SlideShare a Scribd company logo

GDPR: Protecting Your Data

Download as PPTX, PDF
Ulf Mattsson
Ulf Mattsson

Webcast title : GDPR: Protecting Your Data Description : Find out why data protection and encryption is an essential component of preparing for your GDPR readiness process. Specifically, we will cover: What is considered "Personal Data" and why it needs to be "protected" The Legal Aspects of Data Protection under GDPR. The technical ways to protect/pseudonymization In this Session you will learn from the leading experts: - Ulf Mattsson: The father of database Encryption. - Martyn Hope: The Co-Founder of the GDPR Institut. - Mark Rasch: Former Chief Cybersecurity Evangelist at Verizon and led the DOJ's Cyber Crime Unit. Presenter : Ulf Mattsson, Martyn Hope, Mark Rasch, David Morris

Technology
1 of 26
GDPR – Protecting Your Data Mark Rasch Chief Legal & Compliance Partner Digital Risk Management Institute David Morris Early Pioneer in Cybersecurity Managing Partner Morris Cybersecurity Martyn Hope Founder, GDPR Institut Ulf Mattsson Head of Innovation at TokenEx
The GDPR Institut Helping you resolve YOUR GDPR Challenge & Maximise the GDPR Opportunity www.gdpr.institute Martyn Hope
GDPR = Trust ENTERPRISE wide Trust © 2018 - The GDPR Institut - All Rights Reserved
Impact Do you control or process personal data about ANY EU Citizens? If so you have to be GDPR compliant by 25th May 2018 or manage the implications of the fines and the reputational damage of any and every Data Breach – including Customers Employees Suppliers © 2018 - The GDPR Institut - All Rights Reserved
YOU NEED TO UNDERSTAND THE TYPES OF DATA © 2018 - The GDPR Institut - All Rights Reserved Personal Data A Universe of Data Sensitive Data At Risk Data
Example of Personal Data
1. Data → Seat 10K on Flight BA213 from London Heathrow to Boston Logan 2. Personal Data → Booking Reference XYN62F identifies Passenger Name, Address, Credit Card Details, Phone Number, Passport Number etc 3. Sensitive Data → Passport details include Biometric Data which is classified as Medical Information and thus Sensitive under GDPR 4. @Risk Data → The lead Passenger is travelling as part of a family group including children under 16 years of age which is classified as @Risk Data under GDPR Example of Types of Data
And the Data Processor shares it with all their Sub Processors Are you a Data Controller or a Data Processor? Data Controller catches a GDPR Cold Data Controller shares the GDPR Cold with their Data Processors © 2018 - The GDPR Institut - All Rights Reserved
You will have a Data Breach © 2018 - The GDPR Institut - All Rights Reserved
Legal Aspects and Implications Mark Rasch
Data Security Requirements • Security is designed around protecting the privacy and processing of data • Ensure Confidentiality, Availability, Integrity and Resilience • No specific technology required, no specific level of security required • References state of the art, risk, and nature of information • Also looks at auditability and ability to demonstrate compliance
Data Covered • Personal data is broader than just name, etc. • Anything that can identify a specific individual • Including MAC/IP address (inc.dynamic), RFID tags, etc. (Breyer) • Assume any per-user record may be personal data • ePrivacy Regulation covers all data relating to communications • Headers, content, location… • Even when it’s not personal data... If it can identify a specific person
GDPR Article 13(2) • Each Member State shall provide that the provisions adopted under national law in implementation of Articles 21 and 22 of Framework Decision 2008/977/JHA regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive.
GDPR Article 29 - Security • Implement measures designed to: • (a) deny unauthorized persons access to processing equipment used for processing (‘equipment access control’); • (b) prevent the unauthorized reading, copying, modification or removal of data media (‘data media control’); • (c) prevent the unauthorized input of personal data and the unauthorized inspection, modification or deletion of stored personal data (‘storage control’); • (d) prevent the use of automated processing systems by unauthorized persons using data communication equipment (‘user control’); • (e) ensure that persons authorized to use an automated processing system have access only to the personal data covered by their access authorization (‘data access control’); • (f) ensure that it is possible to verify and establish the bodies to which personal data have been or may be transmitted or made available using data communication equipment (‘communication control’); • (g) ensure that it is subsequently possible to verify and establish which personal data have been input into automated processing systems and when and by whom the personal data were input (‘input control’); • (h) prevent the unauthorized reading, copying, modification or deletion of personal data during transfers of personal data or during transportation of data media (‘transport control’); • (i) ensure that installed systems may, in the case of interruption, be restored (‘recovery’); • (j) ensure that the functions of the system perform, that the appearance of faults in the functions is reported (‘reliability’) and that stored personal data cannot be corrupted by means of a malfunctioning of the system (‘integrity’).
GDRP Security – Article 32 • Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymization and encryption of personal data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
GDRP Security – Article 32 (cont’d) • In assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. • Adherence to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element by which to demonstrate compliance with the requirements set out in paragraph 1 of this Article. • The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law.
Code of Conduct • fair and transparent processing; • the legitimate interests pursued by controllers in specific contexts; • the collection of personal data; • the pseudonymization of personal data; • the information provided to the public and to data subjects; • the exercise of the rights of data subjects; • the information provided to, and the protection of, children, and the manner in which the consent of the holders of parental responsibility over children is to be obtained; • the measures and procedures referred to in Articles 24 and 25 and the measures to ensure security of processing referred to in Article 32; • the notification of personal data breaches to supervisory authorities and the communication of such personal data breaches to data subjects; • the transfer of personal data to third countries or international organizations; or • out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to Articles 77 and 79.
Technologies to Protect Data Subjects Personal Data Ulf Mattsson
Source: https://www.dativa.com/data-science-gdpr-pseudonymization-data-pipeline/ GDPR has an extensive list of rules for handling data, but we can summarize them into 5 different areas: 1.Legitimate interest: You must have a valid reason to collect and store the confidential data. 2.Consent: To use certain types of personal data about an individual for commercial or marketing purposes, you must first obtain the individual's permission. 3.The right to be forgotten: An individual may revoke access to their personal data, and you must remove it. You must also correct errors in personal data upon the individual's request. 4.Anonymization/pseudonymization: Personal data must either be anonymized or go through pseudonymization when stored. This ensures that confidential data is not accessed inappropriately (more details in the next section of the article). 5.Sharing externally: If you obtain consent to share personal data with external parties, you must be able to revoke the parties' access to these data. This includes the obligation to ensure that the data is erased from the data warehouses of the partners. GDPR rules for handling personal data
Source: https://www.dativa.com/data-science-gdpr-pseudonymization-data-pipeline/ • Anonymization is a radical step for dealing with confidential data, as it removes any ability to correlate personal identifiers with other data. • For example, if an ID is converted to a random string of numbers, to be anonymized, the string cannot remain the same over time. • It should change according to the time the user was active. • If it stays the same, showing just one data point about the individual is enough to re-identify them and their associated data. • In pseudonymization, another attribute is created to link personal identifiers to the anonymized identifiers such that data can be de-anonymized later. • There are three areas. to consider the first describes essential points to consider when deciding how to handle user consent. • The second area covers database setup and the third gives guidance in processing confidential data. Anonymization or Pseudonymization of Personal Data
• Based on consent and rules for handling personal data a data gateway filters and splits raw data. • The following rules can be applied. Handling Personal Data Rule GDPR compliance Action Anonymize (hash) Full The data is anonymized using hash technique and makes data entry non-reversible. To make the hash unique datetime is used as input. The uniqueness can be set on a second, day or year level. Setting hash unique on a year level allows to track general user behavior but without revealing identity. Anonymize (obfuscate) Full The data is obfuscated but unlike hashing the data, some data is kept. For example, GPS location, some of the lower digits in the coordinate are removed. Pseudonymization (tokenize) Conditional if it is part of running a business The data is tokenized, and a separate lookup file is created with the original entry and the token. The separate file must be managed with more security and stored in a restricted database. As when anonymizing the datetime is used as input set the uniqueness of the data over time. Encrypt Conditional if part of getting consent The data does not need to have a table lookup but has a conditional access the data is stored separately with a key. The key is used when performing SQL queries joining the datasets.
Handling Personal Data Data Entry Action Type Recommendation ID Anonymize (hash) String Take approach if there is no intention to have subscription-based services. The ID shall be completely anonymized. ID Pseudonymization (tokenized) Integer If a subscription is used, then tokenize the ID. Allows flexibility if at any point subscriber is removed from the system without affecting the unrestricted database. Name Encrypt Same options as ID but can be stored separately and use ID as the main key. E-mail Encrypt Same options as ID but can be stored separately and use ID as the main key. Physical address Encrypt Same options as ID but can be stored separately and use ID as the main key. IP address Anonymize (obfuscate) String IP address can be converted into a physical address but keeping only city and country and zip code. IP address Encrypt Consider adding consent to keep the IP address. Information can give valuable insights that the end-user will appreciate. Another reason for keeping information is if it’s part of conducting a service. Due to sensitivity of data restricted database. IP address Pseudonymization (tokenized) Integer Only reason for using tokens for IP address is if it is important to track changes of IP address. Location Anonymize (obfuscate) Integer GPS based location can obfuscated to a level that exact location is not found. This is done by removing the lower digits of the coordinates. How the personal data should be processed
Source: Gartner Encryption Options and Access Controls
Source: https://www.dativa.com/data-science-gdpr-pseudonymization-data-pipeline/ • All private or sensitive data must be kept in a restricted database with separate login access. • The rest of the data can be stored in an unrestricted database. • The separation enables accountability, as only individuals with restricted access and proper training in handing personal data may work with such data. • The data in the unrestricted database will have undergone anonymization or pseudonymization and thus cannot be correlated with personal identifiers. • The data in the unrestricted database may also be persistent and need not be forgotten. • It is enough to remove it from the restricted database, where personal identifiers can be correlated with other data. Database Handling
The pseudonymization framework gives a means to continue collecting personal data in compliance to GDPR without having to drop confidential data that can enable continued data science within the organization. The goal of the framework is to provide: • A better understanding of what confidential data is and when to apply anonymization or pseudonymization • Strategies for handling consent • Routines for handling personal data in compliance with GDPR • Strategies for accountable sharing of data with partners • Data that remains valuable to data science analysis Source: https://www.dativa.com/data-science-gdpr-pseudonymization-data-pipeline/ Summary
For more information about this presentation, contact: David Morris at: David.Morris@Morriscybersecurity.com

Recommended

Tokenization vs encryption vs masking
Tokenization vs encryption vs maskingTokenization vs encryption vs masking
Tokenization vs encryption vs maskingUlf Mattsson
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCUlf Mattsson
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data securityUlf Mattsson
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
SECURE SENSITIVE DATA SHARING ON BIG DATA PLATFORM
SECURE SENSITIVE DATA SHARING ON BIG DATA PLATFORMSECURE SENSITIVE DATA SHARING ON BIG DATA PLATFORM
SECURE SENSITIVE DATA SHARING ON BIG DATA PLATFORMAM Publications
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
Enterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesEnterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesUlf Mattsson
 

Recommended

Tokenization vs encryption vs masking
Tokenization vs encryption vs maskingTokenization vs encryption vs masking
Tokenization vs encryption vs maskingUlf Mattsson
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCUlf Mattsson
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data securityUlf Mattsson
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
SECURE SENSITIVE DATA SHARING ON BIG DATA PLATFORM
SECURE SENSITIVE DATA SHARING ON BIG DATA PLATFORMSECURE SENSITIVE DATA SHARING ON BIG DATA PLATFORM
SECURE SENSITIVE DATA SHARING ON BIG DATA PLATFORMAM Publications
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
Enterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesEnterprise Data Protection - Understanding Your Options and Strategies
Enterprise Data Protection - Understanding Your Options and StrategiesUlf Mattsson
 
M privacy for collaborative data publishing
M privacy for collaborative data publishingM privacy for collaborative data publishing
M privacy for collaborative data publishingLeMeniz Infotech
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
2019 cou kolokotronis_nicholas - nicholas kolokotronis
2019 cou kolokotronis_nicholas - nicholas kolokotronis2019 cou kolokotronis_nicholas - nicholas kolokotronis
2019 cou kolokotronis_nicholas - nicholas kolokotronisLiza Charalambous
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudMITRE ATT&CK
 
PCI Compliance Evolved
PCI Compliance EvolvedPCI Compliance Evolved
PCI Compliance EvolvedSafeNet
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...IOSR Journals
 
Hadoop and Big Data Security
Hadoop and Big Data SecurityHadoop and Big Data Security
Hadoop and Big Data SecurityChicago Hadoop Users Group
 
Wireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionWireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionDidar Hussain
 
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionUlf Mattsson
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
 
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th..."Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...PROIDEA
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceUlf Mattsson
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
 
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression TechniquesIRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression TechniquesIRJET Journal
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.Liviu Claudiu Cismaru
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017isc2-hellenic
 

More Related Content

What's hot

M privacy for collaborative data publishing
M privacy for collaborative data publishingM privacy for collaborative data publishing
M privacy for collaborative data publishingLeMeniz Infotech
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
2019 cou kolokotronis_nicholas - nicholas kolokotronis
2019 cou kolokotronis_nicholas - nicholas kolokotronis2019 cou kolokotronis_nicholas - nicholas kolokotronis
2019 cou kolokotronis_nicholas - nicholas kolokotronisLiza Charalambous
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudMITRE ATT&CK
 
PCI Compliance Evolved
PCI Compliance EvolvedPCI Compliance Evolved
PCI Compliance EvolvedSafeNet
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...IOSR Journals
 
Wireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionWireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionDidar Hussain
 
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionUlf Mattsson
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
 
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th..."Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...PROIDEA
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceUlf Mattsson
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
 
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression TechniquesIRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression TechniquesIRJET Journal
 

What's hot (20)

M privacy for collaborative data publishing
M privacy for collaborative data publishingM privacy for collaborative data publishing
M privacy for collaborative data publishing
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
 
2019 cou kolokotronis_nicholas - nicholas kolokotronis
2019 cou kolokotronis_nicholas - nicholas kolokotronis2019 cou kolokotronis_nicholas - nicholas kolokotronis
2019 cou kolokotronis_nicholas - nicholas kolokotronis
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
 
PCI Compliance Evolved
PCI Compliance EvolvedPCI Compliance Evolved
PCI Compliance Evolved
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
 
Hadoop and Big Data Security
Hadoop and Big Data SecurityHadoop and Big Data Security
Hadoop and Big Data Security
 
Wireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionWireless Networks Encryption and Decryption
Wireless Networks Encryption and Decryption
 
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key Management
 
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th..."Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and Compliance
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
 
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression TechniquesIRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
 

Similar to GDPR: Protecting Your Data

GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceMongoDB
 
3rd party considerations gdpr
3rd party considerations gdpr3rd party considerations gdpr
3rd party considerations gdprJoe Orlando
 
3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy Laws3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy LawsJoe Orlando
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
Are You GDPR Ready?
Are You GDPR Ready?Are You GDPR Ready?
Are You GDPR Ready?NICSA
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better CybersecurityShawn Tuma
 
Continuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityContinuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityTokenEx
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
GDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarGDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarSagittarius
 

Similar to GDPR: Protecting Your Data (20)

GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
#CyberSafeLambeth
#CyberSafeLambeth#CyberSafeLambeth
#CyberSafeLambeth
 
Tech Matrix 20080523
Tech Matrix 20080523Tech Matrix 20080523
Tech Matrix 20080523
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR compliance
 
3rd party considerations gdpr
3rd party considerations gdpr3rd party considerations gdpr
3rd party considerations gdpr
 
3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy Laws3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy Laws
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19
 
Are You GDPR Ready?
Are You GDPR Ready?Are You GDPR Ready?
Are You GDPR Ready?
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
 
Continuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityContinuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric Security
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
 
GDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarGDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It Webinar
 

More from Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesUlf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeUlf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 

More from Ulf Mattsson (20)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 

Recently uploaded

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Recently uploaded (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

GDPR: Protecting Your Data

  • 1. GDPR – Protecting Your Data Mark Rasch Chief Legal & Compliance Partner Digital Risk Management Institute David Morris Early Pioneer in Cybersecurity Managing Partner Morris Cybersecurity Martyn Hope Founder, GDPR Institut Ulf Mattsson Head of Innovation at TokenEx
  • 2. The GDPR Institut Helping you resolve YOUR GDPR Challenge & Maximise the GDPR Opportunity www.gdpr.institute Martyn Hope
  • 3. GDPR = Trust ENTERPRISE wide Trust © 2018 - The GDPR Institut - All Rights Reserved
  • 4. Impact Do you control or process personal data about ANY EU Citizens? If so you have to be GDPR compliant by 25th May 2018 or manage the implications of the fines and the reputational damage of any and every Data Breach – including Customers Employees Suppliers © 2018 - The GDPR Institut - All Rights Reserved
  • 5. YOU NEED TO UNDERSTAND THE TYPES OF DATA © 2018 - The GDPR Institut - All Rights Reserved Personal Data A Universe of Data Sensitive Data At Risk Data
  • 7. 1. Data → Seat 10K on Flight BA213 from London Heathrow to Boston Logan 2. Personal Data → Booking Reference XYN62F identifies Passenger Name, Address, Credit Card Details, Phone Number, Passport Number etc 3. Sensitive Data → Passport details include Biometric Data which is classified as Medical Information and thus Sensitive under GDPR 4. @Risk Data → The lead Passenger is travelling as part of a family group including children under 16 years of age which is classified as @Risk Data under GDPR Example of Types of Data
  • 8. And the Data Processor shares it with all their Sub Processors Are you a Data Controller or a Data Processor? Data Controller catches a GDPR Cold Data Controller shares the GDPR Cold with their Data Processors © 2018 - The GDPR Institut - All Rights Reserved
  • 9. You will have a Data Breach © 2018 - The GDPR Institut - All Rights Reserved
  • 11. Data Security Requirements • Security is designed around protecting the privacy and processing of data • Ensure Confidentiality, Availability, Integrity and Resilience • No specific technology required, no specific level of security required • References state of the art, risk, and nature of information • Also looks at auditability and ability to demonstrate compliance
  • 12. Data Covered • Personal data is broader than just name, etc. • Anything that can identify a specific individual • Including MAC/IP address (inc.dynamic), RFID tags, etc. (Breyer) • Assume any per-user record may be personal data • ePrivacy Regulation covers all data relating to communications • Headers, content, location… • Even when it’s not personal data... If it can identify a specific person
  • 13. GDPR Article 13(2) • Each Member State shall provide that the provisions adopted under national law in implementation of Articles 21 and 22 of Framework Decision 2008/977/JHA regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive.
  • 14. GDPR Article 29 - Security • Implement measures designed to: • (a) deny unauthorized persons access to processing equipment used for processing (‘equipment access control’); • (b) prevent the unauthorized reading, copying, modification or removal of data media (‘data media control’); • (c) prevent the unauthorized input of personal data and the unauthorized inspection, modification or deletion of stored personal data (‘storage control’); • (d) prevent the use of automated processing systems by unauthorized persons using data communication equipment (‘user control’); • (e) ensure that persons authorized to use an automated processing system have access only to the personal data covered by their access authorization (‘data access control’); • (f) ensure that it is possible to verify and establish the bodies to which personal data have been or may be transmitted or made available using data communication equipment (‘communication control’); • (g) ensure that it is subsequently possible to verify and establish which personal data have been input into automated processing systems and when and by whom the personal data were input (‘input control’); • (h) prevent the unauthorized reading, copying, modification or deletion of personal data during transfers of personal data or during transportation of data media (‘transport control’); • (i) ensure that installed systems may, in the case of interruption, be restored (‘recovery’); • (j) ensure that the functions of the system perform, that the appearance of faults in the functions is reported (‘reliability’) and that stored personal data cannot be corrupted by means of a malfunctioning of the system (‘integrity’).
  • 15. GDRP Security – Article 32 • Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymization and encryption of personal data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
  • 16. GDRP Security – Article 32 (cont’d) • In assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. • Adherence to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element by which to demonstrate compliance with the requirements set out in paragraph 1 of this Article. • The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law.
  • 17. Code of Conduct • fair and transparent processing; • the legitimate interests pursued by controllers in specific contexts; • the collection of personal data; • the pseudonymization of personal data; • the information provided to the public and to data subjects; • the exercise of the rights of data subjects; • the information provided to, and the protection of, children, and the manner in which the consent of the holders of parental responsibility over children is to be obtained; • the measures and procedures referred to in Articles 24 and 25 and the measures to ensure security of processing referred to in Article 32; • the notification of personal data breaches to supervisory authorities and the communication of such personal data breaches to data subjects; • the transfer of personal data to third countries or international organizations; or • out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to Articles 77 and 79.
  • 18. Technologies to Protect Data Subjects Personal Data Ulf Mattsson
  • 19. Source: https://www.dativa.com/data-science-gdpr-pseudonymization-data-pipeline/ GDPR has an extensive list of rules for handling data, but we can summarize them into 5 different areas: 1.Legitimate interest: You must have a valid reason to collect and store the confidential data. 2.Consent: To use certain types of personal data about an individual for commercial or marketing purposes, you must first obtain the individual's permission. 3.The right to be forgotten: An individual may revoke access to their personal data, and you must remove it. You must also correct errors in personal data upon the individual's request. 4.Anonymization/pseudonymization: Personal data must either be anonymized or go through pseudonymization when stored. This ensures that confidential data is not accessed inappropriately (more details in the next section of the article). 5.Sharing externally: If you obtain consent to share personal data with external parties, you must be able to revoke the parties' access to these data. This includes the obligation to ensure that the data is erased from the data warehouses of the partners. GDPR rules for handling personal data
  • 20. Source: https://www.dativa.com/data-science-gdpr-pseudonymization-data-pipeline/ • Anonymization is a radical step for dealing with confidential data, as it removes any ability to correlate personal identifiers with other data. • For example, if an ID is converted to a random string of numbers, to be anonymized, the string cannot remain the same over time. • It should change according to the time the user was active. • If it stays the same, showing just one data point about the individual is enough to re-identify them and their associated data. • In pseudonymization, another attribute is created to link personal identifiers to the anonymized identifiers such that data can be de-anonymized later. • There are three areas. to consider the first describes essential points to consider when deciding how to handle user consent. • The second area covers database setup and the third gives guidance in processing confidential data. Anonymization or Pseudonymization of Personal Data
  • 21. • Based on consent and rules for handling personal data a data gateway filters and splits raw data. • The following rules can be applied. Handling Personal Data Rule GDPR compliance Action Anonymize (hash) Full The data is anonymized using hash technique and makes data entry non-reversible. To make the hash unique datetime is used as input. The uniqueness can be set on a second, day or year level. Setting hash unique on a year level allows to track general user behavior but without revealing identity. Anonymize (obfuscate) Full The data is obfuscated but unlike hashing the data, some data is kept. For example, GPS location, some of the lower digits in the coordinate are removed. Pseudonymization (tokenize) Conditional if it is part of running a business The data is tokenized, and a separate lookup file is created with the original entry and the token. The separate file must be managed with more security and stored in a restricted database. As when anonymizing the datetime is used as input set the uniqueness of the data over time. Encrypt Conditional if part of getting consent The data does not need to have a table lookup but has a conditional access the data is stored separately with a key. The key is used when performing SQL queries joining the datasets.
  • 22. Handling Personal Data Data Entry Action Type Recommendation ID Anonymize (hash) String Take approach if there is no intention to have subscription-based services. The ID shall be completely anonymized. ID Pseudonymization (tokenized) Integer If a subscription is used, then tokenize the ID. Allows flexibility if at any point subscriber is removed from the system without affecting the unrestricted database. Name Encrypt Same options as ID but can be stored separately and use ID as the main key. E-mail Encrypt Same options as ID but can be stored separately and use ID as the main key. Physical address Encrypt Same options as ID but can be stored separately and use ID as the main key. IP address Anonymize (obfuscate) String IP address can be converted into a physical address but keeping only city and country and zip code. IP address Encrypt Consider adding consent to keep the IP address. Information can give valuable insights that the end-user will appreciate. Another reason for keeping information is if it’s part of conducting a service. Due to sensitivity of data restricted database. IP address Pseudonymization (tokenized) Integer Only reason for using tokens for IP address is if it is important to track changes of IP address. Location Anonymize (obfuscate) Integer GPS based location can obfuscated to a level that exact location is not found. This is done by removing the lower digits of the coordinates. How the personal data should be processed
  • 23. Source: Gartner Encryption Options and Access Controls
  • 24. Source: https://www.dativa.com/data-science-gdpr-pseudonymization-data-pipeline/ • All private or sensitive data must be kept in a restricted database with separate login access. • The rest of the data can be stored in an unrestricted database. • The separation enables accountability, as only individuals with restricted access and proper training in handing personal data may work with such data. • The data in the unrestricted database will have undergone anonymization or pseudonymization and thus cannot be correlated with personal identifiers. • The data in the unrestricted database may also be persistent and need not be forgotten. • It is enough to remove it from the restricted database, where personal identifiers can be correlated with other data. Database Handling
  • 25. The pseudonymization framework gives a means to continue collecting personal data in compliance to GDPR without having to drop confidential data that can enable continued data science within the organization. The goal of the framework is to provide: • A better understanding of what confidential data is and when to apply anonymization or pseudonymization • Strategies for handling consent • Routines for handling personal data in compliance with GDPR • Strategies for accountable sharing of data with partners • Data that remains valuable to data science analysis Source: https://www.dativa.com/data-science-gdpr-pseudonymization-data-pipeline/ Summary
  • 26. For more information about this presentation, contact: David Morris at: David.Morris@Morriscybersecurity.com

Editor's Notes

  1. Blockchain will impact all industries, and its effect will be felt most in industry-specific processes. Technology strategic planners seeking to grow business in the blockchain market must understand the implications in each industry and craft a strategy that befits the impact.