Welcome to Enobyte Munich! Data Protection Enobyte Introduction - - PowerPoint PPT Presentation

Data Protection

Welcome to Enobyte Munich!

2

Enobyte Introduction

Company overview

Enobyte overview

Over 20 years experience in IT infrastructure & security All servers located in EU ISO 27001 Certified Data Centres

Secure encrypted communication tools Data Protection staff training tools GDPR compliance support tools

Memberships & Certificates

§ German-Japanese Business Association Member § Security Network Munich Founding Member § TÜV Certified Data Protection Officer § TÜV Certified Data Protection Auditor § International Association of Privacy Professionals (iapp) Certified

Data Protection Officer, Information Privacy Manager

§ ISO27001 Certified Data Centres

§ Speaker: Japan Kokkai, 1st German-Japanese Cyber Security Forum § Collaborative partner: Japan PPC, GDPR seminar § Collaborative partner: Invest in Bavaria, GDPR seminar § Co-Author: GDPR Guidebook (Amazon Best seller – Law category) § Featured in : WIRED jp, The Asahi Shimbun Globe+, DPO Insights

Press/Conferences/Collaborations Highlights

The GDPR is largely based on the Universal Declaration of Human Rights updated to protect against current dangers and injustices: Mass surveillance, industrial espionage, social engineering Discrimination and psychological manipulation Highly automised malware and cyber attacks

Reasons why GDPR was established

Benefits of compliance

Source: Cisco 2019 Data Privacy Benchmark Study

Business benefits of GDPR

Benefits of compliance

Business benefits of GDPR

Summary of benefits:

§ Less likely to experience a breach § Fewer data records impacted when breach

• ccurs

§ Shorter system downtimes § Better documentation = higher efficiency § Competitive advantage over customers and

investors

§ Overall lower costs associated with breaches

Source: Cisco 2019 Data Privacy Benchmark Study

Benefits of compliance

Cost of a data breach includes post data breach response and consequences e.g.:

• Help desk activities / Inbound

communications

• Credit report monitoring and identity

protection services

• Issuing new accounts or credit cards-

Legal expenditures

• Product discounts
• Regulatory interventions (fines)
• Cost of business disruption and

revenue losses from system downtime

• Cost of lost customers/parters and

acquiring new ones (turnover)

• Reputation losses and diminished

goodwill Source: IBM 2019 Cost of a Data Breach Report by Ponemon Institute

Benefits of compliance

The top factors that reduce the cost of a data breach are:

• Formation of a competent

Incident Response team (IR) which include DPOs and DPCs

• Extensive use of Encryption
• Active engagement of the

Incident Response team (IR) which include DPOs and DPCs

• Employee training

Source: IBM 2019 Cost of a Data Breach Report by Ponemon Institute

Aspects of GDPR

Business Technical Legal

Enobyte Approach

§ GDPR must enable business, not hinder business. § Your data will be better protected and less vulnerable to cyber attacks. § As the GDPR is enforced in all EU and EEA member states, a top down

approach will be very efficient.

§ Advantages of an external DPO organisation

13

Product Overview

GDPR Full Assessment

§

Secure and online

§

Dynamic A.I. presents only questions relevant to answers given

§

A.I. allows for faster and easier completion of the assessment compared to filling an Excel sheet

§

Interchangable languages in English, Japanese, German.

GDPR Full Assessment

§ Different sections can be

answered by relevant persons/departments

GDPR Full Assessment

§ Concise gap analysis § Identifies risk levels of each

gap for priority planning

§ Gives practical advice on

industry standards

§ IT expert recommendations

for implementation

DPO Ticket System

Create New Ticket

Reporter at subsidiary reports an issue concerning data privacy by creating a new ticket addressed to the DPO.

DPO communication

DPO receives request and writes a reply.

Secure Document Upload

using state-of-the-art TLS encryption

All communication is documented and can be reviewed later. The Ticket System includes Report Profiles and Time Accounting

Manage Tickets

Service Level Agreements

according to GDPR Art. 33

Multi-Lingual Interface

Benefits

• Centralised Tool for DPO Communication
• Tickets can be created via Web, E-Mail, Phone

custom on-line input forms or API

• Monitoring and Documentation of all requests
• SLA Management, Out of Office Replacements
• Hosted in Germany, ISO 27.001 compliance

17

Data Protection Staff Training

What is referenced in the GDPR

Art.25 (1): Data protection by design and by default “…the controller shall, implement appropriate technical and organisational measures…in an effective manner and to integrate the necessary safeguards into the processing” Recital 78: Appropriate Technical and Organisational Measures “the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.” Art.39 (1b): Tasks of the data protection officer “The data protection officer shall … monitor compliance with this Regulation … [through] awareness-raising and training of staff involved in processing

• perations”

Cost Ease of localisation Ease of documentation Effectiveness PDF Low In-Person High EN/DE Webinar Mid EN/DE Online Academy Low-Mid EN/JP

Training possibilities

Online Academy

Summary of features:

§ Videos in English & Japanese § Online Quiz in English & Japanese § Scale-able § Proof of participation as TOM documentation

Online Academy

Student Student Admin

§

Automatic participation lists

§

Provides documentation for implementing an Organisational Measure for data protection

e-Learning Expertise

§ Global Advisory Board Member and speaker of

OEB – International conference for learning conference

§ GDPR and education talks covered on learning news publications