the gdpr and its implications on cloud services
play

The GDPR and Its Implications On Cloud Services September 2017 - PowerPoint PPT Presentation

Nov 05, 2022 •382 likes •774 views

The GDPR and Its Implications On Cloud Services September 2017 Norm Barber, Managing Director (normb@unifycloud.com) UnifyCloud LLC General Background A rapidly growing and successful Redmond, WA-based soluGons developer with significant

  1. The GDPR and Its Implications On Cloud Services September 2017 Norm Barber, Managing Director (normb@unifycloud.com)

  2. UnifyCloud LLC – General Background A rapidly growing and successful Redmond, WA-based soluGons developer with significant technical resources located in the US and India. Our global focus is on Cloud , Cybersecurity , Compliance (regulatory) and Cost . EffecGvely migraGng from a tradiGonal, on-premises IT environment to a Hybrid IT environment that may include elements of SaaS, IaaS, and PaaS requires a logical set of steps. As Gartner has noted, “An organizaGon cannot simply ‘jump’ to the Cloud. There need to be ac5vi5es that are part of a phased evalua5on and plan to move to the Cloud. ” Discover Assess Target Migrate Monitor The General Data ProtecGon RegulaGon (GDPR) impacts the enGre Cloud (SaaS, IaaS, PaaS) journey

  3. 3 Disclaimer This presentaGon is a commentary on the GDPR, as UnifyCloud LLC interprets it, as of the date of publicaGon. We’ve spent a lot of Gme with GDPR and like to think we’ve been though`ul about its intent and meaning. But the applicaGon of GDPR is highly fact-specific, and not all aspects and interpretaGons of GDPR are well-sealed. As a result, this presentaGon is provided for informaGonal purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your organizaGon. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organizaGon, and how best to ensure compliance. UNIFYCLOUD LLC MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS WHITE PAPER. This presentaGon is provided “as-is.” informaGon and views expressed in this presentaGon, including URL and other Internet website references, may change without noGce.

  4. 4 Today’s GDPR briefing topics • What is the GDPR • How to interpret the GDPR • Addressing GDPR compliance in the Cloud • GDPR Baseline approach • Case Study: Managing GDPR in Azure

  5. 5 Audience poll: GDPR key roles that will impact you Controller (from GDPR) Processer (from GDPR) “…the natural or legal “… a natural or legal person, person, public authority, public authority, agency or agency or other body which, other body which processes alone or jointly with others, personal data on behalf of determines the purposes and the controller.” means of the processing of personal data; where the Solu5on Purveyor purposes and means of such • CSV processing are determined • ISV by Union or Member State • Consultant law, the controller or the specific criteria for its nominaGon may be provided for by Union or Member State law.”

  6. 6

  7. 7 GDPR key drivers for May 25, 2018 enforcement (in effect as of 5/4/16) • Updates and modernizes the principles of the 1995 Data ProtecGon DirecGve • Sets out the rights of the individual and establishes the obligaGons of those processing and those responsible for the processing of the data. • Establishes the methods for ensuring compliance as well as the scope of sancGons for those in breach of the rules. • Applies to all organizaGons doing business in the EU regardless of locaGon. Source:

  8. 8 GDPR data definitions regardless of nationality or EU residence Personal Data (from GDPR) Examples: “…means any informaGon relaGng to • Name an idenGfied or idenGfiable natural • IdenGficaGon number (e.g., SSN) person ('data subject'); an idenGfiable natural person is one who can be • LocaGon data (e.g., home address) idenGfied, directly or indirectly, in • Online idenGfier (e.g., e-mail address, parGcular by reference to an idenGfier screen names, IP address, device IDs) such as a name, an idenGficaGon number, locaGon data, an online • GeneGc data (e.g., biological samples from an individual) idenGfier or to one or more factors specific to the physical, physiological, • Biometric data (e.g., fingerprints, facial geneGc, mental, economic, cultural or recogniGon) social idenGty of that natural person.” “The GDPR also requires compliance from non-EU organizaGons that offer goods or services to EU residents or monitor the behavior of EU residents.” Source : Brief: You Need An Ac0on Plan For The GDPR ; Forrester Research; October 2016

  9. 9 GDPR compliance is a challenge for both controllers and processors “By the end of 2018, over 50% of companies affected by the GDPR will not be in full compliance with its requirements.” Gartner - Focus on Five High-Priority Changes to Tackle the EU GDPR ; September 30, 2016 Enhanced personal privacy rights The General Data Protection Regulation (GDPR) Increased duty for protecting data imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied Mandatory breach reporting to EU residents, no matter where they are located. Significant penalties for non-compliance

  10. 10 Controller’s (or your customer’s) GDPR compliance model 43 GDPR Requirements* 1. Provide noGficaGon to data subjects, in clear and plain language. 2. Request and obtain the data subject’s affirmaGve and granular consent. 3. DisconGnue with processing acGviGes if the data subject denies consent. GDPR RegulaGon (261 pages) 4. Provide a mechanism for data subjects to “…organizaGons must demonstrate that they have implemented appropriate measures to withdraw consent. miGgate privacy risks. Even in the absence of a privacy breach or customer complaint, 5. Obtain affirmaGve consent from a child’s (under regulators may require firms to exhibit evidence of their compliance and risk management age of 16) parent or guardian. strategies, including a privacy impact assessment (PIA) when appropriate.” Source : Brief: You Need An Ac0on Plan For The GDPR ; Forrester Research; October 2016 * UnifyCloud LLC GDPR interpretaGon. You are encouraged to complete your own GDPR interpretaGon

  11. 11 Controller’s (or your customer’s) GDPR compliance model 43 GDPR Requirements* 1. Provide noGce of processing acGviGes at the Gme personal data is obtained. 2. Provide noGce of processing acGviGes if personal data has not been obtained directly. 3. Provide the data privacy noGce at all points where personal data is collected. GDPR RegulaGon (261 pages) * UnifyCloud LLC GDPR interpretaGon. You are encouraged to complete your own GDPR interpretaGon

  12. 12 Controller’s (or your customer’s) GDPR compliance model 43 GDPR Requirements* 1. Provide mechanism for validaGng idenGty of the requesGng data subject. 2. Provide mechanism for to request access to their personal data. 3. Provide a mechanism to respond to requests on personal data access. GDPR RegulaGon (261 pages) 4. Maintain the technological ability to trace and search personal data. 5. Provide mechanism to request recGficaGon and recGfy personal data. 6. Provide a mechanism to request the erasure of personal data. 7. Maintain the technological ability to locate and erase personal data. 8. Track to which addiGonal controllers personal data has been transferred. * UnifyCloud LLC GDPR interpretaGon. You are encouraged to complete your own GDPR interpretaGon

  13. 13 Controller’s (or your customer’s) GDPR compliance model 43 GDPR Requirements* 9. When personal data is made public, contact those enGGes for data erasure. 10. Provide mechanism to request the restricGon of data processing. 11. Maintain the technological ability to restrict processing of personal data. GDPR RegulaGon (261 pages) 12. Provide mechanism to request copies and transmit personal. 13. Provide mechanism to respond to data portability requests. 14. Locate personal data and export in structured, machine-readable formats. 15. If processing for direct markeGng, provide mechanism to object. 16. Maintain the technological ability to disconGnue the data processing. * UnifyCloud LLC GDPR interpretaGon. You are encouraged to complete your own GDPR interpretaGon

  14. 14 Controller’s (or your customer’s) GDPR compliance model 43 GDPR Requirements* 1. Maintain audit trails to demonstrate accountability and compliance. 2. Maintain inventory of data detailing categories of data subjects. 3. Maintain auditable trails of processing acGviGes. 4. Carry out data protecGon impact assessments of GDPR RegulaGon (261 pages) processing operaGons. 5. Provide the de-idenGficaGon of personal data for archiving purposes. * UnifyCloud LLC GDPR interpretaGon. You are encouraged to complete your own GDPR interpretaGon

  15. 15 Controller’s (or your customer’s) GDPR compliance model 43 GDPR Requirements* 1. Embed privacy controls (in service and development lifecycle). 2. Embed privacy designed to minimize the amount of personal data collected. GDPR RegulaGon (261 pages) * UnifyCloud LLC GDPR interpretaGon. You are encouraged to complete your own GDPR interpretaGon

  16. 16 Controller’s (or your customer’s) GDPR compliance model 43 GDPR Requirements* 1. Provide mechanism to pseudonymize, encrypt, or otherwise secure personal data. 2. Implement security measures in the service. 3. Confirm ongoing confidenGality, integrity, and availability of personal data. 4. Provide mechanism to restore the availability and GDPR RegulaGon (261 pages) access to personal data. 5. Facilitate regular tesGng of security measures. * UnifyCloud LLC GDPR interpretaGon. You are encouraged to complete your own GDPR interpretaGon

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Accelerate GDPR compliance with the Microsoft Cloud Henrik Mnsted Cloud Solutions Architect

Accelerate GDPR compliance with the Microsoft Cloud Henrik Mnsted Cloud Solutions Architect

Accelerate GDPR compliance with the Microsoft Cloud Henrik Mnsted Cloud Solutions Architect Microsoft Denmark This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. 1. Data Privacy and

900 views • 21 slides
Technical Implications of the General Data Protection Regulation (GDPR) Jaclyn Tsiang

Technical Implications of the General Data Protection Regulation (GDPR) Jaclyn Tsiang

Technical Implications of the General Data Protection Regulation (GDPR) Jaclyn Tsiang Introduction Redefining personal data Global scope Affects any organization that manages data from EU residents Complying with GDPR

523 views • 10 slides
EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com Agenda

EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com Agenda

Reaz Khedarun and Ian Davis EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com Agenda Implications and opportunities of GDPR New obligations and liabilities for suppliers How GDPR compliance can

437 views • 24 slides
WEBINAR - Data Privacy: New Regulation and Implications for Big Data Approaches 29 Nov, 12h CET

WEBINAR - Data Privacy: New Regulation and Implications for Big Data Approaches 29 Nov, 12h CET

WEBINAR - Data Privacy: New Regulation and Implications for Big Data Approaches 29 Nov, 12h CET 2 Re Research Exemptions in in t the G GDPR M. Mostert, LLM Julius Center, University Medical Center Utrecht Introduction Recital 157 GDPR:

493 views • 20 slides
SmartGrid Implications of Cloud Computing New Technology in the Utility Environment PG&E

SmartGrid Implications of Cloud Computing New Technology in the Utility Environment PG&E

1 SmartGrid Implications of Cloud Computing New Technology in the Utility Environment PG&E Territory Characteristics 70,000 square miles of diverse topography Approximately 20,000 employees Energy Services to approximately 15

329 views • 10 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Ice Cloud Radiance Simulations with MODIS and AIRS: Implications for MODIS Collection 6 Cloud

Ice Cloud Radiance Simulations with MODIS and AIRS: Implications for MODIS Collection 6 Cloud

Ice Cloud Radiance Simulations with MODIS and AIRS: Implications for MODIS Collection 6 Cloud Products Bryan A. Baum Paul Menzel, Rich Frey, Robert Holz, Liam Gumley, Dave Tobin, Steve Dutcher, Steve Ackerman, Chris Moeller... Space Science

639 views • 26 slides
Getting ready for GDPR and CCPA Securing and governing hybrid, cloud, and on-premises big data

Getting ready for GDPR and CCPA Securing and governing hybrid, cloud, and on-premises big data

Getting ready for GDPR and CCPA Securing and governing hybrid, cloud, and on-premises big data deployments Your Speakers Lars George, Principal Solutions Architect, Okera Ifi Derekli, Senior Solutions Engineer, Cloudera Mark Donsky,

1.5k views • 118 slides
IMPLICATIONS OF THE GDPR IN THE US Francisco Garca Martnez Illinois Institute of Technology

IMPLICATIONS OF THE GDPR IN THE US Francisco Garca Martnez Illinois Institute of Technology

ANALYSIS OF THE US PRIVACY MODEL - IMPLICATIONS OF THE GDPR IN THE US Francisco Garca Martnez Illinois Institute of Technology Contact: Francisco Garca Martnez fgarciamartinez@hawk.iit.edu linkedin.com/in/francisco-g-martinez

330 views • 12 slides
Qt and Cloud Services Sami Makkonen Qt R&D Digia Content Different types of Cloud services

Qt and Cloud Services Sami Makkonen Qt R&D Digia Content Different types of Cloud services

Qt and Cloud Services Sami Makkonen Qt R&D Digia Content Different types of Cloud services Qt and Cloud Services Cloud API for Qt Using PaaS Services from Qt application engin.io Using BaaS from Qt application Different Type of Cloud

670 views • 19 slides
GN3 view on multi-d domain services and its implications on NOC implications on NOC Cs Cs Ann

GN3 view on multi-d domain services and its implications on NOC implications on NOC Cs Cs Ann

GN3 view on multi-d domain services and its implications on NOC implications on NOC Cs Cs Ann Harding (SWITCH) TF-NOC preparation me eeting Copenhagen, Denmark, 3.5.2010 connect communicate collaborate Agenda Starting point for

355 views • 16 slides
A vision for Carrier Cloud Networking... Itzik Weinstein, CEO 1 Cloud Services The Cloud is

A vision for Carrier Cloud Networking... Itzik Weinstein, CEO 1 Cloud Services The Cloud is

A vision for Carrier Cloud Networking... Itzik Weinstein, CEO 1 Cloud Services The Cloud is highly scalable, and managed infrastructure capable of hosting end- customer applications and billed by consumption. - Forrester Virtual

399 views • 6 slides
IoT & Cloud Based Services OK World Cloud Services Push To Talk Smart Device Platform

IoT & Cloud Based Services OK World Cloud Services Push To Talk Smart Device Platform

IoT & Cloud Based Services OK World Cloud Services Push To Talk Smart Device Platform Health Care Vehicle Solution Services NB-IoT Services Cloud Infrastructure & IoT Services: Data Center Push to Talk Platform

898 views • 88 slides
What is the Cloud? Simply put, Cloud Computing is the delivery of computing services,

What is the Cloud? Simply put, Cloud Computing is the delivery of computing services,

What is the Cloud? Simply put, Cloud Computing is the delivery of computing services, including Servers, Storage, Databases, Networking, Software, Analytics and Intelligence over the Internet (The Cloud) to offer faster innovation,

338 views • 13 slides
Problem solved: Cloud Cost Management 2 Cloud Cost Management Using cloud services from

Problem solved: Cloud Cost Management 2 Cloud Cost Management Using cloud services from

Problem solved: Cloud Cost Management 2 Cloud Cost Management Using cloud services from IaaS to Accelerate digital SaaS creates huge new opportunities transformation to transform the speed, effjciency and operating costs of a

298 views • 10 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Personal Control of Your Data Butler Lampson August 8, 2013 Background What is new about

Personal Control of Your Data Butler Lampson August 8, 2013 Background What is new about

Personal Control of Your Data Butler Lampson August 8, 2013 Background What is new about online data? It is: Widespread in time and space Persistent, easy to copy, visible to anybody Accessible : easy to find (by search), connect

545 views • 22 slides
2019 2019 NEW PRODUCT LAUNCH/TRAINING SvSAN on KVM & StorSecure 22 May 2019 MAKING THE

2019 2019 NEW PRODUCT LAUNCH/TRAINING SvSAN on KVM & StorSecure 22 May 2019 MAKING THE

2019 2019 NEW PRODUCT LAUNCH/TRAINING SvSAN on KVM & StorSecure 22 May 2019 MAKING THE COMPLEX SIMPLE MAKING THE COMPLEX SIMPLE CONFIDENTIAL PRESENTERS & AGENDA BRUCE KORNFELD CMO & GM Americas CRAIG COLLIER Systems

1.18k views • 20 slides
Encrypted File Systems Don Porter 1 COMP 790: OS Implementation Goals Protect

Encrypted File Systems Don Porter 1 COMP 790: OS Implementation Goals Protect

COMP 790: OS Implementation Encrypted File Systems Don Porter 1 COMP 790: OS Implementation Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory

464 views • 19 slides
Using iRODS to manage, share and publish research data Ton Smeele & Lazlo Westerhof

Using iRODS to manage, share and publish research data Ton Smeele & Lazlo Westerhof

Using iRODS to manage, share and publish research data Ton Smeele & Lazlo Westerhof ITS/ResearchIT, Utrecht University ITS Research IT Agenda Profile Utrecht University Yoda introduction and concepts Demonstration Challenges, issues

446 views • 18 slides
NASA Engineering Database NASA Engineering Database (NED) (NED) Prototype Prototype Stephen

NASA Engineering Database NASA Engineering Database (NED) (NED) Prototype Prototype Stephen

NASA Engineering Database NASA Engineering Database (NED) (NED) Prototype Prototype Stephen C. Waterbury NASA/Goddard Space Flight Center December, 2000 Model Interaction and Transformation Security, Services: Auth., Thin Expresso

440 views • 4 slides
Hybrid Cloud Integration Challenges of Big Data Science Dario Vianello (@vianello_d) Cloud

Hybrid Cloud Integration Challenges of Big Data Science Dario Vianello (@vianello_d) Cloud

Hybrid Cloud Integration Challenges of Big Data Science Dario Vianello (@vianello_d) Cloud Bioinformatics Application Architect Technology and Science Integration team EMBL-EBI What is EMBL-EBI? Europes home for biological data

743 views • 32 slides
Adaptive Scheduling for Systems with Asymmetric Memory Hierarchies Po-An Tsai , Changping Chen,

Adaptive Scheduling for Systems with Asymmetric Memory Hierarchies Po-An Tsai , Changping Chen,

Adaptive Scheduling for Systems with Asymmetric Memory Hierarchies Po-An Tsai , Changping Chen, and Daniel Sanchez Die-stacking has enabled near-data processing Die-stacking has enabled near-data processing Conventional multicore processors use

1.32k views • 94 slides
https://www.eur.nl/en/campus/university-library/erasmus-data-service-centre Outline Introduction

https://www.eur.nl/en/campus/university-library/erasmus-data-service-centre Outline Introduction

Erasmus Data Service Centre (EDSC): Your FAIR Research Data Solution Paul J Plaatsman Data- and Economics Librarian Erasmus University Rotterdam(EUR) The Netherlands https://www.eur.nl/en/campus/university-library/erasmus-data-service-centre

740 views • 20 slides

More recommend