Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Data Protection Regulation (GDPR

Published byKarin Adams Modified over 6 years ago

Similar presentations

Presentation on theme: "General Data Protection Regulation (GDPR"— Presentation transcript:

1 General Data Protection Regulation (GDPR
Regine Bonneau - RB Advisory LLC August 3, 2017

2 Agenda What is it? Deadline Why GDPR? & Scope General Accountability
Controllers Processors Governance Part 1 Part 2 Part 3 GDPR Individual Rights Key Consideration for Security Professionals Reporting Data Breaches Checklist Data protection by design Penalties Questions Quickly explain Agenda and ask if anyone they have questions (maybe) If no-one has questions, explain you will be open to questions after the presentation

3 General Data Protection Regulation (GDPR)
What is it? The General Data Protection Regulation (GDPR) will harmonize data protection laws in the EU to help bring better transparency for support of individuals’ rights It consists of 99 Articles with sub definitions Deadline It was revised from its 1995 form to keep up with technology of today and the way information is being obtained, processed, shared and retained. Adopted on April 27, 2016 and will become law on May 25, Very short window to start complying.

4 Why GDPR? & Scope The General Data Protection Regulation will help with: The checks and balances of the massive global exchange of personal data. Unifying each country’s laws to endorse the free cross-border of data sharing, including non-EU territories. Forcing a far-reaching consideration of privacy rights The significant shift of the international privacy landscape SCOPE Covers data processors (organizations) and data subjects (individuals) within the EU GDPR applies to any organization processing the details of EU individuals If you do business in the EU or EU individuals, or a company that does business with the EU, you are subject to the GDPR

5 GDPR Accountability Accountability is one of the centerpiece concepts found in the new framework It will be expected of both Data controllers and processors to draft formal policies to document an organization’s data privacy and protection posture and how it addresses the precepts of the GDPR Policies will need to be created based on the following: The nature, scope, context, and purposes of processing personal data And outline foreseeable risks to the rights of individuals

6 GDPR Accountability - Controllers
Detail must be kept at high standards: The name and contact information of the controller and Data Protection Officer Purposes of processing personal data Categories of data subjects, data, and recipients International data transfers and related safeguards for those transfers Data retention periods, and Data security measures employed

7 GDPR Accountability - Processors
Have to formally keep similar materials that outline as the Controller: The name and contact details of the processor and all engaged controllers Categories of processing for each controller International data transfers and related safeguards for those transfers, and Data security measures employed

8 Governance Article 28 Chapter 4 of the GDPR (one of the most important provisions) is mainly the section that outlines the responsibilities of controllers when engaging processors Part 1 Controllers looking to delegate service involving personal data processing must only work with vendors who will comply with the GDPR obligations Part 2 Controllers must formally authorize and approve processors leveraging processors

9 Governance – Part 3 The following must be stipulated in processor contracts: The nature of the relationship with the processor The length of the contract What the processor will actually be doing as part of their service or product The types of personal data that will be handled by the processor What general or specific GDPR requirements will be inherited by the processor

10 GDPR Individual Rights
The GDPR grants all users the rights over their personal data, which are presented in legal text Those rights are: Portability Individual can request the transfer of personal data to another controller Erasure Referred to as the “right to be forgotten Data subject has the right to request a complete deletion of their personal data when the following are evident: Consent is withdrawn Personal data is no longer needed for the purpose it was originally collected Personal data was unlawfully collected

11 Key Points for Security Professionals
Article 4, definition 12 –defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed” Articles 33 – “as soon as the controller becomes aware that a personal data breach has occurred, the controller should notify the personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it…”

12 Reporting Data Breaches
Article 4, definition 12 and Articles 33 - requires a controller to notify the personal data breach to the supervisory authority without undue delay Data breaches must be reported within 72 hours of being detected Data processors are liable for any breaches

13 Reporting data breaches checklist:
The GDPR will require companies to develop or update internal breach notification procedures to meet the 72-hour reporting requirement: Timely detection of breaches Reporting and alarms Mitigation through automation Investigation capabilities (case management and forensics)

14 Data protection by design
The GDPR requires data protection and processing safeguards to become part of all systems and processes. Data protection by design is based on 7 foundational principles Proactive not reactive Privacy as the ‘default’ setting Privacy embedded into design Full functionality: positive sum, not zero sum End-to-End security: full lifecycle protection Visibility and transparency : keep it open Respect for user privacy: keep it user-centric

15 Data Protection by Design checklist:
The GDPR is making companies rethink how data protection and privacy are met and managed by the organization: Analyze the gap between current and mandated position Assign required budget and resources Assign a data protection officer if criteria met Align with best-practice mandates Review and update data-handling procedures Develop a workplace education program

16 Penalties Penalties are calculated on Global Annual Revenue
This could mean bankruptcy for some companies A maximum of $21 million or four percent of global annual revenue – whichever is greater 2% allocated for a Notification breach 4% data subject information breach

17 Resources http://www.eugdpr.org

18 Questions Contact: Regine Bonneau RB Advisory LLC

Download ppt "General Data Protection Regulation (GDPR"

Similar presentations

Update on Data Protection issues Ray Collins Consultant - LGfL.

Update on Data Protection issues Ray Collins Consultant - LGfL.
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Business Challenges in the evolution of HOME AUTOMATION (IoT)

Business Challenges in the evolution of HOME AUTOMATION (IoT)
General Data Protection Regulations: Key Articles Overview Craig Clark Information Security & Compliance Manager UNIVERSITY OF EAST LONDON – LONDON’S LEADING.

General Data Protection Regulations: Key Articles Overview Craig Clark Information Security & Compliance Manager UNIVERSITY OF EAST LONDON – LONDON’S LEADING.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Key changes with the GDPR

Key changes with the GDPR
General Data Protection Regulations: The Key Changes

General Data Protection Regulations: The Key Changes
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – What’s it all about???

GDPR – What’s it all about???
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulation

General Data Protection Regulation
GDPR Any impact on procurement? 16/11/2017.

GDPR Any impact on procurement? 16/11/2017.
KEY CHANGES TO THE DATA PROTECTION LANDSCAPE

KEY CHANGES TO THE DATA PROTECTION LANDSCAPE
International Regulatory Trends

International Regulatory Trends

Similar presentations

Ads by Google