SlideShare a Scribd company logo

GDPR Data Lifecycle

Download as PPTX, PDF
Jatin Kochhar
Jatin Kochhar

Global data protection regulation lifecycle of data or information on how to process data.

Technology
1 of 10
Global Data Privacy Regulation Data Lifecycle
Agenda • GDPR • GDPR Penalties • What is Data Protection? • Data Controller or Data Processer • Principles • GDPR Information Lifecycles
GDPR • General Data Protection Regulation (GDPR), which becomes enforceable across Europe on 25 May 2018. This is an overhaul, modernization, and replacement of the existing framework, the Data Protection Directive of 1995. • The GDPR applies to all businesses with customers, or website/mobile app visitors who are from the European Union (EU). This means that any organization in the world that works with EU residents’ personal data in any manner has obligations to protect their users’ data and be GDPR compliant. Famous Quotes “Think about your user data from the very start, and don’t let it be an afterthought.” “Companies that have direct customer relationships, it’s all manageable, and on the upside you not only reduce your compliance risk but benefit from the increased trust your customers will show in you and the online world in general.”
GDPR Penalties The GDPR (General Data Protection Regulation) sets a maximum fine of €20 million (Euro) or 4% of annual global turnover – whichever is greater – for infringements
What is Data Protection? • Data Protection refers to legislation that is intended to: – protect the right to privacy of individuals (all of us) – ensure that Personal Data is used appropriately by organisations that may have it (Data Controllers). Personal data is any information that can be used to identify a natural person – “Data Subject” • Name • Date of Birth • Address • Phone Number • Email address • Membership Number • IP Address • Photographs etc Some categories of information are defined as Special Categories of Personal Data and require more stringent measures of protection. These categories include: • Religion • Ethnicity • Sexual orientation • Trade union membership • Medical information etc. Although not listed as “special categories of personal data”, the following are also awarded additional protection: • Criminal Data • Children’s Data
Data Controller or Data Processor? The GDPR states that a data controller “determines the purposes and means of the processing” whereas a data processor acts only and always “on behalf of the data controller”.
Principles • Purpose limitation Data can be collected and used only for those purposes that have been transmitted to the data subject and about which the consent was received. Purpose must be “specified, explicit and legitimate” • Data minimization Personal data to be collected should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. • Accuracy Personal data must be “accurate and where necessary kept up to date”. You must make sure that you do not retain old and outdated contacts and ensure the erasure of inaccurate personal data without delay • Storage limitations Company would have to set the retention period for personal data you collect and justify that this period is necessary for your specific objectives • Integrity and confidentiality The principle of integrity and confidentiality requires you to handle personal data “in a manner [ensuring] appropriate security”, which include “protection against unlawful processing or accidental loss, destruction or damage”.
Principles • "Implement anonymization or pseudonymization into the systems. • Data anonymization is a type of information sanitization whose intent is privacy protection. It is the process of removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous. • Pseudonymization is a data management and de-identification procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms." • Accountability Company is responsible for compliance with the principles of the GDPR. It requires a thorough documentation of all policies that govern the collection and procession of data.
GDPR Information Life Cycle Assess Capture StoreUse Destroy Data Protection by Design and by Default Data Protection Impact Assessment (DPIA) Documentation Retention Period Right to erasure Portability Third Party copies Appropriate use Consent Manage Consent Restricted International Transfers Safe and Secure Restricted Access Data Inventory Subject Access Requests Contracts with Data Processors Data breaches Data Minimisation Privacy Notices Privacy Rights Obtain Consent
Thank You! For any queries connect me at jatinkochhar@hotmail.com

Recommended

Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
LawPlus Ltd.
 
1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf
ChunLei(peter) Che
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Gouvernance de la sécurite des Systèmes d'Information Volet-1
Gouvernance de la sécurite des Systèmes d'Information Volet-1Gouvernance de la sécurite des Systèmes d'Information Volet-1
Gouvernance de la sécurite des Systèmes d'Information Volet-1
PRONETIS
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
EnterpriseGRC Solutions, Inc.
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
Albert Hoitingh
 

Recommended

Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
LawPlus Ltd.
 
1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf
ChunLei(peter) Che
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Gouvernance de la sécurite des Systèmes d'Information Volet-1
Gouvernance de la sécurite des Systèmes d'Information Volet-1Gouvernance de la sécurite des Systèmes d'Information Volet-1
Gouvernance de la sécurite des Systèmes d'Information Volet-1
PRONETIS
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
EnterpriseGRC Solutions, Inc.
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
Albert Hoitingh
 
Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
Nikki Chapple
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
hardik soni
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
Drew Madelung
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
HasnolAhmad2
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
Ilesh Dattani
 
Plan de secours inormatique
Plan de secours inormatiquePlan de secours inormatique
Plan de secours inormatique
mohamed hadrich
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
Microsoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel OlesonMicrosoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel Oleson
Joel Oleson
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
Doreen Loeber
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
Priyab Satoshi
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
Sarah Clarke
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
KP Naidu
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
 
Data Loss Prevention and Compliance in Microsoft 365 Safeguarding Your Tenant...
Data Loss Prevention and Compliance in Microsoft 365 Safeguarding Your Tenant...Data Loss Prevention and Compliance in Microsoft 365 Safeguarding Your Tenant...
Data Loss Prevention and Compliance in Microsoft 365 Safeguarding Your Tenant...
ArethaSimons
 
Palo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New FeaturesPalo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New Features
lukky753
 
Data protection
Data protectionData protection
Data protection
RaviPrashant5
 
Building a Big Data Pipeline
Building a Big Data PipelineBuilding a Big Data Pipeline
Building a Big Data Pipeline
Jesus Rodriguez
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy Regulation
Jatin Kochhar
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
Jatin Kochhar
 

More Related Content

What's hot

Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
Nikki Chapple
 
Microsoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel OlesonMicrosoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel Oleson
Joel Oleson
 
Palo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New FeaturesPalo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New Features
lukky753
 

What's hot (20)

Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
 
Plan de secours inormatique
Plan de secours inormatiquePlan de secours inormatique
Plan de secours inormatique
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Microsoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel OlesonMicrosoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel Oleson
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Data Loss Prevention and Compliance in Microsoft 365 Safeguarding Your Tenant...
Data Loss Prevention and Compliance in Microsoft 365 Safeguarding Your Tenant...Data Loss Prevention and Compliance in Microsoft 365 Safeguarding Your Tenant...
Data Loss Prevention and Compliance in Microsoft 365 Safeguarding Your Tenant...
 
Palo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New FeaturesPalo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New Features
 
Data protection
Data protectionData protection
Data protection
 
Building a Big Data Pipeline
Building a Big Data PipelineBuilding a Big Data Pipeline
Building a Big Data Pipeline
 

Similar to GDPR Data Lifecycle

GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
Clive Rich
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
GrittyCC
 

Similar to GDPR Data Lifecycle (20)

Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy Regulation
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
Gdpr for business full
Gdpr for business fullGdpr for business full
Gdpr for business full
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital Economy
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or Swim
 
General data protection
General data protectionGeneral data protection
General data protection
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 

More from Jatin Kochhar

More from Jatin Kochhar (15)

GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life Cycle
 
Intent Based Analytics with Google Analytics and Google Tag Manager
Intent Based Analytics with Google Analytics and Google Tag ManagerIntent Based Analytics with Google Analytics and Google Tag Manager
Intent Based Analytics with Google Analytics and Google Tag Manager
 
Mobile Application vs Web Application
Mobile Application vs Web ApplicationMobile Application vs Web Application
Mobile Application vs Web Application
 
Integration of Google Tag Manager and Google Analytics
Integration of Google Tag Manager and Google AnalyticsIntegration of Google Tag Manager and Google Analytics
Integration of Google Tag Manager and Google Analytics
 
Search Engine Marketing
Search Engine MarketingSearch Engine Marketing
Search Engine Marketing
 
Search Engine Optimization - Optimize Organic Search
Search Engine Optimization - Optimize Organic SearchSearch Engine Optimization - Optimize Organic Search
Search Engine Optimization - Optimize Organic Search
 
Analytic Tool Hotjar - Capability
Analytic Tool Hotjar - CapabilityAnalytic Tool Hotjar - Capability
Analytic Tool Hotjar - Capability
 
Landing Page Optimization
Landing Page OptimizationLanding Page Optimization
Landing Page Optimization
 
Accessibility for Content Developer, Designer, Code Developer and Tester
Accessibility for Content Developer, Designer, Code Developer and TesterAccessibility for Content Developer, Designer, Code Developer and Tester
Accessibility for Content Developer, Designer, Code Developer and Tester
 
Accessibility Testing Approach
Accessibility Testing ApproachAccessibility Testing Approach
Accessibility Testing Approach
 
What is Accessibility
What is AccessibilityWhat is Accessibility
What is Accessibility
 
Basics of python
Basics of pythonBasics of python
Basics of python
 
Software Test Estimation
Software Test EstimationSoftware Test Estimation
Software Test Estimation
 
Conformance Checklist for Product Owner
Conformance Checklist for Product OwnerConformance Checklist for Product Owner
Conformance Checklist for Product Owner
 
Software Testing Metrics
Software Testing MetricsSoftware Testing Metrics
Software Testing Metrics
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 

GDPR Data Lifecycle

  • 1. Global Data Privacy Regulation Data Lifecycle
  • 2. Agenda • GDPR • GDPR Penalties • What is Data Protection? • Data Controller or Data Processer • Principles • GDPR Information Lifecycles
  • 3. GDPR • General Data Protection Regulation (GDPR), which becomes enforceable across Europe on 25 May 2018. This is an overhaul, modernization, and replacement of the existing framework, the Data Protection Directive of 1995. • The GDPR applies to all businesses with customers, or website/mobile app visitors who are from the European Union (EU). This means that any organization in the world that works with EU residents’ personal data in any manner has obligations to protect their users’ data and be GDPR compliant. Famous Quotes “Think about your user data from the very start, and don’t let it be an afterthought.” “Companies that have direct customer relationships, it’s all manageable, and on the upside you not only reduce your compliance risk but benefit from the increased trust your customers will show in you and the online world in general.”
  • 4. GDPR Penalties The GDPR (General Data Protection Regulation) sets a maximum fine of €20 million (Euro) or 4% of annual global turnover – whichever is greater – for infringements
  • 5. What is Data Protection? • Data Protection refers to legislation that is intended to: – protect the right to privacy of individuals (all of us) – ensure that Personal Data is used appropriately by organisations that may have it (Data Controllers). Personal data is any information that can be used to identify a natural person – “Data Subject” • Name • Date of Birth • Address • Phone Number • Email address • Membership Number • IP Address • Photographs etc Some categories of information are defined as Special Categories of Personal Data and require more stringent measures of protection. These categories include: • Religion • Ethnicity • Sexual orientation • Trade union membership • Medical information etc. Although not listed as “special categories of personal data”, the following are also awarded additional protection: • Criminal Data • Children’s Data
  • 6. Data Controller or Data Processor? The GDPR states that a data controller “determines the purposes and means of the processing” whereas a data processor acts only and always “on behalf of the data controller”.
  • 7. Principles • Purpose limitation Data can be collected and used only for those purposes that have been transmitted to the data subject and about which the consent was received. Purpose must be “specified, explicit and legitimate” • Data minimization Personal data to be collected should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. • Accuracy Personal data must be “accurate and where necessary kept up to date”. You must make sure that you do not retain old and outdated contacts and ensure the erasure of inaccurate personal data without delay • Storage limitations Company would have to set the retention period for personal data you collect and justify that this period is necessary for your specific objectives • Integrity and confidentiality The principle of integrity and confidentiality requires you to handle personal data “in a manner [ensuring] appropriate security”, which include “protection against unlawful processing or accidental loss, destruction or damage”.
  • 8. Principles • "Implement anonymization or pseudonymization into the systems. • Data anonymization is a type of information sanitization whose intent is privacy protection. It is the process of removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous. • Pseudonymization is a data management and de-identification procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms." • Accountability Company is responsible for compliance with the principles of the GDPR. It requires a thorough documentation of all policies that govern the collection and procession of data.
  • 9. GDPR Information Life Cycle Assess Capture StoreUse Destroy Data Protection by Design and by Default Data Protection Impact Assessment (DPIA) Documentation Retention Period Right to erasure Portability Third Party copies Appropriate use Consent Manage Consent Restricted International Transfers Safe and Secure Restricted Access Data Inventory Subject Access Requests Contracts with Data Processors Data breaches Data Minimisation Privacy Notices Privacy Rights Obtain Consent
  • 10. Thank You! For any queries connect me at jatinkochhar@hotmail.com