Presentation is loading. Please wait.

Presentation is loading. Please wait.

Castlebridge associates |www.castlebridge.ie | www.dataprotectionofficer.ie Castlebridge changing how people think about information How to Implement the.

Published byKaren Cobb Modified over 9 years ago

Similar presentations

Presentation on theme: "Castlebridge associates |www.castlebridge.ie | www.dataprotectionofficer.ie Castlebridge changing how people think about information How to Implement the."— Presentation transcript:

1 castlebridge associates |www.castlebridge.ie | www.dataprotectionofficer.ie Castlebridge changing how people think about information How to Implement the GDPR Some Pragmatic Insights for Aligning Business / Information / Technology

2 One Slide Summary of GDPR and Information Governance Organisations need to ensure effective Information Governance and Controls over Business, Information, and Technology to ensure customer expectations of data privacy are met, or exceeded ©2016 Castlebridge Associates Oversee & Govern Plan & Build Do & Manage Engage & Respond Info Governance Info Quality

3 The GDPR Summarised One Stop Shop Core Principles Increased Penalties Risk based approach to Data Protection Explicit Focus on Governance Principles Driven Stricter Consent (where consent only basis) Enhanced Rights: Data Portability; RTBF; Risk & Penalty Mitigation Documentation Data Protection Officer Evidence of Effectiveness Risk & Penalty Mitigation Enforcement against Data Processors Extra territoriality Fines as % of Global Turnover Mitigating Factors 1.Lawfulness, fairness, transparency 2.Purpose Limitation 3.Data Minimisation 4.Accuracy 5.Storage Limitation 6.Integrity & Confidentiality 7.Accountability + Article 1, 7, and 8 ECHR

4 Privacy by Design What is it? Privacy by Design is an approach to systems engineering which takes privacy into account throughout the whole engineering process. Why is it Important? Privacy by Design places PRIVACY as a “Key Resulting Outcome” of the engineering process to design and implement data processing capabilities. It’s a key concept in the EU GDPR What is it? It is just QUALITY MANAGEMENT applied to Information, with PRIVACY as a “critical to quality” characteristic

5 Privacy by Design 'You cannot inspect quality into a product.' The quality is there or it isn't by the time it's inspected.” PBD is a Quality Management Philosophy

6 The Privacy by Design Philosophy PBD Proactive Not Reactive Privacy by Default Privacy Embedded Not Zero Sum E2E Security Transparency User Centric

7 Privacy Engineering What is it? Privacy Engineering is a discipline that uses engineering principles and processes to build controls and measures in to processes, systems, components, and products to enable the authorised processing of personal information. It is the discipline that ensures the gathering and application of privacy requirements has the same primacy as other ‘functional’ requirements in processes and systems and incorporates them into the project, product, system, or information life cycle. Why is it Important? It is the glue that makes PBD operative in an organisation What is it? It is just QUALITY ENGINEERING applied to Information, with PRIVACY as a “critical to quality” characteristic

8 Elements of Privacy Engineering Enterprise Goals User Goals Privacy Policy Requirements Policies and Procedures Privacy Mechanisms Privacy Awareness Training Quality Assurance QA Feedback

9 Castlebridge Associates © 2015 | Castlebridge Associates | Confidential

10 Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory SetsProcess flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto

11 Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory SetsProcess flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions What triggers need for data? Timing Identification Motivation Identification Why? Balancing priorities/goals Purpose spec Specified data, specified purpose Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto

12 Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory SetsProcess flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions Logical Schema Process Maps / Data Flow RACI Matrix Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto

13 Getting IT Involved… Explicit Focus on Data Governance Documentation Data Protection Officer Evidence of Effectiveness Expectation Process Outcome Information Outcome Customer Operational Tactical Strategic Business Information Technology Business Architecture & Planning Information Architecture & Planning Technology Architecture & Planning Business Strategy & Governance Information Strategy & Governance Technology Strategy & Governance Management & Execution of Business Processes Management & Application of Information Management & Exploitation of IT Services

14 Data Protection in the DMBOK Wheel  Data Protection roles, tasks, duties exist in all domains  Data Governance key to linking them all effectively © DAMA International, used with permission DMBO wheel ©2009 DAMA International

15 The TOGAF 9.1 Perspective  Techies love TOGAF (but it is just basic architectural principles)  Figure out how to apply tools and techniques to support Privacy Engineering

16 Castlebridge Associates © 2015 | Castlebridge Associates | Confidential 10 STEPS FOR DATA QUALITY APPROACH TO PIA & RISK 1 Define Business Need & Approach 2 Analyse Information Environment 3 Assess Quality of Information (Privacy) 4 Assess Business Impact Cannot be done legally/ethically 5 Identify Root Causes (Why is there a DP/Privacy issue) 6 Develop Improvement Plans (Identify what needs to be fixed) 7 Prevent Future Data Errors (Fix processes etc. for “to be”) 8 Fix current problems (Fix processes etc. for “as is”) Cost/Benefit not in favour of changes 9 Implement Controls 10 Communicate Actions and Results

17 Castlebridge changing how people think about information One Stop Shop… what it means.. GDPR and Relevant cases

18 One Stop Shop  Intent:  EU residents and organisations in the EU will only have to deal with one lead Data Protection agency  Simplify the execution of /vindication of rights (Data Subjects)  Reduce the complexity for organisations working across more than one EU Jurisdiction

19 The Reality… Its complicated… Article 51 & 51a GDPR Schrems Weltimmo

Download ppt "Castlebridge associates |www.castlebridge.ie | www.dataprotectionofficer.ie Castlebridge changing how people think about information How to Implement the."

Similar presentations

Project Quality Plans Gillian Sandilands Director of Quality

Project Quality Plans Gillian Sandilands Director of Quality
Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.

Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.
Succession and talent management

Succession and talent management
Child Safeguarding Standards

Child Safeguarding Standards
Business Architecture

Business Architecture
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Monday, June 01, 2015 Aligning Business Strategy with IT Architecture Board & Governance- Key to Running IT as Business.

Monday, June 01, 2015 Aligning Business Strategy with IT Architecture Board & Governance- Key to Running IT as Business.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
All Rights Reserved: JusticeExperts.com Enterprise? What Enterprise? Enterprise Development.

All Rights Reserved: JusticeExperts.com Enterprise? What Enterprise? Enterprise Development.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Certified Business Process Professional (CBPP®) Exam Overview

Certified Business Process Professional (CBPP®) Exam Overview
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Opportunities & Implications for Turkish Organisations & Projects

Opportunities & Implications for Turkish Organisations & Projects
Enterprise Architecture

Enterprise Architecture
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
Release & Deployment ITIL Version 3

Release & Deployment ITIL Version 3
Project Human Resource Management

Project Human Resource Management

Similar presentations

Ads by Google