Presentation is loading. Please wait.

Presentation is loading. Please wait.

WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.

Similar presentations


Presentation on theme: "WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information."— Presentation transcript:

1 WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown
Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information Commissioner of the Republic of Slovenia.

2 WHAT IS GDPR? GDPR is short for General Data Protection Regulation (Regulation EU 2016/679). GDPR is a result of European Parliament, European Council and European Commission efforts to strenghten and unify personal data protection. GDPR was adopted on 27. April 2016. It enteres into application on 25. May 2018, after a two year transition period. Until then personal data protection is regulated by current national legislation.

3 NEW SANCTIONS Slovenian Personal Data Protection Act (PDPA) has relatively mild sanctions for personal data violations. Fine for legal person: EUR Fine for responsible person of legal person: 830 EUR Fine for individual: 200 EUR However, GDPR will introduce very high maximum fines. Up to EUR or up to 4% of the annual worldwide turnover of the perceding financial year n a case of an enterprise.

4 (SOME OF) WHAT WILL GDPR BRING
Representatives of controllers or processors not established in the EU. Data protection by design and by default. Data protection impact assessment. Prior consultation with the supervisory authority. Notification of a personal data breach to the supervisory authority. Communication of a personal data breach to the data subject Data protection officer. Codes of conduct. Certification.

5 MORE INFORMATION SECURITY?
GDPR demands more effort from data controllers and data processors regarding information security. In what way? Article 32 demands: the pseudonymisation and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

6 EXPORTING PERSONAL DATA
If there is an adequacy decision made by Commission that a third country, territory or sector ensures adequate level of personal data protection. If there is no adequancy decision, there are several options (if controller/processor has provided appropriate safeguards and effective legal remedies for data subjects are available): A legally binding and enforceable instrument between public authorities Binding corporate rules. Standard data protection clauses adopted by the Commission. Standard data protection clauses adopted by a supervisory authority. An approved code of conduct together with binding and enforceable commitments of the controller or processor. An approved certification mechanism together with binding and enforceable commitments of the controller or processor.

7 BOTTOM LINE New personal data legislation will enable new opportunities for data controllers, processors and interested third parties. GDPR puts more emphasis on information security. Export of personal data to third countries should be a bit easier. Noncompliance to GDPR provisions will be harshly sanctioned. Only time will tell if GDPR provisions will be successfully implemented into reality.


Download ppt "WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information."

Similar presentations


Ads by Google