The document discusses how Acronis solutions help organizations comply with the GDPR through features that allow for privacy impact assessments, data access governance, secure backup storage, data breach response, and data deletion in accordance with data subject rights like access, rectification, erasure and portability. It outlines how Acronis Backup, Storage, Backup Cloud and Disaster Recovery Service provide control over data location, strong encryption, easy data access and modification, fast recovery, and logging to meet GDPR requirements.

1. Welcome to
Love Cloud GDPR
Thursday 2 November 2017, 09:30-12:30
Microsoft UK, Paddington, London

2. Love Cloud GDPR
Michael Frisby, Vuzion MD
Welcome and Introduction

3. A Massive
Transformation
Opportunity
Dedicated to
Partner Success
Overcoming the
challenges of our
time

4. Location
Identifying existing
personal data held
across the business
Governance
Managing data
subject access
rights, data storage
and use
Security
Protecting against
vulnerabilities and
breach
Reporting
For data requests,
breaches, and
accountability
Achieving GDPR Compliance

5. Process track
Technical track
---------------------Define the
requirement
Create the
plan
The Partner Opportunity
GDPR Webinars
GDPR Workshops
GDPR Healthcheck
GDPR Assessments
Implementation Clinics
Annuity Services

6. Love Cloud GDPR
09:00-09:30 REGISTRATION
09:30-09:45 Welcome & Introduction Michael Frisby, Vuzion MD
09:45-10:15 Introduction to GDPR Sean Huggett, Cybercrowd, CEO & Consultant
10:15-10:45 Microsoft and GDPR Jonathan Burnett and Samantha Garrett, Partner Technology
Strategists
10:45-11:00 TermSet and GDPR Stewart Connors, Head of Customer & Partner Success
11:00-11:15 COFFEE AND PASTRIES
11:15-11:30 Acronis and GDPR Ronan McCurtin, Senior Sales Director Northern Europe
11:30-11:45 Mimecast and GDPR David Tweedale, Team Leader
11:45-12:00 DocuSign and GDPR Jacqueline de Gernier, AVP Commercial Sales
12:00-12:30 Panel Interview
Vuzion GDPR Support Package
Closing Thoughts
Caroline Wigley (Vuzion), Sean Huggett (Cybercrowd),
Jonathan Burnett (Microsoft), Rowland Dexter (QGate)
Agenda

7. Love Cloud GDPR
Sean Huggett, Cybercrowd, CEO & Consultant
Introduction to GDPR

8. • Came in to force on 24th May 2016 – enforceable from 25th May 2018
• EU Regulation – has direct effect – no local legislation required
• Replaces the Data Protection Act 1998 - transposed into law from Data Protection Directive 1995
• Aims to support the digital single market and give data subjects control over their personal data
• Wide scope & coverage
• Guidance on interpretation and compliance still being developed
• UK Government has confirmed applicability in UK notwithstanding Brexit
Introduction to GDPR

9. Key Definitions
Data Controller
• “the natural or legal person… which … determines the purpose and means of the processing of personal data”
Data Processor
• “a natural or legal person… which processes personal data on behalf of the controller”
Data Subject
• “an identified or identifiable natural person”
Personal Data
• “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural
person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a
name, an identification number, location data….”
Processing
• “any operation or set of operations which is performed on personal data or on sets of personal data whether or
not by automated means, such as collection, recording, organisation, structuring, storage…”

10. Six Data Protection Principles & Accountability
• Six data protection principles – overview of your most important duties in complying with GDPR
• Introduces ‘accountability principle’ – Data Controllers responsible for being able to demonstrate compliance with the six
principles
processed lawfully, fairly and transparently
collected for specified, explicit & legitimate purposes
adequate, relevant & limited to what is necessary for processing
accurate and kept up to date
kept only for as long as is necessary for processing
processed in a manner that ensures its security
1
2
3
4
5
6
Personal Data shall be:
ACCOUNTABILITY

11. Data Subject Rights
Rights to:
• Information - think about Privacy Notices
• Access - think about Subject Access Requests
• Object to Processing
• Rectification
• Erasure – ‘right to be forgotten’
• Restrict Processing
• Data Portability

12. Obligations & International Transfers
Obligations
• Data Protection Officers (DPO)
• Data Protection Impact Assessments (DPIA)
• Data Protection by Design and by Default
• Controller & Processor Records
• Security of Processing
• Breach Notification
• Processor contracts with guarantees that processing will meet the requirements of GDPR
International Transfers – Restricted & Regulated – Conditions to be Met
• Basis of Adequacy
• Appropriate Safeguards
• Binding Corporate Rules (BCRs)
• International Cooperation Mechanisms: EU-US Privacy Shield

13. Remedies & Liabilities
Liabilities
• Administrative Fines – ‘Effective, Proportionate & Dissuasive’
o Higher of 4% of global turnover or €20m for top tier infringements
o Higher of 2% of global turnover or €10m for lower tier infringements
• Warning of likely infringement
• Reprimand for infringement
• Others, including: order data breach communication, order limitations on processing, order rectification/restriction/erasure
Data Subject Remedies
• Right to judicial remedy where their rights have been infringed as a result of the processing of personal data
• Right to compensation – data subjects who have suffered material or non-material damage
• Controller & Processor joint and several liability
• Collective claims / class-action type litigation possible – higher litigation risks

14. Some Practical Steps
1. Understand Personal Data You Hold:
• Data mapping – identify Personal Data held, how it was/is collected, data flows, who has access, where it is stored
etc.
• Apply the 6 Principles to the Personal Data you hold.
• Assess the risks to rights and freedoms of data subjects associated with your processing / the personal data you
hold.
• Identify transfers to 3rd countries.
2. Review 3rd Party Relationships:
• Identify your 3rd party processors.
• Review the contracts, bring them into compliance – including cloud service providers.

15. 3. Document Your Processing Activities:
• Put the required documentation in place – records of processing activities, records of consent etc.
• Document how you comply with GDPR – demonstrate you are consistently applying best practice.
4. Apply Technical and Organisational Measures:
• Implement strong information governance measures, including policies and procedures covering:
o Data protection
o Information security
o Breach response and notification
• Adopt a ‘Cyber Resilience’ approach covering People, Process & Technology in line with best practice.
• Implement an ISMS / PIMS / Compliance Framework – apply best practice and certify where appropriate
Some Practical Steps

16. Thank you
Speak to a member of the Vuzion team
if you’d like to know more!

17. Love Cloud GDPR
Jonathan Burnett, Partner Technology Strategist
Samantha Garrett, Partner Technology Strategist
Microsoft and GDPR

18. What are the key changes to address the GDPR?
Personal
privacy
Controls and
notifications
Transparent
policies
IT and training
Organizations will need to:
• Train privacy personnel
& employee
• Audit and update data
policies
• Employ a Data
Protection Officer (if
required)
• Create & manage
compliant vendor
contracts
Organizations will need to:
• Protect personal data
using appropriate security
• Notify authorities of
personal data breaches
• Obtain appropriate
consents for processing
data
• Keep records detailing
data processing
Individuals have the right to:
• Access their personal
data
• Correct errors in their
personal data
• Erase their personal data
• Object to processing of
their personal data
• Export personal data
Organizations are required
to:
• Provide clear notice of
data collection
• Outline processing
purposes and use cases
• Define data retention
and deletion policies

19. How do I get started?
Identify what personal data you have and
where it residesDiscover1
Govern how personal data is used
and accessedManage2
Establish security controls to prevent, detect,
and respond to vulnerabilities & data breachesProtect3
Keep required documentation, manage data
requests and breach notifications
Report4

21. Discover:
Identify what personal data you have and
where it resides
In-scope:
•
•
•
•
•
•
•
•
•
•
Inventory:
•
•
•
•
•
•
•
Microsoft Azure
Microsoft Azure Data Catalog
Enterprise Mobility + Security (EMS)
Microsoft Cloud App Security
Dynamics 365
Audit Data & User Activity
Reporting & Analytics
Office & Office 365
Data Loss Prevention
Advanced Data Governance
Office 365 eDiscovery
SQL Server and Azure SQL Database
SQL Query Language
Windows & Windows Server
Windows Search
Example solutions
1

22. 2
Example solutions
Manage:
Data governance:
•
•
•
•
•
•
•
•
Data classification:
•
•
•
•
•
•
•
Microsoft Azure
Azure Active Directory
Azure Information Protection
Azure Role-Based Access Control (RBAC)
Enterprise Mobility + Security (EMS)
Azure Information Protection
Dynamics 365
Security Concepts
Office & Office 365
Advanced Data Governance
Journaling (Exchange Online)
Windows & Windows Server
Microsoft Data Classification Toolkit

23. 3
Example solutions
Protect:
Preventing data
attacks:
•
•
•
•
•
•
•
•
Detecting &
responding to
breaches:
•
•
•
•
•
•
Microsoft Azure
Azure Key Vault
Azure Security Center
Azure Storage Services Encryption
Enterprise Mobility + Security (EMS)
Azure Active Directory Premium
Microsoft Intune
Office & Office 365
Advanced Threat Protection
Threat Intelligence
SQL Server and Azure SQL Database
Transparent data encryption
Always Encrypted
Windows & Windows Server
Windows Defender Advanced Threat Protection
Windows Hello
Device Guard

24. 4
Example solutions
Record-keeping:
•
•
•
•
•
Reporting tools:
•
•
•
•
•
•
Microsoft Trust Center
Service Trust Portal
Microsoft Azure
Azure Auditing & Logging
Azure Data Lake
Azure Monitor
Enterprise Mobility + Security (EMS)
Azure Information Protection
Dynamics 365
Reporting & Analytics
Office & Office 365
Service Assurance
Office 365 Audit Logs
Customer Lockbox
Windows & Windows Server
Windows Defender Advanced Threat Protection
Report:

25. GDPR Resources
Microsoft Whitepaper on "Beginning your
GDPR Journey"
Microsoft.com/GDPR
servicetrust.microsoft.com
aka.ms/GDPRblogpost
Data Breach & GDPR Demos

26. Next Steps
• Determine if your customers need to be GDPR compliant. If so, act now!
• Familiarize yourself with the Microsoft GDPR Assessment Tool that you
can use to assess your customer’s readiness
• Reassure your customers that Microsoft cloud services will be compliant
with GDPR and we will share our knowledge to help them get compliant
in time for May 25, 2018.
• Learn more about the GDPR and Microsoft Security offerings.
• Identify your offerings and go-to-market strategy, using the Microsoft
Cloud.
• Pilot your services and offerings with a few customers before you go
broad.

27. Management
2. Data Encryption
3. Phishing Protection
4. 2 Factor Authentication
5. Cloud Application Security
6. Mobile Security
Risk Mitigation Suggestions

29. Love Cloud GDPR
Stewart Connors, Head of Customer & Partner Success
TermSet and GDPR

30. GDPR
Automate the process for discovering Personal Identifiable Information (PII)

31. The Challenge
External
• GDPR will require all EU organisations to focus on discovering PII on behalf customers & former employees
• “Subject Access Request” is not new and will continue
• “Right to be Forgotten” is new & will force organisations to collect all the digital information they hold
Internal
• Organisations information is held multiple IT systems
• Also non approved IT systems (shadow IT/BYOD)
• Information is typically held in documents that are structured and un structured
• Discovering PII is currently a manual process
• This will costs organisations time and money
• “Subject Access Request” Ongoing breaches & Fines
• 49% of organisations had a document breach in the past 2 years*
• 73% of employees are accidentally exposing information stored within documents*
• 63% of organisation’s claim they are unable to locate sensitive data stored in documents*
*Information taken from the Ponemon Institute Research report May 2017.

32. ScanR
Generate Reports
Discover PII in Office docs, PDF,
OCR on the fly.
Multiple Systems
The Solution Identify and retrieve GDPR
Personal Identifiable Information
within documents stored in
multiple systems.

33. Product overview ScanR

34. Connect to SharePoint, a
File Share or other systems
Documents where we wish to
determine if they contain
sensitive data

35. Choose the types of information
you would like to discover
• Over 100 pre-defined rules or you
can make your own
• Artificial Intelligence for Pattern
Matching

36. Documents Marked in place or
reports produced

37. Three data sources
read
~19k Documents
read with 79%
containing PII data
Breakdown of what
PII data is
contained where
Locations of the
sensitive data
Which systems
contain the most
sensitive data
Overview Dashboard

38. Search for information across your data sources
Immediately see the records that match
Understand the types of data that contain the information
Query engine

39. 11 Chapters with 99 Articles
http://www.eugdpr.org/article-summaries.html
ScanR will help you comply with Articles: 5, 15, 16, 17, 18, 20, 24, 30, 32, 35, 42, 44, 45.
• Gain understanding of the where the PII data is located
• Gain an understanding of who has access to it
• Gain an understanding of how long it’s being retained
• Retain personal data for a period of time directly related to the original intended purpose
• Find risky files and take action
• Manage a Subject Access Request
• Request a port of the data
• Request a correction to the data
• Request deletion of the data
Articles Contained in the GDPR

40. Summary
ScanR
• Automate the process for discovering PII
• Quickly respond to “Subject Access Request” & “Right to be Forgotten”
• Comply with over 10 of the 99 Articles
Next Step
• Free trial up to 1,000 documents

41. www.termset.com
stewart@termset.com

42. Thank you
Speak to a member of the Vuzion team
if you’d like to know more!

43. Love Cloud GDPR
Coffee and Pastries
11:00-11:15

44. Love Cloud GDPR
Ronan McCurtin, Senior Sales Director Northern Europe
Acronis and GDPR

45. ‒ Key activities
– Privacy impact assessment
– Data access governance
– Data breach notification / resolution
– Secure storage of active data
– Archiving and deleting
Where Acronis supports GDPR compliance
Acronis Backup
Acronis Storage
Acronis Backup Cloud
Acronis Disaster Recovery
Service

46. Requirements for GDPR-compliant backup and storage 1
Requirement Desirable features GDPR recitals supported
Control data storage location • Reporting for compliance • 101: General principles for international data transfers
Encrypt data securely • Encryption on the device, in transit,
and at rest
• 78: Appropriate technical and organizational measures
• 83: Security of processing
Browse backups • Drill-down to easily find required
data
• 63: Right of access
• 65: Right of rectification and erasure
Modify personal data • Easy modification if requested by
data subject
• 59 Procedures for the exercise of the rights of the data subjects
• 63: Right of access
• 64: Identity verification
• 65: Right of rectification and erasure
Export data in a common
format for easy data portability
• ZIP archive for easy portability • 68: Right of data portability
Recover data quickly • Acronis Instant Restore to deliver
15-second recover time objectives
(RTOs)
• 78: Appropriate technical and organizational measures

47. Requirements for GDPR-compliant backup and storage 2
Requirement Desirable features GDPR recitals supported
Minimize compulsory data breach
reporting
• Proactive prevention of malware damage to files
• Specific protection of the Acronis Backup agent to
prevent data breach of backups
85: Notification obligation of breaches to supervisory
authority
86: Notification of data subjects in the case of data
breaches
87: Promptness of reporting / notification
88: Format and procedures of the notification
Blockchain-based data
certification
• Acronis Notary validation of the authenticity and
integrity of backups
78: Appropriate technical and organizational measures
Backup retention, deletion • Flexible setting of retention time of data, archival
rules, etc.
• Ability to delete backup at any moment
66: Right to be forgotten
Logs availability • Logging of operations with data 82: Record of processing activities [correct?]
Role-based access • Multilayered and highly customizable data access
rights
63: Right of access [correct?]
Risk management control • Very flexible backup and Active Protection 84: Risk evaluation and impact assessment [correct?]

48. ‒ Data subject control of data storage location
– Individual must have final say as to where personal data is stored: on-
premises or in a specific EU-based data center
‒ Data encryption
– Strong data encryption on-device, in transit and in the cloud
– And entirely automated encryption process, with the data subject as the
sole holder of the decryption key, meeting GDPR data security
requirements
What to look for in GDPR-compliant backup and storage

49. ‒ Ability to search data inside backups
– Ability to drill down through backups, making it easy to find
required information on behalf of data subjects
‒ Ability to modify personal data
– Easy way to modify personal data if and when requested by data
subjects
What to look for in GDPR-compliant backup and storage

50. ‒ Data export in a common format
– Ability to export personal data in a common and easily usable
format (e.g., ZIP archives) to meet the GDPR data portability
requirements
‒ Quick data recovery
What to look for in GDPR-compliant backup and storage

51. ‒ Flexible setting of retention time of data,
archival rules, etc.
‒ Extensive logging
‒ Multilayered and highly customizable
data access rights
How Acronis helps your company achieve GDPR compliance

52. ‒ Active Protection against ransomware
– Proactively preventing breaches is easier and more cost-effective
suffering breaches and doing the mandatory incident reporting
– Acronis Active Protection™ detects and blocks ransomware attacks
and instantly restores any affected data
‒ Blockchain-based data certification
– Acronis Notary™ provides immutable proof of the integrity of
protected data using blockchain technology
How Acronis helps your company achieve GDPR compliance

53. With an economic incentive to
it, new Ransomware families
appeared fast…
Source: F-Secure

54. Ransomware BigTrends
Advancing into new operating systems
Advancing into new platforms and devices
Ransomware-as-a-Service
Advanced attack techniques

55. Trend 4: Advanced attack techniques
2010
Detection of
non-signed
files
2014
Protection for
Windows only
2016
Detection by
checking file
type/header
2016
Detection of
executable files
2016
Detection in
running
Windows
system
Malware
signed by
stolen
certificate
Injects into
system
processes and
acts on their
behalf
Attacks
Mac OS X
and Linux
Only body
of the file
is encrypted
Uses scripts
and non-
malicious
executables
Infects before
Windows
starts
2014
Exclude know
legitimate
system files
2017
Use of Backup
to protect
against
Ransomware
Attacks &
Encrypts
different
backup files
Next Generation Ransomware families targeting
Backup software

56. Ransomware evolves…

57. … Data Protection evolves too
Acronis CustomersAcronis Labs
Infected and clean
processes farms
Provides processes
behavior data
Updated knowledge base
Acronis Learning
Service
Acronis Cloud Brain
Model training, parameters
optimization
You are protected even
without Internet
Acronis Local
Knowledge Base
Acronis Active Protection 2.0: Learning Infrastructure

58. Complete protection against modern techniques
2016
Detection by
checking file
type/header
Only body
of the file
is encrypted
Entropy
measurement
2010
Detection of non-
signed files
2014
Protection for
Windows only
2016
Detection of
executable files
2016
Detection in
running Windows
system
Malware
signed by stolen
certificate
Injects into
system processes
and acts on their
behalf
Attacks
Mac OS X
and Linux
Uses scripts and
non-malicious
executables
Infects before
Windows starts
2014
Exclude know
legitimate system
files
Checks for
injections in
system processes
(with Machine
Learning)
Protection
Windows, Mac
and Linux
Both executable
and scripts
detection
Pre-Boot anti-
ransomware
protection
Compromised
signatures
check
Acronis Active
ProtectionTM
2017
Use of Backup to
protect against
Ransomware
Attacks &
Encrypts different
backup files

59. Acronis Notary powered by Blockchain
Ensuring that data is authentic and unchanged
“Acronis Notary assures that files are
unchanged since they were backed up.”
Have confidence of data
authenticity
•A public, secure Blockchain
ledger verifies the authenticity
of files
•Backup enables the recovery of
the original document
•Acronis Notary provides
mathematical assurance that
the contents of a file perfectly
match the original contents that
were backed up

60. Thank you
Speak to a member of the Vuzion team
if you’d like to know more!

61. Love Cloud GDPR
David Tweedale, Team Leader
Mimecast and GDPR

62. © 2017 Mimecast.com All rights reserved.62
Data Protection
Securing personal and sensitive information
Data ManagementData Protection
Anti
Malware
Data Leak
Prevention
Encryption
Breach
Notifications

63. © 2017 Mimecast.com All rights reserved.63
Spear-phishing credentials to
exploit point-of-sale systems
Used as
stepping stone
onto victims
network
Compromised
point of sale
systems
Customer data
stolen, including
credit card details
Large GDPR Fine
and costs to
investigate and
remediate
Access gained via
spear-phishing
attack on a
sub-contractor

64. © 2017 Mimecast.com All rights reserved.64
Type of attacks:
• Weaponised
attachments
• Malicious URLs
• Malware-less attacks
• Ransomware
• Phishing
• Insiders
Key Strategies
• Multi Layered Approach
• User Awareness
• Advanced Threat
Protection
• Logging and monitoring
of internal user activities
• Protected, plan B email
route and access
Malware can have a devastating impact
on organizations contributing to
significant GDPR fines related to data lossAnti Malware
Technology capabilities:
Data protection

65. © 2017 Mimecast.com All rights reserved.65
Data leaked by disgruntled employee
Employee emails
copy of client
database to
personal mail
account
Data collected by
the company is
now
compromised.
Customer
sensitive data
leaked. GDPR fine
imposed.
Disgruntled
employee wants
to leave and cause
damage to the
business

66. © 2017 Mimecast.com All rights reserved.66
Data Leak
Prevention
(DLP)
Technology capabilities:
Data protection
How is data leaving the
organization?
• Internal department
leakage
• Email attachments
• Shadow IT
Key Strategies
• Internal communications
DLP
• Outbound mail inspection
• Corporate data sharing
• Secure messaging channel
Data Loss Protection (DLP) tools prevent
inadvertent data breaches by blocking
emails containing personal data

67. © 2017 Mimecast.com All rights reserved.67
Encryption
Technology capabilities:
Data protection
Where is data encrypted?
• Data stored in
applications
• Laptops/Mobile
Devices?
• Email archives
Key Strategies
• Secure storage of data
• Secure transfer of data
• Secure data in transit
• Limit data on portable
devices
Encryption of data in systems and
applications reduces the potential
impacts of a data breach

68. © 2017 Mimecast.com All rights reserved.68
Breach
Notifications
Technology capabilities:
Data protection
Key Information
required?
• Analysis of breach
• Mitigate negative
consequences
• Alert data protection
officer
Key Strategies
• Gather data from Security
Incident and Event
Monitoring (SIEM) system
• Identify location of data
breach
• Identify if personal data
was leaked
• Mitigate negative effects
Organizations have 72 hours to notify
relevant authorities once a data breach is
discovered

69. © 2017 Mimecast.com All rights reserved.69
Data Management
Supporting access rights of individuals
Data ManagementData Protection
Anti
Malware
Data Leak
Prevention
Encryption
Breach
Notifications
Search and
Discovery
Secure
Repository
Chain of
Custody
Access
Control

70. © 2017 Mimecast.com All rights reserved.70
GDPR – Subject Access Request
and Data Portability
IT Administrator
searches across
data repositories
Results
validated/reviewed
Secure
transmission of
data to data
subject
Data Subject
requests access to
data stored on
them

71. © 2017 Mimecast.com All rights reserved.71
Subject Access
Requests
(SAR)
Technology capabilities:
Data management
What is the impact?
• Requests need to be
handled quickly
• Accurate personal data
and additional
information
• Availability in electronic
format
Key Strategies
• Locate requested personal
information quickly
• Prepared response templates
• Employee training to handle
SARs
• Self-service portal for SARs
Individuals have the right to obtain
confirmation that their personal data is
being processed

72. © 2017 Mimecast.com All rights reserved.72
Data Portability
Technology capabilities:
Data management
What is the impact?
• Exports need to be
timely
• Useable format
• Safe delivery of that
export?
Key Strategies
• Data must be structured,
searchable
• Exports to common formats
• Ensure the safe delivery of
exported data
• Subject review and confirm
data required
Individuals have the right to request an
export of their data a format that can be
given to another vendor or service

73. © 2017 Mimecast.com All rights reserved.73
GDPR – Right To Be Forgotten
IT Administrator
searches across
data repositories
Time consuming Confirmation
given that data is
erased
Data Subject
requests all
personal data to
be erased

74. © 2017 Mimecast.com All rights reserved.74
Right To Be
Forgotten
Technology capabilities:
Data management
What is the impact?
• Complete erasure
• Across all systems
• Unless overriding policy
is in place
Key Strategies
• Data must be structured,
searchable
• Dynamic data adjustments
• Retention management
• Auditable deletion
• Ability to review prior to
deletion
Individuals have the right to request
erasure of their personal data held by a
data controller (subject to conditions)

75. © 2017 Mimecast.com All rights reserved.75
Mimecast Solution
Simplifying GDPR Compliance for Email
Data Management
Search and
Discovery
Secure
Repository
Chain of
Custody
Access
Control
Secure Messaging
Advanced Threat Security Mimecast Cloud Archive
DLP & Content Security API
RBAC &
Data Guardian
Large File Send
Mailbox Continuity
Archive Power ToolsSearch and Review
Data Protection
Anti
Malware
Data Leak
Prevention
Encryption
Incident
Management
Mime | OS

76. © 2017 Mimecast.com All rights reserved.76
You need technology that
provides the best possible multi-
layered protection
PREVENT
You need to control,
protect, find and
access data effectively
MANAGE
You need to sustain
compliance support
at all times
MAINTAIN
Email Cyber Resiliencefor GDPR

77. © 2017 Mimecast.com All rights reserved.77
Thank you
Speak to a member of the Vuzion team
if you’d like to know more!

78. Love Cloud GDPR
Jacqueline de Gernier, AVP Commercial Sales
DocuSign and GDPR

79. Getting to Grips with the GDPR:
How to Fast-Track Your Compliance

80. Introduction to DocuSign

81. 14+ Years Innovation
Highest level certifications
188 Countries 43 Languages
13 Offices 5 Continents
300k+ corporate customers
200 million total users
#1 Analyst rated

82. Trust
Legal & Compliance
Bank-Grade Security & Encryption
Platform & Scalability
Capabilities & Usability
Mobile
Customer Success Programmes
Experience
The DocuSign Difference
Why customers choose DocuSign
Partners & Integrations
Global
#1 APIs
Choice

83. Financial
Services Insurance High Tech
Communications
/Media Pharmaceutical Real Estate Consumer Everywhere

84. Sales
Experience
Significantly improved
Procurement
50x faster
Contract signing
“It speeds up the
process and makes
it more compliant”
HR
10 minutes
Fastest contract returned
“DocuSign has
revolutionised how
we send out HR
contracts at E.ON”
Customer Success
Use case Use case Use case
“Steps that previously
took days through post
now take minutes”

85. GDPR - Changes to Consent

86. Demanding requirements for consent
Under the GDPR, consent must be:
• Freely given
• Specific
• Informed
• Unambiguous
"Consent should be given by a clear affirmative act … such as by a written statement,
including by electronic means, or an oral statement… Silence, pre-ticked boxes or
inactivity should not therefore constitute consent." (Recital 32)

87. Consent will often be required
When collecting an individual’s
personal information relating to:
• Using an individuals sensitive
personal information
• Sending an individual e-marketing
• Sharing an individual’s personal
information with independent third
parties

88. Consent must be verifiable
Businesses must be able to prove that it obtained the individual's
consent, requiring businesses to maintain consent records that
can be checked to verify:
1. That the individual has consented;
2. What they consented to, and;
3. When they consented
Individuals "shall have the right to withdraw his or her consent at any time… It shall be
as easy to withdraw consent as to give consent." (Art 7(4))

89. Common consent challenges
• Marketing / Sales – Personal information for e-marketing
purposes
• HR – Personal information for a job application or for the
provision of employee benefits
• Healthcare – Personal information for the purpose of medical
studies and clinical trials
• Online – Consenting to the use cookies and similar tracking
technologies

90. Re-contracting with Suppliers
Business must ensure:
• Legacy vendors move to new,
GDPR-compliant, data
protection terms
• Future vendors are also
signed up to GDPR-compliant
terms

91. How DocuSign can be part of a
GDPR Consent solution

92. Business

93. Consumers
Customers
Partners
Suppliers
Employees
Business

94. Disconnected
Systems
Manual
Processes
Fragmented
Policies
Consumers
Customers
Partners
Suppliers
Employees
Business

95. Consumers
Customers
Partners
Suppliers
Employees
Business
Digital consent

99. Bespoke reports for GDPR and the data can be extracted

100. Case Study: Filestream
Company’s Top Challenges
• Manual processes – contracts require manual chasing to fulfill terms and conditions
• Not GDPR-ready – holding of personal data is not currently compliant with legislation
• Inadequate security – Information sent over email is not as secure as it could be
Reasons for Choosing DocuSign
• Security standards – DocuSign meets and exceeds some of the most stringent US, EU,
and global security standards
• Commitment to compliance – DocuSign is actively monitoring regulator guidance and
interpretations of key GDPR requirements
• Digitising process – digital signatures remove need to print and scan paper documents
The Key Benefits
• Quicker signing process – turnaround time is now 40 times faster
• Customer consent – DocuSign’s tools are being utilised to be ready for new legislation
coming into force in May 2018
• Data protection – personal data is protected whenever a third-party comes in contact
with it
“I wouldn’t choose any other
partner but DocuSign for ease
and security – Paul Day,
Technical Director, Filestream
EXECUTIVE OVERVIEW TOP BENEFITS ACHIEVED
Company: Filestream
Headquarters: Berkshire, UK
Founded: 2003
Industry: Software
Website:
www.filestreamsystems.co.uk
Partners: DocuSign
Use Case: Sales
ABOUT
45 minutes
Contract turnaround
time
40 x faster
Quicker signing
experience
GDPR-ready
DocuSign tools being
used for compliance

101. Thank you
Email: Jacqueline.degernier@docusign.com
GDPR Seminar – 9th Nov
5pm – 7pm
ETC Venues, Fenchurch Street
discover.docusign.co.uk/best-practices-for-gdpr

102. Love Cloud GDPR
Host - Caroline Wigley (Vuzion),
Sean Huggett (Cybercrowd), Jonathan Burnett (Microsoft),
Rowland Dexter (QGate)
Panel Interview

103. Love Cloud GDPR
Closing Thoughts

104. Process track
Technical track
---------------------Define the
requirement
Create the
plan
The Partner Opportunity
GDPR Webinars
GDPR Workshops
GDPR Healthcheck
GDPR Assessments
Implementation Clinics
Annuity Services

105. Thank you
to
our presenters

106. Thank you
for attending
Love Cloud GDPR
Speak to a member of the Vuzion team
if you’d like any further information about GDPR!