Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security measures Introducing Risk Assessment in GDPR

Published byValerie McCarthy Modified over 6 years ago

Similar presentations

Presentation on theme: "Security measures Introducing Risk Assessment in GDPR"— Presentation transcript:

1 Security measures Introducing Risk Assessment in GDPR
Control R = f (I, L) R = V x T Risk is measured as a function of its potential impact and its likelihood of occurrence. Determine personal data lifecycle Determine organization’s vulnerabilities Determine the threats to the organization Determine the risk which may arise when a threat meets one of the existing organization’s vulnerabilities Personal Data identification Depending on the type of process and on the applicable legislation – determine personal data lifecycle (retention period, disposal method) Process identification Determining al personal data types processed Mapping the identified personal data to organization’s processes The identification of organization’s processes which involve personal data

2 GDPR snapshot for organizations
Concepts GDPR snapshot for organizations Organization – Daily activities Processing activities: activities involving personal data Data security Governance

3 Risk Assessment GDPR technical requirements
Integrity Confidentiality Availability Pseudonymisation Resilience Encryption

4 Security measures Personal data breach GDPR requirement:
A type of security incident Breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed GDPR requirement: Use appropriate technical and organizational measures Process personal data to ensure its appropriate security Protection against unauthorized or unlawful processing Protection against accidental loss, destruction or damage Integrity breach Availability breach Confidentiality breach

5 Notification and Communication
Personal data breach Notification and Communication Data Protection Authority (ANSPDCP) 72 hours after having become aware Risk to the rights and freedoms of natural persons Notification Describe the nature of the personal data breach, categories and approximate number of data subjects and records Name and contact details of the DPO Describe likely consequences of breach Describe measures taken to address the breach and mitigate adverse effects No notification: if personal data are already publicly available (no confidentiality breach) and no availability breach Individual (Data subject) Without undue delay High risk to the rights and freedoms of natural persons Communication Describe the nature of the personal data breach Name and contact details of the DPO Describe likely consequences of breach Describe measures taken to address the breach and mitigate adverse effects Communicate to the affected data subjects directly If disproportionate effort – public communication

6 Personal data breach Risk and High Risk Assessment - factors
Special characteristics of individual and controller Consequences for individuals Children / vulnerable individuals Medical organization vs. newspaper mailing list Ease of individual identification Data about vulnerable individuals / special categories of data Identity theft, fraud, psychological distress, humiliation, damage to reputation Nature, sensitivity, volume of PD, number of individuals Directly from the data breached Indirectly – in combination with publicly available data Pseudonymisation Type of breach Name and address vs. name and address of foster parents Health data Corroborated / combined Confidentiality breach Availability breach Both

7 Iulia GDPR March 2018

Download ppt "Security measures Introducing Risk Assessment in GDPR"

Similar presentations

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
General Awareness Training

General Awareness Training
WMD & Emergency Planning Steps Session 12. Emergency Planning Steps Vulnerability Assessment Mitigation Efforts Emergency Response Planning Recovery.

WMD & Emergency Planning Steps Session 12. Emergency Planning Steps Vulnerability Assessment Mitigation Efforts Emergency Response Planning Recovery.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.

Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act 1998. What the Act covers The misuse of personal data by organisations and businesses.

The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.

1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
NIST Computer Security Framework and Grids Original Slides by Irwin Gaines (FNAL) 20-Apr-2006 Freely Adapted by Bob Cowles (SLAC/OSG) for JSPG 13-Mar-2007.

NIST Computer Security Framework and Grids Original Slides by Irwin Gaines (FNAL) 20-Apr-2006 Freely Adapted by Bob Cowles (SLAC/OSG) for JSPG 13-Mar-2007.
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.

Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.

Similar presentations

Ads by Google