Data protection headaches: GDPR, brexit AND perimeter risk

Slides:



Advertisements
Similar presentations
The Data Protection (Jersey) Law 2005.
Advertisements

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
The Data Protection Act 1998 The Eight Principles.
Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
The Data Protection Act - Confidentiality and Associated Problems.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.
Data protection—training materials [Name and details of speaker]
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Cyber Security and how to safeguard data in the ‘Cloud’ Claire Jacques 21 April 2016.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.
General Data Protection Regulation (EU 2016/679)
Data Protection Officer’s Overview of the GDPR
Accountability & Structured Privacy Management
Making the Connection ISO Master Class An Overview.
CISI – Financial Products, Markets & Services
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Level 2 Diploma in Customer Service
Privacy Impact Assessments (PIAs)
Presentation to GTMC on GDPR
GDPR – What’s it all about???
Current ‘Hot Topics’ in Information Security Governance Auditing
General Data Protection Regulations: what you really need to know
General Data Protection Regulation
Data Protection Act.
The EU General Data Protection Regulation (GDPR)
Data Protection Update – GDPR or bust
GDPR Overview GDPR - General Data Protection Regulations
Chapter 3: IRS and FTC Data Security Rules
GDPR Road map to Compliance.
Bob Siegel President Privacy Ref, Inc.
GDPR - Individual’s Rights
GENERAL DATA PROTECTION REGULATION (GDPR)
General Data Protection Regulations
Cyberforum 2018 March 8, 2018 Los Angeles GDPR & SECURITY
6 Principles of the GDPR and SQL Provision
Introduction to GDPR 09/11/2018.
GDPR and paper records Why it’s not all cyber and fines Gary Shipsey
The Audit Function.
G.D.P.R General Data Protection Regulations
Data Protection and Running a Compliant Pub Watch SCHeme
General Data Protection Regulation
Cybersecurity compliance for attorneys
Dealing with your GDPR Challenges
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Understand Risks to IT Security
Information management and communication
General Data Protection Regulations 2018
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
Governing the risk of GDPR compliance
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Neopay Practical Guides #2 PSD2 (Should I be worried?)
DSC Contract Management Committee Meeting
GDPR: Understanding your obligations and the ongoing challenges
Is your medico-legal practice GDPR compliant?
GDPR Workshop – Partnerships for Jewish Schools
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

Data protection headaches: GDPR, brexit AND perimeter risk Date 20TH September 2016 Name NICK GIBBONS Position, PARTNER BLM T: 0207 457 3567 E: Nick.Gibbons@blmlaw.com

BUSINESSES IN THE UK ARE FACED WITH A GROWING HEADACHE IN RELATION TO DATA PROTECTION: Cyber crime is now a daily reality Although significant numbers of businesses have taken steps to address internal security, perimeter risk is a different problem GDPR will make significant changes to data protection law but to what extent will it be affected by Brexit?

Cyber crime is now a daily reality Cyber security now at the top of the agenda in many business Cyber attacks are now a virtual constant for large companies. Symantec estimates more than half a billion personal records were lost or stolen in 2015. Off-the-shelf criminal software is now widely available on the dark web. A study by cyber security firm FireEye found more than half (54%) of consumers in US felt more negatively towards companies that had suffered data breaches.

PERIMETER RISK DPA Principle 7 Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

A BUSINESS’ LEGAL RESPONSIBILITIES FOR DATA BELONGING TO THIRD PARTIES Nearly all businesses will have not only their own data on their computer network but that of: Customers; Business partners; Suppliers; Employees. They have legal obligations to all of them to protect that data.

BUSINESSES’ LEGAL RESPONSIBILITIES FOR ENSURING SAFETY OF DATA SHARED WITH THIRD PARTIES

Cloud service providers/webhosting DPA Schedule 1 Part II : “the data processor will comply with security obligations equivalent to those imposed on the data controller itself.” ICO Guidance: “When processing is undertaken by a data processor, the data controller must choose a processor providing sufficient guarantees about the technical and organisational security measures governing the processing to be carried out, and must take reasonable steps to ensure compliance with those measures.”

Sharing data with other organisations: security issues ICO GUIDANCE: “make sure that it will continue to be protected with adequate security by any other organisations that will have access to it….. …take reasonable steps to ensure that those security measures are in place, particularly by ensuring that an agreed set of security standards has been signed up to by all the parties involved in a data sharing agreement….. …the organisations the data is disclosed to will take on their own legal responsibilities in respect of the data, including its security.

Cyber risk management Has the business: Implemented organisational and physical cyber security measures in addition to technical cyber security? Identified key cyber exposures and the types of information that it holds on computers? Appointed a cyber risk manager and allocated management responsibility for digital risks within the organisation? Implemented a written cyber security policy that has the backing of the board and senior management and is enforced through regular staff training and monitoring? Developed a cyber incident risk management plan for each type of incident which includes access to external incident response services? Checked the cyber security of the company’s suppliers, service providers, business partners and professional advisers? Accurately predicted what the impact would be on the company of each type of cyber incident? © 2016 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.

General Data Protection Regulations 2016 KEY CHANGES Requirement to notify breaches Much tougher fines Extra-territorial applicability Application to both processors and controllers One Stop Shop – lead supervisory authorities Abolition of requirement to register as a data controller Processing children’s data European Data Protection Board Right to be forgotten Easier access to one’s own data Right of data portability

To what extent will the Brexit vote affect data protection law? Article 50 of Lisbon Treaty Timing GDPR’s “long arm” UK Post Brexit options and adequacy EFTA and the Swiss model Going it alone Impact of Brexit on ICO

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.