SlideShare ist ein Scribd-Unternehmen logo

eu-market-access-gdpr-fundamentals-by-risk-associates

Mohsin Termezy
Mohsin Termezy

GDPR gets enforced on May 25, 2018 and it offers opportunities and challenges to the ICT sector. The workshop was organized by USAID Small & Medium Enterprise Activity, Pakistan Software Export Board and Pakistan Software Houses Association. USAID SMEA if offerign technical and financial assistance to ICT sector companies in Pakistan to invest in the GDPR compliance and be able to expand to EU market,

Kleinunternehmen & Unternehmertum
1 von 41
Downloaden Sie, um offline zu lesen
GDPR- Access to European Market Challenge Information Security Consulting Guiding you through the compliance environment… Dr. Aftab A Rizvi Risk Associates © Risk Associates EU Market Access a& GDPR Fundamentals Workshop Organized By : USAID Small Medium Enterprise Activity Program & Pakistan Software Export Board
Risk Associates ◇ An international cyber security and compliance consulting group which specialises in risk based compliance assessments, governance, strategy, testing and training. ◇ We are at the leading edge of the global information security landscape with a proven track record of success. Information Security Consulting Guiding you through the compliance environment… © Risk Associates
Our Presence Information Security Consulting Guiding you through the compliance environment… © Risk Associates
Digital Forensic Investigation Examine the security breach to pin-point the persisted weakness Security Awareness Training Strengthen and elevating the human security skills Vulnerability Assessment & Penetration Testing Identify, Investigate and Remediate the infrastructure weakness to uplift security in true sense Threat Intelligence / Managed Security Detecting and Managing threats at the earliest moment is the key to act swiftly Notifiable Data Breach (NDB) & General Data Protection Regulation (GDPR) Establish security action plan to prepare and support your business ISO 27001 Consulting & Compliance ISO27001 consulting services to make your environment compliant Cyber Security Assessments Extensive range of cyber security readiness framework to uplift and secure your environment PCI/PA DSS Consulting & Compliance The payment paradigm services to review, analyze and remediate Services Overview © Risk Associates
Certifications and Accreditations Information Security Consulting Guiding you through the compliance environment… © Risk Associates.
GDPR Compliance General Data Protection Compliance is going to be in effect from 25th May 2018 4-B © Risk Associates
Privacy – is it important? ◇ Is our personal information private? ◇ Is there a real need to keep personal information secure? ◇ Current threat landscape – Digital Assets ◇ Role of Governments? Protect the vulnerable. © Risk Associates
Current threat landscape ◇ 3 Mexican banks targeted by hackers -6 May 2018 ◇ Twitter – we goofed, please change your password now - 4 May 2018 ◇ Australian bank lost data of 19.8 Million clients – 4 May 2018 ◇ Cambridge Analytica shuts down, had acquired 87 Million records from Facebook - 2 May 2018 ◇ Twitter sold data to Cambridge university Psychologist which was sold to Cambridge Analytica © Risk Associates
Certainties in life ◇ Taxes ◇ Death ◇ Compliance © Risk Associates
International Compliance Standards ◇ Information security standards ■ ISO 27001 ■ PCI DSS ■ NIST ◇ Health sector ■ HIPPA ■ Other European standards ◇ Privacy ■ NDB (Australia) ■ A number of European and American standards ■ GDPR © Risk Associates
GDPR - Background ◇ The Regulation lays down rules relating to the protection of natural persons with regards to the processing of personal data and rules relating to the free movement of personal data. ◇ Personal data means any information relating to an identified or identifiable natural person. ◇ An identifiable natural person is one who can be identified, directly or indirectly. © Risk Associates
GDPR – Timeline of Events © Risk Associates
General Data Protection Regulation (EU) 2016/679 ◇ Regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU ◇ It consists of 99 Articles and 173 Recitals, which provide explanatory text to aid interpretation of the Articles ◇ Even with these recitals, there are some topics which require further clarification to explain how GDPR should be interpreted by organizations © Risk Associates
GDPR - Structure © Risk Associates
GDPR – Applicability ◇ Imposes new rules on the organisations or entities which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; ◇ a company established outside the EU offering goods/services (paid or for free) or monitoring the behavior of individuals in the EU. © Risk Associates
GDPR – Global Scope ◇ Applies to any business that holds or processes the personal data of EU citizen regardless of location; ◇ All data formats will be regulated, including but not limited to Audio, Video, Photographs, IP addresses, Device IDs, Cookies, etc. © Risk Associates
Personal Information Basic Information •Name, address, gender, age •Beliefs, thoughts, political allegiance, etc. •Credentials (for authentication) •Preferences of interests Historical Information •Individual life experience •Notable events •Patterns allowing interference Financial Information •Accounts, financial status •Ownership structures •Transactions patterns •Credit History Social Information •Professional career, •Criminal record •Public life •Family and relationships •Social Network •Private communications Real-time data •Device-dependent tracking •Contact information •Location-based (e.g. geotagging •Behavioral, i.e. usage pattern Added Information •Unique or semi unique identity •Ethnicity •Sexual preferences •Behavioral patterns •Age, health, geography, etc. •Medical/health •Physical data © Risk Associates
GDPR –Personal Information Types ◇ Personal Data ■ any information relating to an identified or identifiable natural person. ◇ Sensitive Personal Data ■ data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's life. © Risk Associates
GDPR – Main Concepts
GDPR – Main Concepts cont… ◇ Enhanced personal privacy rights ■ Protects human rights to personal privacy by giving individuals more control ◇ Obtaining Consent ■ Consent from data subjects must be clear and easily accessible ◇ Privacy by Design and by Default ■ Organizational measures must be designed with full privacy safeguards at all levels ■ Organizations process the data with highest privacy protection © Risk Associates
GDPR – Main Concepts cont… ◇ Breach Disclosure ■ Notify subjects and DPO within 72 hours of breach ◇ Data Privacy Impact Assessment (DPIA) ■ Regular monitoring of organization’s exposure to risk ◇ Data Protection Officer (DPO) ■ Security professional appointed to ensure all data is protected and remediate situation ■ DPO should report to top management © Risk Associates
GDPR – Increased Sanctions ◇ Penalties ■ Can range from 2-4% of global turnover OR ■ 20 Million Euro (whichever is greater) ◇ Data Controller and Processor, both, can be hold liable for violating data processing regulation ◇ Data Subjects can also claim the compensation from the Data Controller and Processor © Risk Associates
GDPR – Protection of Personal Information ◇ Enhanced personal privacy rights ◇ Increased duty of protecting data ◇ Mandatory breach reporting ◇ Significant penalties for non-compliance © Risk Associates
Actual Risk for Businesses ◇ Huge Fines and Penalties ◇ Real Reputational Risk ■ Enforcement activities by data protection regulators will increase. ■ Data protection breaches will hence be brought to light soon Most small to medium business wont be able to survive after the breach © Risk Associates
GDPR – Rights for Individuals ◇ The right to be informed ◇ The right of access ◇ The right to rectification ◇ The right to erasure © Risk Associates
GDPR – Rights for Individuals (cont.…) ◇ The right to restrict processing ◇ The right to data portability ◇ The right to object ◇ Automated decision making and profiling rights © Risk Associates
GDPR – Information Provided to Individuals ◇ Who is data controller ◇ Controller contact details ◇ Purpose of processing data ◇ Legitimate interests of the controller/Third Party © Risk Associates
GDPR – Information Provided to Individuals (cont.…) ◇ Data recipient ◇ Data transfers outside of EU ◇ Data storage ◇ How to exercise rights © Risk Associates
GDPR – Information Provided to Individuals (cont.…) ◇ The right to withdraw consent ◇ Involving the Supervisory Authority ◇ Contractual purposes and the consequences of refusal ◇ Profiling with legal effect © Risk Associates
GDPR – What does this mean for Business ◇ Stricter control on where personal data is stored and how it is used ◇ Better data governance tools for better transparency, record keeping and reporting ◇ Improved data policies to provide control to data subjects and ensure lawful processing © Risk Associates
GDPR – What does this mean for Business (cont.…) ◇ Collect, store and use data appropriately and with good reason ◇ Utilise data lawfully and for specified purposes ◇ Hold sufficient but not excessive amounts of data for the specified purpose ◇ Ensure personal data is always accurate and kept up to date © Risk Associates
Case Studies for technical companies How organizations can implement the requirements in GDPR Article 32: “a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing” of personal data. Tightening Access and Automating Security Procedure Problem: A large UK-based outsourced customer management service provider controls and processes great quantities of personal information throughout Europe and elsewhere. Analysis of its data security revealed a lack of visibility into its complex network environment, including more than 80 firewalls.  It lacked confidence some new firewalls had been implemented with the organization’s own policies. Its manual change management processes were slow and costly, which resulted in an inability to track changes and verify the firewalls were properly implemented.  The company determined its risk profile was unacceptable and sought to become compliant with the Payment Card Industry (PCI) Data Security Standard and ISO 27001. Resolution: The company deployed an automated, integrated solution to reduce its systemic risk. The solution allowed staff to visualize and document all firewall rulesets to optimize its firewalls. This approach further allowed the company to tighten the access paths to its network and to change management. The new approach provided an automated process to scan for, assess and resolve network vulnerabilities. As a result, the company materially reduced its overall network risk profile and improved its continuous, documented, provable compliance with standards and decreased its chances of a data security breach. © Risk Associates
Case Studies for technical companies How organizations can implement the requirements in GDPR Article 32: “a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing” of personal data. Continuous Firewall an Device Monitoring Problem: A large-scale business services provider delivers business process outsourcing to more than 20 top-tier companies and government agencies in the UK.  It was using resource-consuming manual management processes to achieve PCI compliance, including network security, data security, vulnerability management, access control, security monitoring and information security best practices.  The company’s increasing network complexity was making the cost of compliance unsustainable, and the company was not able to prove its firewalls were PCI compliant. Resolution: The company automated its firewall audits and management to detect security and compliance problems. It tracks the identity of those problems and the responses to them so that the company’s staff can confirm they have been resolved. Furthermore, analytics can find and remedy hidden risk factors by assessing interactions between network devices and zones. The company achieved reliable and continuous confirmation of its PCI compliance and, therefore, reduced its chances of a data security breach. © Risk Associates
Selected Provision of the GDPR The following highlights major provisions in the GDPR for technical measures to protect data Articles 5 “Principals relating to processing of personal data” and Article 30 “Record of Processing activities” These articles place obligations on an organization to demonstrate that it is in compliance. Compliance might be demonstrated, for example, through the creation and maintenance of documentation that proves the organization is using technology for continuous monitoring of data and continuous evaluation of vulnerabilities Articles 25 “Data Protection by design and by default” Requires an organization to implement data protection principles, such as data minimization, to safeguard data and protect the rights of individuals, technically known as “data subjects.” The exact words of the regulation do not limit the rights that must be protected to only privacy rights. Therefore, the rights referred to in the words of the regulation might be privacy rights, civil rights, rights to freedom, rights to be forgotten or other rights. The requirement calls for the use of both technical and organizational measures. Articles 28 “Processor” An outsourcer (data processor) must have technical and organizational controls in place to ensure data is protected and documentation to prove compliance. © Risk Associates
Selected Provision of the GDPR (cont…) The following highlights major provisions in the GDPR for technical measures to protect data Article 32 “Security of Processing” Requires an organization to implement technical measures to ensure data security. It motivates an organization to find, implement and revise effective security measures in light of the dangerous and rapidly changing information security threat landscape. Articles 33 “Notification of a personal data breach to the supervisor authority” and Articles 34 “Communication of a personal data breach to the data subject” In the event of a data security breach, these articles call for the evaluation, documentation and notification of the breach. Notification under Article 33 is provided to a relevant supervisory authority. Notification under Article 34 is provided to individual data subjects. Automated IT testing, monitoring and analysis would enable the discovery of a breach. Automation also can evaluate breaches and provide information required to determine whether notification is necessary and, if so, the content of notification. © Risk Associates
01 02 03 04 05 06 My Business is an SME this new regulation does not apply to us. GDPR is all about security if I have robust security and encryption I will be compliant The GDPR does not come into force until May 2018. I have loads of time to get compliant. I am only a data processor The GDPR (and the big fines) only applies to data controllers. I heard the fines are significant but the Data Protection Commissioner won’t really fine at this level We are more likely to get a warning I have great European customers but my business is located outside of Europe so this GDPR does not apply to us! © Risk Associates
GDPR Applicability HR Employment contract - what personal data and sensitive personal data do you collect? Have you documented why you need to capture it? Do you obtain consent and explain how it will be processed? Are your policies, forms and awareness training updated with the new personal data categories? LEGAL How will you deal with a request for provision of personal data? Is your process documented? Is any of it automated? Can it scale for multiple concurrent requests for this data? Do you know the new response timescale? Do you have published data retention policies MARKETING When you capture consent (e.g. tick boxes) for use of personal data, do you specifically explain why you need to have it and how it will be processed? Did you know the consent needs to be explicit and the individual giving consent needs to be fully informed? FINANCE GDPR applies to online identifiers and ID numbers (employee ID) also. Have you reviewed your processes to ensure these are managed securely? Have you reviewed the potential GDPR penalties and have you taken account of these in any risk planning? IT Do you know which system hold personal data including the new special categories of personal data? Can you find that data in the event of a request from a data subject and can you delete it? Is it stored securely, whether that's in your office or in the cloud? Can you identify a security breach e.g. hack, assess it regarding impact to personal data? Have you a process for notifying that breach within 72 hours? PROCUREMENT Where a sub-contractor is processing data on your behalf, where you are the data controller, have you ensured that the processor has provided sufficient guarantees, in particular in terms of expert knowledge, reliability and resource, to implement technical and organizational measures which will meet the requirements the GDPR? © Risk Associates
How should an organization formulate GDPR? 01 Form an integrated Privacy and Security Committee to oversee all GDPR related work streams 02 Determine areas of maturity, gaps in current plans, and areas of non- compliance (Remediation activities and mandatory undertakings) 03 Understand the breach notification model that may pose a risk to individuals and uplift the existing technological infrastructure Changing the way we work is not only a recommendation, it is a crucial must and, “resistance is futile.” 04 Incorporate GDPR data breaches into each phase of following: • Crisis Communication • Regulatory Engagement • Security Incident Response • Insurance claims protocols © Risk Associates
For Queries Contact ◇ Mr. Hashim Mufti(Manager Business Development) ◇ Contact Number: + 92 300 2031046 ◇ Email: hashim.mufti@risk-associates.com ◇ Mr Imran Siddiqui(Manager Business Development) ◇ Contact Number: + 92 300 2031186 ◇ Email: imran.siddiqui@risk-associates.com © Risk Associates
USAID SMEA Financial Assistance ◇ The link for the USAID SMEA program is shared below for those who intend to get their firms GDPR compliant through USAID Financial Assistance program ◇ https://goo.gl/Nqs5XW ◇ For queries related to USAID SMEA Funding program contact ◇ Name: Mr Mohsin Termezy ◇ stermezy@PakistanSMEA.com ◇ Contact Number: 0317-5489-461
Thank You

Empfohlen

Financial Assistance for ICT Enterprises & Startups - USAID SMEA Program in P...
Financial Assistance for ICT Enterprises & Startups - USAID SMEA Program in P...Financial Assistance for ICT Enterprises & Startups - USAID SMEA Program in P...
Financial Assistance for ICT Enterprises & Startups - USAID SMEA Program in P...Mohsin Termezy
 
Secure web gateway market ppt
Secure web gateway market pptSecure web gateway market ppt
Secure web gateway market pptDheerajPawar4
 
Ecomm training seminar_Finclude
Ecomm training seminar_FincludeEcomm training seminar_Finclude
Ecomm training seminar_FincludeMohsin Termezy
 
Cyber Advisers Business Plan
Cyber Advisers Business PlanCyber Advisers Business Plan
Cyber Advisers Business PlanDillip A. Thakur
 
Internet of things (io t) in retail market is expected to grow $35.5 billion ...
Internet of things (io t) in retail market is expected to grow $35.5 billion ...Internet of things (io t) in retail market is expected to grow $35.5 billion ...
Internet of things (io t) in retail market is expected to grow $35.5 billion ...DheerajPawar4
 
Intrusion detection and prevention systems market worth $6.2 billion by 2025
Intrusion detection and prevention systems market worth $6.2 billion by 2025Intrusion detection and prevention systems market worth $6.2 billion by 2025
Intrusion detection and prevention systems market worth $6.2 billion by 2025DheerajPawar4
 
Secure web gateway market vendors by size, share & growth strategies 20...
Secure web gateway market vendors by size, share & growth strategies 20...Secure web gateway market vendors by size, share & growth strategies 20...
Secure web gateway market vendors by size, share & growth strategies 20...DheerajPawar4
 
The cybersecurity market in nigeria to 2023 market brief -
The cybersecurity market in nigeria to 2023 market brief - The cybersecurity market in nigeria to 2023 market brief -
The cybersecurity market in nigeria to 2023 market brief - Reports Corner
 

Empfohlen

Financial Assistance for ICT Enterprises & Startups - USAID SMEA Program in P...
Financial Assistance for ICT Enterprises & Startups - USAID SMEA Program in P...Financial Assistance for ICT Enterprises & Startups - USAID SMEA Program in P...
Financial Assistance for ICT Enterprises & Startups - USAID SMEA Program in P...Mohsin Termezy
 
Secure web gateway market ppt
Secure web gateway market pptSecure web gateway market ppt
Secure web gateway market pptDheerajPawar4
 
Ecomm training seminar_Finclude
Ecomm training seminar_FincludeEcomm training seminar_Finclude
Ecomm training seminar_FincludeMohsin Termezy
 
Cyber Advisers Business Plan
Cyber Advisers Business PlanCyber Advisers Business Plan
Cyber Advisers Business PlanDillip A. Thakur
 
Internet of things (io t) in retail market is expected to grow $35.5 billion ...
Internet of things (io t) in retail market is expected to grow $35.5 billion ...Internet of things (io t) in retail market is expected to grow $35.5 billion ...
Internet of things (io t) in retail market is expected to grow $35.5 billion ...DheerajPawar4
 
Intrusion detection and prevention systems market worth $6.2 billion by 2025
Intrusion detection and prevention systems market worth $6.2 billion by 2025Intrusion detection and prevention systems market worth $6.2 billion by 2025
Intrusion detection and prevention systems market worth $6.2 billion by 2025DheerajPawar4
 
Secure web gateway market vendors by size, share & growth strategies 20...
Secure web gateway market vendors by size, share & growth strategies 20...Secure web gateway market vendors by size, share & growth strategies 20...
Secure web gateway market vendors by size, share & growth strategies 20...DheerajPawar4
 
The cybersecurity market in nigeria to 2023 market brief -
The cybersecurity market in nigeria to 2023 market brief - The cybersecurity market in nigeria to 2023 market brief -
The cybersecurity market in nigeria to 2023 market brief - Reports Corner
 
Brexit what will happen on June 24th
Brexit what will happen on June 24th Brexit what will happen on June 24th
Brexit what will happen on June 24th Ian Chapman-Banks
 
'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEY
'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEY'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEY
'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEYFortuneCMO, LLC
 
NSPCC: Embracing Risk for Digital Buy-In
NSPCC: Embracing Risk for Digital Buy-InNSPCC: Embracing Risk for Digital Buy-In
NSPCC: Embracing Risk for Digital Buy-InOverherd
 
Identity and access_management_(iam)_market
Identity and access_management_(iam)_marketIdentity and access_management_(iam)_market
Identity and access_management_(iam)_marketpallavi_1234
 
Finpro report market study nigeria
Finpro report market study nigeriaFinpro report market study nigeria
Finpro report market study nigeriaBusiness Finland
 
Media Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEANMedia Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEANGiang Dang
 
Behavioral biometrics market is expected to grow $2,552.7 million by 2023
Behavioral biometrics market is expected to grow $2,552.7 million by 2023Behavioral biometrics market is expected to grow $2,552.7 million by 2023
Behavioral biometrics market is expected to grow $2,552.7 million by 2023DheerajPawar4
 
Mobile security market is expected to grow $7.2 billion by 2024
Mobile security market is expected to grow $7.2 billion by 2024Mobile security market is expected to grow $7.2 billion by 2024
Mobile security market is expected to grow $7.2 billion by 2024DheerajPawar4
 
London leads growth in RegTech investments. Research by FinTech Global, Jan 2017
London leads growth in RegTech investments. Research by FinTech Global, Jan 2017London leads growth in RegTech investments. Research by FinTech Global, Jan 2017
London leads growth in RegTech investments. Research by FinTech Global, Jan 2017FINTECH GLOBAL
 
Endpoint security market is expected to grow $18.4 billion by 2024
Endpoint security market is expected to grow $18.4 billion by 2024Endpoint security market is expected to grow $18.4 billion by 2024
Endpoint security market is expected to grow $18.4 billion by 2024DheerajPawar4
 
Gonzalo Villaran - Digitalisation in Peru
Gonzalo Villaran - Digitalisation in PeruGonzalo Villaran - Digitalisation in Peru
Gonzalo Villaran - Digitalisation in PeruOECD CFE
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkPECB
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018Match-Maker Ventures
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...IT Governance Ltd
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 

Weitere ähnliche Inhalte

Was ist angesagt?

Brexit what will happen on June 24th
Brexit what will happen on June 24th Brexit what will happen on June 24th
Brexit what will happen on June 24th Ian Chapman-Banks
 
'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEY
'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEY'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEY
'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEYFortuneCMO, LLC
 
NSPCC: Embracing Risk for Digital Buy-In
NSPCC: Embracing Risk for Digital Buy-InNSPCC: Embracing Risk for Digital Buy-In
NSPCC: Embracing Risk for Digital Buy-InOverherd
 
Identity and access_management_(iam)_market
Identity and access_management_(iam)_marketIdentity and access_management_(iam)_market
Identity and access_management_(iam)_marketpallavi_1234
 
Finpro report market study nigeria
Finpro report market study nigeriaFinpro report market study nigeria
Finpro report market study nigeriaBusiness Finland
 
Media Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEANMedia Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEANGiang Dang
 
Behavioral biometrics market is expected to grow $2,552.7 million by 2023
Behavioral biometrics market is expected to grow $2,552.7 million by 2023Behavioral biometrics market is expected to grow $2,552.7 million by 2023
Behavioral biometrics market is expected to grow $2,552.7 million by 2023DheerajPawar4
 
Mobile security market is expected to grow $7.2 billion by 2024
Mobile security market is expected to grow $7.2 billion by 2024Mobile security market is expected to grow $7.2 billion by 2024
Mobile security market is expected to grow $7.2 billion by 2024DheerajPawar4
 
London leads growth in RegTech investments. Research by FinTech Global, Jan 2017
London leads growth in RegTech investments. Research by FinTech Global, Jan 2017London leads growth in RegTech investments. Research by FinTech Global, Jan 2017
London leads growth in RegTech investments. Research by FinTech Global, Jan 2017FINTECH GLOBAL
 
Endpoint security market is expected to grow $18.4 billion by 2024
Endpoint security market is expected to grow $18.4 billion by 2024Endpoint security market is expected to grow $18.4 billion by 2024
Endpoint security market is expected to grow $18.4 billion by 2024DheerajPawar4
 
Gonzalo Villaran - Digitalisation in Peru
Gonzalo Villaran - Digitalisation in PeruGonzalo Villaran - Digitalisation in Peru
Gonzalo Villaran - Digitalisation in PeruOECD CFE
 

Was ist angesagt? (11)

Brexit what will happen on June 24th
Brexit what will happen on June 24th Brexit what will happen on June 24th
Brexit what will happen on June 24th
 
'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEY
'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEY'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEY
'HOW SECURE IS YOUR MARKETING TRANSFORMATION' RSA CMO Cybersecurity SURVEY
 
NSPCC: Embracing Risk for Digital Buy-In
NSPCC: Embracing Risk for Digital Buy-InNSPCC: Embracing Risk for Digital Buy-In
NSPCC: Embracing Risk for Digital Buy-In
 
Identity and access_management_(iam)_market
Identity and access_management_(iam)_marketIdentity and access_management_(iam)_market
Identity and access_management_(iam)_market
 
Finpro report market study nigeria
Finpro report market study nigeriaFinpro report market study nigeria
Finpro report market study nigeria
 
Media Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEANMedia Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEAN
 
Behavioral biometrics market is expected to grow $2,552.7 million by 2023
Behavioral biometrics market is expected to grow $2,552.7 million by 2023Behavioral biometrics market is expected to grow $2,552.7 million by 2023
Behavioral biometrics market is expected to grow $2,552.7 million by 2023
 
Mobile security market is expected to grow $7.2 billion by 2024
Mobile security market is expected to grow $7.2 billion by 2024Mobile security market is expected to grow $7.2 billion by 2024
Mobile security market is expected to grow $7.2 billion by 2024
 
London leads growth in RegTech investments. Research by FinTech Global, Jan 2017
London leads growth in RegTech investments. Research by FinTech Global, Jan 2017London leads growth in RegTech investments. Research by FinTech Global, Jan 2017
London leads growth in RegTech investments. Research by FinTech Global, Jan 2017
 
Endpoint security market is expected to grow $18.4 billion by 2024
Endpoint security market is expected to grow $18.4 billion by 2024Endpoint security market is expected to grow $18.4 billion by 2024
Endpoint security market is expected to grow $18.4 billion by 2024
 
Gonzalo Villaran - Digitalisation in Peru
Gonzalo Villaran - Digitalisation in PeruGonzalo Villaran - Digitalisation in Peru
Gonzalo Villaran - Digitalisation in Peru
 

Ähnlich wie eu-market-access-gdpr-fundamentals-by-risk-associates

BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkPECB
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018Match-Maker Ventures
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...IT Governance Ltd
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)RAKESH S
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT LegalCyber Watching
 
EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)Napier University
 
CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRShadi A. Razak
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...IAB Bulgaria
 
CyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPRCyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPRIryna Chekanava
 

Ähnlich wie eu-market-access-gdpr-fundamentals-by-risk-associates (20)

BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC Framework
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)
 
CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPR
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...
 
CyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPRCyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPR
 

Kürzlich hochgeladen

call Now 9811711561 Cash Payment乂 Call Girls in Dwarka
call Now 9811711561 Cash Payment乂 Call Girls in Dwarkacall Now 9811711561 Cash Payment乂 Call Girls in Dwarka
call Now 9811711561 Cash Payment乂 Call Girls in Dwarkavikas rana
 
Sangareddy Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Sangareddy Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceSangareddy Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Sangareddy Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
How to structure your pitch - B4i template
How to structure your pitch - B4i templateHow to structure your pitch - B4i template
How to structure your pitch - B4i templateFerruccio Martinelli
 
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893Health
 
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...Escorts service
 
Lucknow Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Lucknow Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceLucknow Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Lucknow Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
NEON LIGHT CITY pitch deck for the new PC game
NEON LIGHT CITY pitch deck for the new PC gameNEON LIGHT CITY pitch deck for the new PC game
NEON LIGHT CITY pitch deck for the new PC gametess51
 
Karol Bagh, Delhi Call girls :8448380779 Model Escorts | 100% verified
Karol Bagh, Delhi Call girls :8448380779 Model Escorts | 100% verifiedKarol Bagh, Delhi Call girls :8448380779 Model Escorts | 100% verified
Karol Bagh, Delhi Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verifiedConnaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
Famedesired Project portfolio1 . Fullsail
Famedesired Project portfolio1 . FullsailFamedesired Project portfolio1 . Fullsail
Famedesired Project portfolio1 . Fullsailfergusonamani
 
Tirupati Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Tirupati Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceTirupati Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Tirupati Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.inEV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.inStartupSprouts.in
 
Dàni Velvet Personal Brand Exploration (1).pptx
Dàni Velvet Personal Brand Exploration (1).pptxDàni Velvet Personal Brand Exploration (1).pptx
Dàni Velvet Personal Brand Exploration (1).pptxdmtillman
 
Hyderabad Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Hyderabad Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceHyderabad Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Hyderabad Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
Bangalore Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Bangalore Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceBangalore Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Bangalore Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
Sohna Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Sohna Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceSohna Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Sohna Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceDamini Dixit
 
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...ZurliaSoop
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
How Multicultural Toys Helps in Child Development.pptx
How Multicultural Toys Helps in Child Development.pptxHow Multicultural Toys Helps in Child Development.pptx
How Multicultural Toys Helps in Child Development.pptxDiversity In Toys
 
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdfEnabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdfSmartinfologiks
 

Kürzlich hochgeladen (20)

call Now 9811711561 Cash Payment乂 Call Girls in Dwarka
call Now 9811711561 Cash Payment乂 Call Girls in Dwarkacall Now 9811711561 Cash Payment乂 Call Girls in Dwarka
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka
 
Sangareddy Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Sangareddy Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceSangareddy Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Sangareddy Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
How to structure your pitch - B4i template
How to structure your pitch - B4i templateHow to structure your pitch - B4i template
How to structure your pitch - B4i template
 
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
 
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
 
Lucknow Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Lucknow Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceLucknow Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Lucknow Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
NEON LIGHT CITY pitch deck for the new PC game
NEON LIGHT CITY pitch deck for the new PC gameNEON LIGHT CITY pitch deck for the new PC game
NEON LIGHT CITY pitch deck for the new PC game
 
Karol Bagh, Delhi Call girls :8448380779 Model Escorts | 100% verified
Karol Bagh, Delhi Call girls :8448380779 Model Escorts | 100% verifiedKarol Bagh, Delhi Call girls :8448380779 Model Escorts | 100% verified
Karol Bagh, Delhi Call girls :8448380779 Model Escorts | 100% verified
 
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verifiedConnaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
 
Famedesired Project portfolio1 . Fullsail
Famedesired Project portfolio1 . FullsailFamedesired Project portfolio1 . Fullsail
Famedesired Project portfolio1 . Fullsail
 
Tirupati Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Tirupati Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceTirupati Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Tirupati Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.inEV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
 
Dàni Velvet Personal Brand Exploration (1).pptx
Dàni Velvet Personal Brand Exploration (1).pptxDàni Velvet Personal Brand Exploration (1).pptx
Dàni Velvet Personal Brand Exploration (1).pptx
 
Hyderabad Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Hyderabad Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceHyderabad Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Hyderabad Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Bangalore Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Bangalore Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceBangalore Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Bangalore Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Sohna Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Sohna Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceSohna Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Sohna Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
How Multicultural Toys Helps in Child Development.pptx
How Multicultural Toys Helps in Child Development.pptxHow Multicultural Toys Helps in Child Development.pptx
How Multicultural Toys Helps in Child Development.pptx
 
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdfEnabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
 

eu-market-access-gdpr-fundamentals-by-risk-associates

  • 1. GDPR- Access to European Market Challenge Information Security Consulting Guiding you through the compliance environment… Dr. Aftab A Rizvi Risk Associates © Risk Associates EU Market Access a& GDPR Fundamentals Workshop Organized By : USAID Small Medium Enterprise Activity Program & Pakistan Software Export Board
  • 2. Risk Associates ◇ An international cyber security and compliance consulting group which specialises in risk based compliance assessments, governance, strategy, testing and training. ◇ We are at the leading edge of the global information security landscape with a proven track record of success. Information Security Consulting Guiding you through the compliance environment… © Risk Associates
  • 3. Our Presence Information Security Consulting Guiding you through the compliance environment… © Risk Associates
  • 4. Digital Forensic Investigation Examine the security breach to pin-point the persisted weakness Security Awareness Training Strengthen and elevating the human security skills Vulnerability Assessment & Penetration Testing Identify, Investigate and Remediate the infrastructure weakness to uplift security in true sense Threat Intelligence / Managed Security Detecting and Managing threats at the earliest moment is the key to act swiftly Notifiable Data Breach (NDB) & General Data Protection Regulation (GDPR) Establish security action plan to prepare and support your business ISO 27001 Consulting & Compliance ISO27001 consulting services to make your environment compliant Cyber Security Assessments Extensive range of cyber security readiness framework to uplift and secure your environment PCI/PA DSS Consulting & Compliance The payment paradigm services to review, analyze and remediate Services Overview © Risk Associates
  • 5. Certifications and Accreditations Information Security Consulting Guiding you through the compliance environment… © Risk Associates.
  • 6. GDPR Compliance General Data Protection Compliance is going to be in effect from 25th May 2018 4-B © Risk Associates
  • 7. Privacy – is it important? ◇ Is our personal information private? ◇ Is there a real need to keep personal information secure? ◇ Current threat landscape – Digital Assets ◇ Role of Governments? Protect the vulnerable. © Risk Associates
  • 8. Current threat landscape ◇ 3 Mexican banks targeted by hackers -6 May 2018 ◇ Twitter – we goofed, please change your password now - 4 May 2018 ◇ Australian bank lost data of 19.8 Million clients – 4 May 2018 ◇ Cambridge Analytica shuts down, had acquired 87 Million records from Facebook - 2 May 2018 ◇ Twitter sold data to Cambridge university Psychologist which was sold to Cambridge Analytica © Risk Associates
  • 9. Certainties in life ◇ Taxes ◇ Death ◇ Compliance © Risk Associates
  • 10. International Compliance Standards ◇ Information security standards ■ ISO 27001 ■ PCI DSS ■ NIST ◇ Health sector ■ HIPPA ■ Other European standards ◇ Privacy ■ NDB (Australia) ■ A number of European and American standards ■ GDPR © Risk Associates
  • 11. GDPR - Background ◇ The Regulation lays down rules relating to the protection of natural persons with regards to the processing of personal data and rules relating to the free movement of personal data. ◇ Personal data means any information relating to an identified or identifiable natural person. ◇ An identifiable natural person is one who can be identified, directly or indirectly. © Risk Associates
  • 12. GDPR – Timeline of Events © Risk Associates
  • 13. General Data Protection Regulation (EU) 2016/679 ◇ Regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU ◇ It consists of 99 Articles and 173 Recitals, which provide explanatory text to aid interpretation of the Articles ◇ Even with these recitals, there are some topics which require further clarification to explain how GDPR should be interpreted by organizations © Risk Associates
  • 14. GDPR - Structure © Risk Associates
  • 15. GDPR – Applicability ◇ Imposes new rules on the organisations or entities which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; ◇ a company established outside the EU offering goods/services (paid or for free) or monitoring the behavior of individuals in the EU. © Risk Associates
  • 16. GDPR – Global Scope ◇ Applies to any business that holds or processes the personal data of EU citizen regardless of location; ◇ All data formats will be regulated, including but not limited to Audio, Video, Photographs, IP addresses, Device IDs, Cookies, etc. © Risk Associates
  • 17. Personal Information Basic Information •Name, address, gender, age •Beliefs, thoughts, political allegiance, etc. •Credentials (for authentication) •Preferences of interests Historical Information •Individual life experience •Notable events •Patterns allowing interference Financial Information •Accounts, financial status •Ownership structures •Transactions patterns •Credit History Social Information •Professional career, •Criminal record •Public life •Family and relationships •Social Network •Private communications Real-time data •Device-dependent tracking •Contact information •Location-based (e.g. geotagging •Behavioral, i.e. usage pattern Added Information •Unique or semi unique identity •Ethnicity •Sexual preferences •Behavioral patterns •Age, health, geography, etc. •Medical/health •Physical data © Risk Associates
  • 18. GDPR –Personal Information Types ◇ Personal Data ■ any information relating to an identified or identifiable natural person. ◇ Sensitive Personal Data ■ data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's life. © Risk Associates
  • 19. GDPR – Main Concepts
  • 20. GDPR – Main Concepts cont… ◇ Enhanced personal privacy rights ■ Protects human rights to personal privacy by giving individuals more control ◇ Obtaining Consent ■ Consent from data subjects must be clear and easily accessible ◇ Privacy by Design and by Default ■ Organizational measures must be designed with full privacy safeguards at all levels ■ Organizations process the data with highest privacy protection © Risk Associates
  • 21. GDPR – Main Concepts cont… ◇ Breach Disclosure ■ Notify subjects and DPO within 72 hours of breach ◇ Data Privacy Impact Assessment (DPIA) ■ Regular monitoring of organization’s exposure to risk ◇ Data Protection Officer (DPO) ■ Security professional appointed to ensure all data is protected and remediate situation ■ DPO should report to top management © Risk Associates
  • 22. GDPR – Increased Sanctions ◇ Penalties ■ Can range from 2-4% of global turnover OR ■ 20 Million Euro (whichever is greater) ◇ Data Controller and Processor, both, can be hold liable for violating data processing regulation ◇ Data Subjects can also claim the compensation from the Data Controller and Processor © Risk Associates
  • 23. GDPR – Protection of Personal Information ◇ Enhanced personal privacy rights ◇ Increased duty of protecting data ◇ Mandatory breach reporting ◇ Significant penalties for non-compliance © Risk Associates
  • 24. Actual Risk for Businesses ◇ Huge Fines and Penalties ◇ Real Reputational Risk ■ Enforcement activities by data protection regulators will increase. ■ Data protection breaches will hence be brought to light soon Most small to medium business wont be able to survive after the breach © Risk Associates
  • 25. GDPR – Rights for Individuals ◇ The right to be informed ◇ The right of access ◇ The right to rectification ◇ The right to erasure © Risk Associates
  • 26. GDPR – Rights for Individuals (cont.…) ◇ The right to restrict processing ◇ The right to data portability ◇ The right to object ◇ Automated decision making and profiling rights © Risk Associates
  • 27. GDPR – Information Provided to Individuals ◇ Who is data controller ◇ Controller contact details ◇ Purpose of processing data ◇ Legitimate interests of the controller/Third Party © Risk Associates
  • 28. GDPR – Information Provided to Individuals (cont.…) ◇ Data recipient ◇ Data transfers outside of EU ◇ Data storage ◇ How to exercise rights © Risk Associates
  • 29. GDPR – Information Provided to Individuals (cont.…) ◇ The right to withdraw consent ◇ Involving the Supervisory Authority ◇ Contractual purposes and the consequences of refusal ◇ Profiling with legal effect © Risk Associates
  • 30. GDPR – What does this mean for Business ◇ Stricter control on where personal data is stored and how it is used ◇ Better data governance tools for better transparency, record keeping and reporting ◇ Improved data policies to provide control to data subjects and ensure lawful processing © Risk Associates
  • 31. GDPR – What does this mean for Business (cont.…) ◇ Collect, store and use data appropriately and with good reason ◇ Utilise data lawfully and for specified purposes ◇ Hold sufficient but not excessive amounts of data for the specified purpose ◇ Ensure personal data is always accurate and kept up to date © Risk Associates
  • 32. Case Studies for technical companies How organizations can implement the requirements in GDPR Article 32: “a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing” of personal data. Tightening Access and Automating Security Procedure Problem: A large UK-based outsourced customer management service provider controls and processes great quantities of personal information throughout Europe and elsewhere. Analysis of its data security revealed a lack of visibility into its complex network environment, including more than 80 firewalls.  It lacked confidence some new firewalls had been implemented with the organization’s own policies. Its manual change management processes were slow and costly, which resulted in an inability to track changes and verify the firewalls were properly implemented.  The company determined its risk profile was unacceptable and sought to become compliant with the Payment Card Industry (PCI) Data Security Standard and ISO 27001. Resolution: The company deployed an automated, integrated solution to reduce its systemic risk. The solution allowed staff to visualize and document all firewall rulesets to optimize its firewalls. This approach further allowed the company to tighten the access paths to its network and to change management. The new approach provided an automated process to scan for, assess and resolve network vulnerabilities. As a result, the company materially reduced its overall network risk profile and improved its continuous, documented, provable compliance with standards and decreased its chances of a data security breach. © Risk Associates
  • 33. Case Studies for technical companies How organizations can implement the requirements in GDPR Article 32: “a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing” of personal data. Continuous Firewall an Device Monitoring Problem: A large-scale business services provider delivers business process outsourcing to more than 20 top-tier companies and government agencies in the UK.  It was using resource-consuming manual management processes to achieve PCI compliance, including network security, data security, vulnerability management, access control, security monitoring and information security best practices.  The company’s increasing network complexity was making the cost of compliance unsustainable, and the company was not able to prove its firewalls were PCI compliant. Resolution: The company automated its firewall audits and management to detect security and compliance problems. It tracks the identity of those problems and the responses to them so that the company’s staff can confirm they have been resolved. Furthermore, analytics can find and remedy hidden risk factors by assessing interactions between network devices and zones. The company achieved reliable and continuous confirmation of its PCI compliance and, therefore, reduced its chances of a data security breach. © Risk Associates
  • 34. Selected Provision of the GDPR The following highlights major provisions in the GDPR for technical measures to protect data Articles 5 “Principals relating to processing of personal data” and Article 30 “Record of Processing activities” These articles place obligations on an organization to demonstrate that it is in compliance. Compliance might be demonstrated, for example, through the creation and maintenance of documentation that proves the organization is using technology for continuous monitoring of data and continuous evaluation of vulnerabilities Articles 25 “Data Protection by design and by default” Requires an organization to implement data protection principles, such as data minimization, to safeguard data and protect the rights of individuals, technically known as “data subjects.” The exact words of the regulation do not limit the rights that must be protected to only privacy rights. Therefore, the rights referred to in the words of the regulation might be privacy rights, civil rights, rights to freedom, rights to be forgotten or other rights. The requirement calls for the use of both technical and organizational measures. Articles 28 “Processor” An outsourcer (data processor) must have technical and organizational controls in place to ensure data is protected and documentation to prove compliance. © Risk Associates
  • 35. Selected Provision of the GDPR (cont…) The following highlights major provisions in the GDPR for technical measures to protect data Article 32 “Security of Processing” Requires an organization to implement technical measures to ensure data security. It motivates an organization to find, implement and revise effective security measures in light of the dangerous and rapidly changing information security threat landscape. Articles 33 “Notification of a personal data breach to the supervisor authority” and Articles 34 “Communication of a personal data breach to the data subject” In the event of a data security breach, these articles call for the evaluation, documentation and notification of the breach. Notification under Article 33 is provided to a relevant supervisory authority. Notification under Article 34 is provided to individual data subjects. Automated IT testing, monitoring and analysis would enable the discovery of a breach. Automation also can evaluate breaches and provide information required to determine whether notification is necessary and, if so, the content of notification. © Risk Associates
  • 36. 01 02 03 04 05 06 My Business is an SME this new regulation does not apply to us. GDPR is all about security if I have robust security and encryption I will be compliant The GDPR does not come into force until May 2018. I have loads of time to get compliant. I am only a data processor The GDPR (and the big fines) only applies to data controllers. I heard the fines are significant but the Data Protection Commissioner won’t really fine at this level We are more likely to get a warning I have great European customers but my business is located outside of Europe so this GDPR does not apply to us! © Risk Associates
  • 37. GDPR Applicability HR Employment contract - what personal data and sensitive personal data do you collect? Have you documented why you need to capture it? Do you obtain consent and explain how it will be processed? Are your policies, forms and awareness training updated with the new personal data categories? LEGAL How will you deal with a request for provision of personal data? Is your process documented? Is any of it automated? Can it scale for multiple concurrent requests for this data? Do you know the new response timescale? Do you have published data retention policies MARKETING When you capture consent (e.g. tick boxes) for use of personal data, do you specifically explain why you need to have it and how it will be processed? Did you know the consent needs to be explicit and the individual giving consent needs to be fully informed? FINANCE GDPR applies to online identifiers and ID numbers (employee ID) also. Have you reviewed your processes to ensure these are managed securely? Have you reviewed the potential GDPR penalties and have you taken account of these in any risk planning? IT Do you know which system hold personal data including the new special categories of personal data? Can you find that data in the event of a request from a data subject and can you delete it? Is it stored securely, whether that's in your office or in the cloud? Can you identify a security breach e.g. hack, assess it regarding impact to personal data? Have you a process for notifying that breach within 72 hours? PROCUREMENT Where a sub-contractor is processing data on your behalf, where you are the data controller, have you ensured that the processor has provided sufficient guarantees, in particular in terms of expert knowledge, reliability and resource, to implement technical and organizational measures which will meet the requirements the GDPR? © Risk Associates
  • 38. How should an organization formulate GDPR? 01 Form an integrated Privacy and Security Committee to oversee all GDPR related work streams 02 Determine areas of maturity, gaps in current plans, and areas of non- compliance (Remediation activities and mandatory undertakings) 03 Understand the breach notification model that may pose a risk to individuals and uplift the existing technological infrastructure Changing the way we work is not only a recommendation, it is a crucial must and, “resistance is futile.” 04 Incorporate GDPR data breaches into each phase of following: • Crisis Communication • Regulatory Engagement • Security Incident Response • Insurance claims protocols © Risk Associates
  • 39. For Queries Contact ◇ Mr. Hashim Mufti(Manager Business Development) ◇ Contact Number: + 92 300 2031046 ◇ Email: hashim.mufti@risk-associates.com ◇ Mr Imran Siddiqui(Manager Business Development) ◇ Contact Number: + 92 300 2031186 ◇ Email: imran.siddiqui@risk-associates.com © Risk Associates
  • 40. USAID SMEA Financial Assistance ◇ The link for the USAID SMEA program is shared below for those who intend to get their firms GDPR compliant through USAID Financial Assistance program ◇ https://goo.gl/Nqs5XW ◇ For queries related to USAID SMEA Funding program contact ◇ Name: Mr Mohsin Termezy ◇ stermezy@PakistanSMEA.com ◇ Contact Number: 0317-5489-461