The Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25 May 2018. You should start preparing now for changes that GDPR will require to your current policies and procedures. This presentation is an overview of what it is about.
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Addressing penetration testing and vulnerabilities, and adding verification m...IT Governance Ltd
This webinar will cover the best practices for penetration testing and vulnerability assessments, and how to use staff training to create a strong information security management system that address people, processes and technology.
You will learn about:
- Conducting penetration testing
- Vulnerability assessments and monitoring
- The need to provide employees with training and monitoring controls
A recording of the webinar can be found here:
https://www.youtube.com/watch?v=gsFmP34K8z0
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...IT Governance Ltd
This PowerPoint covers:
-An overview of the regulatory landscape
-Subject matter, material and territorial scope
-Remedies, liabilities and penalties
-Personal data breaches under the GDPR
-The NIS Directive
-Operators of essential services
-Digital service providers
-GDPR vs NIS Directive
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
These slides will cover:
-A brief overview of the Regulation and its impact
-The rights of data subjects and rights related to automated decision making and profiling.
-The international transfer of data and appropriate safeguards.
-The derogations from general prohibition of data transfers outside the European Union.
-The requirements that govern one-off and infrequent transfers of personal data.
-The role of the supervisory authority in international transfers.
New Security Legislation & Its Implications for OSS Management Jerika Phelps
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
The GDPR and its requirements for implementing data protection impact assessm...IT Governance Ltd
This webinar covers:
-The GDPR’s impact and the benefits of conducting a DPIA
-The legal requirements for a DPIA under the GDPR
-High-risk DPIAs and prior consultation with the supervisory authority
-DPIAs and their links to an organisation’s risk management framework
-The practical steps to conduct a DPIA
You can watch the webinar here https://www.youtube.com/watch?v=fm9Ysg4LUQg&t=640s
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Addressing penetration testing and vulnerabilities, and adding verification m...IT Governance Ltd
This webinar will cover the best practices for penetration testing and vulnerability assessments, and how to use staff training to create a strong information security management system that address people, processes and technology.
You will learn about:
- Conducting penetration testing
- Vulnerability assessments and monitoring
- The need to provide employees with training and monitoring controls
A recording of the webinar can be found here:
https://www.youtube.com/watch?v=gsFmP34K8z0
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...IT Governance Ltd
This PowerPoint covers:
-An overview of the regulatory landscape
-Subject matter, material and territorial scope
-Remedies, liabilities and penalties
-Personal data breaches under the GDPR
-The NIS Directive
-Operators of essential services
-Digital service providers
-GDPR vs NIS Directive
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
These slides will cover:
-A brief overview of the Regulation and its impact
-The rights of data subjects and rights related to automated decision making and profiling.
-The international transfer of data and appropriate safeguards.
-The derogations from general prohibition of data transfers outside the European Union.
-The requirements that govern one-off and infrequent transfers of personal data.
-The role of the supervisory authority in international transfers.
New Security Legislation & Its Implications for OSS Management Jerika Phelps
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
The GDPR and its requirements for implementing data protection impact assessm...IT Governance Ltd
This webinar covers:
-The GDPR’s impact and the benefits of conducting a DPIA
-The legal requirements for a DPIA under the GDPR
-High-risk DPIAs and prior consultation with the supervisory authority
-DPIAs and their links to an organisation’s risk management framework
-The practical steps to conduct a DPIA
You can watch the webinar here https://www.youtube.com/watch?v=fm9Ysg4LUQg&t=640s
The GDPR’s impact on your business and preparing for complianceIT Governance Ltd
These slides will cover:
-An overview of the regulatory landscape and territorial scope
-Principles of the EU GDPR
-Breach notification rules
-Data subject rights
-Changes to consent
-Processor liabilities
-Role of the Data Protection Officer
-International transfers
-Regulators and pan-European consistency
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
Digital forensics is the use of analytical and investigative techniques to identify, collect, examine and report on digital evidence or information. Digital evidence can provide valuable insights during investigations of theft of intellectual property involving multi-party collusion and the misappropriation of organizational assets and resources.
During this session participants will learn various methods of mitigating the “insider threats” to an organization’s digital data and methods of investigating digital evidence contained on computer and mobile systems during internal investigations.
Main points covered:
• Learn how to mitigate and investigate the theft of Intellectual Property from your company by adding digital forensic components into your Risk Management and Compliance programs.
• Learn and understand how Digital Forensics can augment your internal investigations.
• Learn where you and your organization fit into the Digital Forensic workflow, and when to call for help.
Presenter:
Our presenter for this webinar, Ryan Duquette is a seasoned digital forensic examiner with many years of experience in law enforcement and the private sector. He took his zest for “focusing on the facts” from his days in Law Enforcement and founded Hexigent Consulting, a firm focusing on digital investigations, cyber security consulting services and litigation support.
Ryan works closely with clients involved in workplace investigations and civil litigation matters including intellectual property theft, HR investigation and data breaches. During his days in Law Enforcement, he conducted digital investigations on a variety of criminal cases including homicide, child pornography, fraud, missing persons, and sexual assault cases.
He is a Sessional Lecturer at the University of Toronto teaching digital forensics, holds a Master of Science degree in Digital Forensics Management, and several digital forensics and fraud certifications.
Ryan is a Director for the Toronto chapter of the Association of Certified Fraud Examiners, has been qualified as an “expert witness” on numerous occasions, and is a frequent presenter at fraud, digital forensics, cybersecurity and investigative conferences worldwide.
Link of recorded webinar:
Everything you Need to Know about The Data Protection Officer Role HackerOne
Data privacy and security expert, Debra Farber, presents on the emerging role of the Data Protection Officer (DPO). When the EU's General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018, companies around the world who process the personal data of EU residents will be required by law to appoint an independent DPO who has specific responsibilities and data protection knowledge.
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
The adoption of laws protecting the data of individuals and consumers is becoming a driving force to push organizations to revisit their security around client and personal data. In addition, with the rise of government legislated personal data protection laws such as GDPR, individuals in other jurisdictions are now looking for better personal data protection. In this presentation, we will examine two US laws as well as the ISO/IEC 27001 standard and we will look at commonalities and differences between these three and how data security is driven from each.
The webinar will covered:
• An overview of the state of data security/privacy today
• Current trends driving adoption of stronger data protection standards/laws
• An overview of data protection in ISO/IEC 27001, CCPA, and the NYC Shield Act
• A comparison of ISO/IEC 27001, CCPA and the NYC Shield Act
• Lessons to be applied
Recorded webinar:
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
This webinar illustrates:
- The responsibility to appoint a CISO
- Application security program (internal and external) and review by the CISO
- Overview of the risk assessment policy and procedures
- Setting up a program specific to your organization's information systems and business operations
- Identifying cyber threats and how to incorporate controls
- Maintaining an audit trail to include detection and responses to cybersecurity events
- How ISO 27001 and vsRisk can provide the right tools to help you implement a successful program that meets compliance requirements
A recording of the webinar can be found here:
https://www.youtube.com/watch?v=URfAd2E37Eo
For more information visit https://www.brightpay.ie or https://www.thesaurus.ie
Given recent cyber-attacks, an updated security process is definitely required to protect the personal data that we manage. GDPR is not a new concept, it is simply a data protection process that is being upgraded to protect all individuals. Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data.
This webinar will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.
We will walk you through some important steps to achieve GDPR compliance by examining the following topics:
Agenda
What does GDPR mean for your payroll processing?
- Understanding GDPR
- The contract between accountants & clients
- Template Data Processor Agreement
- Proof of compliance
- Securely storing employee data
Payslips & GDPR Compliance
- Employee consent
- Emailing payslips
- Recommended self-service access
Breaching GDPR
- Data breach plan of action
- Non-compliance and penalties
BrightPay & GDPR
- BrightPay Connect - online self-service portal
- Enhanced security measures
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
Risk assessments and applying organisational controls for GDPR complianceIT Governance Ltd
This webinar covers:
-An overview of the General Data Protection Regulation (GDPR) and risk assessments.
-The process for risk management and industry best practice for risk treatment.
-The components of an internal control system and privacy -compliance framework.
-ISO 31000 principles and the risk management process.
You can find the webinar here https://www.youtube.com/watch?v=wInMDee7T78&t=154s
Privacy and the GDPR: How Cloud computing could be your failingIT Governance Ltd
This webinar covers:
- An overview of the GDPR
- Breach notification requirements under the GDPR and a showcase of recent data breaches and their costs
- Organisations' responsibilities when storing data in the Cloud, and the roles of controller and processor
- The outcome of subcontracting on Cloud service providers and notifications on activities in the Cloud
- The role and responsibilities of the Cloud adoption team
- ISO 27018 and implementing security controls for PII in the Cloud.
A recording of this webinar is available here:
https://www.youtube.com/watch?v=mcLPEEGqvr4
This webinar covers:
- An overview of the regulatory landscape and territorial scope
- Principles of the EU GDPR
- Breach notification rules
- Data subject rights
- Changes to consent
- Processor liabilities
- Role of the Data Protection Officer
A recording of this webinar is available here: https://www.youtube.com/watch?v=bEvXj2nhPd0
Impact of GDPR on Third Party and M&A SecurityEQS Group
GDPR impact has been dissected and examined to death - however, M&A activities, as well as third-party security posture, can be greatly affected as well, and this aspect has not been very often pursued. This session hopes to be useful for that.
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
Part 1 of this webinar series provided an overview of cybersecurity and explained the cyber risks and legislation affecting nonprofits. In part 2 of the series, Imran Ahmad of Miller Thomson, LLP returns to answer your questions on cybersecurity and to delve deeper into cybersecurity maintenance and best practices to avoid data breaches. This includes the implementation of measures to prevent data breaches in the pre-attack phase, to the implementation of security best practices in the event of a cyber attack or breach.
What you will learn:
· How to develop key cybersecurity-related documents;
· How to maintain an internal matrix of when to notify affected individuals;
· How to review contracts from a cybersecurity compliance perspective.
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
This webinar illustrates:
- An overview of the GDPR
- How an ISO 27001-aligned ISMS can support GDPR compliance
- The top risks that result in data breaches
- The benefits of implementing an ISMS
- The technical and organisational requirements to achieve GDPR compliance
- How to improve your overall information security in line with the GDPR’s requirements
A recording of the webinar can be found here: https://www.youtube.com/watch?v=s7XQwBQ6JMg
Presentation to Cyprus Computer Society Records Management event by Christoforos Christoforou, Risk and Strategic Planning Manager at Fileminders http://www.fileminders.com.cy/
Agenda:
1. Introduction to the General Data Protection Regulation (GDPR )
2.Data protection: Why all the fuss?
3. How does GDPR affect your business?
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
This webinar covers:
- An overview of the General Data Protection Regulation (GPDR) and the Data Security and Protection (DSP) Toolkit and their impact on the healthcare sector.
-Accountability frameworks that support GDPR compliance, and the role of senior management in ensuring compliance and cyber resilience is a strategic focus.
-Embedding data protection by design and by default, and a holistic approach to achieving a cyber resilient posture.
-The practical steps that healthcare organisations need to take when looking at GDPR compliance.
-The role of a robust staff awareness programme in supporting a culture of cyber resilience and compliance.
A recording of the webinar can be found here: https://www.youtube.com/watch?v=xFEkkkwAdl4
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
The GDPR’s impact on your business and preparing for complianceIT Governance Ltd
These slides will cover:
-An overview of the regulatory landscape and territorial scope
-Principles of the EU GDPR
-Breach notification rules
-Data subject rights
-Changes to consent
-Processor liabilities
-Role of the Data Protection Officer
-International transfers
-Regulators and pan-European consistency
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
Digital forensics is the use of analytical and investigative techniques to identify, collect, examine and report on digital evidence or information. Digital evidence can provide valuable insights during investigations of theft of intellectual property involving multi-party collusion and the misappropriation of organizational assets and resources.
During this session participants will learn various methods of mitigating the “insider threats” to an organization’s digital data and methods of investigating digital evidence contained on computer and mobile systems during internal investigations.
Main points covered:
• Learn how to mitigate and investigate the theft of Intellectual Property from your company by adding digital forensic components into your Risk Management and Compliance programs.
• Learn and understand how Digital Forensics can augment your internal investigations.
• Learn where you and your organization fit into the Digital Forensic workflow, and when to call for help.
Presenter:
Our presenter for this webinar, Ryan Duquette is a seasoned digital forensic examiner with many years of experience in law enforcement and the private sector. He took his zest for “focusing on the facts” from his days in Law Enforcement and founded Hexigent Consulting, a firm focusing on digital investigations, cyber security consulting services and litigation support.
Ryan works closely with clients involved in workplace investigations and civil litigation matters including intellectual property theft, HR investigation and data breaches. During his days in Law Enforcement, he conducted digital investigations on a variety of criminal cases including homicide, child pornography, fraud, missing persons, and sexual assault cases.
He is a Sessional Lecturer at the University of Toronto teaching digital forensics, holds a Master of Science degree in Digital Forensics Management, and several digital forensics and fraud certifications.
Ryan is a Director for the Toronto chapter of the Association of Certified Fraud Examiners, has been qualified as an “expert witness” on numerous occasions, and is a frequent presenter at fraud, digital forensics, cybersecurity and investigative conferences worldwide.
Link of recorded webinar:
Everything you Need to Know about The Data Protection Officer Role HackerOne
Data privacy and security expert, Debra Farber, presents on the emerging role of the Data Protection Officer (DPO). When the EU's General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018, companies around the world who process the personal data of EU residents will be required by law to appoint an independent DPO who has specific responsibilities and data protection knowledge.
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
The adoption of laws protecting the data of individuals and consumers is becoming a driving force to push organizations to revisit their security around client and personal data. In addition, with the rise of government legislated personal data protection laws such as GDPR, individuals in other jurisdictions are now looking for better personal data protection. In this presentation, we will examine two US laws as well as the ISO/IEC 27001 standard and we will look at commonalities and differences between these three and how data security is driven from each.
The webinar will covered:
• An overview of the state of data security/privacy today
• Current trends driving adoption of stronger data protection standards/laws
• An overview of data protection in ISO/IEC 27001, CCPA, and the NYC Shield Act
• A comparison of ISO/IEC 27001, CCPA and the NYC Shield Act
• Lessons to be applied
Recorded webinar:
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
This webinar illustrates:
- The responsibility to appoint a CISO
- Application security program (internal and external) and review by the CISO
- Overview of the risk assessment policy and procedures
- Setting up a program specific to your organization's information systems and business operations
- Identifying cyber threats and how to incorporate controls
- Maintaining an audit trail to include detection and responses to cybersecurity events
- How ISO 27001 and vsRisk can provide the right tools to help you implement a successful program that meets compliance requirements
A recording of the webinar can be found here:
https://www.youtube.com/watch?v=URfAd2E37Eo
For more information visit https://www.brightpay.ie or https://www.thesaurus.ie
Given recent cyber-attacks, an updated security process is definitely required to protect the personal data that we manage. GDPR is not a new concept, it is simply a data protection process that is being upgraded to protect all individuals. Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data.
This webinar will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.
We will walk you through some important steps to achieve GDPR compliance by examining the following topics:
Agenda
What does GDPR mean for your payroll processing?
- Understanding GDPR
- The contract between accountants & clients
- Template Data Processor Agreement
- Proof of compliance
- Securely storing employee data
Payslips & GDPR Compliance
- Employee consent
- Emailing payslips
- Recommended self-service access
Breaching GDPR
- Data breach plan of action
- Non-compliance and penalties
BrightPay & GDPR
- BrightPay Connect - online self-service portal
- Enhanced security measures
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
Risk assessments and applying organisational controls for GDPR complianceIT Governance Ltd
This webinar covers:
-An overview of the General Data Protection Regulation (GDPR) and risk assessments.
-The process for risk management and industry best practice for risk treatment.
-The components of an internal control system and privacy -compliance framework.
-ISO 31000 principles and the risk management process.
You can find the webinar here https://www.youtube.com/watch?v=wInMDee7T78&t=154s
Privacy and the GDPR: How Cloud computing could be your failingIT Governance Ltd
This webinar covers:
- An overview of the GDPR
- Breach notification requirements under the GDPR and a showcase of recent data breaches and their costs
- Organisations' responsibilities when storing data in the Cloud, and the roles of controller and processor
- The outcome of subcontracting on Cloud service providers and notifications on activities in the Cloud
- The role and responsibilities of the Cloud adoption team
- ISO 27018 and implementing security controls for PII in the Cloud.
A recording of this webinar is available here:
https://www.youtube.com/watch?v=mcLPEEGqvr4
This webinar covers:
- An overview of the regulatory landscape and territorial scope
- Principles of the EU GDPR
- Breach notification rules
- Data subject rights
- Changes to consent
- Processor liabilities
- Role of the Data Protection Officer
A recording of this webinar is available here: https://www.youtube.com/watch?v=bEvXj2nhPd0
Impact of GDPR on Third Party and M&A SecurityEQS Group
GDPR impact has been dissected and examined to death - however, M&A activities, as well as third-party security posture, can be greatly affected as well, and this aspect has not been very often pursued. This session hopes to be useful for that.
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
Part 1 of this webinar series provided an overview of cybersecurity and explained the cyber risks and legislation affecting nonprofits. In part 2 of the series, Imran Ahmad of Miller Thomson, LLP returns to answer your questions on cybersecurity and to delve deeper into cybersecurity maintenance and best practices to avoid data breaches. This includes the implementation of measures to prevent data breaches in the pre-attack phase, to the implementation of security best practices in the event of a cyber attack or breach.
What you will learn:
· How to develop key cybersecurity-related documents;
· How to maintain an internal matrix of when to notify affected individuals;
· How to review contracts from a cybersecurity compliance perspective.
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
This webinar illustrates:
- An overview of the GDPR
- How an ISO 27001-aligned ISMS can support GDPR compliance
- The top risks that result in data breaches
- The benefits of implementing an ISMS
- The technical and organisational requirements to achieve GDPR compliance
- How to improve your overall information security in line with the GDPR’s requirements
A recording of the webinar can be found here: https://www.youtube.com/watch?v=s7XQwBQ6JMg
Presentation to Cyprus Computer Society Records Management event by Christoforos Christoforou, Risk and Strategic Planning Manager at Fileminders http://www.fileminders.com.cy/
Agenda:
1. Introduction to the General Data Protection Regulation (GDPR )
2.Data protection: Why all the fuss?
3. How does GDPR affect your business?
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
This webinar covers:
- An overview of the General Data Protection Regulation (GPDR) and the Data Security and Protection (DSP) Toolkit and their impact on the healthcare sector.
-Accountability frameworks that support GDPR compliance, and the role of senior management in ensuring compliance and cyber resilience is a strategic focus.
-Embedding data protection by design and by default, and a holistic approach to achieving a cyber resilient posture.
-The practical steps that healthcare organisations need to take when looking at GDPR compliance.
-The role of a robust staff awareness programme in supporting a culture of cyber resilience and compliance.
A recording of the webinar can be found here: https://www.youtube.com/watch?v=xFEkkkwAdl4
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
Georgie Collins and Dan Hedley, Irwin Mitchell LLP presented, "Data breaches and the law, a practical guide" at Flight East 2018. For more information on Black Duck by Synopsys, please visit our website at www.blackducksoftware.com.
General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready? Is your organization prepared for the extensive privacy requirements GDPR puts forth for any organization handling EU Data Subjects' personal Data? At this point, organizations must have a complete inventory of personal data and have conducted a DPIA against it. A handful of supervisory authorities have issued compliance guidelines, but your organizations must be able to assess compliance with this ambiguous regulation at any time.
Many aspects of GDPR define the distinction between a data collector and a data processor, their respective responsibilities and compliance requirements. Those responsibilities will have an effect on the contracts you negotiate with third parties, the way in which you evaluate the risks involved with establishing a business relationship and the policies you develop to maintain compliance to the regulations.
Join this webinar to learn:
*More information about GDPR and what the industry is experiencing to date
*What minimum requirements you should have had in place by May 25, 2018
*What you should plan to do for the next 12-18 months if you are not completely ready
*What the SEC Privacy Shield program is and why you should self-certify
*How to continuously monitor vendor risk KPIs
CyNation: 7 Things You Should Know about EU GDPRIryna Chekanava
An overview of EU GDPR key characteristics, its origins and legal implications of non-compliance. It also provides the initial steps that an organisation needs to follow to operate in compliance with new cyber security regulatory landscape.
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
Dovetail Software (hr.dovetailsoftware.com) sponsors this informative and important webinar hosting experts Grant D. Petersen (ogletree.com/) and Estella Cohen (trustarc.com/) who shared information with HR practitioners and Organizations that need to be GDPR compliant by May 25, 2018.
Here's the link to view the recording: http://hr.dovetailsoftware.com/dsadmin/2018/01/31/hr-gdpr-preparing-2018-compliance/
Presentation to the Texas Bar CLE program on Contract Drafting, Review and Negotiation on December 5, 2017 in Austin, Texas, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
To become compliant with upcoming GDPR, organisations cannot rely solely on rules, these will protect against the known threats, while Machine Learning protects from the unknown.
Legal Issues Associated with Third-Party Cyber RiskShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered the presentation Legal Issues Associated with Third-Party Risk at the ISACA CSX 2017 North America conference in Washington, DC.
The Countdown is on: Key Things to Know About the GDPRCase IQ
The EU’s General Data Protection Regulation (GDPR) comes into effect on May 25th. This powerful legislation strengthens data privacy laws in Europe and has implications for companies all over the world that store, process or transfer the information of the EU’s citizens.
Failure to comply with the regulation can expose a company to fines based on global revenue and reputation damage, yet many companies are struggling to comply in time.
Join information security expert and CEO/Founder of AsTech Consulting, Greg Reber, as he walks participants through a plan for GDPR compliance.
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...ARMA International
While information governance has been a best practice in cybersecurity, outside of the Federal government and Sarbanes-Oxley financial reporting requirements, for the most part, regulations have not required information governance. That is rapidly changing. The New York Department of Financial Services new cybersecurity regulation has intensive information governance requirements that go beyond personal information. the European Global Data Protection Regulation also has significant information governance requirements. This session will discuss some of these regulatory requirements and where regulation is going in these areas.
Webcast title : GDPR: Protecting Your Data
Description : Find out why data protection and encryption is an essential component of preparing for your GDPR readiness process.
Specifically, we will cover:
What is considered "Personal Data" and why it needs to be "protected"
The Legal Aspects of Data Protection under GDPR.
The technical ways to protect/pseudonymization
In this Session you will learn from the leading experts:
- Ulf Mattsson: The father of database Encryption.
- Martyn Hope: The Co-Founder of the GDPR Institut.
- Mark Rasch: Former Chief Cybersecurity Evangelist at Verizon and led the DOJ's Cyber Crime Unit.
Presenter : Ulf Mattsson, Martyn Hope, Mark Rasch, David Morris
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
Remote sensing and monitoring are changing the mining industry for the better. These are providing innovative solutions to long-standing challenges. Those related to exploration, extraction, and overall environmental management by mining technology companies Odisha. These technologies make use of satellite imaging, aerial photography and sensors to collect data that might be inaccessible or from hazardous locations. With the use of this technology, mining operations are becoming increasingly efficient. Let us gain more insight into the key aspects associated with remote sensing and monitoring when it comes to mining.
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...PaulBryant58
This article provides a comprehensive guide on how to
effectively manage the convert Accpac to QuickBooks , with a particular focus on utilizing online accounting services to streamline the process.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
2. What is the GDPR?
• The EU General Data Protection Regulation (GDPR) replaces the
Data Protection Directive 95/46/EC and was designed to
harmonize data privacy laws across Europe, to protect and
empower all EU citizens data privacy and to reshape the way
organizations across the region approach data privacy.
• The primary objective of the GDPR is to protect all EU citizens from
privacy and data breaches in an increasingly data-driven world that
is vastly different from the time in which the 1995 directive was
established. Although the key principles of data privacy still hold
true to the previous directive, many changes have been proposed
to the regulatory policies; the key points of the GDPR as well as
information on the impacts it will have on business can be found
below.
• Source: https://www.eugdpr.org/
3. • The GDPR outlines key principles relating to the
processing of personal data. These are the high-level
requirements:
– Lawfulness, fairness and transparency - Personal data shall be
processed lawfully, fairly and in a transparent manner in relation to the data subject.
– Purpose limitation - Personal data shall be collected for specified, explicit and
legitimate purposes and not further processed in a manner that is incompatible with those
purposes.
– Data minimisation - Personal data shall be adequate, relevant and limited to what
is necessary in relation to the purposes for which they are processed.
– Accuracy - Personal data shall be accurate and, where necessary, kept up to date;
every reasonable step must be taken to ensure that personal data that are inaccurate,
having regard to the purposes for which they are processed, are erased or rectified without
delay.
– Storage limitation - Personal data shall be kept in a form which permits
identification of data subjects for no longer than is necessary for the purposes for which the
personal data are processed.
– Integrity and confidentiality - Personal data shall be processed in a
manner that ensures appropriate security of the personal data, including protection against
unauthorized or unlawful processing and against accidental loss, destruction or damage,
using appropriate technical or organizational measures.
– Accountability - The controller shall be responsible for, and be able to
demonstrate compliance with, the GDPR.
Key Elements of the GDPR
4. • Although the GDPR will not become enforceable until
May 2018, organisations across the globe are preparing
for changes now.
• It’s not just organisations in the EU that are subject to the
Regulation; organisations based outside the EU that
provide services or goods to the EU (including for free)
are also subject.
• Any organisation that handles the personal data of EU
citizens must comply with the GDPR.
• For example, where the activities relate to: offering goods
or services to EU citizens (irrespective of whether
payment is required) and the monitoring of behaviour that
takes place within the EU.
• Non-EU businesses processing the data of EU citizens
will also have to appoint a representative in the EU.
What Does the GDPR Change?
5. • ARTICLES 39 & 47: Training is required. The article
states that an organisation’s Data Protection Officer is
responsible for “awareness-raising and training of staff
involved in processing operations, and the related audits”
and “appropriate data protection training to personnel
having permanent or regular access to personal data.”
What Does the GDPR Change?
(cont’d)
6. • ARTICLE 33: Organizations have 72 hours to report
data breaches. The article states, “In the case of a
personal data breach, the controller shall without undue
delay and, where feasible, not later than 72 hours after
having become aware of it, notify the personal data
breach to the supervisory authority competent in
accordance with Article 55, unless the personal data
breach is unlikely to result in a risk to the rights and
freedoms of natural persons.”
What Does the GDPR Change?
(cont’d)
7. • ARTICLE 37: The role of the Data Protection Officer
(DPO) will take on heightened importance.
• The role won’t change, but the visibility of the position will
increase and there will be more pressure on this person
considering the stakes are higher under the GDPR.
• Early reports estimate that the GDPR will require the
creation of at least 75,000 DPO positions globally to
ensure compliance with the EU’s updated data protection
regulations – even if a given organisation doesn’t have
operations in the EU.
• Additional requirements will apply to organisations that
conduct large-scale processing of personal data from the
EU, such as the requirement to have a DPO who is
independent from the organisation.
What Does the GDPR Change?
(cont’d)
8. • ARTICLE 83: There are hefty fines for non-
compliance.
• Organisations will need to be 100% compliant from day
one. Article 83 states, “Non-compliance with an order by
the supervisory authority … shall… be subject to
administrative fines … up to 4% of the total worldwide
annual turnover of the preceding financial year.”
What Does the GDPR Change?
(cont’d)
9. Data Security Breaches
Different types of data security breaches consist of the following:
• Unintended disclosure - Sensitive information posted publicly on a
website, mishandled or sent to the wrong party via email or any
other type of end-user messaging technology.
• Hacking or malware - Electronic entry by an outside party,
malware and spyware.
• Payment Card Fraud - Fraud involving debit and credit cards that
is not accomplished via hacking. For example, skimming devices at
point-of-service terminals.
• Insider - Someone with legitimate access intentionally breaches
information - such as an employee or contractor.
• Physical loss - Lost, discarded or stolen non-electronic records,
such as paper documents
• Portable device - Lost, discarded or stolen laptop, PDA,
smartphone, portable memory device, CD, hard drive, data tape,
etc.
• Stationary device - Lost, discarded or stolen stationary electronic
device such as a computer or server not designed for mobility.
• Unknown - Anything outside of the above listed categories.
10. General Safeguards and Best
Practices
• ARTICLES 32: The controller and the
processor shall implement appropriate
technical and organisational measures to
ensure a level of security appropriate to the
risk, including inter alia as appropriate:
• (a) the pseudonymisation and encryption of
personal data;
• (b) the ability to ensure the ongoing
confidentiality, integrity, availability and
resilience of processing systems and services;
• (c) the ability to restore the availability and
access to personal data in a timely manner in
the event of a physical or technical incident;
(d) a process for regularly testing, assessing
and evaluating the effectiveness of technical
and organisational measures for ensuring the
security of the processing.
• (d) a process for regularly testing, assessing
and evaluating the effectiveness of technical
and organisational measures for ensuring the
security of the processing.
11. • As for all the tools, devices, and protocols utilised for protecting networks - there's an endless list - but for
purposes of gaining a basic understanding of these appliances, the following list is considered vital:
• Network Devices: Firewall, routers, switches, load balancers, intrusion detection systems (IDS), intrusion
prevention systems (IPS), smartcards, biometrics, Network Access Control (NAC) systems etc.
• Malware Solutions: anti-virus and anti-spam software and devices.
• File Integrity Monitoring (FIM) and change detection software, host based intrusion detection and intrusion
prevention devices.
• Secure services – those that are operating system (O/S) and application specific to all major operating
systems (Windows, UNIX, Linux) and applications (web server applications, database applications, internally
developed applications)
• Secure protocols, such as TLS, SSH, VPN, etc.
• Secure ports, such as 443, 22, etc.
• User access principles, such as Role Based Access Controls (RBAC), One-time password (OTP) solutions,
etc.
• Username and password parameters, such as unique user ID’s, password complexity rules, password aging
rules, account lockout thresholds, etc.
• Encryption
• Event monitoring
• Configuration and change monitoring
• Performance and utilisation monitoring
• Logging and reporting
• Appropriate incident response measures
General Safeguards and
Best Practices cont’d
12. Defense-in-Depth
• Some of the best practices to use for ensuring the integrity and confidentiality
is upheld at all times is Defense-in-Depth and Layered security - essentially
utilising various resources for helping protect an organisation's information
systems landscape. Defense-in-Depth security has since been praised as a
highly effective concept, one that employs effective countermeasure for
thwarting attacks on an enterprise’s information systems environment.
Defense-in-Depth includes the following layers, which have been loosely
adopted and agreed upon by industry leading vendors and other noted
organisations:
Data
Application
Host
Internal Network
Perimeter
Physical
Policies, Procedures, Awareness
13. • People are often regarded as the weakest link in the
security chain.
• Almost every company has people who are vulnerable, be
it to strong persuasion and authority or those easily
tricked by good social engineering and malicious links.
• Much is at stake when it comes to complying with the
GDPR. Both in terms of the hefty fines the regulation
includes, and the employee privacy awareness training it
calls for. Affected organisations cannot afford to be found
wanting on the new policies, procedures, and initiatives
they need to have in place, if they’re not in place already.
Data Protection Is Everyone’s
Responsibility
14. Questions
Do you have questions?
Send them to:
Roy Biakpara, MSc., CISA, CISSP, CISM, CRISC, CDPO
(GDPR)
Email: consultant@cryptv-uk.com
