Presentation is loading. Please wait.

Presentation is loading. Please wait.

EU General Data Protection regulation (GDPR)

Published byHenry Knight Modified over 6 years ago

Similar presentations

Presentation on theme: "EU General Data Protection regulation (GDPR)"— Presentation transcript:

1 EU General Data Protection regulation (GDPR)

2 Background EU Privacy Laws have been advanced (compared to the US) but chaotic 28 states interpreting a high-level EU directive Applied to EU wide interactions, with local exceptions Blunt instrument with little force Then Google, Facebook and the cloud Then Snowden Dec 2015 – Final adoption of EU General Data Protection Regulation (GDPR) Effective in Jan 2018 Regulation, not directive (i.e. MUST, not SHOULD)

3 Key points Applies to all EU states
Applies to all entities worldwide that have EU customers or clients (!) Potentially massive fines (4% of global revenue) Revocable consent “Clearly” informed consent Right to be forgotten Right to data portability between IdP’s Sets age of consent from 13 to 16 (allows local exceptions)

4 Some implications IaaS Implementing the right to be forgotten
Data processors share responsibilities with data controllers (e.g. VM providers may need to know what’s in the VM) 72 hour breach notification to authorities Implementing the right to be forgotten Managing backups and use of metadata Implementing “clearly” informed, revocable, fine-grain consent Stricter sense of PII, including race and national origin

5 More implications Risk based requirements on companies to perform data protection assessments on full data life-cycle Almost one-stop shopping for multi-jurisdictional resolutions BAE++ (back-end contracts need to be approved by data controller) Data Protection Officers (~CPO) required with SME (small to medium enterprise) exceptions Safe Harbor 2.0 being discussed by EU-US now

6 GDPR and Scalable Consent
requires consent “to be freely given, specific, informed and unambiguous" and expressed affirmatively "either by a statement or by a clear affirmative action. Freely given not available for employees; unclear for students Information must be in clear and plain language Requires user to be able to decline/revoke consent Must be purpose-driven; change of purpose requires reconsent Scalable Consent TIER related effort, catalyzed by NIST funding, to implement an architecture and code (internals and UI) to support multiprotocol consent Targets are both Shib IdP and stand-alone components May address much of the GDPR requirements when coupled with federation-level services (metadata, etc.)

7 GDPR Takeaways A “HIPPA/FERPA/FISMA” class object now on the radar
Sets a high bar globally for data protection Very early in the deploy cycle; uncertainties abound Significant impacts on campus IT infrastructure (consent support, reengineered storage and backups, etc) policy (data protection officers, risk assessments, etc) Good resource: (and its federated!)

Download ppt "EU General Data Protection regulation (GDPR)"

Similar presentations

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper

Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper
Key Points for a Privacy Programme for Multinationals Steve Coope.

Key Points for a Privacy Programme for Multinationals Steve Coope.
How Prepared are Nordic CIOs for GDPR Compliance?

How Prepared are Nordic CIOs for GDPR Compliance?
Protecting Data, Sharing Information Graham Wakerley: Director

Protecting Data, Sharing Information Graham Wakerley: Director
Policies for the processing of personal data

Policies for the processing of personal data
Privacy and Data Security in an Increasingly Globalized World

Privacy and Data Security in an Increasingly Globalized World
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR

Key changes with the GDPR
General Data Protection Regulations: The Key Changes

General Data Protection Regulations: The Key Changes
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
Ian De Freitas, Partner, Farrer & Co 6 September 2017

Ian De Freitas, Partner, Farrer & Co 6 September 2017
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
General Data Protection Regulations and the IoT

General Data Protection Regulations and the IoT
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR

Similar presentations

Ads by Google