eu gdpr practical implementation guide opportunities and
play

EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS - PowerPoint PPT Presentation

Mar 07, 2024 •192 likes •437 views

Reaz Khedarun and Ian Davis EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com Agenda Implications and opportunities of GDPR New obligations and liabilities for suppliers How GDPR compliance can

  1. Reaz Khedarun and Ian Davis EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com

  2. Agenda • Implications and opportunities of GDPR • New obligations and liabilities for suppliers • How GDPR compliance can support risk reduction and alignment with PCI DSS and ISO27001 • Technical Controls and Data Discovery • Timebound GDPR implementation plan • Q&A EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  3. Implications and opportunities of GDPR EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  4. Overview of GDPR Operational Impacts Big Fines (Article 83) Extraterritorial Scope (Article 3) Data Breach Notification – within 72 hours Must implement Security (Article 32,33 & 34) measures (people/IT) (Article 5, 32) Detailed New Individual rights (Portability & Erasure) records of Privacy notices must be redrafted (Article 12 – 22) (Article 12,13) Personal Data Must maintain effective DP New rules on customer consent being Policies (Article 4,7,8,9) (Article 24) processed must DP Officer/Governance Privacy by design must be be maintained embedded into businesses requirements (Article 25) (Article 30) (Article 28 - 29) Mandatory DP Impact New Data Processor obligations Assessments for suppliers (Article 35) (Article 28) EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  5. Accountability Obligations under the GDPR Article 28 of the GDPR codifies the accountability obligation. It requires controllers to: • implement appropriate technical and organisational measures to ensure and be able to demonstrate that data processing is performed in accordance with the GDPR; and • implement appropriate data protection policies where proportionate in relation to processing activities. EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  6. Compliance with the Accountability Principle • Data Protection policies and notices; • Internal governance structure; • Records of processing activities; • Records of mechanisms for cross-border transfers; • Data breach handling procedures; and more…. EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  7. New obligations and liabilities for suppliers EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  8. Processor Obligations Data Processors (e.g. CSPs, payroll, HR, IT suppliers) direct obligations for the first time under GDPR: • Security • Record Keeping • Cross Border Transfers of Personal Data Consequences: • Subject to administrative fines • Compensation claims EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  9. Choosing a Processor • Article 24 of the GDPR requires controllers to: • use only processors providing sufficient guarantees to implement appropriate technical and organisational measures • Accountability Obligation - Demonstrate Compliance • Consider undertaking a DPIA before entering into a new processing arrangement • Audit existing suppliers EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  10. GDPR Processor Contracts Written Agreements – Mandatory • Document subject matter, duration, nature and purpose of processing; • Include details of personal data and data subject categories; • Requirement to report breaches; • Cooperation with Controller obligations (security and subject access rights, portability, erasure); And more… EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  11. How GDPR compliance can support risk reduction and alignment with PCI DSS and ISO27001 EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  12. Opportunities • Data portability - Start-ups and smaller enterprises to ‘access data markets dominated by digital giants’ • Data Housekeeping/Discovery - Utilise or monetise your data once you know where it is! • Market Share – Maintained or increased through consumer trust • Reducing data footprint – Risk mitigation EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  13. Article 32 – Security of Processing GDPR provides specific suggestions for what kinds of security actions might be considered “appropriate to the risk,” including: • the pseudonymisation and encryption of personal data; • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; • a process for regularly testing , assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  14. ISO27001 and GDPR • A.18.1.4 - Privacy and Protection of Personally Identifiable Information • A. 10.1 - Cryptographic Controls A.15 - Supplier Relationships • • A.17 - Business continuity management Additional controls on governance, technical • auditing, access controls, vetting, physical security and incident management EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  15. PCI and GDPR • PCI DSS & GDPR designed to improve customer data protection. • PCI DSS focuses on payment card data whilst the GDPR focuses on personally identifiable information. • GDPR less prescriptive • Technology for PCI compliance can be extended to protect additional personal data. EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  16. Accountability Obligations under the GDPR • Article 28 of the GDPR requires controllers to: • implement appropriate technical and organisational measures to ensure and be able to demonstrate that data processing is performed in accordance with the GDPR; EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  17. Technical Controls and Data Discovery EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  18. Threat Landscape • External Attackers, Internal Rogues • Administrators • Users (permanent / temporary) • Suppliers • Developers EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  19. Dealing with the Threat ‘Appropriate security measures’ to protect personal data include: • Encryption (at rest and in transit) – best data security measure available; • Keep patches up to date; • Apply multi-layered entry point protection (web, email and malware protection); • Limit dissemination of sensitive data (application/device control/mobile device management, data control); and more… EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  20. Timebound GDPR implementation plan EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  21. Building a GDPR Plan Step 1 – Build consensus – Identify key stakeholders (e.g. IT, Legal, Marketing, Operations, Sales, Customer Services, Compliance) Step 2 – Assess Readiness Step 3 – Define a plan and personal data flow mapping Step 4 – Assess your international transfers Step 5 – Address supply chain EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  22. Q&A EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  23. Preparing for GDPR Checklist Maintain detailed records of personal data processing Review and update your method to obtain consent to ensure you get specific, informed, and unambiguous opt-in consent. Review, revise (or draft) your written information security policies to ensure appropriate technical, administrative, and physical measures are in place to protect data. Consider privacy by design and privacy by default in new and existing applications. Ensure there are procedures for dealing with data portability and right to be forgotten requests. Check and update your privacy notices. Consider how you manage risk and how data Begin the search for qualified DPO’s. protection is dealt with in your risk assessment framework. Review your insurance for scope and limits of coverage. Ensure staff have adequate and up to date training on data protection and GDPR changes. EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS

  24. For more information contact us on: bd@gemserv.com +44 (0)20 7090 1091

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GDPR Practical Start where can you begin rolling out? GDPR Practical Start where can you begin

GDPR Practical Start where can you begin rolling out? GDPR Practical Start where can you begin

Holdingbay GDPR Practical Start where can you begin rolling out? GDPR Practical Start where can you begin rolling out? Holdingbay Tristan Bailey Working with marketing and sales data for over 15 years Develop applications Brighton, UK

404 views • 15 slides
The implementation of the GDPR in the practice of towns and municipalities Implementation of the

The implementation of the GDPR in the practice of towns and municipalities Implementation of the

The implementation of the GDPR in the practice of towns and municipalities Implementation of the GDPR in France share of practice In Dpartement du Loiret 1/8 French organization of public administrations Population : 65 billions - 1

251 views • 8 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
2018-2019 NCI-AD Implementation Guide The NCI-AD Implementation Guide, in tandem with the NCI-AD

2018-2019 NCI-AD Implementation Guide The NCI-AD Implementation Guide, in tandem with the NCI-AD

2018-2019 NCI-AD Implementation Guide The NCI-AD Implementation Guide, in tandem with the NCI-AD Project Abstract, is intended to assist Participating States with planning for the 2018-2019 NCI-AD survey year. The Guide identifies key aspects of

251 views • 11 slides
Practical Guide to Determination of Practical Guide to Determination of Binding Constants

Practical Guide to Determination of Practical Guide to Determination of Binding Constants

Practical Guide to Determination of Practical Guide to Determination of Binding Constants Binding Constants The correlation of H , S , K and temperature according to the vant Hoff equation. (K. Hirose, in Analytical Methods in

460 views • 18 slides
GDPR and Social Surveys The Opportunities in Practice 14 January 2019 Debrah Harding Managing

GDPR and Social Surveys The Opportunities in Practice 14 January 2019 Debrah Harding Managing

GDPR and Social Surveys The Opportunities in Practice 14 January 2019 Debrah Harding Managing Director MRS Agenda Topics Overview of GDPR - legislative framework - impact of Brexit - reminder of some key concepts Public interest research

593 views • 21 slides
Mainstreaming transport co- benefits approach: a practical guide benefits approach: a practical

Mainstreaming transport co- benefits approach: a practical guide benefits approach: a practical

Mainstreaming transport co- benefits approach: a practical guide benefits approach: a practical guide to evaluating transport projects Jane Romero Cli Climate Change Group Ch G IGES Outline Out e o Overview o Why quantify co-benefits?

345 views • 15 slides
MESH NETWORK A Practical Guide Created by Suriyadeepan and Selva Kumar

MESH NETWORK A Practical Guide Created by Suriyadeepan and Selva Kumar

MESH NETWORK A Practical Guide Created by Suriyadeepan and Selva Kumar suriyadeepan.r@gmail.com Routing Protocols Babel BATMAN OLSR BMX6 Implementation batman-adv B etter A pproach T o M obile A dhoc N etwork Implemented as a linux

1.25k views • 76 slides
The Practical Guide to Levitation By Ahmad Salim Al-Sibahi Supervisors: Dr. Peter Sestoft David

The Practical Guide to Levitation By Ahmad Salim Al-Sibahi Supervisors: Dr. Peter Sestoft David

The Practical Guide to Levitation By Ahmad Salim Al-Sibahi Supervisors: Dr. Peter Sestoft David R. Christiansen A Practical Guide to Levitation http://wordswithoutborders.org/article/a- practical-guide-to-levitation Excellent, but

589 views • 40 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Automated, Connected, Electric, Shared & Emerging Applications - Practical Implementation

Automated, Connected, Electric, Shared & Emerging Applications - Practical Implementation

Automated, Connected, Electric, Shared & Emerging Applications - Practical Implementation Opportunities for Local Governments 2018 FAV Summit by Charles A. Ramdatt, P.E., AICP November 28, 2018 SMART ORL

314 views • 9 slides
A Practical Marketing Approach to GDPR Great News! Focus on email marketing What you

A Practical Marketing Approach to GDPR Great News! Focus on email marketing What you

A Practical Marketing Approach to GDPR Great News! Focus on email marketing What you need to do How to get consent Documentation What is PII? Personally Identifiable Information Name, email IP address

410 views • 27 slides
Welcome Chris Joberns- Managing Director at Strident Experts With Practical Answers Beck Moran-

Welcome Chris Joberns- Managing Director at Strident Experts With Practical Answers Beck Moran-

Welcome Chris Joberns- Managing Director at Strident Experts With Practical Answers Beck Moran- ReMo, ISO and GDPR guru Becky will introduce GDPR and u highlight areas you need to address Darren Davies- ESET , Darren will demonstrate the very

781 views • 48 slides
Benchmarking) A Practical Guide to Experimentation (and publics ou privs. recherche franais

Benchmarking) A Practical Guide to Experimentation (and publics ou privs. recherche franais

HAL Id: hal-01959453 scientifjques de niveau recherche, publis ou non, panion: Proceedings of the Genetic and Evolutionary Computation Conference Companion, Jul 2018, Nikolaus Hansen. A Practical Guide to Experimentation (and Benchmarking).

970 views • 78 slides
TCP/IP Sockets in C: Practical Guide for Computer Chat Programmers ! How do we make computers

TCP/IP Sockets in C: Practical Guide for Computer Chat Programmers ! How do we make computers

TCP/IP Sockets in C: Practical Guide for Computer Chat Programmers ! How do we make computers talk? http://cs.ecs.baylor.edu/~donahoo/practical/CSockets/ ! How are they interconnected? Michael J. Donahoo Kenneth L. Calvert Internet Protocol

359 views • 12 slides
Communication Skills A Practical Guide to Improving Your Social Intelligence Presentation

Communication Skills A Practical Guide to Improving Your Social Intelligence Presentation

Communication Skills A Practical Guide to Improving Your Social Intelligence Presentation Persuasion and Public Speaking Positive Psychology Coaching Series Book Volume 9 by Ian Tuhovsky You're readind a preview Communication Skills A Practical

266 views • 4 slides
General Data Protection Regulation: Global Scope, More Duties, Big Fines October 5, 2017

General Data Protection Regulation: Global Scope, More Duties, Big Fines October 5, 2017

General Data Protection Regulation: Global Scope, More Duties, Big Fines October 5, 2017 Presented By: Etienne Drouard, Partner, K&L Gates (Paris) Ignasi Guardans, Partner, K&L Gates (Brussels) Ewelina Madej, Senior Associate, K&L

489 views • 32 slides
Seabird sightings data preparation 200708 to 201819 Yvan Richard Edward Abraham 6 August

Seabird sightings data preparation 200708 to 201819 Yvan Richard Edward Abraham 6 August

Seabird sightings data preparation 200708 to 201819 Yvan Richard Edward Abraham 6 August 2020 Department of Conservation Project CSP12302-1 This presentation is of provisional work, final results may differ. Introduction 2 / 35

601 views • 35 slides
Data preparation for verifjcation L. Wilson Associate Scientist Emeritus Environment Canada

Data preparation for verifjcation L. Wilson Associate Scientist Emeritus Environment Canada

Data preparation for verifjcation L. Wilson Associate Scientist Emeritus Environment Canada Outline Sources of observation data Sources of forecasts T ypes of variables Matching issues Forecasts to the observations

261 views • 25 slides
TTS and Data Selection: Improving Systems for Low-Resource Languages Chevy Levitan, DREU 2015

TTS and Data Selection: Improving Systems for Low-Resource Languages Chevy Levitan, DREU 2015

TTS and Data Selection: Improving Systems for Low-Resource Languages Chevy Levitan, DREU 2015 outline I. Project II. Approach III. Methods IV. Status V. Future I. Project synthesize natural, intelligible voices for low resource languages

718 views • 39 slides
PROTECTION REGULATION (GDPR) OrbitTech Limited WHAT IS IT? REVISED REGULATIONS GOVERNING

PROTECTION REGULATION (GDPR) OrbitTech Limited WHAT IS IT? REVISED REGULATIONS GOVERNING

PREPARING FOR GENERAL DATA PROTECTION REGULATION (GDPR) OrbitTech Limited WHAT IS IT? REVISED REGULATIONS GOVERNING COLLECTION, STORAGE & USAGE OF PERSONAL DATA MOVES BALANCE OF CONTROL BACK TO ORDINARY PEOPLE GIVES CITIZENS

340 views • 16 slides
General Data Protection Regulation and the UT System GDPRs Intent The aim of the GDPR

General Data Protection Regulation and the UT System GDPRs Intent The aim of the GDPR

General Data Protection Regulation and the UT System GDPRs Intent The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the

199 views • 9 slides
PDPA THAILANDS PERSONAL DATA PROTECTION ACT LEGAL UPDATE & IMPLEMENTATION GUIDE

PDPA THAILANDS PERSONAL DATA PROTECTION ACT LEGAL UPDATE & IMPLEMENTATION GUIDE

PDPA THAILANDS PERSONAL DATA PROTECTION ACT LEGAL UPDATE & IMPLEMENTATION GUIDE THAILANDS MR. FLORIAN MAIER, LL.M. GLOWFISHTHAILANDS MANAGING DIRECTOR, ANTARES ADVISORY LTD. AUSTCHAM BREAKFAST BRIEFING 19 FEBRUARY 2020 GLOWFISH

424 views • 24 slides
IMPLICATIONS OF THE GDPR IN THE US Francisco Garca Martnez Illinois Institute of Technology

IMPLICATIONS OF THE GDPR IN THE US Francisco Garca Martnez Illinois Institute of Technology

ANALYSIS OF THE US PRIVACY MODEL - IMPLICATIONS OF THE GDPR IN THE US Francisco Garca Martnez Illinois Institute of Technology Contact: Francisco Garca Martnez fgarciamartinez@hawk.iit.edu linkedin.com/in/francisco-g-martinez

330 views • 12 slides

More recommend