SlideShare a Scribd company logo

Privacy & Data Protection

Download as PPTX, PDF
S
sp_krishna

(ISC)2 Bangalore Chapter - Annual Conference

Law
1 of 17
The Road Ahead: Practical Implications & Best Practices PRIVACY & DATA PROTECTION  Phani Krishna, CISA, CISM, CISSP, CAIIB...Head of IT Audit, Essentra Plc. Disclaimer: The views, opinions, findings, and conclusions or recommendations expressed in this presentation are strictly those of the presenter and are for information purposes only. They do not necessarily reflect the views of Essentra or the other organizations served by the presenter. Essentra or the other organizations served, take no responsibility for any errors or omissions in, or for the correctness of, the information contained in this presentation. ‘Privacy’, a noun: “A state in which one is not observed or disturbed by other people” or “The state of being free from public attention”
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Privacy & Data Protection Data/ Information Privacy Security Legal Compliance ‘Privacy’ of a natural living person is the state of not being observed or disturbed without their explicit consent to do so.
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
PII & Scope http://www.usan.com/uncategorized/understanding-pii-personally-identifiable-information-in-the-contact-center/ Any information that can identify a natural person directly, indirectly or when combined with other available information The Seven Dimensions PRIVACY OF DATA AND IMAGE (INFORMATION) PRIVACY OF BEHAVIOR AND ACTION PRIVACY OF COMMUNICATION PRIVACY OF ASSOCIATION PRIVACY OF THOUGHTS AND FEELINGS PRIVACY OF LOCATION AND SPACE (TERRITORIAL) PRIVACY OF PERSON
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Data protection Law & Regulation Forrester’s 2016 Data Protection Heat Map- Countries are continuing to move toward the Europe standard for data protection (from 1 June 2017) Failure to report leakage, damage or loss of personal data Disclosure of personal information in breach of a lawful contract or without consent Serious or repeated breach of the Australian Privacy Principles Privacy Directives / EU GDPR Privacy Shield Industry specific such as HIPAA / Privacy act 1974 • 1980 OECD guidelines on the Protection of Privacy and Trans border flows of Personal Data (updated 2013) Only recommended to member countries • Global Privacy Enforcement Network (GPEN)
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Privacy objectives of General Data Protection Regulation (GDPR) 1 Protect the Privacy rights 2 Uniform regulation across EU 3 Define(widen) the scope of PII 4 Uniform cross boarder data transfers 5 Address the online data privacy concerns 6 Facilitate the economic activities with uniform privacy requirements 7 Harmonize the regulatory oversight
Rights of Data Subjects Data Subject - Right to privacy Know the Why? How? Where? Till when? etc. Request information through a defined method Request to rectify/ modify Object transfer or processing Right to be forgotten Data portability without hindrance where feasible Object the automated decision making including profiling
Organizational Requirements • Legitimate, specified & explicit consentCollection • Adequate, relevant and limitedData • Lawful, transparent & fairProcess • Accurate & up to dateQuality • As consented & necessaryRetention • Protect - State of the ArtSecure • Controllers & Processors – Civil & Criminal LiabilitiesAccountability • Detect, Contain & Notify – Administrative FinesBreach • One stop Data Protection Authority for EU businessOne Stop
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Assessment Data Assessment Framework Gap Assessment Privacy Impact Assessment Business Impact Assessment Risk Assessment
Framework & Controls ENTERPRISE GOVERNANCE Privacy Governance Privacy Policies & Procedures Privacy Risk Management Awareness Privacy Program Management Training Privacy Operations Support Planning & Selection Projects & Controls Monitor & Reporting Audit & Review Requireme nts RightsLogging BreachAssess MitigateMeasure Review
GDPR Compliance Best practices E N T E R P R I S E G R C F R A M E W O R K Assessment Framework & Controls Privacy by design – Data Minimization Data Quality & Rights Management Data Protection Officer Encryption & IT Security best practices Cross Border Data transfer Certification Logging & Monitoring
Discussion

Recommended

Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 

Recommended

Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Data protection
Data protectionData protection
Data protectionRaviPrashant5
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataOpenAIRE
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection PresentationIBM Business Insight
 
GDPR
GDPRGDPR
GDPRGopi PD
 
Data security
Data securityData security
Data securityForeSolutions
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data miningharithavijay94
 

More Related Content

What's hot

General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataOpenAIRE
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 

What's hot (20)

General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Data protection
Data protectionData protection
Data protection
 
Data security
Data securityData security
Data security
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive data
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
 
GDPR
GDPRGDPR
GDPR
 
Data security
Data securityData security
Data security
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 

Viewers also liked

Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data miningharithavijay94
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelData Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelDATAVERSITY
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Cédric Laurant
 
Personal data protection in the EU
Personal data protection in the EUPersonal data protection in the EU
Personal data protection in the EUArete-Zoe, LLC
 
Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Tore Hoel
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
THE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIERTHE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIERBig Data Week
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533Hubbamar
 
Group 4 discussion leading
Group 4 discussion leadingGroup 4 discussion leading
Group 4 discussion leadingHsuan-Ting Chen
 
Simplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive SolutionsSimplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive SolutionsBart Knijnenburg
 

Viewers also liked (20)

Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelData Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...
 
Personal data protection in the EU
Personal data protection in the EUPersonal data protection in the EU
Personal data protection in the EU
 
Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Understanding Your Business
Understanding Your BusinessUnderstanding Your Business
Understanding Your Business
 
THE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIERTHE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIER
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
DATA PRIVACY
DATA PRIVACYDATA PRIVACY
DATA PRIVACY
 
International Data Privacy Day 2017
International Data Privacy Day 2017International Data Privacy Day 2017
International Data Privacy Day 2017
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud Services
 
Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533
 
Group 4 discussion leading
Group 4 discussion leadingGroup 4 discussion leading
Group 4 discussion leading
 
Simplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive SolutionsSimplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
 
Levensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheid
Levensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheidLevensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheid
Levensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheid
 

Similar to Privacy & Data Protection

(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data PrivacyPriyanka Aash
 
Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Michel Bitter
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1rtjbond
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
Le soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRLe soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRJürgen Ambrosi
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
Riot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPRRiot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPRDave Bowden
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR PolicyLen Murphy
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protectionmeritnorthwest
 
GDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to FollowGDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to Followetouches
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfmakaylaklenke
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
General data protection
General data protectionGeneral data protection
General data protectionBrijeshR3
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliantSiddharth Ram Dinesh
 

Similar to Privacy & Data Protection (20)

(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
 
Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Information Privacy?! (GDPR)
Information Privacy?! (GDPR)
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
Le soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRLe soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPR
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization
 
Riot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPRRiot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPR
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR Policy
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protection
 
GDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to FollowGDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to Follow
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdf
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
General data protection
General data protectionGeneral data protection
General data protection
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
 

Recently uploaded

如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书SD DS
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesHome Tax Saver
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书srst S
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书FS LS
 
Difference between LLP, Partnership, and Company
Difference between LLP, Partnership, and CompanyDifference between LLP, Partnership, and Company
Difference between LLP, Partnership, and Companyaneesashraf6
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书FS LS
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》o8wvnojp
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxKUHANARASARATNAM1
 
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一jr6r07mb
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxsrikarna235
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书Fir sss
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfDrNiteshSaraswat
 

Recently uploaded (20)

如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax Rates
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
 
Difference between LLP, Partnership, and Company
Difference between LLP, Partnership, and CompanyDifference between LLP, Partnership, and Company
Difference between LLP, Partnership, and Company
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
 
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdf
 

Privacy & Data Protection

  • 1. The Road Ahead: Practical Implications & Best Practices PRIVACY & DATA PROTECTION  Phani Krishna, CISA, CISM, CISSP, CAIIB...Head of IT Audit, Essentra Plc. Disclaimer: The views, opinions, findings, and conclusions or recommendations expressed in this presentation are strictly those of the presenter and are for information purposes only. They do not necessarily reflect the views of Essentra or the other organizations served by the presenter. Essentra or the other organizations served, take no responsibility for any errors or omissions in, or for the correctness of, the information contained in this presentation. ‘Privacy’, a noun: “A state in which one is not observed or disturbed by other people” or “The state of being free from public attention”
  • 2. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 3. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 4. Privacy & Data Protection Data/ Information Privacy Security Legal Compliance ‘Privacy’ of a natural living person is the state of not being observed or disturbed without their explicit consent to do so.
  • 5. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 6. PII & Scope http://www.usan.com/uncategorized/understanding-pii-personally-identifiable-information-in-the-contact-center/ Any information that can identify a natural person directly, indirectly or when combined with other available information The Seven Dimensions PRIVACY OF DATA AND IMAGE (INFORMATION) PRIVACY OF BEHAVIOR AND ACTION PRIVACY OF COMMUNICATION PRIVACY OF ASSOCIATION PRIVACY OF THOUGHTS AND FEELINGS PRIVACY OF LOCATION AND SPACE (TERRITORIAL) PRIVACY OF PERSON
  • 7. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 8. Data protection Law & Regulation Forrester’s 2016 Data Protection Heat Map- Countries are continuing to move toward the Europe standard for data protection (from 1 June 2017) Failure to report leakage, damage or loss of personal data Disclosure of personal information in breach of a lawful contract or without consent Serious or repeated breach of the Australian Privacy Principles Privacy Directives / EU GDPR Privacy Shield Industry specific such as HIPAA / Privacy act 1974 • 1980 OECD guidelines on the Protection of Privacy and Trans border flows of Personal Data (updated 2013) Only recommended to member countries • Global Privacy Enforcement Network (GPEN)
  • 9. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 10. Privacy objectives of General Data Protection Regulation (GDPR) 1 Protect the Privacy rights 2 Uniform regulation across EU 3 Define(widen) the scope of PII 4 Uniform cross boarder data transfers 5 Address the online data privacy concerns 6 Facilitate the economic activities with uniform privacy requirements 7 Harmonize the regulatory oversight
  • 11. Rights of Data Subjects Data Subject - Right to privacy Know the Why? How? Where? Till when? etc. Request information through a defined method Request to rectify/ modify Object transfer or processing Right to be forgotten Data portability without hindrance where feasible Object the automated decision making including profiling
  • 12. Organizational Requirements • Legitimate, specified & explicit consentCollection • Adequate, relevant and limitedData • Lawful, transparent & fairProcess • Accurate & up to dateQuality • As consented & necessaryRetention • Protect - State of the ArtSecure • Controllers & Processors – Civil & Criminal LiabilitiesAccountability • Detect, Contain & Notify – Administrative FinesBreach • One stop Data Protection Authority for EU businessOne Stop
  • 13. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 15. Framework & Controls ENTERPRISE GOVERNANCE Privacy Governance Privacy Policies & Procedures Privacy Risk Management Awareness Privacy Program Management Training Privacy Operations Support Planning & Selection Projects & Controls Monitor & Reporting Audit & Review Requireme nts RightsLogging BreachAssess MitigateMeasure Review
  • 16. GDPR Compliance Best practices E N T E R P R I S E G R C F R A M E W O R K Assessment Framework & Controls Privacy by design – Data Minimization Data Quality & Rights Management Data Protection Officer Encryption & IT Security best practices Cross Border Data transfer Certification Logging & Monitoring