25 May 2018, the General Data Protection Regulation (GDPR) deadline, is less than 6 months away.
As the attention on the regulation is at the top, there is now a growing concern for any organization that is affected by.
We would like to invite you to join our webinar to share with you our approach and help your organization and you document repository to be compliant with GDPR.
During the webinar, our special guests, George Parapadakis – Business Solutions Strategy, Alfresco and Bart van Bouwel – Managing Partner, CDI-Partners, will provide you with:
- How to implement GDPR in your document repository
- How the Alfresco Digital Business Platform can help your organization to be compliant with GDPR
- Xenit approach: a managed shared drive
-Xenit demonstration
-Top tips to start preparing for the GDPR.
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
How to implement gdpr in your document repository
1. How to implement GDPR in the document repository
Xenit - December, 11 2017
December, 5 2017
4 pm - 5 pm CET
2. Agenda
• CDI-Partners Testimonial: GDPR Principles [15 min]
• Alfresco Testimonial: How Alfresco can help your
organization comply with the GDPR [15 min]
• Xenit Testimonial: A managed shared drive [15 min]
• Top tips to start preparing for the GDPR [5 min]
• Xenit Use Case [5 min]
• Q&A session [5 min]
How to implement GDPR in the
document repository
4. CDI-Partners Testimonial
Bart Van Bouwel – Managing Partner - CDI-Partners
“Did you know that most data breaches reported are related to
unstructured data? Documents, spreadsheets, mails and even
paper files? Without a clear focus on documents, companies
can’t claim adequate protection of personal data.”
5. How to implement GDPR in the document repository
Bart Van Bouwel
bart.van.bouwel@cdi-partners.be
6. General Data Protecting Regulation
Purpose
Give individuals control over their personal data
Applies to
All companies that process personal data of EU citizens
European Regulation
One law across the EU, enforced as of May 25th, 2018
7. Some Principles
Lawfully, fairly and transparent
Collected for specified, explicit and legitimate purposes
Adequate, relevant and limited Data Minimization
Processing must be
Consult, correct, request deletion, portability of their personal data
Rights of Data Subjects
Privacy by design – Privacy by default
Data Breach notification is mandatory
8. Fines
Up to € 20.000.000 or 4 % of total worldwide annual turnover
Proportional to the scale of the infringements
Other measures possible
Issue warnings and reprimands
Order to comply with the data subject's requests
Order to bring processing operations into compliance
Order to communicate a personal data breach to the data subject
Impose a temporary or definitive limitation including a ban on processing
…
9. Personal Data
Home & work information
Health information
Finger print &
Genetic information
Family & demographic
information
Online behaviour & shopping information
Union membership
Political opinions
Religion & Race
Information relating to an identified or identifiable natural person
Personal data can be structured (databases) or unstructured (documents, listings, reports, spreadsheets, …)
10. Stored in databases
Accessed through applications
More control More easy to protect
Structured data
In documents and files
Stored on local or network drives / Cloud / USB Keys / …
Easily copied and distributed
Less control More difficult to protect
Unstructured data
Structured data or Unstructured data?
Where to start?
Where to focus
11. GDPR in practice
No GDPR examples available
Based upon EU Data Protection Directive 1995
Data breach notification is a best practice
Maximum fine £ 500.000
Data Protection Act 1998 (UK)
Information available about breaches and sanctions
ICO – Information Commissioners’ Office
12. Examples of Data Breaches
Data Protection Act - Source: ICO (January – March 2017) – 678 breaches
Loss/theft of paperwork
13%
Unauthorised or unlawful
processing
21%
Data posted/faxed
incorrect recipient
11%Data emailed to incorrect
recipient
11%
Cyber incident
14%
Failure to redact data
7%
Failure to use bcc
5%
Data left in insecure
location
4%
Other
9%
Loss/theft of unencrypted device
4% Verbal Disclosure
1%
Document related
>50% related to documents
13. Fines by ICO
Marketing
42%
Process
30%
Theft
(employee)
19%
IT - Security
9%
Categories of Fines
Data Protection Act - Source: ICO (January – September 2017)
• 42% Marketing
Mostly deliberate actions with positive ROI
• Biggest risk are found in the 58%
• Some examples
– Sensitive data lost in the mail
– Employees accessing or stealing sensitive data
– A cyber attack stealing 30.000 emails
– Leaving paper files in a cabinet that was sold
– A laptop containing sensitive documents that was stolen
– Backing up sensitive documents to a free cloud storage
• All these fines where given for breaches relating to
unstructured data
• Most breaches and almost all cases that are fined are
from undeliberate or deliberate acts from within the
company
14. Conclusion
• Fines will be given after someone files a complaint
– Focus on solutions to prevent data breaches
• Start with
– Processes related to rights of individuals
• Privacy statements / proof of consent / demands to access – correct – erase data
– Unstructured data
• What functionalities do you need for your documents?
15. Challenges for unstructured data
1. Identify documents containing personal data and label them appropriately
2. State of the art security of the documents and the metadata
3. Monitor and control access to the documents, store metadata to prove legitimate
purpose
4. Make documents available offline in a secure way
5. Detect breaches
6. Keep track of the right time to delete documents and permanently delete the
documents so no backup copies exist
7. Control the usage of documents by external parties
16. CDI-Partners
GDPR Principles
www.xenit.eu
Bart Van Bouwel – Managing Partner
Alfresco
How the Alfresco Digital Business Platform can help your company comply with GDPR
George Parapadakis – Director, Business Solutions Strategy - EMEA
17. Alfresco Testimonial
George Parapadakis – Business Solutions Strategy - Alfresco
“GDPR will touch every department, every function
and every operation inside your organization. It will
not only change the way you manage information, it
will change the way people behave.”
19. Over 24 GDPR Articles we can help with…
• Lawful Processing, Minimisation, Consent, PII detection
• Right of Access
• Right to Correct data (Rectification)
• Right to be Forgotten (Erasure)
• Right to Data Portability
• Right to Object / Withdraw consent
• Data Protection and Security (Pseudonymisation)
• Keeping Records of Processing
• Report Data Breaches
• Data Protection Impact Assessments
• 3rd Party Notification
• Automated Decision Making
• Policy Management
• Certification
• Data Residency
Article 15
Article 16
Article 20
Article 25, 32
Article 7, 18, 21
Article 30
Article 17
Article 5, 6, 7, 9
Article 19
Article 40
Article 45, 46
Article 42
Article 33, 34
Article 35, 36
Article 22
20. Alfresco Digital Business Platform
Application Development Framework
Alfresco Process
Services
Alfresco Content
Services
Integrations / Extensions
Open APIs and Open Standards
On-Prem, Cloud, Hybrid, Managed
Intelligence and Analytics
Alfresco Governance Services
21. Alfresco Digital Business Platform
Application Development Framework
Alfresco Process
Services
Alfresco Content
Services
Integrations / Extensions
Open APIs and Open Standards
On-Prem, Cloud, Hybrid, Managed
Intelligence and Analytics
Alfresco Governance Services
22. Alfresco
GDPR
Framework
Managing Policies & Certify Users
policy authoring, review, approval, distribution and
sign-off (ACS)
Identify, protect and manage GDPR sensitive
content
metadata and aspects to create a GDPR Asset
Register (ACS)
Classification Marks to secure access to PII (AGS)
Execute disposition policies (AGS)
Manage GDPR related processes
Define and execute Subject Access Requests, data
portability, erasure, etc. (APS)
Manage Breach Notifications and Impact
assessments (APS)
Compliance & Audit Reporting
26. Alfresco
GDPR
Framework
Managing Policies & Certify Users
policy authoring, review, approval, distribution and
sign-off (ACS)
Identify, protect and manage GDPR sensitive
content
metadata and aspects to create a GDPR Asset
Register (ACS)
Classification Marks to secure access to PII (AGS)
Execute disposition policies (AGS)
Manage GDPR related processes
Define and execute Subject Access Requests, data
portability, erasure, etc. (APS)
Manage Breach Notifications and Impact
assessments (APS)
Compliance & Audit Reporting
27. Subject Access Request
Capture Audit Trail
Amend
Systems
Collect
Data
Notify
3rd
parties
Withdraw
Consent
Assemble
Output
Prepare
Response
Review
Response
Respond to
Customer
Capture
Audit Trail
TriageValidate
Request
Amendments
Consent
Withdrawal
Data Portability
Erasure
Email
Phone
Letter
In Person
Internal ACS
File System
LoB Integration
External Process
External ECM
Cloud EFSS
Manual
28. Alfresco
GDPR
Framework
Managing Policies & Certify Users
policy authoring, review, approval, distribution and
sign-off (ACS)
Identify, protect and manage GDPR sensitive
content
metadata and aspects to create a GDPR Asset
Register (ACS)
Classification Marks to secure access to PII (AGS)
Execute disposition policies (AGS)
Manage GDPR related processes
Define and execute Subject Access Requests, data
portability, erasure, etc. (APS)
Manage Breach Notifications and Impact
assessments (APS)
Compliance & Audit Reporting
29. Typical GDPR Reports
Asset Register
SAR Dashboard
Record of Processing
Certification
Impact Assessments
Policy Impact List, by law
30. Digital Business Platform
=
“Data Privacy By Design”
ü Secure place for GDPR information & metadata
ü Maximise automation to enforce compliance controls
ü Proactively collect audit trails & evidence
33. Xenit Testimonial
Ronny Timmermans – CEO, Managing Director - Xenit
“Governance has always been a concern of Xenit and a particular strength of
Alfresco. GDPR makes us more aware that data are valuable assets, with
privacy and sensitivity implications for every individual we interact with in our
corporate environment. Building upon the enterprise capabilities of Alfresco
and leveraging our Alfred products, data protection comes by design and not
as an afterthought. ”