With 2018 being just around the corner, in enterprise-speak, the challenges around compliance with the new EU General Data Protection Regulations must be resolved yesterday. Will two years be enough to get it all done? Do you know everything you need to put together a solid game plan? Have any lingering questions, perhaps specific to your unique situation, which a local law expert can help answer?

1. Gearing Up for EU GDPR
Compliance in the Cloud
1

2. Presenters
2
Jennifer Sand
VP of Product Management,
CloudLock
Russell Miller
Director of Product Marketing,
CloudLock
Andrew Dyson
Partner, DLA Piper

3. Continuing Professional Education (CPE) Credits
Claim your CPE credit for attending this webinar
https://www.isc2.org/
For more information or questions please contact us
info@cloudlock.com
3

4. Agenda
01
02
03
04
What is happening when
What do you need to know?
What do you need to do today?
What do you need to do in the next 2 years?
4
05 Questions

5. EU GDPR Timeline
555
https://www.dlapiper.com/en/uk/focus/eu-data-protection-regulation/background/

6. EU GDPR vs. Privacy Shield
666

7. 777
8 New Provisions
1 No ambiguity. One law across all 28 countries of the EU.
2 The law is global.
3 Increased fines. Up to 4% of global turnover or €20,000,000.
4 Breach notification. Mandatory within 72 hours.
5 New individual rights.
6 Liability extended to data processors as well as data controllers.
7 Information governance through the supply chain.
8 Privacy by design.

8. 888
Who This Applies To
European offices Hold data on EU residents

9. Every Company Uses Cloud Services
999

10. 1010
What You Need to Know
Where
What How

11. 1111
What is Required
Appropriate Security
Measures
Restrict Onward
Transfers
Access/Manipulate
Data

12. Sensitive Data is Out There
12
** CloudLock Cybersecurity Report: The Extended Parameter

13. A New Operating Paradigm
1313
Internal
governance
Transparency
Customer
controls
Incident
management
Audit
Data protection
officer
Disclosure of supply
chain/transfer terms
Minimise level of
data processed
Routine risk
assessments/audits
Formal breach
management
processes
Internal training/
audit & review
Internal register of
processing
Regulate who and
how processed
Manage Offshore
data transfers
Appropriate security
measures
EC Approved “Model
Clauses”
EC approved
Country

14. 141414
Appropriate Security Measures in The Cloud
Automatic
Detection of
Personal
Data
Automated
Action
Employee
Involvement

15. Cloud Vendor Readiness Questions
Add bit.ly
151515
Dedicated Security Team?
Systems subjected to
penetration testing?
Terms for ownership of data?
Share most recent
vulnerability scan
results?
Formal procedure for reporting
a suspected security violation?
Access security of data facilities?
http://bit.ly/cloud-questions
What is security policy?

16. 161616
What You Need to Do - Today
Tomorrow’s Task:
5
MAY
1 Document where
and who process
data
2 Audit and Prioritize
Cloud Vendors
3 Consider
technology at hand

17. 171717

18. Do you comply?
bit.ly/cloudlock-assessment
Come See Us At:
7-9 June
Olympia, London
Booth D202

19. Thank You
Questions & Answers
www.cloudlock.com info@cloudlock.com 781.996.4332
21