EU General Data Protection regulation (GDPR)

Slides:

Advertisements

Similar presentations

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Advertisements

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper

Key Points for a Privacy Programme for Multinationals Steve Coope.

How Prepared are Nordic CIOs for GDPR Compliance?

Protecting Data, Sharing Information Graham Wakerley: Director

Policies for the processing of personal data

Privacy and Data Security in an Increasingly Globalized World

Data Protection Officer’s Overview of the GDPR

Key changes with the GDPR

General Data Protection Regulations: The Key Changes

The future of data protection: General Data Protection Regulation

Ian De Freitas, Partner, Farrer & Co 6 September 2017

GDPR (General Data Protection Regulation)

Understanding EU GDPR from an Office 365 perspective

General Data Protection Regulations and the IoT

Microsoft 365 Get help with regulatory compliance

Presentation to GTMC on GDPR

General Data Protection Regulation (GDPR)

General Data Protection Regulations: what you really need to know

General Data Protection Regulation (GDPR

General Data Protection Regulation

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

KEY CHANGES TO THE DATA PROTECTION LANDSCAPE

Museums + Heritage webinar, 30 November 2017

F5 PRO ASSETS We’ve created these Pro Assets to help you communicate the ideas in this article to your team. Feel free to remove these intro pages, and.

GDPR Overview Gydeline – October 2017

Information Governance and Data Privacy: A World of Risk

Microsoft Corporation

GDPR Overview Gydeline – October 2017

The European Union General Data Protection Regulation (GDPR)

INTRODUCTION TO GDPR 19/09/2018.

Data protection reform:

Introducing GDPR: How the General Data Protection Regulation transforms the world Laura Mudd November 2016.

Bob Siegel President Privacy Ref, Inc.

GENERAL DATA PROTECTION REGULATION (GDPR)

Vikas Dewangan (Senior Technology Architect)

Introduction to GDPR 09/11/2018.

The Rise of Privacy: Complying with GDPR in the United States

GDPR and paper records Why it’s not all cyber and fines Gary Shipsey

ESET UK IT Security Specialist

State of the privacy union

O365 Data Compliance Control of sensitive data is key to cloud adoption Addressing Legal and Regulatory Data Compliance requirements is now a critical.

The GDPR and research data

From DPA to GDPR: the key elements

General Data Protection Regulations

General Data Protection Regulation

Relocation CARNIVAL come one…come all

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

GDPR enforcement begins

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

By The Data Protection Commissioner

The General Data Protection Regulation: Are You Ready?

General Data Protection regulation (GDPR)

General Data Protection Regulation (GDPR)

GDPR: Understanding your obligations and the ongoing challenges

The European Union’s General Data Protection Regulation (GDPR): Overview and Guidance SUNY Office of General Counsel Spring 2019.

General Data Protection Regulation “11 months in”

Data Privacy by Design Expanding Security for bepress Users

THE IMPACT OF DATA PROTECTION RULES ON CORPORATE INFO SECURITY AND INCIDENT RESPONSE MANAGEMENT – The Energy sector CEER Cybersecurity Workshop Massimo.

General Data Protection Regulation

The EU General Data Protection Regulation

THE INTERNET : Current legal TRENDS AND issues

Getting Ready For GDPR Simon Marks Director

EU Data Privacy: What US Orgs Need to Do Now to Prepare for the GDPR

Presentation transcript:

EU General Data Protection regulation (GDPR)

Background EU Privacy Laws have been advanced (compared to the US) but chaotic 28 states interpreting a high-level EU directive Applied to EU wide interactions, with local exceptions Blunt instrument with little force Then Google, Facebook and the cloud Then Snowden Dec 2015 – Final adoption of EU General Data Protection Regulation (GDPR) Effective in Jan 2018 Regulation, not directive (i.e. MUST, not SHOULD)

Key points Applies to all EU states Applies to all entities worldwide that have EU customers or clients (!) Potentially massive fines (4% of global revenue) Revocable consent “Clearly” informed consent Right to be forgotten Right to data portability between IdP’s Sets age of consent from 13 to 16 (allows local exceptions)

Some implications IaaS Implementing the right to be forgotten Data processors share responsibilities with data controllers (e.g. VM providers may need to know what’s in the VM) 72 hour breach notification to authorities Implementing the right to be forgotten Managing backups and use of metadata Implementing “clearly” informed, revocable, fine-grain consent Stricter sense of PII, including race and national origin

More implications Risk based requirements on companies to perform data protection assessments on full data life-cycle Almost one-stop shopping for multi-jurisdictional resolutions BAE++ (back-end contracts need to be approved by data controller) Data Protection Officers (~CPO) required with SME (small to medium enterprise) exceptions Safe Harbor 2.0 being discussed by EU-US now

GDPR and Scalable Consent requires consent “to be freely given, specific, informed and unambiguous" and expressed affirmatively "either by a statement or by a clear affirmative action. Freely given not available for employees; unclear for students Information must be in clear and plain language Requires user to be able to decline/revoke consent Must be purpose-driven; change of purpose requires reconsent Scalable Consent TIER related effort, catalyzed by NIST funding, to implement an architecture and code (internals and UI) to support multiprotocol consent Targets are both Shib IdP and stand-alone components May address much of the GDPR requirements when coupled with federation-level services (metadata, etc.)

GDPR Takeaways A “HIPPA/FERPA/FISMA” class object now on the radar Sets a high bar globally for data protection Very early in the deploy cycle; uncertainties abound Significant impacts on campus IT infrastructure (consent support, reengineered storage and backups, etc) policy (data protection officers, risk assessments, etc) Good resource: https://secure.wisegateit.com/member/resource/show?id=18345 (and its federated!)