SlideShare ist ein Scribd-Unternehmen logo

GDPR Part 1: Quick Facts

Als PPTX, PDF herunterladen
Adrian Dumitrescu
Adrian Dumitrescu

Fully understand how GDPR affects the life of millions of EU citizens by having in mind the 10 simple facts exposed by Dr. Karsten Kinast The presentation gives a short glimpse in to the motivation of GDPR, the key changes it brings, and the ongoing compliance on information lifecycle it presumes.

Präsentationen & Vorträge
1 von 19
Meeting EU General Data Protection Regulation (EUGDPR) Adrian DUMITRESCU Q-East Software www.qeast.ro
2 EU GDPR QUICK FACTS #1 Applies to all #2 Widens the definition of personal data #3 Tightens the rules for obtaining valid consent to using personal information #4 Makes the appointment of a DPO mandatory for certain organizations #5 Introduces mandatory PIAs #6 Introduces a common data breach notification requirement #7 Introduces the right to be forgotten #8 Expands liability beyond data controllers #9 Requires privacy by design #10 Introduces the concept of a one-stop shop www.qeast.ro https://www.kuppingercole.com/team/kinast By Dr. Karsten Kinast
3 GDPR KEY CHANGES • Increased Territorial Scope (extra-territorial applicability) • Penalties - Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). • Reduces Consent Related Ambiguities • Enhances Data Subject Rights www.qeast.ro
4 WHY GDPR Introduction www.qeast.ro 2018 • FedEx has stored extremely sensitive customer data on an open Amazon S3 bucket – passports, driving licenses, security IDs, as well as home addresses, postal codes and phone numbers from 2009-2012 – essentially making all the information public 2017 • An open MongoDB-hosted database owned by Ai.Type exposed 577GB of customer data, potentially revealing the information of 31 million users • On 22nd November 2017 it was revealed that Uber failed to disclose a cyberattack that exposed data of 57 million drivers and passengers • In October the final numbers of the last in a series of Yahoo data breaches were made public – 3 billion users existing from 2013 to 2016 were exposed. That one caused the company to be sold to Virgin for a 25% lesser price than initially negotiated • In September 2017, Deloitte suffered an attack which caused the exposure of the firms ‘blue chip’ clients, including usernames, passwords, confidential emails and personal info. The attack went unnoticed for several months • The Equifax attack affected 149 million consumers, revealing their SSN, dates of birth and addresses, including 200,000 credit card numbers, data that could be used to open bank accounts and apply for loans in the owner’s name 2016 • Tesco Bank was forced to froze their operations after 20,000 customers had money stolen from their accounts, with 40,000 compromised in total. 2013 • Target Stores data breach put the credit-card numbers and personal information of millions of people into the hands of cybercriminals 2011 • The first big data breach that affected users all over the world and the largest at the time, 77 million customer records, including a massive amount of credit card number, were stolen from Sony/PSN. The attackers had access to just about every significant piece of data that subscribers store on the system, including passwords, logins, online IDs and even addresses, birth dates and purchase histories. The system was down for over 3 weeks.
5 WHY GDPR Introduction www.qeast.ro Huge financial losses for all the parties involved • Some entities may never recover • Fines for inadequate protection and detection of the breach • Lawsuits and damage compensations that far extend the initial loss Long-term branding and personal affect • A CIO in this position will be in a very bad position • The company is always affected on the long term • People will be reluctant to put their data in this company’s systems, making online services impossible The rollout effect • People react – if enough people react, everybody else follow • Markets react – it always affect entities providing similar services • Suppliers react – you will not get the same sale benefits
6 FROM THE SECURITY PERSPECTIVE ALONE… Introduction www.qeast.ro In the first quarter of 2018 alone, the average Quest customer faced: • 7,739 malware attacks, a year-over-year increase of 151% • 335 of these attacks were hidden using SSL/TLS encryption • There were identified more than 49,800 new attack variants in the first quarter, with • Deep memory scanning technologies identifying 3,500 never- before-seen variants Did you know?
7 PRIVACY AT THE HEART OF GDPR www.qeast.ro
8 PRIVACY AT THE HEART OF GDPR www.qeast.ro A state in which one is not observed or disturbed by other people The state of being free from public attention The ability of an individual of controlling which information is collected, how it is used, by whom and with which objective
9 GDPR MEANS ONGOING COMPLIANCE… www.qeast.ro Who? What? When? How? Where? GDPR means Ongoing Compliance What for?
10 … ON INFORMATION LIFECYCLE www.qeast.ro Principles of data collection Fair and aligned with law With consent Relevant Proportional Type of data Collection Retention Duration, how long? Type of data Security People Process Technology Loss of data The allowance is related to: Specific data Determined goal Notification of changes Process Governance Retention and Security Information Lifecycle Governance of: Access Right to modify Destruction policy Data transfer Applicable laws/rights
11 PRIVACY AT THE CORE OF GDPR www.qeast.ro Identity and/or passport number Date of birth and age Phone numbers (including mobile) Email address/es Physical address Gender, Race and Ethnic origin Photos, voice recordings, video footage (also CCTV) Marital/Relationship status and family relations Criminal record Private correspondence Financial information Membership to organizations/unions Physical and mental health including medical history P I A
12 GDPR MEANS ONGOING COMPLIANCE… www.qeast.ro GDPR means Ongoing Compliance Control Visibility Authentication Data Protection Adaptive Security Automation
13 GDPR GUIDING PRINCIPLES www.qeast.ro • Understand what personal data you process • Know where it is and how it flows in the organisation • Consider privacy at every level • Always think user first • Review your information risk management • Ensure you have appropriate mitigations in place • Don’t forget detection and response planning
14 MAIN ACTIONS THAT SHOULD BE TAKEN IN ORDER TO COMPLY • Prepare for data security breaches • Establish a framework for accountability • Embrace privacy by design • Analyze the legal basis on which you use personal data • Check your privacy notices and policies • Bear in mind the rights of data subjects • Be aware of cross-border data transfers www.qeast.ro
15 GDPR COMPLIANCE ROADMAP Prepare AuthorizationProtect & Secure ReviewManage Data Protection Impact Assessment Obtain prior Authorization from the Supervisory Authority Data Protection Officer Protect all data Data Protection Compliance Review Define the way data is collected and managed www.qeast.ro
16 PROTECT PRIVACY DATA Implement data security requirements • ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing personal data • take preventive, corrective and mitigating action in near real time against vulnerabilities • regularly test, assess and evaluate the effectiveness of security policies Implement backup and data recovery policies • Create a backup policy that clearly identifies roles, responsibilities, schedule, location, formats • Define the differences between backups and archiving data • Include archiving in addition to processes such as data rescue, data reformatting, data conversion, metadata Designate a data protection officer Prepare AuthorizationProtect & Secure ReviewManage www.qeast.ro
DATA PROTECTION IS ABOUT INFORMATION #1 Backup and Continuous Data Protection #2 Information Security www.qeast.ro
SIX AREAS OF INTEREST #1 Collecting, Storing and Processing Personal Data #2 Data Discovery, cataloguing and Classifying #3 Data Protection from Loss or Theft #4 Endpoint and Perimeter Security #5 Identity and Access Management #6 Security and Event Log Management www.qeast.ro
Thank you!

Empfohlen

GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debateDavid Strom
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
S719a
S719aS719a
S719aecommerce
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018Match-Maker Ventures
 

Empfohlen

GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debateDavid Strom
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
S719a
S719aS719a
S719aecommerce
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018Match-Maker Ventures
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Amazon Web Services
 
Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issuesipspat
 
ICANN WhoIs Backgrounder
ICANN WhoIs BackgrounderICANN WhoIs Backgrounder
ICANN WhoIs BackgrounderInternet Law Center
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber securityIT Governance Ltd
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case studyAbhilash vijayan
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Cloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerCloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerIdan Tohami
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
Becoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeBecoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeTrustArc
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the UnexpectedCharles Mok
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Amazon Web Services
 
Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issuesipspat
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber securityIT Governance Ltd
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case studyAbhilash vijayan
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Cloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerCloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerIdan Tohami
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
Becoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeBecoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeTrustArc
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the UnexpectedCharles Mok
 

Was ist angesagt? (20)

Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
 
Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issues
 
ICANN WhoIs Backgrounder
ICANN WhoIs BackgrounderICANN WhoIs Backgrounder
ICANN WhoIs Backgrounder
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber security
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breach
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case study
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Cloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran AdlerCloud Regulations and Security Standards by Ran Adler
Cloud Regulations and Security Standards by Ran Adler
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentation
 
Becoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeBecoming PIPL Compliant In No Time
Becoming PIPL Compliant In No Time
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the Unexpected
 

Ähnlich wie GDPR Part 1: Quick Facts

Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
 
Data protection within development
Data protection within developmentData protection within development
Data protection within developmentowaspsuffolk
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119David Doughty
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better CybersecurityShawn Tuma
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataUlf Mattsson
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...Vsevolod Shabad
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 septRachel Aldighieri
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 

Ähnlich wie GDPR Part 1: Quick Facts (20)

General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
 
Data protection within development
Data protection within developmentData protection within development
Data protection within development
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big data
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of Compliance
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 sept
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 

Mehr von Adrian Dumitrescu

OneIdentity - A Future-Ready Approach to IAM
OneIdentity - A Future-Ready Approach to IAMOneIdentity - A Future-Ready Approach to IAM
OneIdentity - A Future-Ready Approach to IAMAdrian Dumitrescu
 
Smart Analytics for The Big Unknown
Smart Analytics for The Big UnknownSmart Analytics for The Big Unknown
Smart Analytics for The Big UnknownAdrian Dumitrescu
 
Dell Software is Future Ready - no movie
Dell Software is Future Ready - no movieDell Software is Future Ready - no movie
Dell Software is Future Ready - no movieAdrian Dumitrescu
 
Dell software - Excellence for IT-Enabled Enterprises
Dell software - Excellence for IT-Enabled EnterprisesDell software - Excellence for IT-Enabled Enterprises
Dell software - Excellence for IT-Enabled EnterprisesAdrian Dumitrescu
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestAdrian Dumitrescu
 
GDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallGDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallAdrian Dumitrescu
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestAdrian Dumitrescu
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 

Mehr von Adrian Dumitrescu (8)

OneIdentity - A Future-Ready Approach to IAM
OneIdentity - A Future-Ready Approach to IAMOneIdentity - A Future-Ready Approach to IAM
OneIdentity - A Future-Ready Approach to IAM
 
Smart Analytics for The Big Unknown
Smart Analytics for The Big UnknownSmart Analytics for The Big Unknown
Smart Analytics for The Big Unknown
 
Dell Software is Future Ready - no movie
Dell Software is Future Ready - no movieDell Software is Future Ready - no movie
Dell Software is Future Ready - no movie
 
Dell software - Excellence for IT-Enabled Enterprises
Dell software - Excellence for IT-Enabled EnterprisesDell software - Excellence for IT-Enabled Enterprises
Dell software - Excellence for IT-Enabled Enterprises
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & Cyberquest
 
GDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallGDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWall
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical Quest
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 

Kürzlich hochgeladen

Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 

Kürzlich hochgeladen (20)

Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 

GDPR Part 1: Quick Facts

  • 1. Meeting EU General Data Protection Regulation (EUGDPR) Adrian DUMITRESCU Q-East Software www.qeast.ro
  • 2. 2 EU GDPR QUICK FACTS #1 Applies to all #2 Widens the definition of personal data #3 Tightens the rules for obtaining valid consent to using personal information #4 Makes the appointment of a DPO mandatory for certain organizations #5 Introduces mandatory PIAs #6 Introduces a common data breach notification requirement #7 Introduces the right to be forgotten #8 Expands liability beyond data controllers #9 Requires privacy by design #10 Introduces the concept of a one-stop shop www.qeast.ro https://www.kuppingercole.com/team/kinast By Dr. Karsten Kinast
  • 3. 3 GDPR KEY CHANGES • Increased Territorial Scope (extra-territorial applicability) • Penalties - Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). • Reduces Consent Related Ambiguities • Enhances Data Subject Rights www.qeast.ro
  • 4. 4 WHY GDPR Introduction www.qeast.ro 2018 • FedEx has stored extremely sensitive customer data on an open Amazon S3 bucket – passports, driving licenses, security IDs, as well as home addresses, postal codes and phone numbers from 2009-2012 – essentially making all the information public 2017 • An open MongoDB-hosted database owned by Ai.Type exposed 577GB of customer data, potentially revealing the information of 31 million users • On 22nd November 2017 it was revealed that Uber failed to disclose a cyberattack that exposed data of 57 million drivers and passengers • In October the final numbers of the last in a series of Yahoo data breaches were made public – 3 billion users existing from 2013 to 2016 were exposed. That one caused the company to be sold to Virgin for a 25% lesser price than initially negotiated • In September 2017, Deloitte suffered an attack which caused the exposure of the firms ‘blue chip’ clients, including usernames, passwords, confidential emails and personal info. The attack went unnoticed for several months • The Equifax attack affected 149 million consumers, revealing their SSN, dates of birth and addresses, including 200,000 credit card numbers, data that could be used to open bank accounts and apply for loans in the owner’s name 2016 • Tesco Bank was forced to froze their operations after 20,000 customers had money stolen from their accounts, with 40,000 compromised in total. 2013 • Target Stores data breach put the credit-card numbers and personal information of millions of people into the hands of cybercriminals 2011 • The first big data breach that affected users all over the world and the largest at the time, 77 million customer records, including a massive amount of credit card number, were stolen from Sony/PSN. The attackers had access to just about every significant piece of data that subscribers store on the system, including passwords, logins, online IDs and even addresses, birth dates and purchase histories. The system was down for over 3 weeks.
  • 5. 5 WHY GDPR Introduction www.qeast.ro Huge financial losses for all the parties involved • Some entities may never recover • Fines for inadequate protection and detection of the breach • Lawsuits and damage compensations that far extend the initial loss Long-term branding and personal affect • A CIO in this position will be in a very bad position • The company is always affected on the long term • People will be reluctant to put their data in this company’s systems, making online services impossible The rollout effect • People react – if enough people react, everybody else follow • Markets react – it always affect entities providing similar services • Suppliers react – you will not get the same sale benefits
  • 6. 6 FROM THE SECURITY PERSPECTIVE ALONE… Introduction www.qeast.ro In the first quarter of 2018 alone, the average Quest customer faced: • 7,739 malware attacks, a year-over-year increase of 151% • 335 of these attacks were hidden using SSL/TLS encryption • There were identified more than 49,800 new attack variants in the first quarter, with • Deep memory scanning technologies identifying 3,500 never- before-seen variants Did you know?
  • 7. 7 PRIVACY AT THE HEART OF GDPR www.qeast.ro
  • 8. 8 PRIVACY AT THE HEART OF GDPR www.qeast.ro A state in which one is not observed or disturbed by other people The state of being free from public attention The ability of an individual of controlling which information is collected, how it is used, by whom and with which objective
  • 9. 9 GDPR MEANS ONGOING COMPLIANCE… www.qeast.ro Who? What? When? How? Where? GDPR means Ongoing Compliance What for?
  • 10. 10 … ON INFORMATION LIFECYCLE www.qeast.ro Principles of data collection Fair and aligned with law With consent Relevant Proportional Type of data Collection Retention Duration, how long? Type of data Security People Process Technology Loss of data The allowance is related to: Specific data Determined goal Notification of changes Process Governance Retention and Security Information Lifecycle Governance of: Access Right to modify Destruction policy Data transfer Applicable laws/rights
  • 11. 11 PRIVACY AT THE CORE OF GDPR www.qeast.ro Identity and/or passport number Date of birth and age Phone numbers (including mobile) Email address/es Physical address Gender, Race and Ethnic origin Photos, voice recordings, video footage (also CCTV) Marital/Relationship status and family relations Criminal record Private correspondence Financial information Membership to organizations/unions Physical and mental health including medical history P I A
  • 12. 12 GDPR MEANS ONGOING COMPLIANCE… www.qeast.ro GDPR means Ongoing Compliance Control Visibility Authentication Data Protection Adaptive Security Automation
  • 13. 13 GDPR GUIDING PRINCIPLES www.qeast.ro • Understand what personal data you process • Know where it is and how it flows in the organisation • Consider privacy at every level • Always think user first • Review your information risk management • Ensure you have appropriate mitigations in place • Don’t forget detection and response planning
  • 14. 14 MAIN ACTIONS THAT SHOULD BE TAKEN IN ORDER TO COMPLY • Prepare for data security breaches • Establish a framework for accountability • Embrace privacy by design • Analyze the legal basis on which you use personal data • Check your privacy notices and policies • Bear in mind the rights of data subjects • Be aware of cross-border data transfers www.qeast.ro
  • 15. 15 GDPR COMPLIANCE ROADMAP Prepare AuthorizationProtect & Secure ReviewManage Data Protection Impact Assessment Obtain prior Authorization from the Supervisory Authority Data Protection Officer Protect all data Data Protection Compliance Review Define the way data is collected and managed www.qeast.ro
  • 16. 16 PROTECT PRIVACY DATA Implement data security requirements • ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing personal data • take preventive, corrective and mitigating action in near real time against vulnerabilities • regularly test, assess and evaluate the effectiveness of security policies Implement backup and data recovery policies • Create a backup policy that clearly identifies roles, responsibilities, schedule, location, formats • Define the differences between backups and archiving data • Include archiving in addition to processes such as data rescue, data reformatting, data conversion, metadata Designate a data protection officer Prepare AuthorizationProtect & Secure ReviewManage www.qeast.ro
  • 17. DATA PROTECTION IS ABOUT INFORMATION #1 Backup and Continuous Data Protection #2 Information Security www.qeast.ro
  • 18. SIX AREAS OF INTEREST #1 Collecting, Storing and Processing Personal Data #2 Data Discovery, cataloguing and Classifying #3 Data Protection from Loss or Theft #4 Endpoint and Perimeter Security #5 Identity and Access Management #6 Security and Event Log Management www.qeast.ro

Hinweis der Redaktion

  1. GDPR applies to all The GDPR applies to all companies worldwide that process personal data of European Union (EU) citizens. This means that any company that works with information relating to EU citizens will have to comply with the requirements of the GDPR, making it the first global data protection law. 2. The GDPR widens the definition of personal data While the definition of personal data has always been fairly wide, the GDPR broadens it even further, bringing new kinds of personal data under regulation. The GDPR considers any data that can be used to identify an individual as personal data. It includes, for the first time, things such as genetic, mental, cultural, economic or social information. 3. The GDPR tightens the rules for obtaining valid consent to using personal information Having the ability to prove valid consent for using personal information is likely to be one of the biggest challenges presented by the GDPR. The GDPR requires all organizations collecting personal data to be able to prove clear and affirmative consent to process that data 4. The GDPR makes the appointment of a DPO mandatory for certain organizations According to a study by the International Association of Privacy Professionals (IAPP), this requirement means that, in Europe alone, 28,000 DPOs needs to be appointed. Therefore, any business that depends on processing personal information will have to appoint a DPO, who will be an extension of the data protection authority to ensure personal data processes, activities and systems conform to the law by design. 5. The GDPR introduces mandatory PIAs The inclusion of mandatory privacy impact assessments (PIAs) in the GDPR is mainly due to the influence of the UK’s Information Commissioner’s Office, which has worked a lot with PIAs in the past. The GDPR requires data controllers to conduct PIAs where privacy breach risks are high to minimize risks to data subjects. This means before organizations can even begin projects involving personal information, they will have to conduct a privacy risk assessment and work with the DPO to ensure they are in compliance as projects progress. 6. The GDPR introduces a common data breach notification requirement The regulation requires organizations to notify the local data protection authority of a data breach within 72 hours of discovering it. This means organizations need to ensure they have the technologies and processes in place that will enable them to detect and respond to a data breach 7. The GDPR introduces the right to be forgotten One of these is the data minimization principle that requires organizations not to hold data for any longer than absolutely necessary, and not to change the use of the data from the purpose for which it was originally collected, while – at the same time – they must delete any data at the request of the data subject. It also means organizations have ensure they have the processes and technologies in place to delete data in response to requests from data subjects. 8. The GDPR expands liability beyond data controllers In the past, only data controllers were considered responsible for data processing activities, but the GDPR extends liability to all organizations that touch personal data. 9. The GDPR requires privacy by design This means that software, systems and processes must consider compliance with the principles of data protection. However, the proper erasure of information, for example, is not something often seen in software. But in the future, all software will be required to be capable of completely erasing data, which will be a challenge for a lot of software engineers 10. The GDPR introduces the concept of a one-stop shop In the past, Ireland has been popular with large US corporations, such as Google, because of the country’s relatively permissive data protection authority. However, that all disappears with the GDPR, which allows any European data protection authority to take action against organisations, regardless of where in the world the company is based
  2. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU
  3. Privacy Impact Assessment
  4. Instead of 28 interpretations of the Directive Protection… One harmonized Data Protection LAW for all of the EU state members
  5. Data Protection covers two major areas: #1 – Ensuring information exists and is always actual within systems and applications, which is done via data backup and replication In other words, data backup and replication technologies ensure that PEOPLE will always be able to use and exchange most recent corporate INFORMATION in their day-to-day job activities #2 - Ensuring information is safe and secure In other words, access control technologies ensure that INFORMATION will be accessed, changed and shared only by the RIGHT people, at the RIGHT time and by using the RIGHT tools so that corporate intellectual property is safe from theft or loss, and the information management tools used are working without downtime
  6. Data Protection covers two major areas: #1 – Ensuring information exists and is always actual within systems and applications, which is done via data backup and replication In other words, data backup and replication technologies ensure that PEOPLE will always be able to use and exchange most recent corporate INFORMATION in their day-to-day job activities #2 - Ensuring information is safe and secure In other words, security technologies ensure that INFORMATION will be accessed, changed and shared only by the RIGHT people, at the RIGHT time and by using the RIGHT tools so that corporate intellectual property is safe from theft or loss, and the information management tools used are working without downtime