Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data protection headaches: GDPR, brexit AND perimeter risk

Published bySusanna Carter Modified over 6 years ago

Similar presentations

Presentation on theme: "Data protection headaches: GDPR, brexit AND perimeter risk"— Presentation transcript:

1 Data protection headaches: GDPR, brexit AND perimeter risk
Date 20TH September 2016 Name NICK GIBBONS Position, PARTNER BLM T: E:

2 BUSINESSES IN THE UK ARE FACED WITH A GROWING HEADACHE IN RELATION TO DATA PROTECTION:
Cyber crime is now a daily reality Although significant numbers of businesses have taken steps to address internal security, perimeter risk is a different problem GDPR will make significant changes to data protection law but to what extent will it be affected by Brexit?

3 Cyber crime is now a daily reality
Cyber security now at the top of the agenda in many business Cyber attacks are now a virtual constant for large companies. Symantec estimates more than half a billion personal records were lost or stolen in Off-the-shelf criminal software is now widely available on the dark web. A study by cyber security firm FireEye found more than half (54%) of consumers in US felt more negatively towards companies that had suffered data breaches.

4 PERIMETER RISK DPA Principle 7 Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

5 A BUSINESS’ LEGAL RESPONSIBILITIES FOR DATA BELONGING TO THIRD PARTIES
Nearly all businesses will have not only their own data on their computer network but that of: Customers; Business partners; Suppliers; Employees. They have legal obligations to all of them to protect that data.

6 BUSINESSES’ LEGAL RESPONSIBILITIES FOR ENSURING SAFETY OF DATA SHARED WITH THIRD PARTIES

7 Cloud service providers/webhosting
DPA Schedule 1 Part II : “the data processor will comply with security obligations equivalent to those imposed on the data controller itself.” ICO Guidance: “When processing is undertaken by a data processor, the data controller must choose a processor providing sufficient guarantees about the technical and organisational security measures governing the processing to be carried out, and must take reasonable steps to ensure compliance with those measures.”

8 Sharing data with other organisations: security issues
ICO GUIDANCE: “make sure that it will continue to be protected with adequate security by any other organisations that will have access to it….. …take reasonable steps to ensure that those security measures are in place, particularly by ensuring that an agreed set of security standards has been signed up to by all the parties involved in a data sharing agreement….. …the organisations the data is disclosed to will take on their own legal responsibilities in respect of the data, including its security.

9 Cyber risk management Has the business:
Implemented organisational and physical cyber security measures in addition to technical cyber security? Identified key cyber exposures and the types of information that it holds on computers? Appointed a cyber risk manager and allocated management responsibility for digital risks within the organisation? Implemented a written cyber security policy that has the backing of the board and senior management and is enforced through regular staff training and monitoring? Developed a cyber incident risk management plan for each type of incident which includes access to external incident response services? Checked the cyber security of the company’s suppliers, service providers, business partners and professional advisers? Accurately predicted what the impact would be on the company of each type of cyber incident? © 2016 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.

10 General Data Protection Regulations 2016 KEY CHANGES
Requirement to notify breaches Much tougher fines Extra-territorial applicability Application to both processors and controllers One Stop Shop – lead supervisory authorities Abolition of requirement to register as a data controller Processing children’s data European Data Protection Board Right to be forgotten Easier access to one’s own data Right of data portability

11 To what extent will the Brexit vote affect data protection law?
Article 50 of Lisbon Treaty Timing GDPR’s “long arm” UK Post Brexit options and adequacy EFTA and the Swiss model Going it alone Impact of Brexit on ICO

12

Download ppt "Data protection headaches: GDPR, brexit AND perimeter risk"

Similar presentations

Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October 2012 1.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.

Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
The Data Protection Act - Confidentiality and Associated Problems.

The Data Protection Act - Confidentiality and Associated Problems.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
DATA PROTECTION ACT 1998. INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March 2000. It is more far reaching than its predecessor,

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
© University of Reading 2007 www.reading.ac.uk/data_protection Lee Shailer 06 June 2016 Data Protection the basics.

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.

Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Similar presentations

Ads by Google