SlideShare ist ein Scribd-Unternehmen logo

Understanding GDPR: Myths & Reality of Compliance

Veridium
Veridium

Confused by the new GDPR regulation? We break it down in this webinar from June 22nd, 2017, and explain how these new regulations will affect your business and how you can achieve compliance. We also explore how biometrics fit into the picture.

Technologie
1 von 29
Downloaden Sie, um offline zu lesen
©Veridium IP, Ltd. All Rights Reserved Understanding GDPR Myths & Reality of Compliance
BEFORE WE BEGIN Attendees have been muted You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session ©Veridium IP, Ltd. All Rights Reserved
Nick Eckert Co-Founder GDPR365 • Proven entrepreneur with 2 successful exits and over 20 years experience in Internet technology • Committed to simplifying GDPR compliance for small to mid-sized companies • Founder and CEO of GraphicMail and co- founder of All-Hotels.com ©Veridium IP, Ltd. All Rights Reserved BEFORE WE BEGIN
James Stickland Chief Executive Officer Veridium • Seasoned veteran with over seven years in the fintech industry • Drives business strategy, revenue, and investment growth at Veridium. • Previously Directory of Innovation and Investments at HSBC, and Non-Executive Directory at the fintech startup Red Deer ©Veridium IP, Ltd. All Rights Reserved BEFORE WE BEGIN
• What is the GDPR and what does it mean for businesses • How to achieve compliance • The role technology plays in compliance • How biometrics can help companies achieve compliance, and how to be compliant with biometric data AGENDA
A single set of rules on data protection valid across the European Union Includes: • Personal data that forms part of a filing system • Processing of personal data wholy or partly by automated means The GDPR is more descriptive than prescriptive. • A regulation not a directive • Enforceable by sanctions • Its goal is to protect individuals • Regulates personal data processing • Defines individual’s rights • Extra-territorial in reach • Makes the organization accountable • Goes into effect 25 May 2018 WHAT IS THE GDPR? ©Veridium IP, Ltd. All Rights Reserved
1. Businesses established in the EU 2. Business outside the EU that offer goods and services to, or monitor, individuals in the EU 3. Fines 1. Effective, proportionate and dissuasive 2. Up to 4% of annual worldwide turnover 4. Authorities can audit, issue warnings, and issue bans on personal data processing 5. Individuals can sue for compensation to recover material and non- material damage 1. Possibility of class action lawsuits Businesses with no presence in the EU that have to comply have to appoint a representative in the EU. 7 WHAT DOES COMPLIANCE MEAN? ©Veridium IP, Ltd. All Rights Reserved
High Risk • Large scale data processing • Regular and systematic monitoring • Transfering data to 3rd parties • Unauthorized or unlawful processing • Accidental loss, destruction, or damage • Sensitive or child data Impact on individuals: Physical or material damage; discrimination, identity theft or fraud; financial loss; damage to reputation; revealing of sensitive details such as political persuasion; or lack of access by individuals’ to their personal data. Risks UNDERSTANDING THE RISKS ©Veridium IP, Ltd. All Rights Reserved
• Right to access their own personal data • Right to rectify inaccurate personal data • Right to challenge automated decision making • Right to object to direct marketing • Right “to be forgotten” • Right to data portability 9 DATA SUBJECTS’ RIGHTS ©Veridium IP, Ltd. All Rights Reserved
PROCESSING IS ONLY LAWFUL IF: • Data subject has given consent • It’s necessary for the performance of a contract or to enter into a contract • It’s a legal obligation to which the controller is subject • It’s to protect vital interests of a person • It’s necessary for public interest or official authority • It’s for the legitimate interests of the controller JOINT LIABILITY BETWEEN CONTROLLERS AND PROCESSORS • Processors must act only on the instructions of controllers LAWFULNESS OF PROCESSING ©Veridium IP, Ltd. All Rights Reserved
• Businesses must comply and be able to demonstrate compliance with the six general principals. 1. Lawfulness, fairness and transparency 2. Purpose limitation 3. Data minimization 4. Accuracy 5. Retention 6. Integrity and confidentiality • If you are carrying out “high risk” processing, you must conduct privacy impact assessments and work with your supervisory authority. 11 ACCOUNTABILITY ©Veridium IP, Ltd. All Rights Reserved
• Implementation of data protection policies • Data protection by design and by default • Record keeping obligations • Cooperation with supervisory authorities • Data protection impact assessments • Prior consultation with data protection authorities in high-risk cases • Mandatory Data Protection Officers in some cases. NEW RESPONSIBILITIES ©Veridium IP, Ltd. All Rights Reserved
• Acceptable and legal • Legal mechanisms must be in place • Access to a datacenter in the EU from a 3rd country counts as a data transfer TRANSFERS OUTSIDE EU ©Veridium IP, Ltd. All Rights Reserved
HOW TO COMPLY
ASSESSMENT GOVERNANCE PROCESS UPDATES DATA PROTECTION BREACH NOTIFICATION STRUCTURED CONTINUOUS APPROACH ©Veridium IP, Ltd. All Rights Reserved
• What personal data do you collect? • Do you have consent? • Do you keep records of processing? • Where physically do you hold the data? • Is the personal data sensitive? • How does it flow through the organization? • Why is it being processed and stored? PERSONAL DATA MAPPING READINESS ASSESSMENT DATA CLASSIFICATION DATA PROTECTION IMPACT ASSESSMENTS PERSONAL DATA ASSESSMENT ©Veridium IP, Ltd. All Rights Reserved
• Have you appointed a DPO or a GDPR lead? • Are your privacy notices and SLAs compliant? • Are your processor contracts and data sharing agreements compliant and up to date? • Do you have an employee training program in place? • Do you have data retention periods defined CONTRACTUAL UPDATES ORGANISATIONAL CONTROLS TECHNICAL CONTROLS UPDATED PRIVACY NOTICES AND SLAs AUDITABILITY / TRACEABILITY OF ACCESS AND DATA FLOWS EMPLOYEE TRAINING GOVERNANCE ©Veridium IP, Ltd. All Rights Reserved
• Are your consent forms freely given, specific and unambiguous? • Do you consider data protection at the outset of any new innovation? • Do you evaluate impact of technology on the rights of individuals and ensure protection? • Do you have a method for individuals to exercise their rights? UPDATED CONSENT FORMS SECURITY BY DESIGN DATA PROTECTION IMPACT ASSESSMENTS ON INNOVATION FORMS FOR DATA ACCESS, MODIFICATION, ERASURE REQUESTS PROCESS UPDATES ©Veridium IP, Ltd. All Rights Reserved
• What technologies are you using? • Who has access to data? • Do you understand when and where data leaves your organization? • How do you classify, monitor and control personal data to limit exposure? AGILE ARCHITECTURE SECURITY CONTROLS 24/7 SECURITY MONITORING AUDIT AND PENETRATION TESTING COMPLIANCE REPORTING DATA PROTECTION ©Veridium IP, Ltd. All Rights Reserved
• Do you have an incident response team in place? • Do you have a process for notifying authorities of breaches? • Do you have a process for notifying individuals, if necessary, of breaches? • Have you tested your incident response plans? • Do you keep records of all data breaches? INCIDENT MANAGEMENT INCIDENT RESPONSE TEAM DATA BREACH NOTIFICATION PEOPLE, PROCESS AND INFORMATION ALIGNMENT PERSONAL DATA BREACH NOTIFICATION ©Veridium IP, Ltd. All Rights Reserved
TECHNOLOGY’S ROLE
• Data visability assessment • Automation is essential • Data loss prevention for real-time classification • Protection of data in transit INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
• Data discovery, classification, and control • Access control and identity management • Privileged user management • Encryption and psedonymization • Auditing and forensics • Breach detection and notification INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
• Cost • Risk • Context INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
• Data discovery • Data classification and control • GDPR Article 25: Data protection by design and by default TECHNOLOGY TOOLS DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION ©Veridium IP, Ltd. All Rights Reserved
• Unauthorized access • Unauthorized processing • Control of access to specific systems and services that deal with personal data • Evidence of access attempts & activity • Monitoring abuse of privileged access to system • GDPR Article 30: Records of Categories of Personal Data Processing Activities TECHNOLOGY TOOLS DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION ©Veridium IP, Ltd. All Rights Reserved
• Encryption key management • Alternatives to public/private keys? • GDPR Article 32: Security of Processing DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION TECHNOLOGY TOOLS ©Veridium IP, Ltd. All Rights Reserved
1. You must have a leader 2. Must be a cross functional task force 3. Understand your current situation 4. Technology will help with compliance 5. There will be impacts on organizational behavior and corporate practices 6. There is no end date MAIN TAKEAWAYS ©Veridium IP, Ltd. All Rights Reserved
Email: Info@VeridiumID.com Phone: 1 877.301.0299 Web: www.VeridiumID.com Twitter: @VeridiumID LinkedIn: Veridium QUESTIONS? Email: support@gdpr365.com Web: www.gdpr365.com

Empfohlen

Blockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesBlockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial Services
Veridium
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Veridium
 
Banking the Unbanked
Banking the UnbankedBanking the Unbanked
Banking the Unbanked
Veridium
 
Secure Mobile Banking
Secure Mobile BankingSecure Mobile Banking
Secure Mobile Banking
Veridium
 
Biometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarBiometric Trends for 2017 Webinar
Biometric Trends for 2017 Webinar
Veridium
 
Beyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in BiometricsBeyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Veridium
 
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationGlobal Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong Authentication
FIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
FIDO Alliance
 

Empfohlen

Blockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesBlockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial Services
Veridium
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Veridium
 
Banking the Unbanked
Banking the UnbankedBanking the Unbanked
Banking the Unbanked
Veridium
 
Secure Mobile Banking
Secure Mobile BankingSecure Mobile Banking
Secure Mobile Banking
Veridium
 
Biometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarBiometric Trends for 2017 Webinar
Biometric Trends for 2017 Webinar
Veridium
 
Beyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in BiometricsBeyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Veridium
 
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationGlobal Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong Authentication
FIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
FIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
FIDO Alliance
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
Nok Nok Labs, Inc
 
Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative
FIDO Alliance
 
FIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong Kong
FIDO Alliance
 
Top Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsTop Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & Rewards
Veridium
 
Slideshare fintech-may26th-def
Slideshare fintech-may26th-defSlideshare fintech-may26th-def
Slideshare fintech-may26th-def
Qafis
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
FIDO Alliance
 
Biometrics for Payment Authentication
Biometrics for Payment AuthenticationBiometrics for Payment Authentication
Biometrics for Payment Authentication
FIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance
 
6. mr. sastry vns idrbt
6. mr. sastry vns idrbt6. mr. sastry vns idrbt
6. mr. sastry vns idrbt
EthioTelecom_Getahun Biratu
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business Considerations
FIDO Alliance
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social Applications
FIDO Alliance
 
Loqr
LoqrLoqr
Loqr
Caixa Geral Depósitos
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for Microservices
Ubisecure
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO Alliance
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
FIDO Alliance
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in Korea
FIDO Alliance
 
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
Adrian Dumitrescu
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 

Weitere ähnliche Inhalte

Was ist angesagt?

FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
FIDO Alliance
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
Nok Nok Labs, Inc
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
FIDO Alliance
 
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Alliance
 

Was ist angesagt? (20)

FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
 
Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative
 
FIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong Kong
 
Top Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsTop Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & Rewards
 
Slideshare fintech-may26th-def
Slideshare fintech-may26th-defSlideshare fintech-may26th-def
Slideshare fintech-may26th-def
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
Biometrics for Payment Authentication
Biometrics for Payment AuthenticationBiometrics for Payment Authentication
Biometrics for Payment Authentication
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
6. mr. sastry vns idrbt
6. mr. sastry vns idrbt6. mr. sastry vns idrbt
6. mr. sastry vns idrbt
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business Considerations
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social Applications
 
Loqr
LoqrLoqr
Loqr
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for Microservices
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in Korea
 
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and Recommendations
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 

Ähnlich wie Understanding GDPR: Myths & Reality of Compliance

GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
GDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To KnowGDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To Know
Bomgar
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
Spain-Holiday.com
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 

Ähnlich wie Understanding GDPR: Myths & Reality of Compliance (20)

GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
GDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To KnowGDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To Know
 
13687562.ppt
13687562.ppt13687562.ppt
13687562.ppt
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
Media_644046_smxx (1).pptx
Media_644046_smxx (1).pptxMedia_644046_smxx (1).pptx
Media_644046_smxx (1).pptx
 
Game changing legislation
Game changing legislationGame changing legislation
Game changing legislation
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
 
Big Data
Big DataBig Data
Big Data
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy Introduction
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
ABCON-AGM-2021-Final-2.pptx
ABCON-AGM-2021-Final-2.pptxABCON-AGM-2021-Final-2.pptx
ABCON-AGM-2021-Final-2.pptx
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 

Kürzlich hochgeladen

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 

Kürzlich hochgeladen (20)

Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 

Understanding GDPR: Myths & Reality of Compliance

  • 1. ©Veridium IP, Ltd. All Rights Reserved Understanding GDPR Myths & Reality of Compliance
  • 2. BEFORE WE BEGIN Attendees have been muted You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session ©Veridium IP, Ltd. All Rights Reserved
  • 3. Nick Eckert Co-Founder GDPR365 • Proven entrepreneur with 2 successful exits and over 20 years experience in Internet technology • Committed to simplifying GDPR compliance for small to mid-sized companies • Founder and CEO of GraphicMail and co- founder of All-Hotels.com ©Veridium IP, Ltd. All Rights Reserved BEFORE WE BEGIN
  • 4. James Stickland Chief Executive Officer Veridium • Seasoned veteran with over seven years in the fintech industry • Drives business strategy, revenue, and investment growth at Veridium. • Previously Directory of Innovation and Investments at HSBC, and Non-Executive Directory at the fintech startup Red Deer ©Veridium IP, Ltd. All Rights Reserved BEFORE WE BEGIN
  • 5. • What is the GDPR and what does it mean for businesses • How to achieve compliance • The role technology plays in compliance • How biometrics can help companies achieve compliance, and how to be compliant with biometric data AGENDA
  • 6. A single set of rules on data protection valid across the European Union Includes: • Personal data that forms part of a filing system • Processing of personal data wholy or partly by automated means The GDPR is more descriptive than prescriptive. • A regulation not a directive • Enforceable by sanctions • Its goal is to protect individuals • Regulates personal data processing • Defines individual’s rights • Extra-territorial in reach • Makes the organization accountable • Goes into effect 25 May 2018 WHAT IS THE GDPR? ©Veridium IP, Ltd. All Rights Reserved
  • 7. 1. Businesses established in the EU 2. Business outside the EU that offer goods and services to, or monitor, individuals in the EU 3. Fines 1. Effective, proportionate and dissuasive 2. Up to 4% of annual worldwide turnover 4. Authorities can audit, issue warnings, and issue bans on personal data processing 5. Individuals can sue for compensation to recover material and non- material damage 1. Possibility of class action lawsuits Businesses with no presence in the EU that have to comply have to appoint a representative in the EU. 7 WHAT DOES COMPLIANCE MEAN? ©Veridium IP, Ltd. All Rights Reserved
  • 8. High Risk • Large scale data processing • Regular and systematic monitoring • Transfering data to 3rd parties • Unauthorized or unlawful processing • Accidental loss, destruction, or damage • Sensitive or child data Impact on individuals: Physical or material damage; discrimination, identity theft or fraud; financial loss; damage to reputation; revealing of sensitive details such as political persuasion; or lack of access by individuals’ to their personal data. Risks UNDERSTANDING THE RISKS ©Veridium IP, Ltd. All Rights Reserved
  • 9. • Right to access their own personal data • Right to rectify inaccurate personal data • Right to challenge automated decision making • Right to object to direct marketing • Right “to be forgotten” • Right to data portability 9 DATA SUBJECTS’ RIGHTS ©Veridium IP, Ltd. All Rights Reserved
  • 10. PROCESSING IS ONLY LAWFUL IF: • Data subject has given consent • It’s necessary for the performance of a contract or to enter into a contract • It’s a legal obligation to which the controller is subject • It’s to protect vital interests of a person • It’s necessary for public interest or official authority • It’s for the legitimate interests of the controller JOINT LIABILITY BETWEEN CONTROLLERS AND PROCESSORS • Processors must act only on the instructions of controllers LAWFULNESS OF PROCESSING ©Veridium IP, Ltd. All Rights Reserved
  • 11. • Businesses must comply and be able to demonstrate compliance with the six general principals. 1. Lawfulness, fairness and transparency 2. Purpose limitation 3. Data minimization 4. Accuracy 5. Retention 6. Integrity and confidentiality • If you are carrying out “high risk” processing, you must conduct privacy impact assessments and work with your supervisory authority. 11 ACCOUNTABILITY ©Veridium IP, Ltd. All Rights Reserved
  • 12. • Implementation of data protection policies • Data protection by design and by default • Record keeping obligations • Cooperation with supervisory authorities • Data protection impact assessments • Prior consultation with data protection authorities in high-risk cases • Mandatory Data Protection Officers in some cases. NEW RESPONSIBILITIES ©Veridium IP, Ltd. All Rights Reserved
  • 13. • Acceptable and legal • Legal mechanisms must be in place • Access to a datacenter in the EU from a 3rd country counts as a data transfer TRANSFERS OUTSIDE EU ©Veridium IP, Ltd. All Rights Reserved
  • 16. • What personal data do you collect? • Do you have consent? • Do you keep records of processing? • Where physically do you hold the data? • Is the personal data sensitive? • How does it flow through the organization? • Why is it being processed and stored? PERSONAL DATA MAPPING READINESS ASSESSMENT DATA CLASSIFICATION DATA PROTECTION IMPACT ASSESSMENTS PERSONAL DATA ASSESSMENT ©Veridium IP, Ltd. All Rights Reserved
  • 17. • Have you appointed a DPO or a GDPR lead? • Are your privacy notices and SLAs compliant? • Are your processor contracts and data sharing agreements compliant and up to date? • Do you have an employee training program in place? • Do you have data retention periods defined CONTRACTUAL UPDATES ORGANISATIONAL CONTROLS TECHNICAL CONTROLS UPDATED PRIVACY NOTICES AND SLAs AUDITABILITY / TRACEABILITY OF ACCESS AND DATA FLOWS EMPLOYEE TRAINING GOVERNANCE ©Veridium IP, Ltd. All Rights Reserved
  • 18. • Are your consent forms freely given, specific and unambiguous? • Do you consider data protection at the outset of any new innovation? • Do you evaluate impact of technology on the rights of individuals and ensure protection? • Do you have a method for individuals to exercise their rights? UPDATED CONSENT FORMS SECURITY BY DESIGN DATA PROTECTION IMPACT ASSESSMENTS ON INNOVATION FORMS FOR DATA ACCESS, MODIFICATION, ERASURE REQUESTS PROCESS UPDATES ©Veridium IP, Ltd. All Rights Reserved
  • 19. • What technologies are you using? • Who has access to data? • Do you understand when and where data leaves your organization? • How do you classify, monitor and control personal data to limit exposure? AGILE ARCHITECTURE SECURITY CONTROLS 24/7 SECURITY MONITORING AUDIT AND PENETRATION TESTING COMPLIANCE REPORTING DATA PROTECTION ©Veridium IP, Ltd. All Rights Reserved
  • 20. • Do you have an incident response team in place? • Do you have a process for notifying authorities of breaches? • Do you have a process for notifying individuals, if necessary, of breaches? • Have you tested your incident response plans? • Do you keep records of all data breaches? INCIDENT MANAGEMENT INCIDENT RESPONSE TEAM DATA BREACH NOTIFICATION PEOPLE, PROCESS AND INFORMATION ALIGNMENT PERSONAL DATA BREACH NOTIFICATION ©Veridium IP, Ltd. All Rights Reserved
  • 22. • Data visability assessment • Automation is essential • Data loss prevention for real-time classification • Protection of data in transit INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
  • 23. • Data discovery, classification, and control • Access control and identity management • Privileged user management • Encryption and psedonymization • Auditing and forensics • Breach detection and notification INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
  • 24. • Cost • Risk • Context INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
  • 25. • Data discovery • Data classification and control • GDPR Article 25: Data protection by design and by default TECHNOLOGY TOOLS DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION ©Veridium IP, Ltd. All Rights Reserved
  • 26. • Unauthorized access • Unauthorized processing • Control of access to specific systems and services that deal with personal data • Evidence of access attempts & activity • Monitoring abuse of privileged access to system • GDPR Article 30: Records of Categories of Personal Data Processing Activities TECHNOLOGY TOOLS DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION ©Veridium IP, Ltd. All Rights Reserved
  • 27. • Encryption key management • Alternatives to public/private keys? • GDPR Article 32: Security of Processing DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION TECHNOLOGY TOOLS ©Veridium IP, Ltd. All Rights Reserved
  • 28. 1. You must have a leader 2. Must be a cross functional task force 3. Understand your current situation 4. Technology will help with compliance 5. There will be impacts on organizational behavior and corporate practices 6. There is no end date MAIN TAKEAWAYS ©Veridium IP, Ltd. All Rights Reserved
  • 29. Email: Info@VeridiumID.com Phone: 1 877.301.0299 Web: www.VeridiumID.com Twitter: @VeridiumID LinkedIn: Veridium QUESTIONS? Email: support@gdpr365.com Web: www.gdpr365.com