SlideShare ist ein Scribd-Unternehmen logo

GDPR SECURITY ISSUES

‱Als PPTX, PDF herunterladen‱
‱
S
Sylvain Martinez

A presentation given by Dr Kaleem Usmani from the MAURITIUS CERT on GDPR from the information security perspective

Technologie
1 von 9
GDPR from the Information Security Perspective Dr. Kaleem Usmani kaleem.usmani@gmail.com kusmani@cert.ncb.mu (Alternate)
Personal Data Protection ‱ Personal data protection plays an important role in the digital era. The right to privacy is expressly provided in Sections 3 and 9 of the Constitution of Mauritius and Article 22 of the Mauritian Civil Code. ‱ Mauritius enacted the Data Protection Act in 2004. In light of the digital evolution in Mauritius, the Data Protection Act has been replaced by the new Data Protection Act 2017 which came into force on 15 January 2018. ‱ The Act aims at strengthening the control and personal autonomy of data subjects over their personal data and for matters related thereto. It seeks to bring Mauritius data protection framework into line with the General Data Protection Regulation (Regulation (EU) 2016/679). 2
Why GDPR ? ‱ The GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. ‱ It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. ‱ The GDPR also regulates the exportation of personal data outside the EU. 3
GDPR Impact on Organisations ‱ It will have an impact on any organisation that processes personal data. ‱ Breaches will apply to firms that do not have adequate customer consent for processing their personal data or violate the principle of the privacy- by-design concepts and model. ‱ It is important to note that both data controllers and processors are subject to the rules, especially if they fail to either carry out a privacy impact assessment or notify the concerned authority about a breach. 4
Characteristics of GDPR 1.Scope: GDPR defines how EU citizens’ data must be handled by countries inside and outside the EU. 2.Consent: GDPR has changed and reinforced the conditions of consent in that it expects clear, plain language consent from data subjects in an easy, accessible and intelligible form. 3.Fines and Penalties: GDPR sanctions substantial fines of up to €20m or four percent of annual revenue whichever is greater. 5
Characteristics of GDPR ( Contd.) 4.Privacy by Design Processes will need to be amended to consider privacy by design whereby the controller must apply adequate technical and organisational procedures to fulfill the requirements of GDPR and protect the rights of individuals (data subjects) 5.Data Portability Personally identifiable data must be portable by open use of common file formats that are machine-readable when the data subject receives them. 6.Right to Access GDPR provides the right to data subjects to request the data controller to confirm whether their personally identifiable data is being processed, where, and for what purpose. In addition to this, the data controller must provide a free electronic copy of any personally identifiable data. 6
Characteristics of GDPR ( Contd.) 7.Right to be Forgotten The data subject is entitled to request that the data controller permanently or on-demand delete his/her personally identifiable data, cease further distribution of the data, and demand third parties halt processing of the data. 8.Breach Notification As a data breach is likely to result in a risk to the rights and freedoms of individuals, GDPR requires a mandatory breach notification to be submitted to the relevant authority within 72 hours of the organisation first becoming aware of the breach. 9.Data Protection Officer (DPO) It will be mandatory for data controllers and processors to appoint a DPO 7
Sum-up ‱ IT Governance will be impacted by the requirements of the GDPR and will bring benefits as well. ‱ The regulations will encourage organisations to have a more secure data management approach in place. ‱ GDPR introduces several privacy arrangements and control mechanisms that are intended to safeguard personal identifiable data. ‱ Many of those controls are also recommended by the ISO 27000 series of information security standards including ISO 27001:2013, ISO 27002:2013 as well as the COBIT 5 standards. 8
Thank You 9

Empfohlen

Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2
Sylvain Martinez
 
DPA and GDPR
DPA and GDPRDPA and GDPR
DPA and GDPR
SabahtHussein
 
Introduction to gdpr
Introduction to gdprIntroduction to gdpr
Introduction to gdpr
3GDR
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...
IISPEastMids
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
ESET
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?
Faidepro
 
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
MediaPost
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?
David Erdos
 

Empfohlen

Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2
Sylvain Martinez
 
DPA and GDPR
DPA and GDPRDPA and GDPR
DPA and GDPR
SabahtHussein
 
Introduction to gdpr
Introduction to gdprIntroduction to gdpr
Introduction to gdpr
3GDR
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...
IISPEastMids
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
ESET
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?
Faidepro
 
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
MediaPost
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?
David Erdos
 
Dai Davies - GDPR Presentation
Dai Davies - GDPR PresentationDai Davies - GDPR Presentation
Dai Davies - GDPR Presentation
Sagittarius
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
Erica Walker
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
Nordic APIs
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Lauren Isaacs
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
Dean Sappey
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
TrustArc
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
Priyab Satoshi
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance
Tom Haynes
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
Jessvin Thomas
 
The GDPR Armageddon – One year on
The GDPR Armageddon – One year onThe GDPR Armageddon – One year on
The GDPR Armageddon – One year on
Insight Data
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
Tripwire
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPR
Spoon London
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
eHealth Forum
 
EU US Privacy Shield vs. GDPR Infographic from TRUSTe
EU US Privacy Shield vs. GDPR Infographic from TRUSTeEU US Privacy Shield vs. GDPR Infographic from TRUSTe
EU US Privacy Shield vs. GDPR Infographic from TRUSTe
TrustArc
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
Marketing Team at Crown Worldwide Group
 
GDPR Compliance: What You Need to Know Before May 2018
GDPR Compliance: What You Need to Know Before May 2018GDPR Compliance: What You Need to Know Before May 2018
GDPR Compliance: What You Need to Know Before May 2018
Infosec
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64
Alexander Davis
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs
Tech Data
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
EquiGov Institute
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
Craig Clark ITIL, CIS LI,EU GDPR P
 

Weitere Àhnliche Inhalte

Was ist angesagt?

GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
Erica Walker
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
Nordic APIs
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
TrustArc
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
Tripwire
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPR
Spoon London
 

Was ist angesagt? (19)

Dai Davies - GDPR Presentation
Dai Davies - GDPR PresentationDai Davies - GDPR Presentation
Dai Davies - GDPR Presentation
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
 
The GDPR Armageddon – One year on
The GDPR Armageddon – One year onThe GDPR Armageddon – One year on
The GDPR Armageddon – One year on
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPR
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
 
EU US Privacy Shield vs. GDPR Infographic from TRUSTe
EU US Privacy Shield vs. GDPR Infographic from TRUSTeEU US Privacy Shield vs. GDPR Infographic from TRUSTe
EU US Privacy Shield vs. GDPR Infographic from TRUSTe
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
GDPR Compliance: What You Need to Know Before May 2018
GDPR Compliance: What You Need to Know Before May 2018GDPR Compliance: What You Need to Know Before May 2018
GDPR Compliance: What You Need to Know Before May 2018
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs
 

Ähnlich wie GDPR SECURITY ISSUES

A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
Neha Patel
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
Mark Baker
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
Jim Wilson
 
The GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farThe GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so far
PECB
 

Ähnlich wie GDPR SECURITY ISSUES (20)

General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
GDPR
GDPRGDPR
GDPR
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event Professionals
 
All you need to know about GDPR
All you need to know about GDPRAll you need to know about GDPR
All you need to know about GDPR
 
GDPR: Are you Ready?
GDPR: Are you Ready?GDPR: Are you Ready?
GDPR: Are you Ready?
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
 
Fasten Your Belts for #GDPR
Fasten Your Belts for #GDPRFasten Your Belts for #GDPR
Fasten Your Belts for #GDPR
 
Fasten Your Belts for GDPR
Fasten Your Belts for GDPRFasten Your Belts for GDPR
Fasten Your Belts for GDPR
 
Are You Prepared for the GDPR?
Are You Prepared for the GDPR?Are You Prepared for the GDPR?
Are You Prepared for the GDPR?
 
The GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farThe GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so far
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
General data protection regulation - European union
General data protection regulation - European unionGeneral data protection regulation - European union
General data protection regulation - European union
 

Mehr von Sylvain Martinez

Mehr von Sylvain Martinez (20)

PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
INTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHY
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLES
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security Assessment
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
 
OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
 
Risk on Crypto Currencies
Risk on Crypto CurrenciesRisk on Crypto Currencies
Risk on Crypto Currencies
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
INCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONSINCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONS
 

KĂŒrzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel AraĂșjo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

KĂŒrzlich hochgeladen (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

GDPR SECURITY ISSUES

  • 1. GDPR from the Information Security Perspective Dr. Kaleem Usmani kaleem.usmani@gmail.com kusmani@cert.ncb.mu (Alternate)
  • 2. Personal Data Protection ‱ Personal data protection plays an important role in the digital era. The right to privacy is expressly provided in Sections 3 and 9 of the Constitution of Mauritius and Article 22 of the Mauritian Civil Code. ‱ Mauritius enacted the Data Protection Act in 2004. In light of the digital evolution in Mauritius, the Data Protection Act has been replaced by the new Data Protection Act 2017 which came into force on 15 January 2018. ‱ The Act aims at strengthening the control and personal autonomy of data subjects over their personal data and for matters related thereto. It seeks to bring Mauritius data protection framework into line with the General Data Protection Regulation (Regulation (EU) 2016/679). 2
  • 3. Why GDPR ? ‱ The GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. ‱ It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. ‱ The GDPR also regulates the exportation of personal data outside the EU. 3
  • 4. GDPR Impact on Organisations ‱ It will have an impact on any organisation that processes personal data. ‱ Breaches will apply to firms that do not have adequate customer consent for processing their personal data or violate the principle of the privacy- by-design concepts and model. ‱ It is important to note that both data controllers and processors are subject to the rules, especially if they fail to either carry out a privacy impact assessment or notify the concerned authority about a breach. 4
  • 5. Characteristics of GDPR 1.Scope: GDPR defines how EU citizens’ data must be handled by countries inside and outside the EU. 2.Consent: GDPR has changed and reinforced the conditions of consent in that it expects clear, plain language consent from data subjects in an easy, accessible and intelligible form. 3.Fines and Penalties: GDPR sanctions substantial fines of up to €20m or four percent of annual revenue whichever is greater. 5
  • 6. Characteristics of GDPR ( Contd.) 4.Privacy by Design Processes will need to be amended to consider privacy by design whereby the controller must apply adequate technical and organisational procedures to fulfill the requirements of GDPR and protect the rights of individuals (data subjects) 5.Data Portability Personally identifiable data must be portable by open use of common file formats that are machine-readable when the data subject receives them. 6.Right to Access GDPR provides the right to data subjects to request the data controller to confirm whether their personally identifiable data is being processed, where, and for what purpose. In addition to this, the data controller must provide a free electronic copy of any personally identifiable data. 6
  • 7. Characteristics of GDPR ( Contd.) 7.Right to be Forgotten The data subject is entitled to request that the data controller permanently or on-demand delete his/her personally identifiable data, cease further distribution of the data, and demand third parties halt processing of the data. 8.Breach Notification As a data breach is likely to result in a risk to the rights and freedoms of individuals, GDPR requires a mandatory breach notification to be submitted to the relevant authority within 72 hours of the organisation first becoming aware of the breach. 9.Data Protection Officer (DPO) It will be mandatory for data controllers and processors to appoint a DPO 7
  • 8. Sum-up ‱ IT Governance will be impacted by the requirements of the GDPR and will bring benefits as well. ‱ The regulations will encourage organisations to have a more secure data management approach in place. ‱ GDPR introduces several privacy arrangements and control mechanisms that are intended to safeguard personal identifiable data. ‱ Many of those controls are also recommended by the ISO 27000 series of information security standards including ISO 27001:2013, ISO 27002:2013 as well as the COBIT 5 standards. 8