Protecting Data, Sharing Information Graham Wakerley: Director Angels and Demons Protecting Data, Sharing Information Graham Wakerley: Director www.MissingtheLinq.com

Big Data We live in the ’world of big data’ Since 1980 storage capacity has doubled every 4 years Approximately 2.5 exabytes (2.5 x 10 18) of data created every day www.MissingtheLinq.com

Internet of Things We inhabit the ‘Internet of Things’ ‘IoT’ is the network of physical objects, devices, vehicles, buildings The spy in the home, driverless cars – ubiquitous computing www.MissingtheLinq.com

Always On We are ‘always on, always connected and always available’ Fast open connectivity, with cloud based infrastructures Many diverse, open devices, BYOD brings personal smart devices into workplace www.MissingtheLinq.com

Digital Revolution We are firmly in the ‘Information Age’ From the Industrial Revolution to the Digital Revolution Characterised by shift from traditional industrial based economy to an information based economy www.MissingtheLinq.com

Great Opportunity Presents Great Risk We have ever greater opportunities to Collect large quantities of data easily Combine resources seamlessly Share information quickly To make more than the sum of our parts www.MissingtheLinq.com

Great Opportunity Presents Great Risk However with this comes increased risk to Our own personal data Misuse and abuse Threats to our privacy Leading us to feeling ‘a loss of personal control and lack of corporate accountability’ www.MissingtheLinq.com

Data Protection What is Data Protection? ‘ There are strict rules called the data protection principles, to make sure information is used fairly and lawfully, used for limited stated purpose, used in a way which is adequate, relevant and not excessive, accurate and kept safe and not transferred outside the EU’ What does that mean? ‘It is the controls put in place on how personal information is used by an organisation, business or government’ www.MissingtheLinq.com

Information Security What is Information Security? ‘It is a management system used by an organisation to identify risks to their important information and puts in place appropriate controls to help reduce, eliminate or mitigate those risks’ What does that mean? How we collect, manage, process and protect data within our business www.MissingtheLinq.com

Data Protection vs Information Security What’s the difference between Data Protection and Information Security? Information Security is about systems, processes and controls in place to handle data Data Protection is about what the data is used for www.MissingtheLinq.com

Making the Most of Your Data ‘As a data controller or data processor you are bound by the regulations set out in the data protection act’ Data can be used as stated in the agreement you have with your customers Data can be anonymised using specialist tools to help provide improved MI or Business Analytics to spot trends, or identify opportunities Data can be enriched with other sources of data to enhance services such as improved communications or better or more personalised offerings Anonymising and blending data turns it into information, which has a purpose, has a business value and has a use www.MissingtheLinq.com

Risk and Opportunities Whenever processing, handling or storing data / information you must always weigh up the risks vs the opportunities ‘Data / Information is an asset and should be treated as such' Assess the risks of what you have against what you want to do with it Ask the following questions Has the data been collected lawfully - check your suppliers Are you processing it within the terms of your agreement - check your contract Is the data accurate – check your sources Is what you’re planning to do with it lawful – check your subject expert Finally if you are unsure ask Seek guidance from your relevant subject expert or governing body or ICO www.MissingtheLinq.com

Legislation – GDPR is Coming Soon What is the European General Data Protection Regulation (GDPR)? ‘It is a pan-European standard set of rules for personal data protection.’ What are the changes from current legislation? Single set of rules, across EU Increased responsibility and accountability for organisations processing personal data Will only have to deal with ‘local’ data protection authority (ICO) People will have easier access to their own data and able to transfer to other organisations A ’right to be forgotten’ Rules apply to any company who handles personal data in the EU What are the penalties Up to €2Million or 4% of Global Turnover When does it come into effect? May 2018 www.MissingtheLinq.com

Standards & Accreditations What does ISO stand for? International Standards Organisation World wide recognised body for standardisation Why is ISO important? International standard recognised by other countries Defined and measured standards on which organisations can be measured and compared Do you need ISO accreditation? Simply put NO you don’t However some sectors require certain standards, e.g. Governments, Financial Services, Insurance What ISO Standards are looked for? Key standards are; ISO 9001 – Quality Management ISO 27001 – Information Security ISO 22301 – Business Continuity www.MissingtheLinq.com

Thank You Download our free e-book Angels & Demons: Protecting Data, Sharing Information www.missingthelinq.com/angelsanddemons Follow us on Twitter @missingthelinq LinkedIn www.linkedin.com/company/missing-the-linq www.MissingtheLinq.com