Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project Start-up This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787068.

Published byAdam Månsson Modified over 5 years ago

Similar presentations

Presentation on theme: "Project Start-up This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787068."— Presentation transcript:

1 Project Start-up This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No

2 Lawfulness, fairness and transparency
Project Start-up GDPR: CHALLENGES 7 KEY PRINCIPLES ACCOUNTABILITY Contractual organization Privacy-by-design & Privacy-by-default Records of data processing activities Privacy Impact Assessments Data Protection Officer RIGHTS OF INDIVIDUALS Information Access Rectification Erasure Restriction Portability Objection Automated decision-making / profiling Lawfulness, fairness and transparency Purpose limitation Data minimization Integrity and confidentiality Storage limitation Accuracy Accountability

3 DEVELOPING A GDPR PRIVACY PLAN
Project Start-up DEVELOPING A GDPR PRIVACY PLAN Conduct a comprehensive assessment of the organization readiness for GDPR and develop a plan of action to reach compliance CREATING A THIRD PARTY MANAGEMENT PROGRAM Manage third party vendor risk and create policies, procedures and on-going management to ensure third party compliance and implementation of necessary contractual arrangements MANAGING PRIVACY COMPLAINTS AND INDIVIDUAL RIGHTS Develop processes and policies to respond to requests made by individuals (right to information but also access, rectification, restriction, objection, erasure and portability rights) MANAGING PRIVACY INCIDENTS AND BREACH NOTIFICATION Review information security policies and breach handling incident response plans to comply with the strict formal reporting (notification) obligations IMPLEMENTING PRIVACY BY DESIGN/PRIVACY ENGINEERING Implement technical and organization measures to show that the origination has considered and integrated data compliance measures into data processing activities DATA DE-IDENTIFICATION/ ANONYMIZATION Assess and implement anonymization and pseudonymization techniques to fall outside the scope of the GDPR or comply with certain requirements MEETING REGULATORY REPORTING REQUIREMENTS Set up methods to review compliance activities and keep records for internal and external reporting to demonstrate compliance (e.g. privacy notices and records of privacy-related escalation handling activities) ADDRESSING INTERNATIONAL DATA TRANSFERS Map international data flows and manage mechanism to allow for transfer of data to non-EEA countries (BCRs, MCCs, Privacy Shield, etc.) CREATING DATA INVENTORY AND MAPS Inventory of processing activities and data flows, classified by data type, purpose and responsibilities. CONDUCTING PRIVACY RISK ASSESSMENTS (PIAs/DPIAs) Design and implement processes to conduct and manage PIAs/DPIAs and risk assessments across the organization, based on legal and regulatory requirements OBTAINING AND MANAGING USER CONTENT Develop processes to comply with new content requirements: ‘a statement or a clear affirmative action’ from the data subject, must be ‘freely given, specific, informed and unambiguous’ Implement physical, technical, and administrative measures to keep personal data secure and confidential through adequate standard or certification SELECTION OF APPROPRIATE SECURITY TECHNICAL AND ORGANISATIONAL MEASURES

4 ORGANISATION START DATE 1 July 2018 DURATION 30 months GRANT AMOUNT
Project Start-up ORGANISATION START DATE 1 July 2018 DURATION 30 months GRANT AMOUNT EUR 2,737,300.00 CALL TOPIC H2020-DS Cybersecurity PPP: Privacy, Data Protection, Digital Identities

5 Project Start-up Design and development of a successful, MARKET-ORIENTED, PLATFORM to support organizations towards GDPR compliance 1 Develop a MODULAR SOLUTION that covers different aspects of the GDPR 2 DEPLOYMENT and VALIDATION of the DEFeND platform in real operational environments 7 AUTOMATED methods and techniques to elicit, map and ANALYZE DATA that organizations hold for individuals 3 Integrated ENCRYPTION AND ANONYMIZATION solutions for GDPR 6 OBJECTIVES Advanced modelling languages and methodologies for privacy-by-design and DATA PROTECTION management 4 Specification, management and enforcement of PERSONAL DATA CONSENT 5

6 Project Start-up DEFeND PARADIGM The Model-Driven Privacy Governance (MDPG) paradigm enables building (from an abstract to a concrete level) and analyzing privacy related models following a Privacy-by-Design approach that spans over two levels, the Planning Level and the Operational Level, and across three management areas, i.e. Data Scope, Data Process and Data Breach

7 DEFeND PLATFORM toward GDPR compliance DATA BREACH MANAGEMENT (DBM)
Project Start-up DEFeND PLATFORM toward GDPR compliance DATA SCOPE MANAGEMENT (DSM) DATA PROCESS MANAGEMENT (DPM) DATA BREACH MANAGEMENT (DBM) Identify data, assets ART. 4 Data access rights ART. 15 Data Breach Plan Specification ART. 34 Organisational information establishments ART. 4 PLANNING LEVEL Personal data consent ART. 6, 7, 8, 13,14 Identify accountability ART. 5 Security and privacy specification Data flows ART. 24 ART. 4 Data Protection Impact Assessment (DPIA) ART. 32 ART. 35 Security and Privacy Technologies ART. 23, 33, 34, 36 Data transparency, lawfulness, minimisation ART. 4, 25 Data breach Detection, Notification and Response OPERATIONAL LEVEL ART. 19 Security and Privacy Threats Privacy Data Consent Monitoring and Notification ART. 23 Privacy by Design ART. 25

8 DEFeND ARCHITECTURE PRIVACY SPECIFICATION COMPONENT (PSC)
Project Start-up DATA ASSESSMENT COMPONENT (DAC) DATA PRIVACY ANALYSIS COMPONENT (DPAC) DPIA Analysis Data Minimisation Analysis DATA SCOPE MANAGEMENT (DSM) Organisation Data Collection Assessment Translator Data Assessment Model Data Privacy Model Threat Analysis Privacy by Design/Default PRIVACY SPECIFICATION COMPONENT (PSC) PRIVACY IMPLEMENTATION AND MONITORING COMPONENT (PIMC) Security/Privacy Technologies Data Access Rights Analysis Consent Analysis DATA PROCESS MANAGEMENT (DPM) Security/Privacy Specification Model Privacy Technologies Runtime Privacy Data Consent Monitoring Notification Privacy Data Consent (PDC) Model DATA BREACH COMPONENT (DBC) Data Breach Model DATA BREACH MANAGEMENT (DBM) Data Breach Modelling and Analysis Data breach Detection and Response

9 GDPR DASHBOARD dashBoard BackEnd DATA CONTROLLER-PROCESSOR
Project Start-up DATA CONTROLLER-PROCESSOR DATA SUBJECT SUPERVISORY AUTHORITIES Organisational Information Security/Privacy Specification Model Consent Preferences GDPR Authorities Report Privacy Data Consent Model GDPR Report Data Assessment Model GDPR Readiness Report Privacy Data Consent Model Breach Notification Data Scope Management Service (DSM) Data Process Management Service (DPM) Data Breach Management Service (DSM) GDPR Planning Service GDPR Reporting Service dashBoard Data Assessment Component (DAC) Data Privacy Analysis Component (DPAC) Privacy Specification Component (PSC) Privacy Implementation and Monitoring Component (PIMC) Data Breach Component (DBC) BackEnd

10 WORK PLAN WP6: DISSEMINATION AND EXPLOITATION
T6.1: Dissemination and public communication T6.2: Exploitation, Business and Commercialization T6.3: Training and Awareness T6.4: Projects and stakeholders networking WP6: DISSEMINATION AND EXPLOITATION T1.1: Project Management T2.2: Quality and Innovation Management T2.3: Compliance and Ethics Management T1.4: Technical Management T1.5: Security Advisory Board WP1: PROJECT, QUALITY AND COMPLIANCE MANAGEMENT WORK PLAN T5.1: Pilots’ preparations T5.2: Pilots’ execution and evaluation T5.3: Pilots’ final demonstration WP5: PILOTS PREPARATION AND EXECCUTION T2.1: Requirements and Specifications T2.2: Privacy and Compliance Requirements T2.3: Platform Architecture T2.4: Definition of pilots’ scenarios WP2: REQUIREMENTS AND ARCHITECTURE T4.1: Services’ integration T4.2: Security and Legal Compliance Audit T4.3: Platform Testing and Refinement WP4: INTEGRATION, DEPLOYMENT AND TESTING T3.1: Data Scope Management T3.2: Data Process Management T3.3: Data Breach Management T4.4: Dashboard WP3: DEVELOPMENT OF PLATFORMS SERVICES

11 Project Start-up DEFeND PILOTS DEFeND platform will be tested in operational environment (TRL 7) for two different types of scenarios across four sectors, focusing on the GDPR compliance process for end-users and on the GDPR implications for external stakeholders. ENERGY SECTOR (PRIVATE) GP (France) BANKING SECTOR (PRIVATE) ABILab (Italy) HEALTH CARE (PUBLIC) Fundacion Para la Investigacion Biomedica Hospital Infantil Universitario Niño Jesus (Spain) PUBLIC ADMINISTRATION (PUBLIC) PESHTERA MUNICIPALITY (Bulgaria)

12 THANK YOU Contacts Coordinator: Beatriz Gallego-Nicasio Crespo, Atos,
Technical Manager: Prof. Haralambos (Haris) Mouratidis, UoB, Communication: | Project website: This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No

Download ppt "Project Start-up This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787068."

Similar presentations

Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
Key Points for a Privacy Programme for Multinationals Steve Coope.

Key Points for a Privacy Programme for Multinationals Steve Coope.
Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.

Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.
Business Challenges in the evolution of HOME AUTOMATION (IoT)

Business Challenges in the evolution of HOME AUTOMATION (IoT)
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Preparing for a data protection audit 28 September 2017

Preparing for a data protection audit 28 September 2017
opensky Data Systems UK, Ireland, France, Middle-East Formed: 2004

opensky Data Systems UK, Ireland, France, Middle-East Formed: 2004
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR

Similar presentations

Ads by Google