposed if the regulations came into force today, while research by YouGov for Netskope found that 80 percent of IT professionals in medium and large organisation were not confident of ensuring compliance by 25 May 2018. "It's 2 years away, but 2 years with any IT project is actually very short," he says. "Most businesses where they are running April to April will have already spent their budget for this year. So you are looking at preparing to spend budget on it next year.“ – Guy Bunker @ Clearswift Credit: http://www.cbronline.com/news/cybersecurity/data/2-years-to-gdpr- how-you-can-prepare-for-the-eu-data-protection-regulation-4903975
  • 13. How to lie with statistics https://www.amazon.com/How-Lie-Statistics-Darrell-Huff/dp/0393310728 https://en.wikipedia.org/wiki/List_of_cognitive_biases https://blog.osvdb.org/
  • 14. Higher Fines – breaches of the GDPR can result in fines up to 4% of a business’ global turnover or €20M EUR (whichever is greater). Consent – Businesses will need to be able to demonstrate that active consent has been given for any personal information they collect or process and that they provide very clear information beforehand on how this personal information will be stored and used (privacy notices). Privacy by Design – increasingly, Businesses will need to be able to demonstrate that they have actively considered privacy and adequately addressed any associated information security risks and that this is built into the DNA of their organization Mandatory Notification – there will be a mandatory duty under GPDR to promptly report data protection breaches that put the rights and freedoms of individuals at risk (within 72 hours). Data Processors – at present only organisations acting as Data Controllers have legal obligations for looking after personal information under the UK Data Protection Act. The GPDR aims to extend some of the direct legal obligations on to Data Processors as well as Data Controllers. Sensitive personal data – the definition of sensitive personal data has been widened to include genetic and biometric data and there will be stricter rules for processing this kind of (medical) information. Data Subjects Rights – generally, individuals will have stronger rights to request the transfer of their personal information from one service provider to another and also when requesting their “right to be forgotten” Data Protection Officers – Data Protection Officers will become mandatory for organisations whose primary purpose involves processing sensitive personal data or who monitor data subjects regularly on a large scale. Credit: fruition blog Feb 2016
  • 15. Higher Fines – breaches of the GDPR can result in fines up to 4% of a business’ global turnover or €20M EUR (whichever is greater). Consent – Businesses will need to be able to demonstrate that active consent has been given for any personal information they collect or process and that they provide very clear information beforehand on how this personal information will be stored and used (privacy notices). Privacy by Design – increasingly, Businesses will need to be able to demonstrate that they have actively considered privacy and adequately addressed any associated information security risks and that this is built into the DNA of their organization Mandatory Notification – there will be a mandatory duty under GPDR to promptly report data protection breaches that put the rights and freedoms of individuals at risk (within 72 hours). Data Processors – at present only organisations acting as Data Controllers have legal obligations for looking after personal information under the UK Data Protection Act. The GPDR aims to extend some of the direct legal obligations on to Data Processors as well as Data Controllers. Sensitive personal data – the definition of sensitive personal data has been widened to include genetic and biometric data and there will be stricter rules for processing this kind of (medical) information. Data Subjects Rights – generally, individuals will have stronger rights to request the transfer of their personal information from one service provider to another and also when requesting their “right to be forgotten” Data Protection Officers – Data Protection Officers will become mandatory for organisations whose primary purpose involves processing sensitive personal data or who monitor data subjects regularly on a large scale.
  • 16. Mandatory Notification – there will be a mandatory duty under GPDR to promptly report data protection breaches that put the rights and freedoms of individuals at risk (within 72 hours). https://www.visaeurope.com/media/pdf/security%20compromise%20factsheet% 20-%20march%202015.pdf Immediately Bank + PCI-PFI
  • 17. Mandatory Notification – there will be a mandatory duty under GPDR to promptly report data protection breaches that put the rights and freedoms of individuals at risk (within 72 hours). https://usa.visa.com/dam/VCOM/download/merchants/cisp-what-to-do-if-compromised.pdf 72hrs Actual or suspected Report sent to Visa
  • 18. Mandatory Notification – there will be a mandatory duty under GPDR to promptly report data protection breaches that put the rights and freedoms of individuals at risk (within 72 hours). http://www.theregister.co.uk/2016/09/01/talktalk_appeal_against_ico_data_breach_fine_dismissed/ 24hrs Report sent to ICO
  • 19. Converge with Information Security Quality Management LegalRecruitment Other disciplines talk about it more than us !
  • 20. Any Questions No is a valid answer
  • 21. * Section 3: What You can do Revolution quote 3: “There can't be any large-scale revolution until there's a personal revolution, on an individual level. It's got to happen inside first.” - Jim Morrison (1943 - 1971)
  • 22. Disclaimer  I haven’t yet tried this next bit ;)
  • 23. ISO27001 PCIDSSv3.2 AML / TCF TOP20 CC NSA MNP Remember DPA98:Pr7 from part one ISO9001 ISO27002 SOC_I SOC_II
  • 25. Mubadala Group Injazat CEO Data Protection / Data Security “Tone at the Top” Directive from CEO Data Protection Management Policy Scope of ICO registration Data Governance Forum (Steering Group) - Charter and Minutes GovernanceManagement Data Protection Strategy Paper & sub-plans DPO Measurement Plan Data Quality Management Information Asset Register Privacy Impact Analysis Project (RA) Data Discovery with Business Impact Analysis DPO Annual Objectives 05.Sep.16 b a d c 1 2 3 5 6 7 8 9 Company CEO Group Security Office DPO Annual Audit Plan DPO Communications Plan DSARs/Complaints DPO Data Breach Plan4
  • 26. Short cycle error correction (F3) Variations, F2T2E : Find, Fix, Target, Track, and Execute F2T2EA : Find, Fix, Track, Target, Engage, Assess F2T2 : Find Fix Track Target F3EAD : Find, Fix, Finish, Exploit, Analyze and Disseminate FIND FIX FINISH If your interested in military tactics that might support Cyber Security look into http://www.pogoarchives.org/straus/shaping-and-adapting-boyd-20150422.pdf And F3EAD paper - http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf
  • 27. Data Discovery BC / DR Team Vulnerability Scanner IT Ops / ITIL HR / Legal / Finance ICO registration
  • 28. Information Asset Register Where you are Data Controller Where you outsource https://www.linkedin.com/pulse/25-exciting-things-do-information-asset- register-reynold-leming?trk=hp-feed-article-title-like
  • 29. Information Asset Register by Reynold Leming  1. Understanding Relationships: A related series of records sharing the same purpose (a "master asset" if you will) might have a variety of constituent entities ("sub assets") in different formats - e.g. physical records, digital content, database records. Identifying these within an IAR will enable an understanding of their relationships and purpose over time.  2. Security Classification: Assets can be classified within the IAR to an approved security classification / protective marking scheme, with current protective measures recorded, in order to identify if there are in any risks relating to the handling of confidential personal or commercially sensitive information.  3. Personal Data: Specifically you can identify confidential personal information to ensure that data protection / privacy obligations are met, for example in terms of security and disposal.  4. Ownership: The ability to know - who owns what? Also to understand who owns both in terms of corporate accountability and ownership of the actual information itself.
  • 30. Internal Training (1) Does the data enables you to identify directly the person? YES NO It is personal data Does the data enables you to identify the person indirectly? NO YES It is personal data It is not personal data
  • 31. Internal Training (2) Fair and lawful processing Proportionate processing Accurate and up to date Data retention limitation Data transfers limitation
  • 32. Privacy Impact Assessment  Name of the processing service  Date of service implementation  Name of the software/ application used  Key contact internal  Key contact external  List of data collected and processed (detailed)  Purpose of the processing (detailed)  Period during which data are stored and processed  Persons who need to have access (detailed R&R)  Does the processing need development or maintenance by a third party?  Does the processing imply transfer out of EU within the company?  Does the processing imply to transfer out of EU to a third party?  How will data transfers be secured to provide adequate level of protection? Are you a Data Controller Are you a Data Processor
  • 34. Summary  There are many overlaps in the ISMF and managing Data Protection in the Enterprise  Establish a Data Protection Steering Group  Choose a DPO  Find and Classify the data, assigning a business owner  Prepare internal training  Prepare a holistic Data Breach Plan – not just a technical response  Use this activity to enforce better Information Security Controls  E.g. Data classification, Information Asset Register, Data retention cleanup + evidence
  • 35. Takeaways  Take it seriously we’ve had 18 years to get this  Get started if you haven’t already  Use what has been learnt from years of ISMS governance and certification  Tailor it to your organisation (size and maturity)  Learn from other disciplines (collaborate or die)  Challenge conference organisers on GPDR agendas  Network with likeminded peers
  • 36. Time is precious thank you for yours James