Download to read offline
Uploaded bySkyword Inc.
Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]
The document outlines Skyword's commitment to security and GDPR compliance, emphasizing ISO 27001 standards and the importance of protecting personal data. It details Skyword's action plan, which includes a comprehensive data audit, policy updates, and processes for handling data subject rights and inquiries. Additionally, the document describes the Privacy Shield agreement, which facilitates the transfer of personal data between the EU and US while ensuring adequate protection measures are in place.
More Related Content
![[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...](https://cdn.slidesharecdn.com/ss_thumbnails/areyoumanagingyourcybersecurityriskexposure-finalslides-210428205826-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]
![Master the Art of Story for Business [Webinar with Robert McKee]](https://cdn.slidesharecdn.com/ss_thumbnails/2018-03-13-storynomics-preview-webinar-180314014308-thumbnail.jpg?width=640&height=640&fit=bounds)
![Enterprise Planning and Streamlined Navigation from Skyword [Webinar]](https://cdn.slidesharecdn.com/ss_thumbnails/skywordenterpriseplanningandnavigationwebinarslides-180517135224-thumbnail.jpg?width=640&height=640&fit=bounds)
![Inside the Content Marketing Continuum [Webinar Slides]](https://cdn.slidesharecdn.com/ss_thumbnails/inside-the-cmc-webinar-slides-180215013734-thumbnail.jpg?width=640&height=640&fit=bounds)
![Keeping Up with the Algorithms: SEO Best Practices from Skyword [Webinar Slides]](https://cdn.slidesharecdn.com/ss_thumbnails/skywordseowebinar-180522142628-thumbnail.jpg?width=640&height=640&fit=bounds)
Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]
- 1. Security, privacy, and GDPRcompliance
- 2. 2 John Mihalik Chief TechnologyOfficer Dave Sandborg Vice President, Engineering
- 3. • Skyword’s commitmentto security: ISO 27001 compliance • Quick overview of General Data Protection Regulation (GDPR) • Privacy Shield • Skyword’s Action Plan Agenda 3
- 4.
- 5. 5 ISO 27001 SecurityFramework Assets Threats Weakness Exposure Risk Controls endangered by that exploit resulting inleading to mitigated by to protect
- 6. Define the Scope Definethe IS Policy Undertake Risk Assessment Selection of Controls Risk Treatment Plan Prepare SOA Treatment Planning Execute Risk Treatment Write Controls Implement Policies and Procedures Implement Training Manage Operations Implementation Define Metrics for Measurement Execute Operational Plan Regular Review of Effectiveness Review Level of Residual Risk Internal Audit Management Review Record Impact of ISMS Verification Implement Identified Improvement Take Corrective Action Apply Lessons Learned Communicate Results Execute ISMS Continuous Review Continuous Improvement Continuous Improvement ISO 27001 Implementation Process
- 7. The EU GeneralData Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared.
- 8. What is GDPR? 8 Definitionof Personal Data Principles of Processing Lawfulness of Processing Personal Data Conditions of Consent Rights of the Data Subject Data Breach Notifications Data Protection Officer
- 9. 9 What is “PersonalData” as Defined by GDPR? “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;” - Article 4, GDPR
- 11. • Privacy Shieldis an agreement between the EU and US allowing for the transfer of personal data from the EU to US. • The GDPR has specific requirements regarding the transfer of data out of the EU. • One of these requirements is that the transfer must only happen to countries deemed as having adequate data protection laws. • In general the EU does not list the US as one of the countries that meets this requirement. • Privacy Shield is designed to create an program whereby participating companies are deemed as having adequate protection, and therefore facilitate the transfer of information. • In short, Privacy Shield allows US companies, or EU companies working with US companies, to meet this requirement of the GDPR. What is the Privacy Shield? 11 What is the Privacy Shield?
- 12.
- 13. Assessment of PersonalData1 Implementation of Rights2 Verification3 PrivacyTrust Certification/Privacy Shield4 Ongoing Maintenance5
- 14. 14 Partnership withUK-based GDPR consulting firm Comprehensive data audit and assessment Partner/vendor GDPR compliance verification Assessment of Personal Data1
- 15. 15 Updated PrivacyPolicy and Terms of Service Updated cookie policy Explicit agreement to cookie and data collection on site and Partner/vendor GDPR compliance verification Implementation of Rights2
- 16. 16 Skyword TrackingTag • Pseudonymization • Anonymization • Exclusion Database Encryption Data retention Verification3
- 17. 17 Application submittedand pending final approval Will display shield on our web site and platform PrivacyTrust Certification/Privacy Shield4
- 18. 18 Established DataProtection Officer Developed process for privacy inquiries Requiring GDPR compliance in all upcoming vendor contracts Strict adherence to privacy and security policies Ongoing Maintenance5
- 19.
Editor's Notes
- #8 A series of laws that were approved by the EU Parliament in 2016 These laws will come into affect on May 25th 2018 GDPR is an initiative by the EU to bring data protection legislation into line with new ways that data is now used New regulations will give users great control over their data, including the ability to export it, withdraw consent, and request access to it. It will affect any company that does business with Europe, whether they are based in the EU or not Fines can be the greater of €20 million, or four percent of annual worldwide turnover
- #15 The bullet points appear correct in PPT but not in Google Slides. I just want to ensure that they will show up correctly in the final presentation.
- #17 Database encryption: Comes at two levels – the entire database is encrypted. Data elements that include particularly sensitive information (such as taxpayer ID) are additionally encrypted at the column level. Passwords are stored in such a way that even Skyword personnel cannot recover them. Data retention: Though the Skyword tracking tag has been updated to not log PII (perhaps that discussion should come before data retention), we will only retain detailed tracking information for 7 days (6 months for SPR data). We are working on automated data retention policies for contributor data – but in the interim we will honor removal requests insofar as we can “Elimination”: Perhaps “exclusion” is a better word? Pseudonymization, which already masks PII, is our default behavior. Anonymization is offered at customer request for further protection. Exclusion is by the end user’s request