In this Story, we follow Sophie in her life and job. In her new job, she meets Marco, who chose Microsoft Solutions to be as compliant as possible with GDPR.
If you want to hear the story behind the slides, feel free to get in touch via www.thedataprotectionoffice.eu
3. • Pre-war
• 1950 - European Declaration of Rights
• 1995 – Privacy directives
• In between – plenty of local laws and agreements
• May 2016 – General Data Protection Regulation
• Grace period
• May 2018 – law
history
7. Personal data
Sensitive data
Data Subject
Data Controller
Data Processor
Consent
Privacy by Design
Data Protection Officer
Data Protection Authority
Right to Access
Right to be forgotten
Retention
Vocabulary &
concepts
8. • Collect, input, order, store, modify, change, request, consult, use,
pass on, bring together, relate, protect, delete, destroy
• With or without human intervention
• SSO via twitter, google, FB
• Sync devices
• Workflows
• Automated processes
• Sub contractors
• …
Processing =
9. 6 principles to
remember
1. Requiring transparency on the handling and
use of personal data.
2. Limiting personal data processing to
specified, legitimate purposes.
3. Limiting personal data collection and storage
to intended purposes.
4. Enabling individuals to correct or request
deletion of their personal data.
5. Limiting the storage of personally identifiable
data for only as long as necessary for its
intended purpose.
6. Ensuring personal data is protected using
appropriate security practices
10. Keep it safe and
controlled
Personal data :
1 what is the origin?
2 where is it stored?
3 how is it processed?
5. Where does it travel to?
6. Who has access?
11. HR dept Sales reps Marketing Accounting …
S
source
I
information
P
process
O
output
C
customer
12. Discover:
Identify what personal data you have and
where it resides
In-scope:
Any data that helps you
identify a person
• Name
• Email address
• Social media posts
• Physical,
physiological, or
genetic information
• Medical information
• Location
• Bank details
• IP address
• Cookies
• Cultural identity
Inventory:
Identifying where
personal data is
collected and stored
• Emails
• Documents
• Databases
• Removable media
• Metadata
• Log files
• Backups
Microsoft Azure
Microsoft Azure Data Catalog
Enterprise Mobility + Security (EMS)
Microsoft Cloud App Security
Dynamics 365
Audit Data & User Activity
Reporting & Analytics
Office & Office 365
Data Loss Prevention
Advanced Data Governance
Advanced Security Management
Office 365 eDiscovery
SQL Server and Azure SQL Database
SQL Query Language
Windows & Windows Server
Windows Search
Example solutions
13. Sophie applies for a job
in your company
• How much & what data?
• Selection tests
• Consent
• How long can I store CV’s?
• Right to be forgotten
• CAO’s on privacy (81,68,…)
• Contract amendments
25. Centralizing in the cloud
US challenges
Safe Harbour
Privacy Shield
Contractual engagements
26.
27. 1 version of the truth
GDPR compliant Cloud Partner*
Microsoft Office 365
Microsoft Azure
Microsoft Dynamics 365
Microsoft EM+S
Commitment by May 2018
28.
29.
30.
31. Sophie at her desk
- ID management
- Sources
- Devices
- Data
47. 87
13
I take docs I made
yes no
28
72
I take company data
yes no
88% strategy docs
31% customer data
25% IP
When I leave the company
47
84
37 32
0
20
40
60
80
100
Personal
mail
Ext HD Prints Dropbox
like
How ?
I take docs I made
54. GDPR
1. Why?
Align EU privacy laws
2. Who is concerned?
Organisations dealing with EU citizens data
3. Impact?
Be very vigilant
4. How can you be compliant?
Optimize your end-to-end personal data handling
5. What to do?
Visit www.thedataprotectionoffice.eu and closely collaborate with your IT partner
6. Where and when is it happening?
Everywhere in the world EU citizens data is handled, May 2018
56. Hans Demeyer
Supplier of Optimism & Inspiration
Linkedin/in/hansdemeyer
Twitter : suppl_of_optim
Facebook.com/mroptimism
www.thedataprotectionoffice.eu
About the author