Data protection certification and cloud computing

Slides:

Advertisements

Similar presentations

European Cloud Partnership Rainer Zimmermann European Commission Information Society and Media Directorate General Head of Unit Software & Service Architectures.

Advertisements

Public hearing European Standardization: improving competitiveness through a new regulatory framework - European Parliament / IMCO 6 key messages on European.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Geneva, Switzerland, September 2012 m-Cloud for Homecare - Policy & Regulatory Challenges - Francesca Fontana, Associate at ICT Legal Consulting.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Copyright © 2011 Cloud Security Alliance.

Security and Privacy SLAs for Cloud services Dr. Jesus Luna, CSA Research Director EMEA Copyright © 2015 Cloud Security Alliance.

Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.

Building trust in the Cloud: the CSA perspective Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance © Cloud Security.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

18 th Annual Canadian IT Law Association Conference Insider View from the EU Expert Group on Cloud Computing Dr Sam De Silva Partner, Head of IT & Outsourcing.

Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.

SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.

Roles and Responsibilities

12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:

The ISO Standards Get Familiar or Stay Away? PrivaTech Consulting Presenter: Fazila Nurani, B.A.Sc., (E.Eng.), LL.B., CIPP/C.

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –

EHealth/mHealth Gisele Roesems Deputy Head of Unit Health and Well-Being DG CONNECT EUROPEAN COMMISSION 2 nd International Conference on Health Informatics.

Cloud Computing climate change for legal contracts ? EuroCloud Ireland & Irish Computer Society July 1st 2010 Philip Nolan/ Jeanne Kelly Partners, Mason.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Cloud Computing and Standards - A Regulator’s View OASIS International Cloud Symposium 11 October 2011 Steven Johnston, CISSP Senior Security and Technology.

IoT Trust Framework leading to self regulation code of conduct and certification models Craig Spiezle Executive Director & President Online.

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

Essnet STAND-PREP Rome, 6-7 June 2011 Rome, 6-7 June 2011 ESSnet “Preparation of standardisation” WP1 report: outline of the report, content, responsibility.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

P ERSONAL D ATA P ROCESSING I NTRODUCTION TO PROPOSED NEW DRAFT P OLICY ON THE P ROCESSING OF P ERSONAL D ATA I AN N EILSON – STFC RAL 13 January 2016.

Daniel Field, Atos Spain Towards the European Open Science Cloud, Heidelberg, 20/01/2016.

International Atomic Energy Agency STRUCTURED DISCUSSION CODE OF CONDUCT AND EU BSS Interregional Training Course on Technical Requirements to Fulfil National.

Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.

1 Agencia Española de Protección de Datos The Use of Contracts and BCRs to Transfer Personal Data The European Union – United States Safe Harbor framework:

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

A solid privacy and security approach Alf Moens, Corporate Security Officer SURF Evelijn Jeunink, Legal adviser, Corporate Privacy Officer SURF.

The EU Data Protection Directive revised: New challenges and perspectives Maria Giannakaki Attorney at Law – D.E.A. 4 th International Conference on Information.

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

Protecting Data, Sharing Information Graham Wakerley: Director

Contracts – the small print

Data Protection Officer’s Overview of the GDPR

Accountability & Structured Privacy Management

Integrating Cloud Service and Security Management Systems B. Kemmler, M. Breuer, S. Metzger, D. Kranzlmüller.

GDPR support tool GN4-2 JRA4 T2 Radovan Igliar TF-GDPR, Berlin

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

European app matters Charles Lowe

Learn Your Information Security Management System

Ireland’s transition towards the GDPR

General Data Protection Regulations and the IoT

CLM USE GUIDE FOR MICROSOFT TRUSTED CLOUD

General Data Protection Regulation

Museums + Heritage webinar, 30 November 2017

Data protection reform:

Bob Siegel President Privacy Ref, Inc.

Data Protection Reform in Local Government

CLOUD COMPUTING SECURITY

GDPR Workshop G.LEFTHERIOTIS /

Introduction to GDPR 09/11/2018.

Final Report of TF-CS/OTA September The Amba Hotel, London

State of the privacy union

GDPR – Practical Implementation Managing contracts, procurement and relationships with suppliers Terry Brewer Chief Executive.

Dealing with your GDPR Challenges

GDPR & Accountability ISACA Ireland Annual Conference 2018

Overview of the main novelties in the new EU General Data Protection Regulation and summary of the main contradictions in the existing Ukrainian data protection.

Informal document GRVA st GRVA, September 2018

Data Protection in Law Enforcement Area Chapter 9a of the draft law

GDPR PERSONDATAFORORDNINGEN I PRAKSIS

General Data Protection Regulation “11 months in”

eHealth/mHealth Gisele Roesems

Getting Ready For GDPR Simon Marks Director

Presentation transcript:

Data protection certification and cloud computing Gwendal Le Grand Director of technology and innovation CNIL (French DPA) glegrand@cnil.fr

Privacy certification Certification of products or procedures (art. 11) Audit procedures, privacy governance, training, e-safes Assessment by the CNIL Privacy seals delivered by the CNIL Data protection certification and cloud computing

Data protection certification and cloud computing CNIL recommendations Published guidance with models of contractual clauses (2012) WP29 recommendations Opinion 5/2012 on cloud computing Cloud security alliance Privacy Level Agreement Outline for cloud services in the EU Star certification Cloud code of conduct (EU level) Opinion 2/2015 on C-SIG draft code of conduct Transition to GDPR ; CoC vs enforcement by DPAs ; governance of the code ; Location of the processing ; International transfers ; liability ; security ; right to audit … Data protection certification and cloud computing

Data protection certification and cloud computing ISO standards ISO/IEC 29100 Privacy framework Terminology and principles to be used in every privacy related standard ISO/IEC 29151 Code of practice for PII protection Catalogue of generic privacy controls, in addition to ISO/IEC 27002 (information security controls) ISO/IEC 27017 Code of practice for information security controls for cloud computing services based on ISO/IEC 27002 Catalogue of information security controls specific to cloud computing, in addition to ISO/IEC 27002 ISO/IEC 27018 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors Catalogue of privacy controls specific to cloud computing, (theorically) in addition to ISO/IEC 29151 ISO/IEC 27001 Information security management system (ISMS) Requirements for the certification of information security management systems ISO/IEC 27009 Sector specific application of ISO/IEC 27001 – Requirements Requirements for the creation of sector-specific standards that would fit in the ISO/IEC 27001 framework Next step: use ISO/IEC 27009 requirements to build the missing privacy requirements in a new standard, in order to be able to certify management systems including privacy and/or cloud computing specific aspects Data protection certification and cloud computing

Data protection certification and cloud computing Conclusion Need to provide transparency and privacy assurance for Cloud providers Cloud customers Privacy and data protection are requested by users Privacy & Data protection are legal obligations and competitive advantages Data protection certification and cloud computing