11. - Internal -
International
1. Proactive not Reactive: Preventative, not Remedial;
2. Privacy as the Default setting;
3. Privacy Embedded into Design;
4. Full Functionality: Positive-Sum, not Zero-Sum;
5. End-to-End Security: Full Lifecycle Protection;
6. Visibility and Transparency: Keep it Open;
7. Respect for User Privacy: Keep it User-Centric
12. - Internal -
GDPR angle (art. 25 GDPR)
• Principles (art. 5 GDPR)
o fair
o lawful (also art. 6, 9, 10, 44-29 GDPR + other laws)
o transparency (also art. 13-14 GDPR)
o purpose limitation
o data minimisation
o accuracy / data quality
o storage limitation / retention policy
o confidentiality + integrity / avoid data breaches (also art. 32-34 GDPR)
• Rights of the data subjects (art. 12 -23 GDPR)
• Privacy by default (art. 25 GDPR)
13. - Internal -
Special attention for
Special categories of data (art. 9 + 10 GDPR)
Special category of data subjects: children (art. 8 GDPR)
Third parties (art. 26 + 28 GDPR)
Third countries (art. 44 e.s. GDPR)
18. - Internal -
Look at the entire data lifecycle
Less people can
reach it gatekeepers
Data retention forces at work
Can we legitimately collect / create
the data (for that purpose)? (legal
constraints, contractual constraints,…)
Is the storage secure? Which
functions / roles need access?
Everybody else should be
kept out.
Is the integrity guarded?
Is the availability up to standard?
Can we legitimately use the data for
that purpose?
Is everybody with access bound by
confidentiality?
Can we legitimately share the data
(for that purpose)?
Do we want to share that data?
40. - Internal -
Environment
Physical
Human
Device
Application
Repository
Carrier
Create defense in depth
Risk Assessment
Risk Decision
Controls
Incident
Management
Changes
• In the regulatory environment
• In processes
• In people (JLT)
• In technology
Network
Data
3rd Parties
• 1st line
• 2nd line
• 3rd line
• Impact
• Probability
• Avoid
• Mitigate
• Share
• Accept
Changes
75. That would be GREAT
Soooo… if you could do all that…
Hinweis der Redaktion
Determined purpose
Explicited purpose
Legitimate purpose
Only collect data that is adequate, relevant and not excessive (necessary) for the determined purpose.
Different purpose determines different data set.
Consequence: meet the requirements per data set.
the data subject has unambiguously given his consent; or
processing is necessary in order to take steps at the request of the data subject prior to entering into a contract; or processing is necessary for the performance of a contract to which the data subject is party; or
E.g. when a data subject requests a credit, it is legitimate to request, receive and process some personal data on that data subject, to determine whether or not it is opportune to grant a credit or not.
processing is necessary for compliance with a legal obligation to which the controller is subject; or
Note: generally only national legislation is considered as a source of legitimacy under this provision.
E.g. the collection of personal data as imposed by AML regulation (Know-Your-Customer), collection of personal data as imposed by MiFID regulation (Know-Your-Customer: appropriateness / suitability), transferring data to (tax or supervisory) authorities which act under legal investigation powers, …
processing is necessary in order to protect the vital interests of the data subject; or
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed; or
processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject, and in particular their right to privacy with respect to the processing of personal data.
E.g. processing medical data of a patient in coma to ensure that the necessary treatment is provided.