SlideShare una empresa de Scribd logo

Esc Rennes gdpr oct 2018

Prof. Jacques Folon (Ph.D)
Prof. Jacques Folon (Ph.D)

november 2018

Educación
1 de 175
Descargar para leer sin conexión
Data privacy & GDPR Jacques Folon Partner Edge Consulting Maître de conférences Université de Liège Professeur ICHEC Professeur invité Université de Lorraine (Metz) Visiting professor ESC Rennes School of Business
table of contents Introduction and context GDPR introduction context some definitions 1 principles 2
GDPR : The Context
https://gdprfolder.eu © 2018 GDPRFOLDER.EU SPRL All Rights Reserved. Every company & self employed is concerned SM E Self employed Non profit Private sector Public sector
https://gdprfolder.eu © 2018 GDPRFOLDER.EU SPRL All Rights Reserved. employees Prospects ContactsUsers & clients Which Data ?
http://www.jerichotechnology.com/wp-content/uploads/2012/05/SocialMediaisChangingtheWorld.jpg
privacy ????? 9 http://www.fieldhousemedia.net/wp-content/uploads/2013/03/fb-privacy.jpg
Average number of Facebook « friends » in France: 177 in 2018 30
PRIVACYVS SOCIAL NETWORKS https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcQgeY4ij8U4o1eCuVJ8Hh3NlI3RAgL9LjongyCJFshI5nLRZQZ5Bg
4 By giving people the power to share, we're making the world more transparent. The question isn't, 'What do we want to know about people?', It's, 'What do people want to tell about themselves?' Data privacy is outdated ! Mark Zuckerberg If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. Eric Schmidt
1
17SOURCE: http://mattmckeon.com/facebook-privacy/
18
19
20
21
22
23
24 IN 2018
1 Privacy statement confusion • 53% of consumers consider that a privacy statement means that data will never be sell or give • 43% only have read a privacy statement • 45% only use different email addresses • 33% changed passwords regularly • 71% decide not to register or purchase due to a request of unneeded information • 41% provide fake info 112 Source: TRUSTe survey
27 http://1.bp.blogspot.com/-NqwjuQRm3Co/UCauELKozrI/AAAAAAAACuQ/MoBpRZVrZj4/s1600/Party-Raccoon-Get-Friends-Drunk-Upload-Facebook.jpg
The person who took the photo is a real friend 28 http://cdn.motinetwork.net/motifake.com/image/demotivational-poster/1202/reality-drunk-reality-fail-drunkchicks-partyfail-demotivational-posters-1330113345.jpg
privacy and graph search ?
30
31
32
33
From Big Brother to Big Other
http://fr.slideshare.net/bodyspacesociety/casilli-privacyehess-2012def Antonio Casili • Importance of T&C • Everybody speaks • mutual surveillance • Lateral surveillance
geolocalisation http://upload.wikimedia.org/wikipedia/commons/thumb/9/99/Geolocalisation_GPS_SAT.png/267px-Geolocalisation_GPS_SAT.png
data collection 1
42
Interactions controlled by citizens in the Information Society http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
Interactions NOT controlled by citizens in the Information Society http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
GDPR
Codes of conducts and certifications !47
May 25, 2018 GDPR !!!
!57 A.CONTEXT B.SOME DEFINITIONS C.THE PRINCIPLES D.GDPR CONSEQUENCES E.METHODOLOGY
A : CONTEXT !58
IN 3 WORDS !59 • GDPR IS A "REGULATION" >< "DIRECTIVE" • WORLDWIDE INFLUENCE • CONSEQUENCES FOR COMPANIES AND PUBLIC SECTOR
!60 MAY 2018 ENTRY INTO FORCE MAY 25,2018 DISCUSSED SINCE 2014 VOTED IN 2016 RISKS PENALTIES 4% ANNUAL TO 20 M € COMPENSATION IN COURT REPUTATION IMPACT CONTRACT PROCESSES MARKETING ORGANISATION
B : SOME DEFINITIONS… !61
PERSONAL DATA !62 ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
PROCESSING !63 ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
CONTROLLER !64 controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
processor or sub-contractor !65 processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Sub-contractor 129 The Member States shall provide that the controller must, where processing is carried out on his behalf, choose a processor providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and must ensure compliance with those measures
67 The carrying out of processing by way of a processor must be governed by a contract or legal act binding the processor to the controller and stipulating in particular that: - the processor shall act only on instructions from the controller, - the obligations as defined by the law of the Member State in which the processor is established, shall also be incumbent on the processor
data breach !68 personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
C : 12 MAIN PRINCIPLES OF GDPR !69 1. Accountability 2. Consumer / citizen rights 3. Privacy by design 4. Information security 5. Data breach 6. Penalties 7. identity access management 8. lawfulness for processing 9. Register 10.Risk analysis and PIA 11.Training 12.Data privacy officer
1/ ACCOUNTABILITY !70
DO-CU-MEN-TA-TION
PRIVACY POLICY OR REGULATION OR …
2/ Consumer/citizen's right !75 TRANSPARENCY SENSITIVE INFORMATIONS INFORMATION COLLECTED RIGHT OF ACCESS RIGHT TO RECTIFICATION RIGHT TO ERASE RIGHT OF PROCESSING LIMITATION PORTABILITY RIGHT OF OPPOSITION TO PROFILING
RIGHT TO ACCESS
right to be forgotten ?
Right to be forgotten • On 13.05.2014 the European Union Court of Justice backed a ruling called “the right to be forgotten,” which allows individuals to control their data and ask search engines, such as Google, to remove inadequate personal results from the Internet. • However, the decision cannot be interpreted as a “victory” for the protection of the personal data of Europeans, according to privacy experts.
• In 2010 a Spanish citizen lodged a complaint against a Spanish newspaper with the national Data Protection Agency and against Google Spain and Google Inc. • The citizen complained that an auction notice of his repossessed home on Google’s search results infringed his privacy rights because the proceedings concerning him had been fully resolved for a number of years and hence the reference to these was entirely irrelevant. • He requested, first, that the newspaper be required either to remove or alter the pages in question so that the personal data relating to him no longer appeared; • and second, that Google Spain or Google Inc. be required to remove the personal data
• In its ruling of 13 May 2014 the EU Court said : • a)On the territoriality of EU rules: Even if the physical server of a company processing data islocated outside Europe, EU rules apply to search engine operators if they have a branch or a sub sidiary in a Member State which promotes the selling of advertising space offered by the search engine; • b)On the applicability of EU data protection rules to a search engine : Search engines are controllers of personal data. Google can therefore not escape its responsibilities before European lawwhen handling personal data by saying it is a search engine. EU data protection law applies and so does the right to be forgotten. • c) On the “Right to be Forgotten” : Individuals have the right - under certain conditions - to ask search engines to remove links with personal information about them.This applies where the information is inaccurate, inadequate, irrelevant or excessive for the purposes of the data
• At the same time, the Court explicitly clarified that the right to be forgotten is not absolute but will always need to be balanced against other fundamental rights, such as the freedom of expression and of the media
• Right to erasure (future rules?) • 1.The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, and to obtain from third parties the erasure of any links to, or copy or replication of that data, where one of the following grounds applies: • (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed • (b) the data subject withdraws consent on which the processing is based according • (c) when the storage period consented to has expired and where there is no other legal ground for the processing of the data
3/ PRIVACY BY DESIGN !83
INFORMATION LIFECYCLE
Look at the entire data lifecycle
1.CREATE OR
BALANCE TEST NEEDED
PRIVACY POLICY OR REGULATION OR …
CONSENT & EVIDENCES
SENSITIVE DATA IF THENOR
2.STORE • SECURITY • ENCRYPTION • AUTHENTICATION • AVAILABILITY • CONFIDENTIALITY • IAM
3. USE
4. SHARE
4. SHARE
5.ARCHIVE
6. DESTROY
4/INFORMATION SECURITY !97
The weakest link
SECURITY SOURCE DE L’IMAGE: http://www.techzim.co.zw/2010/05/why-organisations-should-worry-about- security-2/
Source : https://www.britestream.com/difference.html.
Threats
Who knows … now?
certifications
Control by the employer 161SOURCE DE L’IMAGE: http://blog.loadingdata.nl/2011/05/chinese-privacy-protection-to-top-american/
What your boss thinks...
Employees share (too) many information and also with third parties
Where do one steal data? •Banks •Hospitals •Ministries •Police •Newspapers •Telecoms •... Which devices are stolen? •USB •Laptops •Hard disks •Papers •Binders •Cars
63 RESTITUTIONS
DATA PRIVACY & THE EMPLOYER 45http://i.telegraph.co.uk/multimedia/archive/02183/computer-cctv_2183286b.jpg
SO CALLED HIDDEN COSTS 46 http://www.theatlantic.com/technology/archive/2011/09/estimating-the-damage-to-the-us-economy-caused-by-angry-birds/244972/
May the employer control everything?
Who controls what?
Could my employer open my emails? 169
IAM
117 CODE OF CONDUCTS
TELEWORKING
Employer’s control 177 http://fr.slideshare.net/olivier/identitenumeriquereseauxsociaux
124
48
86 SECURITY IS A LEGAL OBLIGATION
5/ DATA BREACH !127
Data breaches
Disastrous data breaches
So it is a real threat !
6/ PENALTIES !131
7/ IDENTITY ACCESS MANAGEMENT !132
8/ LAWFULNESS OF PROCESSING !133 CONSENT MUST BE EXPLICIT
134 'the data subject's consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed
135
OPT IN
137 Member States shall provide that personal data must be: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use.
138 Member States shall provide that personal data may be processed only if: (a) the data subject has unambiguously given his consent; or (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or (c) processing is necessary for compliance with a legal obligation to which the controller is subject; or (d) processing is necessary in order to protect the vital interests of the data subject; or (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed
139 Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life
125 Member States shall provide that the controller or his representative must provide a data subject from whom data relating to himself are collected with at least the following information, except where he already has it: (a) the identity of the controller and of his representative, if any; (b) the purposes of the processing for which the data are intended; (c) any further information such as - the recipients or categories of recipients of the data, - whether replies to the questions are obligatory or voluntary, as well as the possible consequences of failure to reply, - the existence of the right of access to and the right to rectify the data concerning him in so far as such further information is necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing in respect of the data subject
Cookies
9/ RECORD OF PROCESSING ACTIVITIES !145 RECORD
10/ RISK ANALYSIS AND PIA !146
11/ TRAINING !147
INTERNAL TRAININGS
12/ DATA PRIVACY OFFICER !149
D : CONSEQUENCES !150
E : METHODOLOGY !151
METHODOLOGY !152 1. PRELIMINARY AUDIT 2. RISK ANALYSIS 3. LIST OF SERVICES 4. RECORD OF PROCESSING ACTIVITIES 5. ACTION PLAN 6. SERACH FOR COMPLIANCE 7. SOLUTION FOR NON COMPLIANCE 8. CONTINUOUS PROCESSES 9. TRAINING Préparation Implémentation Pérennisation
154 Source de l’image : http://ediscoverytimes.com/?p=46
RISKS SOURCE DE L’IMAGE : http://www.tunisie-news.com/artpublic/auteurs/auteur_4_jaouanebrahim.html
Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
The new head of MI6 has been left exposed by a major personal security breach after his wife published intimate photographs and family details on the Facebook website. Sir John Sawers is due to take over as chief of the Secret Intelligence Service in November, putting him in charge of all Britain's spying operations abroad. But his wife's entries on the social networking site have exposed potentially compromising details about where they live and work, who their friends are and where they spend their holidays. http://www.dailymail.co.uk
Social Media Spam Compromised Facebook account. Victim is now promoting a shady pharmaceutical Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
Social Media Phishing To: T V V I T T E R.com Now they will have your username and password Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
Social Media Malware Clicking on the links takes you to sites that will infect your computer with malware Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
Phishing Sources/ Luc Pooters, Triforensic, 2011
DATA THEFT
Social engineering Sources/ Luc Pooters, Triforensic, 2011
Take my stuff, please! Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
3rd Party Applications •Games, quizzes, cutesie stuff •Untested by Facebook – anyone can write one •No Terms and CondiNons – you either allow or you don’t •InstallaNon gives the developers rights to look at your profile and overrides your privacy seVngs! Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
Big data 182
Biometry 186
facial recognition 187
RFID & internet of things 188 http://www.ibmbigdatahub.com/sites/default/files/public_images/IoT.jpg
SECURITY ???
87 “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.” C. Darwin
ANY QUESTIONS ?
Esc Rennes gdpr oct 2018

Recomendados

Terms and conditions
Terms and conditions Terms and conditions
Terms and conditions Prof. Jacques Folon (Ph.D)
 
Esc consumer protection
Esc consumer protection Esc consumer protection
Esc consumer protection Prof. Jacques Folon (Ph.D)
 
Negotiation of contractual clauses
Negotiation of contractual clausesNegotiation of contractual clauses
Negotiation of contractual clausesProf. Jacques Folon (Ph.D)
 
Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...
Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...
Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...Alexander Loechel
 
GDPR enforcement 10.10.2019
GDPR enforcement 10.10.2019GDPR enforcement 10.10.2019
GDPR enforcement 10.10.2019Anastasiia Konoplova
 
Claiming damages in IPR lawsuits in Vietnam
Claiming damages in IPR lawsuits in VietnamClaiming damages in IPR lawsuits in Vietnam
Claiming damages in IPR lawsuits in VietnamKENFOX IP & Law Office
 
Seminarie e commerce 2011 presentatie international
Seminarie e commerce 2011 presentatie internationalSeminarie e commerce 2011 presentatie international
Seminarie e commerce 2011 presentatie internationalBart Van Den Brande
 
IP Bulletin- what strategies to reclaim unregistered trademark rights in vietnam
IP Bulletin- what strategies to reclaim unregistered trademark rights in vietnamIP Bulletin- what strategies to reclaim unregistered trademark rights in vietnam
IP Bulletin- what strategies to reclaim unregistered trademark rights in vietnamKENFOX IP & Law Office
 

Recomendados

Terms and conditions
Terms and conditions Terms and conditions
Terms and conditions Prof. Jacques Folon (Ph.D)
 
Esc consumer protection
Esc consumer protection Esc consumer protection
Esc consumer protection Prof. Jacques Folon (Ph.D)
 
Negotiation of contractual clauses
Negotiation of contractual clausesNegotiation of contractual clauses
Negotiation of contractual clausesProf. Jacques Folon (Ph.D)
 
Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...
Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...
Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...Alexander Loechel
 
GDPR enforcement 10.10.2019
GDPR enforcement 10.10.2019GDPR enforcement 10.10.2019
GDPR enforcement 10.10.2019Anastasiia Konoplova
 
Claiming damages in IPR lawsuits in Vietnam
Claiming damages in IPR lawsuits in VietnamClaiming damages in IPR lawsuits in Vietnam
Claiming damages in IPR lawsuits in VietnamKENFOX IP & Law Office
 
Seminarie e commerce 2011 presentatie international
Seminarie e commerce 2011 presentatie internationalSeminarie e commerce 2011 presentatie international
Seminarie e commerce 2011 presentatie internationalBart Van Den Brande
 
IP Bulletin- what strategies to reclaim unregistered trademark rights in vietnam
IP Bulletin- what strategies to reclaim unregistered trademark rights in vietnamIP Bulletin- what strategies to reclaim unregistered trademark rights in vietnam
IP Bulletin- what strategies to reclaim unregistered trademark rights in vietnamKENFOX IP & Law Office
 
Implementation of the new European Consumer Directive 31.05.2014
Implementation of the new European Consumer Directive 31.05.2014Implementation of the new European Consumer Directive 31.05.2014
Implementation of the new European Consumer Directive 31.05.2014BeCommerce
 
Managing customers rights on the markets by Gilles Vercken, Lawyer
Managing customers rights on the markets by Gilles Vercken, LawyerManaging customers rights on the markets by Gilles Vercken, Lawyer
Managing customers rights on the markets by Gilles Vercken, LawyerSylvain Gauthier
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data OpportunityiCrossing
 
BEEP 's GDPR in bullets v1 2
BEEP 's GDPR in bullets v1 2BEEP 's GDPR in bullets v1 2
BEEP 's GDPR in bullets v1 2Stefan Schippers
 
Brexit Questions & Answers
Brexit Questions & AnswersBrexit Questions & Answers
Brexit Questions & AnswersKarolina Gizela Peret, MSc in E. Eng.
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article OverviewCraig Clark ITIL, CIS LI,EU GDPR P
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIKarel Holst
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORIKarel Holst
 
Social Media and the Law - by Tom Cowling
Social Media and the Law - by Tom CowlingSocial Media and the Law - by Tom Cowling
Social Media and the Law - by Tom CowlingiCrossing
 
Eu code of online rights
Eu code of online rightsEu code of online rights
Eu code of online rightsProf. Jacques Folon (Ph.D)
 
20150610 febelmar privacy matters eu regulation
20150610 febelmar privacy matters eu regulation20150610 febelmar privacy matters eu regulation
20150610 febelmar privacy matters eu regulationFebelmar
 
How are Patents protected, licensed and enforced in Vietnam?
How are Patents protected, licensed and enforced in Vietnam?How are Patents protected, licensed and enforced in Vietnam?
How are Patents protected, licensed and enforced in Vietnam?Nguyen Hoa Binh (Bill)
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection RegulationRamiro Cid
 
Ecommerce country report vietnam
Ecommerce country report vietnamEcommerce country report vietnam
Ecommerce country report vietnamrrrifki
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoKeithBudden3
 
Privacy and data protection in credit scoring
Privacy and data protection in credit scoring Privacy and data protection in credit scoring
Privacy and data protection in credit scoring Bart Van Den Brande
 
Ichec dig strat gdpr
Ichec dig strat gdpr Ichec dig strat gdpr
Ichec dig strat gdpr Prof. Jacques Folon (Ph.D)
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategyProf. Jacques Folon (Ph.D)
 
Esc gdpr oct 2018
Esc gdpr oct 2018Esc gdpr oct 2018
Esc gdpr oct 2018Prof. Jacques Folon (Ph.D)
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 

Más contenido relacionado

La actualidad más candente

Implementation of the new European Consumer Directive 31.05.2014
Implementation of the new European Consumer Directive 31.05.2014Implementation of the new European Consumer Directive 31.05.2014
Implementation of the new European Consumer Directive 31.05.2014BeCommerce
 
Managing customers rights on the markets by Gilles Vercken, Lawyer
Managing customers rights on the markets by Gilles Vercken, LawyerManaging customers rights on the markets by Gilles Vercken, Lawyer
Managing customers rights on the markets by Gilles Vercken, LawyerSylvain Gauthier
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data OpportunityiCrossing
 
BEEP 's GDPR in bullets v1 2
BEEP 's GDPR in bullets v1 2BEEP 's GDPR in bullets v1 2
BEEP 's GDPR in bullets v1 2Stefan Schippers
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIKarel Holst
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORIKarel Holst
 
Social Media and the Law - by Tom Cowling
Social Media and the Law - by Tom CowlingSocial Media and the Law - by Tom Cowling
Social Media and the Law - by Tom CowlingiCrossing
 
20150610 febelmar privacy matters eu regulation
20150610 febelmar privacy matters eu regulation20150610 febelmar privacy matters eu regulation
20150610 febelmar privacy matters eu regulationFebelmar
 
How are Patents protected, licensed and enforced in Vietnam?
How are Patents protected, licensed and enforced in Vietnam?How are Patents protected, licensed and enforced in Vietnam?
How are Patents protected, licensed and enforced in Vietnam?Nguyen Hoa Binh (Bill)
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection RegulationRamiro Cid
 
Ecommerce country report vietnam
Ecommerce country report vietnamEcommerce country report vietnam
Ecommerce country report vietnamrrrifki
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoKeithBudden3
 
Privacy and data protection in credit scoring
Privacy and data protection in credit scoring Privacy and data protection in credit scoring
Privacy and data protection in credit scoring Bart Van Den Brande
 

La actualidad más candente (18)

Implementation of the new European Consumer Directive 31.05.2014
Implementation of the new European Consumer Directive 31.05.2014Implementation of the new European Consumer Directive 31.05.2014
Implementation of the new European Consumer Directive 31.05.2014
 
Managing customers rights on the markets by Gilles Vercken, Lawyer
Managing customers rights on the markets by Gilles Vercken, LawyerManaging customers rights on the markets by Gilles Vercken, Lawyer
Managing customers rights on the markets by Gilles Vercken, Lawyer
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data Opportunity
 
BEEP 's GDPR in bullets v1 2
BEEP 's GDPR in bullets v1 2BEEP 's GDPR in bullets v1 2
BEEP 's GDPR in bullets v1 2
 
Brexit Questions & Answers
Brexit Questions & AnswersBrexit Questions & Answers
Brexit Questions & Answers
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORI
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
 
Social Media and the Law - by Tom Cowling
Social Media and the Law - by Tom CowlingSocial Media and the Law - by Tom Cowling
Social Media and the Law - by Tom Cowling
 
Eu code of online rights
Eu code of online rightsEu code of online rights
Eu code of online rights
 
20150610 febelmar privacy matters eu regulation
20150610 febelmar privacy matters eu regulation20150610 febelmar privacy matters eu regulation
20150610 febelmar privacy matters eu regulation
 
How are Patents protected, licensed and enforced in Vietnam?
How are Patents protected, licensed and enforced in Vietnam?How are Patents protected, licensed and enforced in Vietnam?
How are Patents protected, licensed and enforced in Vietnam?
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection Regulation
 
Ecommerce country report vietnam
Ecommerce country report vietnamEcommerce country report vietnam
Ecommerce country report vietnam
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seo
 
Privacy and data protection in credit scoring
Privacy and data protection in credit scoring Privacy and data protection in credit scoring
Privacy and data protection in credit scoring
 

Similar a Esc Rennes gdpr oct 2018

An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupThe Pathway Group
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkPECB
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalDr. Donald Macfarlane
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
GDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarGDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarSagittarius
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing MindsetNetworkIQ
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")Parsons Behle & Latimer
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowVisitor Analytics
 

Similar a Esc Rennes gdpr oct 2018 (20)

Ichec dig strat gdpr
Ichec dig strat gdpr Ichec dig strat gdpr
Ichec dig strat gdpr
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategy
 
Esc gdpr oct 2018
Esc gdpr oct 2018Esc gdpr oct 2018
Esc gdpr oct 2018
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway Group
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC Framework
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
GDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It WebinarGDPR Is Coming - Get Over It Webinar
GDPR Is Coming - Get Over It Webinar
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
GDPR SECURITY ISSUES
GDPR SECURITY ISSUESGDPR SECURITY ISSUES
GDPR SECURITY ISSUES
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to Know
 

Más de Prof. Jacques Folon (Ph.D)

Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTRh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTProf. Jacques Folon (Ph.D)
 

Más de Prof. Jacques Folon (Ph.D) (20)

Introduction to digital strategy
Introduction to digital strategy Introduction to digital strategy
Introduction to digital strategy
 
Ifc jour 1 dpo
Ifc jour 1 dpoIfc jour 1 dpo
Ifc jour 1 dpo
 
Cpas divers sujets
Cpas divers sujets Cpas divers sujets
Cpas divers sujets
 
Ferrer premier cours octobre 2021
Ferrer premier cours octobre 2021Ferrer premier cours octobre 2021
Ferrer premier cours octobre 2021
 
premier cours saint louis sept 2021
premier cours saint louis sept 2021premier cours saint louis sept 2021
premier cours saint louis sept 2021
 
Cmd premier cours sept 2021
Cmd premier cours sept 2021Cmd premier cours sept 2021
Cmd premier cours sept 2021
 
CPAS ET RGPD : direction et DPO
CPAS ET RGPD : direction et DPO CPAS ET RGPD : direction et DPO
CPAS ET RGPD : direction et DPO
 
le RGPD fossoyeur du marketing digital ?
le RGPD fossoyeur du marketing digital ?le RGPD fossoyeur du marketing digital ?
le RGPD fossoyeur du marketing digital ?
 
Ifc gdpr strat digit mai 2021
Ifc gdpr strat digit mai 2021Ifc gdpr strat digit mai 2021
Ifc gdpr strat digit mai 2021
 
Pandemie et vie privee
Pandemie et vie priveePandemie et vie privee
Pandemie et vie privee
 
Cmd de la stratégie au marketing digital
Cmd de la stratégie au marketing digitalCmd de la stratégie au marketing digital
Cmd de la stratégie au marketing digital
 
Ichec ipr feb 2021
Ichec ipr feb 2021Ichec ipr feb 2021
Ichec ipr feb 2021
 
Strategy for digital business class #1
Strategy for digital business class #1Strategy for digital business class #1
Strategy for digital business class #1
 
E comm et rgpd
E comm et rgpdE comm et rgpd
E comm et rgpd
 
Cmd premier cours
Cmd premier coursCmd premier cours
Cmd premier cours
 
Cmd cours 1
Cmd cours 1Cmd cours 1
Cmd cours 1
 
Le dossier RGPD
Le dossier RGPDLe dossier RGPD
Le dossier RGPD
 
Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTRh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
 
RGPD et stratégie digitale
RGPD et stratégie digitaleRGPD et stratégie digitale
RGPD et stratégie digitale
 
Rgpd et rh formation en ligne mars 2020
Rgpd et rh formation en ligne mars 2020Rgpd et rh formation en ligne mars 2020
Rgpd et rh formation en ligne mars 2020
 

Último

How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptxmary850239
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSMae Pangan
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxAneriPatwari
 
ARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxAneriPatwari
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesVijayaLaxmi84
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptxmary850239
 
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...DhatriParmar
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1GloryAnnCastre1
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...DhatriParmar
 

Último (20)

How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptx
 
ARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their uses
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx
 
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
 

Esc Rennes gdpr oct 2018

  • 1. Data privacy & GDPR Jacques Folon Partner Edge Consulting Maître de conférences Université de Liège Professeur ICHEC Professeur invité Université de Lorraine (Metz) Visiting professor ESC Rennes School of Business
  • 2. table of contents Introduction and context GDPR introduction context some definitions 1 principles 2
  • 4.
  • 5. https://gdprfolder.eu © 2018 GDPRFOLDER.EU SPRL All Rights Reserved. Every company & self employed is concerned SM E Self employed Non profit Private sector Public sector
  • 6. https://gdprfolder.eu © 2018 GDPRFOLDER.EU SPRL All Rights Reserved. employees Prospects ContactsUsers & clients Which Data ?
  • 7.
  • 10. Average number of Facebook « friends » in France: 177 in 2018 30
  • 12. 4 By giving people the power to share, we're making the world more transparent. The question isn't, 'What do we want to know about people?', It's, 'What do people want to tell about themselves?' Data privacy is outdated ! Mark Zuckerberg If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. Eric Schmidt
  • 13. 1
  • 14.
  • 15.
  • 16.
  • 18. 18
  • 19. 19
  • 20. 20
  • 21. 21
  • 22. 22
  • 23. 23
  • 25.
  • 26. 1 Privacy statement confusion • 53% of consumers consider that a privacy statement means that data will never be sell or give • 43% only have read a privacy statement • 45% only use different email addresses • 33% changed passwords regularly • 71% decide not to register or purchase due to a request of unneeded information • 41% provide fake info 112 Source: TRUSTe survey
  • 28. The person who took the photo is a real friend 28 http://cdn.motinetwork.net/motifake.com/image/demotivational-poster/1202/reality-drunk-reality-fail-drunkchicks-partyfail-demotivational-posters-1330113345.jpg
  • 29. privacy and graph search ?
  • 30. 30
  • 31. 31
  • 32. 32
  • 33. 33
  • 34.
  • 35.
  • 36.
  • 37.
  • 38. From Big Brother to Big Other
  • 39. http://fr.slideshare.net/bodyspacesociety/casilli-privacyehess-2012def Antonio Casili • Importance of T&C • Everybody speaks • mutual surveillance • Lateral surveillance
  • 42. 42
  • 43. Interactions controlled by citizens in the Information Society http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
  • 44. Interactions NOT controlled by citizens in the Information Society http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
  • 45. GDPR
  • 46.
  • 47. Codes of conducts and certifications !47
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 59. IN 3 WORDS !59 • GDPR IS A "REGULATION" >< "DIRECTIVE" • WORLDWIDE INFLUENCE • CONSEQUENCES FOR COMPANIES AND PUBLIC SECTOR
  • 60. !60 MAY 2018 ENTRY INTO FORCE MAY 25,2018 DISCUSSED SINCE 2014 VOTED IN 2016 RISKS PENALTIES 4% ANNUAL TO 20 M € COMPENSATION IN COURT REPUTATION IMPACT CONTRACT PROCESSES MARKETING ORGANISATION
  • 61. B : SOME DEFINITIONS… !61
  • 62. PERSONAL DATA !62 ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • 63. PROCESSING !63 ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • 64. CONTROLLER !64 controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • 65. processor or sub-contractor !65 processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
  • 66. Sub-contractor 129 The Member States shall provide that the controller must, where processing is carried out on his behalf, choose a processor providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and must ensure compliance with those measures
  • 67. 67 The carrying out of processing by way of a processor must be governed by a contract or legal act binding the processor to the controller and stipulating in particular that: - the processor shall act only on instructions from the controller, - the obligations as defined by the law of the Member State in which the processor is established, shall also be incumbent on the processor
  • 68. data breach !68 personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
  • 69. C : 12 MAIN PRINCIPLES OF GDPR !69 1. Accountability 2. Consumer / citizen rights 3. Privacy by design 4. Information security 5. Data breach 6. Penalties 7. identity access management 8. lawfulness for processing 9. Register 10.Risk analysis and PIA 11.Training 12.Data privacy officer
  • 72.
  • 73.
  • 74. PRIVACY POLICY OR REGULATION OR …
  • 75. 2/ Consumer/citizen's right !75 TRANSPARENCY SENSITIVE INFORMATIONS INFORMATION COLLECTED RIGHT OF ACCESS RIGHT TO RECTIFICATION RIGHT TO ERASE RIGHT OF PROCESSING LIMITATION PORTABILITY RIGHT OF OPPOSITION TO PROFILING
  • 77. right to be forgotten ?
  • 78. Right to be forgotten • On 13.05.2014 the European Union Court of Justice backed a ruling called “the right to be forgotten,” which allows individuals to control their data and ask search engines, such as Google, to remove inadequate personal results from the Internet. • However, the decision cannot be interpreted as a “victory” for the protection of the personal data of Europeans, according to privacy experts.
  • 79. • In 2010 a Spanish citizen lodged a complaint against a Spanish newspaper with the national Data Protection Agency and against Google Spain and Google Inc. • The citizen complained that an auction notice of his repossessed home on Google’s search results infringed his privacy rights because the proceedings concerning him had been fully resolved for a number of years and hence the reference to these was entirely irrelevant. • He requested, first, that the newspaper be required either to remove or alter the pages in question so that the personal data relating to him no longer appeared; • and second, that Google Spain or Google Inc. be required to remove the personal data
  • 80. • In its ruling of 13 May 2014 the EU Court said : • a)On the territoriality of EU rules: Even if the physical server of a company processing data islocated outside Europe, EU rules apply to search engine operators if they have a branch or a sub sidiary in a Member State which promotes the selling of advertising space offered by the search engine; • b)On the applicability of EU data protection rules to a search engine : Search engines are controllers of personal data. Google can therefore not escape its responsibilities before European lawwhen handling personal data by saying it is a search engine. EU data protection law applies and so does the right to be forgotten. • c) On the “Right to be Forgotten” : Individuals have the right - under certain conditions - to ask search engines to remove links with personal information about them.This applies where the information is inaccurate, inadequate, irrelevant or excessive for the purposes of the data
  • 81. • At the same time, the Court explicitly clarified that the right to be forgotten is not absolute but will always need to be balanced against other fundamental rights, such as the freedom of expression and of the media
  • 82. • Right to erasure (future rules?) • 1.The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, and to obtain from third parties the erasure of any links to, or copy or replication of that data, where one of the following grounds applies: • (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed • (b) the data subject withdraws consent on which the processing is based according • (c) when the storage period consented to has expired and where there is no other legal ground for the processing of the data
  • 83. 3/ PRIVACY BY DESIGN !83
  • 85. Look at the entire data lifecycle
  • 88. PRIVACY POLICY OR REGULATION OR …
  • 91. 2.STORE • SECURITY • ENCRYPTION • AUTHENTICATION • AVAILABILITY • CONFIDENTIALITY • IAM
  • 98.
  • 100.
  • 101. SECURITY SOURCE DE L’IMAGE: http://www.techzim.co.zw/2010/05/why-organisations-should-worry-about- security-2/
  • 104. Who knows … now?
  • 106. Control by the employer 161SOURCE DE L’IMAGE: http://blog.loadingdata.nl/2011/05/chinese-privacy-protection-to-top-american/
  • 107. What your boss thinks...
  • 108. Employees share (too) many information and also with third parties
  • 109. Where do one steal data? •Banks •Hospitals •Ministries •Police •Newspapers •Telecoms •... Which devices are stolen? •USB •Laptops •Hard disks •Papers •Binders •Cars
  • 111. DATA PRIVACY & THE EMPLOYER 45http://i.telegraph.co.uk/multimedia/archive/02183/computer-cctv_2183286b.jpg
  • 112. SO CALLED HIDDEN COSTS 46 http://www.theatlantic.com/technology/archive/2011/09/estimating-the-damage-to-the-us-economy-caused-by-angry-birds/244972/
  • 113. May the employer control everything?
  • 115. Could my employer open my emails? 169
  • 116. IAM
  • 118.
  • 119.
  • 120.
  • 123.
  • 124. 124
  • 125. 48
  • 126. 86 SECURITY IS A LEGAL OBLIGATION
  • 130. So it is a real threat !
  • 132. 7/ IDENTITY ACCESS MANAGEMENT !132
  • 133. 8/ LAWFULNESS OF PROCESSING !133 CONSENT MUST BE EXPLICIT
  • 134. 134 'the data subject's consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed
  • 135. 135
  • 136. OPT IN
  • 137. 137 Member States shall provide that personal data must be: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use.
  • 138. 138 Member States shall provide that personal data may be processed only if: (a) the data subject has unambiguously given his consent; or (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or (c) processing is necessary for compliance with a legal obligation to which the controller is subject; or (d) processing is necessary in order to protect the vital interests of the data subject; or (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed
  • 139. 139 Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life
  • 140. 125 Member States shall provide that the controller or his representative must provide a data subject from whom data relating to himself are collected with at least the following information, except where he already has it: (a) the identity of the controller and of his representative, if any; (b) the purposes of the processing for which the data are intended; (c) any further information such as - the recipients or categories of recipients of the data, - whether replies to the questions are obligatory or voluntary, as well as the possible consequences of failure to reply, - the existence of the right of access to and the right to rectify the data concerning him in so far as such further information is necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing in respect of the data subject
  • 142.
  • 143.
  • 144.
  • 145. 9/ RECORD OF PROCESSING ACTIVITIES !145 RECORD
  • 146. 10/ RISK ANALYSIS AND PIA !146
  • 149. 12/ DATA PRIVACY OFFICER !149
  • 152. METHODOLOGY !152 1. PRELIMINARY AUDIT 2. RISK ANALYSIS 3. LIST OF SERVICES 4. RECORD OF PROCESSING ACTIVITIES 5. ACTION PLAN 6. SERACH FOR COMPLIANCE 7. SOLUTION FOR NON COMPLIANCE 8. CONTINUOUS PROCESSES 9. TRAINING Préparation Implémentation Pérennisation
  • 153.
  • 154. 154 Source de l’image : http://ediscoverytimes.com/?p=46
  • 155.
  • 156. RISKS SOURCE DE L’IMAGE : http://www.tunisie-news.com/artpublic/auteurs/auteur_4_jaouanebrahim.html
  • 157. Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
  • 158. The new head of MI6 has been left exposed by a major personal security breach after his wife published intimate photographs and family details on the Facebook website. Sir John Sawers is due to take over as chief of the Secret Intelligence Service in November, putting him in charge of all Britain's spying operations abroad. But his wife's entries on the social networking site have exposed potentially compromising details about where they live and work, who their friends are and where they spend their holidays. http://www.dailymail.co.uk
  • 159. Social Media Spam Compromised Facebook account. Victim is now promoting a shady pharmaceutical Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
  • 160. Social Media Phishing To: T V V I T T E R.com Now they will have your username and password Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
  • 161. Social Media Malware Clicking on the links takes you to sites that will infect your computer with malware Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
  • 162. Phishing Sources/ Luc Pooters, Triforensic, 2011
  • 164. Social engineering Sources/ Luc Pooters, Triforensic, 2011
  • 165. Take my stuff, please! Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
  • 170. RFID & internet of things 188 http://www.ibmbigdatahub.com/sites/default/files/public_images/IoT.jpg
  • 172. 87 “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.” C. Darwin
  • 173.