SlideShare a Scribd company logo

Security Beyond Compliance: Using Tokenisation for Data Protection by Design and by Default

Download as PPTX, PDF
TokenEx
TokenEx

At PCI London 2018, TokenEx Solutions Architect John Noltensmeyer presented modern strategies and methodologies for using cloud-based tokenisation and pseudonymization to ease GDPR burdens. For more information visit www.tokenex.com or contact sales@tokenex.com.

Data & Analytics
1 of 15
PCI London 05 July 2018 John Noltensmeyer Head of Privacy & Compliance Solutions TokenEx
INT RO DUCT ION Security Beyond Compliance Using Tokenisation for Data Protection by Design and by Default
SET T ING T HE STAG E Compliance Climate Compliance Challenges Data-Centric Strategies Data Protection Technologies Cloud-Based Versus On-Premise Solutions Tokenisation Implementation Tokenisation for Pseudonymisation
G LO BAL CO MPLIANCE CLIMAT E
CO MPLIANCE CHALLENG ES Rationalizing Data Protection Requirements
DATA - CENT RIC ST RAT EG Y DATA APPLICATION SYSTEM NETWORK INTERNET • Traditional perimeter strategies for data security do not work. The focus is on the wrong assets. • Focus on reducing risk to data first. • When data is not present, desensitised, or otherwise de-identified, a data-centric strategy can be considered successful.
DATA PRO T ECT IO N T ECHNO LO G IES Minimisation Tokenisation/Pseudonymisation Data Hashing/Masking Encryption DataUtility Data Protection Max Utility Min Utility Min Protection Max Protection
BENEF IT S O F TO KENISAT IO N • PCI scope reduction • GDPR compliance • Risk reduction – sensitive data removed • Facilitates use of de-identified data in business systems • Support for multiple data sets • Protection for data in transit and at rest • No key management • Mathematically unrelated to original data • Multi-use tokens • Single-use tokens • Format preserving tokens • Custom token formats
CLO UD - BASED VERSUS O N - PREMISE SO LUT IO NS On Premise Tokenisation • Limited PCI DSS scope reduction - must maintain a CDE • Higher risk – sensitive data still resident in environment • Personnel and hardware costs Cloud-Based Tokenisation • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance CDE
TO KENISAT IO N IMPLEMENTAT IO N • Identify organisational compliance obligations • Identify all sensitive data sets • Catalog associated systems and data acceptance channels • Perform a risk analysis • Consider all sensitive data transfers to 3rd parties (secondary use) • Map the data across the organisation Implementation Roadmap
TO KENISAT IO N F O R PSEUDO NYMISAT IO N Pseudonymisation Under the GDPR • Article 4 – Definitions - processing personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately • Article 25 – Data protection by design and by default - "the controller shall...implement appropriate technical and organisational measures, such as pseudonymisation" • Article 32 – Security of processing – “implement appropriate technical and organisational measures” including pseudonymisation”
TO KENISAT IO N F O R PSEUDO NYMISAT IO N Benefits of Pseudonymisation • Recital 29 – “incentives to apply pseudonymisation” • Article 6 – Lawfulness of processing - in order to ascertain whether processing for another purpose [besides consent] is compatible with the purpose for which the personal data are initially collected, take into account, inter alia...the existence of appropriate safeguards, which may include encryption or pseudonymisation. • Article 33 - Notification of a personal data breach to the supervisory authority – “In the case of a personal data breach…notify the personal data breach to the supervisory…unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.”
CHARACT ERIST ICS O F AN IDEAL SO LUT IO N • Supports all data sets • Completely removes sensitive data from your environment • Maximizes compliance scope reduction • Supports your acceptance channels • Supports “business as usual “ processes • Supports sharing data with 3rd parties
CUSTO MER SUCCESS: T HE O RVIS CO MPANY Customer Profile • Multi-Channel Retailer • UK – 18 Retail • US – 69 Retail, 10 Outlet • 500 Dealers Worldwide Landscape • Payment Card Data (PCI) • Privacy Data (GDPR/PII) • Europay, Mastercard, and Visa (EMV) • CNP Fraud Prevention Environment • Omni-Channel Retailer • Multiple Data Sets • Multiple Vendor/Partners • Employees in both UK/US • Multiple Facilities Lessons Learned • Understood Compliance/Control Landscape • Engaged Professionals/Experts Early & Often • Developed Long-Term Compliance/Fraud Strategy • Prioritised Technology Deployment • Phased Tokenisation Implementation
THANK YOU!

Recommended

Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
Lasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloudLasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloudukriders
 
Continuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityContinuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityTokenEx
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution Google
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor WebinarEthisphere
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
 

Recommended

Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
Lasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloudLasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloudukriders
 
Continuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityContinuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityTokenEx
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution Google
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor WebinarEthisphere
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
 
GDPR 101
GDPR 101GDPR 101
GDPR 101Mafazo: Digital Solutions
 
Basic principles to information privacy in data mining & data warehouse
Basic principles to information privacy in data mining & data warehouseBasic principles to information privacy in data mining & data warehouse
Basic principles to information privacy in data mining & data warehousePuja Dhakal
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoGiulio Coraggio
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Annoyance to Annihilation: Assessing Privacy Risk
Annoyance to Annihilation: Assessing Privacy RiskAnnoyance to Annihilation: Assessing Privacy Risk
Annoyance to Annihilation: Assessing Privacy RiskProtecture Ltd
 
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...FutureTDM
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information securityJisc
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?Jatin Kochhar
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life CycleJatin Kochhar
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Databoldonjames
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Praveenkumar Hosangadi
 
SPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud DeutschlandSPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud DeutschlandNCCOMMS
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?Chris Bullock
 
GDPR Open Panel
GDPR Open PanelGDPR Open Panel
GDPR Open PanelAvaelgo
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRHans Demeyer
 
Best Practices for PCI Scope Reduction - TokenEx & Kyte
Best Practices for PCI Scope Reduction - TokenEx & KyteBest Practices for PCI Scope Reduction - TokenEx & Kyte
Best Practices for PCI Scope Reduction - TokenEx & KyteTokenEx
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataUlf Mattsson
 

More Related Content

What's hot

Basic principles to information privacy in data mining & data warehouse
Basic principles to information privacy in data mining & data warehouseBasic principles to information privacy in data mining & data warehouse
Basic principles to information privacy in data mining & data warehousePuja Dhakal
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoGiulio Coraggio
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Annoyance to Annihilation: Assessing Privacy Risk
Annoyance to Annihilation: Assessing Privacy RiskAnnoyance to Annihilation: Assessing Privacy Risk
Annoyance to Annihilation: Assessing Privacy RiskProtecture Ltd
 
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...FutureTDM
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information securityJisc
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?Jatin Kochhar
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life CycleJatin Kochhar
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Databoldonjames
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Praveenkumar Hosangadi
 
SPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud DeutschlandSPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud DeutschlandNCCOMMS
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?Chris Bullock
 
GDPR Open Panel
GDPR Open PanelGDPR Open Panel
GDPR Open PanelAvaelgo
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRHans Demeyer
 

What's hot (20)

GDPR 101
GDPR 101GDPR 101
GDPR 101
 
Basic principles to information privacy in data mining & data warehouse
Basic principles to information privacy in data mining & data warehouseBasic principles to information privacy in data mining & data warehouse
Basic principles to information privacy in data mining & data warehouse
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeo
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Annoyance to Annihilation: Assessing Privacy Risk
Annoyance to Annihilation: Assessing Privacy RiskAnnoyance to Annihilation: Assessing Privacy Risk
Annoyance to Annihilation: Assessing Privacy Risk
 
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information security
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life Cycle
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Data
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
 
SPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud DeutschlandSPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud Deutschland
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?
 
GDPR Open Panel
GDPR Open PanelGDPR Open Panel
GDPR Open Panel
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPR
 

Similar to Security Beyond Compliance: Using Tokenisation for Data Protection by Design and by Default

Best Practices for PCI Scope Reduction - TokenEx & Kyte
Best Practices for PCI Scope Reduction - TokenEx & KyteBest Practices for PCI Scope Reduction - TokenEx & Kyte
Best Practices for PCI Scope Reduction - TokenEx & KyteTokenEx
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataUlf Mattsson
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR ComplianceGabor Farkas
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
 
Isaca how innovation can bridge the gap between privacy and regulations
Isaca how innovation can bridge the gap between privacy and regulationsIsaca how innovation can bridge the gap between privacy and regulations
Isaca how innovation can bridge the gap between privacy and regulationsUlf Mattsson
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...Ulf Mattsson
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 

Similar to Security Beyond Compliance: Using Tokenisation for Data Protection by Design and by Default (20)

Best Practices for PCI Scope Reduction - TokenEx & Kyte
Best Practices for PCI Scope Reduction - TokenEx & KyteBest Practices for PCI Scope Reduction - TokenEx & Kyte
Best Practices for PCI Scope Reduction - TokenEx & Kyte
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big data
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
GDPR - CISO Perspective
GDPR - CISO PerspectiveGDPR - CISO Perspective
GDPR - CISO Perspective
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
 
Isaca how innovation can bridge the gap between privacy and regulations
Isaca how innovation can bridge the gap between privacy and regulationsIsaca how innovation can bridge the gap between privacy and regulations
Isaca how innovation can bridge the gap between privacy and regulations
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
 
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
Infragard atlanta ulf mattsson - cloud security - regulations and data prot...
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 

Recently uploaded

04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationshipsccctableauusergroup
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiSuhani Kapoor
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxolyaivanovalion
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxfirstjob4
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceSapana Sha
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfLars Albertsson
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysismanisha194592
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 

Recently uploaded (20)

04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptx
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdf
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptxE-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
 

Security Beyond Compliance: Using Tokenisation for Data Protection by Design and by Default

  • 1. PCI London 05 July 2018 John Noltensmeyer Head of Privacy & Compliance Solutions TokenEx
  • 2. INT RO DUCT ION Security Beyond Compliance Using Tokenisation for Data Protection by Design and by Default
  • 3. SET T ING T HE STAG E Compliance Climate Compliance Challenges Data-Centric Strategies Data Protection Technologies Cloud-Based Versus On-Premise Solutions Tokenisation Implementation Tokenisation for Pseudonymisation
  • 4. G LO BAL CO MPLIANCE CLIMAT E
  • 5. CO MPLIANCE CHALLENG ES Rationalizing Data Protection Requirements
  • 6. DATA - CENT RIC ST RAT EG Y DATA APPLICATION SYSTEM NETWORK INTERNET • Traditional perimeter strategies for data security do not work. The focus is on the wrong assets. • Focus on reducing risk to data first. • When data is not present, desensitised, or otherwise de-identified, a data-centric strategy can be considered successful.
  • 7. DATA PRO T ECT IO N T ECHNO LO G IES Minimisation Tokenisation/Pseudonymisation Data Hashing/Masking Encryption DataUtility Data Protection Max Utility Min Utility Min Protection Max Protection
  • 8. BENEF IT S O F TO KENISAT IO N • PCI scope reduction • GDPR compliance • Risk reduction – sensitive data removed • Facilitates use of de-identified data in business systems • Support for multiple data sets • Protection for data in transit and at rest • No key management • Mathematically unrelated to original data • Multi-use tokens • Single-use tokens • Format preserving tokens • Custom token formats
  • 9. CLO UD - BASED VERSUS O N - PREMISE SO LUT IO NS On Premise Tokenisation • Limited PCI DSS scope reduction - must maintain a CDE • Higher risk – sensitive data still resident in environment • Personnel and hardware costs Cloud-Based Tokenisation • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance CDE
  • 10. TO KENISAT IO N IMPLEMENTAT IO N • Identify organisational compliance obligations • Identify all sensitive data sets • Catalog associated systems and data acceptance channels • Perform a risk analysis • Consider all sensitive data transfers to 3rd parties (secondary use) • Map the data across the organisation Implementation Roadmap
  • 11. TO KENISAT IO N F O R PSEUDO NYMISAT IO N Pseudonymisation Under the GDPR • Article 4 – Definitions - processing personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately • Article 25 – Data protection by design and by default - "the controller shall...implement appropriate technical and organisational measures, such as pseudonymisation" • Article 32 – Security of processing – “implement appropriate technical and organisational measures” including pseudonymisation”
  • 12. TO KENISAT IO N F O R PSEUDO NYMISAT IO N Benefits of Pseudonymisation • Recital 29 – “incentives to apply pseudonymisation” • Article 6 – Lawfulness of processing - in order to ascertain whether processing for another purpose [besides consent] is compatible with the purpose for which the personal data are initially collected, take into account, inter alia...the existence of appropriate safeguards, which may include encryption or pseudonymisation. • Article 33 - Notification of a personal data breach to the supervisory authority – “In the case of a personal data breach…notify the personal data breach to the supervisory…unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.”
  • 13. CHARACT ERIST ICS O F AN IDEAL SO LUT IO N • Supports all data sets • Completely removes sensitive data from your environment • Maximizes compliance scope reduction • Supports your acceptance channels • Supports “business as usual “ processes • Supports sharing data with 3rd parties
  • 14. CUSTO MER SUCCESS: T HE O RVIS CO MPANY Customer Profile • Multi-Channel Retailer • UK – 18 Retail • US – 69 Retail, 10 Outlet • 500 Dealers Worldwide Landscape • Payment Card Data (PCI) • Privacy Data (GDPR/PII) • Europay, Mastercard, and Visa (EMV) • CNP Fraud Prevention Environment • Omni-Channel Retailer • Multiple Data Sets • Multiple Vendor/Partners • Employees in both UK/US • Multiple Facilities Lessons Learned • Understood Compliance/Control Landscape • Engaged Professionals/Experts Early & Often • Developed Long-Term Compliance/Fraud Strategy • Prioritised Technology Deployment • Phased Tokenisation Implementation