Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Plunet Summit 2018: Plunet’s approach to the new data regulation of the EU (GDPR)

36 Aufrufe

Veröffentlicht am

The new data regulation comes into force on May 25, 2018. While many companies fear the heavy fines they could face by ignoring the new rules, they still feel uncertain about the correct application of the GDPR (General Data Protection Regulation).

Plunet’s Head of Operations, Sufian Reiter, will provide you his insights about the regulation’s main principles and point out Plunet’s interpretation as well as implementation of it in an exclusive Summit session.

Veröffentlicht in: Internet
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Plunet Summit 2018: Plunet’s approach to the new data regulation of the EU (GDPR)

  1. 1. Disclaimer • Self-Help: By attending this meeting, a property of Plunet, [hereinafter “Plunet”, “us”, “we”] you acknowledge, understand, and agree that Plunet is not a law firm, not providing legal services to you, and is not acting as your legal counsel. Plunet only provides self-help information and slides you may use to navigate through the GDPR jungle • No Legal Advice: We cannot and do not offer opinions, recommendations, or advice regarding your legal rights, obligations, and remedies; nor do we apply the law to the facts of your particular case or dispute. • No Attorney-Client Relationship: We are not offering or agreeing to represent you in any legal matter. Accessing or reviewing self-help information provided through Plunet does not create an (1) attorney-client relationship or (2) attorney-client privilege between you and us. We do maintain a privacy policy, but you should not interpret anything in that policy as establishing attorney-client confidentiality between the parties. • Not a Substitute for an Attorney: The presentation provided by Plunet is not a substitute for an attorney’s advice or services. If you need legal advice for a particular problem or your issues are confusing or complicated, you should consult with a licensed attorney in your area. • References to Law Are Not Jurisdiction-Specific: This presentation content discussing general legal principles, laws, and procedures. • Examples Are Only Examples: If an example of a legal matter is portrayed during this presentation, please note that the result described is dependent on the facts of that specific example and the results will differ if based on different facts. • No Guarantee of Accuracy or Completeness: Plunet cannot and does not guarantee that all information provided through the website or podcast is accurate, complete, or up-to-date. Laws, regulations, rules, procedures, and case decisions are subject to revision, interpretation, or even nullification by courts and legislative bodies at any time. The information we provide may not reflect the most current version of these materials. Do not rely on any information provided through Plunet without first doing your own research and investigation. • No Liability: You agree to use the information provided through this presentation at your own risk. Plunet is not responsible for any injury, loss, or damage, under any tort or contract theory, related to your use of this website, our podcast, or the content provided herein. IN SHORT Interpretation only — no legal advice
  2. 2. »No, seriously — I can’t tell you my name until You tell mewatcha gonna dowith that data«
  3. 3. • In force as of May 25, 2018 (wait … that’s eight hours from now) • Fines for companies of 2% (or EUR 10m) or 4% (or EUR 20m) of their worldwide turnover, respectively Quick summary for smokers and people who were planning to take a nap
  4. 4. • The new law will follow the principle of prohibition with the reservation of permission • The handling of personal data is generally forbidden, unless there is a legal provision or the OK from the person concerned Quick summary for smokers and people who were planning to take a nap
  5. 5. What is considered personal data? Name Address Localization Health information Income Cultural profile Online identifier Including IP addresses!
  6. 6. MANUAL POLL Has your company already prepared for GDPR? PLEASE RAISE YOUR HAND
  7. 7. Let’s dig a little deeper!
  8. 8. Individual rights of EU citizens
  9. 9. • New entries to Plunet must receive notice that their data is being processed • We implemented a new template that is sent automatically when a new contact is created • New field added for all contacts: »Source of contact« as proof and a way to log the notice e-mail • New field »Promotion« (Yes/No) for all contacts Plunet BusinessManager changes in Version 7.3
  10. 10. • Both customers and resources can access the respective portals and review their data • Vendors can also update their information Plunet BusinessManager changes in Version 7.3
  11. 11. A little excursion …
  12. 12. Mario Costeja Gonzaléz
  13. 13. • General database infrastructure • Governmental retention periods • Data protection by default • Keeping reporting data General challenges with the right to erasure
  14. 14. Plunet BusinessManager changes in Version 7.3
  15. 15. These things are on you • If you are planning to use multiple contact options for marketing, you need to create a property to track consent for different communication channels • File handling: You must have proper processes in place to secure personal data in documents (e.g. file deletion after the retention period on the file server)
  16. 16. And there is another little something …
  17. 17. • Internal penetration testing against OWASP Top 10 • Daily external penetration testing against trunk • Vulnerability Scanning, Application Audit incl. OWASP and WASC, Malware Monitoring • Detailed manual whitebox testing for every release candidate Three-Tier Web Penetration Testing
  18. 18. Are there other things to keep in mind?
  19. 19. Privacy policy
  20. 20. Technical security
  21. 21. Assign a DPO
  22. 22. Staff training
  23. 23. A bunch of paperwork
  24. 24. • Contracts: Check liability and data protection provisions in contracts • Contracts for employees • Contractual work for customers • Contracts for third party providers (e.g. software providers) • Set up new processes (e.g. reporting of data breaches, data protection impact assessment) • Review documentation such as: • Procedure directory • Technical and organizational measures • (Data protection impact assessment) A bunch of paperwork
  25. 25. MANUAL POLL How much time has your company already spent on GDPR? PLEASE RAISE YOUR HAND
  26. 26. As for the paperwork … … you might be a little late …
  27. 27. MANUAL POLL How much did you approx. spend in legal fees? PLEASE RAISE YOUR HAND