SlideShare una empresa de Scribd logo

Understanding GDPR: Myths & Reality of Compliance

Veridium
Veridium

Confused by the new GDPR regulation? We break it down in this webinar from June 22nd, 2017, and explain how these new regulations will affect your business and how you can achieve compliance. We also explore how biometrics fit into the picture.

Tecnología
1 de 29
Descargar para leer sin conexión
©Veridium IP, Ltd. All Rights Reserved Understanding GDPR Myths & Reality of Compliance
BEFORE WE BEGIN Attendees have been muted You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session ©Veridium IP, Ltd. All Rights Reserved
Nick Eckert Co-Founder GDPR365 • Proven entrepreneur with 2 successful exits and over 20 years experience in Internet technology • Committed to simplifying GDPR compliance for small to mid-sized companies • Founder and CEO of GraphicMail and co- founder of All-Hotels.com ©Veridium IP, Ltd. All Rights Reserved BEFORE WE BEGIN
James Stickland Chief Executive Officer Veridium • Seasoned veteran with over seven years in the fintech industry • Drives business strategy, revenue, and investment growth at Veridium. • Previously Directory of Innovation and Investments at HSBC, and Non-Executive Directory at the fintech startup Red Deer ©Veridium IP, Ltd. All Rights Reserved BEFORE WE BEGIN
• What is the GDPR and what does it mean for businesses • How to achieve compliance • The role technology plays in compliance • How biometrics can help companies achieve compliance, and how to be compliant with biometric data AGENDA
A single set of rules on data protection valid across the European Union Includes: • Personal data that forms part of a filing system • Processing of personal data wholy or partly by automated means The GDPR is more descriptive than prescriptive. • A regulation not a directive • Enforceable by sanctions • Its goal is to protect individuals • Regulates personal data processing • Defines individual’s rights • Extra-territorial in reach • Makes the organization accountable • Goes into effect 25 May 2018 WHAT IS THE GDPR? ©Veridium IP, Ltd. All Rights Reserved
1. Businesses established in the EU 2. Business outside the EU that offer goods and services to, or monitor, individuals in the EU 3. Fines 1. Effective, proportionate and dissuasive 2. Up to 4% of annual worldwide turnover 4. Authorities can audit, issue warnings, and issue bans on personal data processing 5. Individuals can sue for compensation to recover material and non- material damage 1. Possibility of class action lawsuits Businesses with no presence in the EU that have to comply have to appoint a representative in the EU. 7 WHAT DOES COMPLIANCE MEAN? ©Veridium IP, Ltd. All Rights Reserved
High Risk • Large scale data processing • Regular and systematic monitoring • Transfering data to 3rd parties • Unauthorized or unlawful processing • Accidental loss, destruction, or damage • Sensitive or child data Impact on individuals: Physical or material damage; discrimination, identity theft or fraud; financial loss; damage to reputation; revealing of sensitive details such as political persuasion; or lack of access by individuals’ to their personal data. Risks UNDERSTANDING THE RISKS ©Veridium IP, Ltd. All Rights Reserved
• Right to access their own personal data • Right to rectify inaccurate personal data • Right to challenge automated decision making • Right to object to direct marketing • Right “to be forgotten” • Right to data portability 9 DATA SUBJECTS’ RIGHTS ©Veridium IP, Ltd. All Rights Reserved
PROCESSING IS ONLY LAWFUL IF: • Data subject has given consent • It’s necessary for the performance of a contract or to enter into a contract • It’s a legal obligation to which the controller is subject • It’s to protect vital interests of a person • It’s necessary for public interest or official authority • It’s for the legitimate interests of the controller JOINT LIABILITY BETWEEN CONTROLLERS AND PROCESSORS • Processors must act only on the instructions of controllers LAWFULNESS OF PROCESSING ©Veridium IP, Ltd. All Rights Reserved
• Businesses must comply and be able to demonstrate compliance with the six general principals. 1. Lawfulness, fairness and transparency 2. Purpose limitation 3. Data minimization 4. Accuracy 5. Retention 6. Integrity and confidentiality • If you are carrying out “high risk” processing, you must conduct privacy impact assessments and work with your supervisory authority. 11 ACCOUNTABILITY ©Veridium IP, Ltd. All Rights Reserved
• Implementation of data protection policies • Data protection by design and by default • Record keeping obligations • Cooperation with supervisory authorities • Data protection impact assessments • Prior consultation with data protection authorities in high-risk cases • Mandatory Data Protection Officers in some cases. NEW RESPONSIBILITIES ©Veridium IP, Ltd. All Rights Reserved
• Acceptable and legal • Legal mechanisms must be in place • Access to a datacenter in the EU from a 3rd country counts as a data transfer TRANSFERS OUTSIDE EU ©Veridium IP, Ltd. All Rights Reserved
HOW TO COMPLY
ASSESSMENT GOVERNANCE PROCESS UPDATES DATA PROTECTION BREACH NOTIFICATION STRUCTURED CONTINUOUS APPROACH ©Veridium IP, Ltd. All Rights Reserved
• What personal data do you collect? • Do you have consent? • Do you keep records of processing? • Where physically do you hold the data? • Is the personal data sensitive? • How does it flow through the organization? • Why is it being processed and stored? PERSONAL DATA MAPPING READINESS ASSESSMENT DATA CLASSIFICATION DATA PROTECTION IMPACT ASSESSMENTS PERSONAL DATA ASSESSMENT ©Veridium IP, Ltd. All Rights Reserved
• Have you appointed a DPO or a GDPR lead? • Are your privacy notices and SLAs compliant? • Are your processor contracts and data sharing agreements compliant and up to date? • Do you have an employee training program in place? • Do you have data retention periods defined CONTRACTUAL UPDATES ORGANISATIONAL CONTROLS TECHNICAL CONTROLS UPDATED PRIVACY NOTICES AND SLAs AUDITABILITY / TRACEABILITY OF ACCESS AND DATA FLOWS EMPLOYEE TRAINING GOVERNANCE ©Veridium IP, Ltd. All Rights Reserved
• Are your consent forms freely given, specific and unambiguous? • Do you consider data protection at the outset of any new innovation? • Do you evaluate impact of technology on the rights of individuals and ensure protection? • Do you have a method for individuals to exercise their rights? UPDATED CONSENT FORMS SECURITY BY DESIGN DATA PROTECTION IMPACT ASSESSMENTS ON INNOVATION FORMS FOR DATA ACCESS, MODIFICATION, ERASURE REQUESTS PROCESS UPDATES ©Veridium IP, Ltd. All Rights Reserved
• What technologies are you using? • Who has access to data? • Do you understand when and where data leaves your organization? • How do you classify, monitor and control personal data to limit exposure? AGILE ARCHITECTURE SECURITY CONTROLS 24/7 SECURITY MONITORING AUDIT AND PENETRATION TESTING COMPLIANCE REPORTING DATA PROTECTION ©Veridium IP, Ltd. All Rights Reserved
• Do you have an incident response team in place? • Do you have a process for notifying authorities of breaches? • Do you have a process for notifying individuals, if necessary, of breaches? • Have you tested your incident response plans? • Do you keep records of all data breaches? INCIDENT MANAGEMENT INCIDENT RESPONSE TEAM DATA BREACH NOTIFICATION PEOPLE, PROCESS AND INFORMATION ALIGNMENT PERSONAL DATA BREACH NOTIFICATION ©Veridium IP, Ltd. All Rights Reserved
TECHNOLOGY’S ROLE
• Data visability assessment • Automation is essential • Data loss prevention for real-time classification • Protection of data in transit INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
• Data discovery, classification, and control • Access control and identity management • Privileged user management • Encryption and psedonymization • Auditing and forensics • Breach detection and notification INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
• Cost • Risk • Context INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
• Data discovery • Data classification and control • GDPR Article 25: Data protection by design and by default TECHNOLOGY TOOLS DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION ©Veridium IP, Ltd. All Rights Reserved
• Unauthorized access • Unauthorized processing • Control of access to specific systems and services that deal with personal data • Evidence of access attempts & activity • Monitoring abuse of privileged access to system • GDPR Article 30: Records of Categories of Personal Data Processing Activities TECHNOLOGY TOOLS DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION ©Veridium IP, Ltd. All Rights Reserved
• Encryption key management • Alternatives to public/private keys? • GDPR Article 32: Security of Processing DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION TECHNOLOGY TOOLS ©Veridium IP, Ltd. All Rights Reserved
1. You must have a leader 2. Must be a cross functional task force 3. Understand your current situation 4. Technology will help with compliance 5. There will be impacts on organizational behavior and corporate practices 6. There is no end date MAIN TAKEAWAYS ©Veridium IP, Ltd. All Rights Reserved
Email: Info@VeridiumID.com Phone: 1 877.301.0299 Web: www.VeridiumID.com Twitter: @VeridiumID LinkedIn: Veridium QUESTIONS? Email: support@gdpr365.com Web: www.gdpr365.com

Recomendados

Blockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesBlockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesVeridium
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarVeridium
 
Banking the Unbanked
Banking the UnbankedBanking the Unbanked
Banking the UnbankedVeridium
 
Secure Mobile Banking
Secure Mobile BankingSecure Mobile Banking
Secure Mobile BankingVeridium
 
Biometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarBiometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarVeridium
 
Beyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in BiometricsBeyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in BiometricsVeridium
 
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationGlobal Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationFIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 

Recomendados

Blockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesBlockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesVeridium
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarVeridium
 
Banking the Unbanked
Banking the UnbankedBanking the Unbanked
Banking the UnbankedVeridium
 
Secure Mobile Banking
Secure Mobile BankingSecure Mobile Banking
Secure Mobile BankingVeridium
 
Biometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarBiometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarVeridium
 
Beyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in BiometricsBeyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in BiometricsVeridium
 
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationGlobal Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationFIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Alliance
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsNok Nok Labs, Inc
 
Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative FIDO Alliance
 
FIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO Alliance
 
Top Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsTop Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsVeridium
 
Slideshare fintech-may26th-def
Slideshare fintech-may26th-defSlideshare fintech-may26th-def
Slideshare fintech-may26th-defQafis
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
Biometrics for Payment Authentication
Biometrics for Payment AuthenticationBiometrics for Payment Authentication
Biometrics for Payment AuthenticationFIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO MasterclassFIDO Alliance
 
6. mr. sastry vns idrbt
6. mr. sastry vns idrbt6. mr. sastry vns idrbt
6. mr. sastry vns idrbtEthioTelecom_Getahun Biratu
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsFIDO Alliance
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsFIDO Alliance
 
Loqr
LoqrLoqr
LoqrCaixa Geral Depósitos
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesUbisecure
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO Alliance
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDOFIDO Alliance
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsAdrian Dumitrescu
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll BureauBrightPay Payroll and Auto Enrolment Software
 

Más contenido relacionado

La actualidad más candente

FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Alliance
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsNok Nok Labs, Inc
 
Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative FIDO Alliance
 
FIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO Alliance
 
Top Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsTop Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsVeridium
 
Slideshare fintech-may26th-def
Slideshare fintech-may26th-defSlideshare fintech-may26th-def
Slideshare fintech-may26th-defQafis
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
Biometrics for Payment Authentication
Biometrics for Payment AuthenticationBiometrics for Payment Authentication
Biometrics for Payment AuthenticationFIDO Alliance
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsFIDO Alliance
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsFIDO Alliance
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesUbisecure
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO Alliance
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 

La actualidad más candente (20)

FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
 
Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative
 
FIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong Kong
 
Top Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsTop Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & Rewards
 
Slideshare fintech-may26th-def
Slideshare fintech-may26th-defSlideshare fintech-may26th-def
Slideshare fintech-may26th-def
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
Biometrics for Payment Authentication
Biometrics for Payment AuthenticationBiometrics for Payment Authentication
Biometrics for Payment Authentication
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
6. mr. sastry vns idrbt
6. mr. sastry vns idrbt6. mr. sastry vns idrbt
6. mr. sastry vns idrbt
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business Considerations
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social Applications
 
Loqr
LoqrLoqr
Loqr
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for Microservices
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in Korea
 
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and Recommendations
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 

Similar a Understanding GDPR: Myths & Reality of Compliance

GDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To KnowGDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To KnowBomgar
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Software Integrity Group
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?Jatin Kochhar
 
Media_644046_smxx (1).pptx
Media_644046_smxx (1).pptxMedia_644046_smxx (1).pptx
Media_644046_smxx (1).pptxMichelleSaver
 
Game changing legislation
Game changing legislationGame changing legislation
Game changing legislationIRIS
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityDean Sappey
 
Big Data
Big DataBig Data
Big Datacadmef
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy IntroductionNiclasGranqvist
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersSpain-Holiday.com
 
ABCON-AGM-2021-Final-2.pptx
ABCON-AGM-2021-Final-2.pptxABCON-AGM-2021-Final-2.pptx
ABCON-AGM-2021-Final-2.pptxHillaryObomighie
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 

Similar a Understanding GDPR: Myths & Reality of Compliance (20)

GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
GDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To KnowGDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To Know
 
13687562.ppt
13687562.ppt13687562.ppt
13687562.ppt
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
Media_644046_smxx (1).pptx
Media_644046_smxx (1).pptxMedia_644046_smxx (1).pptx
Media_644046_smxx (1).pptx
 
Game changing legislation
Game changing legislationGame changing legislation
Game changing legislation
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
 
Big Data
Big DataBig Data
Big Data
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy Introduction
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
ABCON-AGM-2021-Final-2.pptx
ABCON-AGM-2021-Final-2.pptxABCON-AGM-2021-Final-2.pptx
ABCON-AGM-2021-Final-2.pptx
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Último (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Understanding GDPR: Myths & Reality of Compliance

  • 1. ©Veridium IP, Ltd. All Rights Reserved Understanding GDPR Myths & Reality of Compliance
  • 2. BEFORE WE BEGIN Attendees have been muted You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session ©Veridium IP, Ltd. All Rights Reserved
  • 3. Nick Eckert Co-Founder GDPR365 • Proven entrepreneur with 2 successful exits and over 20 years experience in Internet technology • Committed to simplifying GDPR compliance for small to mid-sized companies • Founder and CEO of GraphicMail and co- founder of All-Hotels.com ©Veridium IP, Ltd. All Rights Reserved BEFORE WE BEGIN
  • 4. James Stickland Chief Executive Officer Veridium • Seasoned veteran with over seven years in the fintech industry • Drives business strategy, revenue, and investment growth at Veridium. • Previously Directory of Innovation and Investments at HSBC, and Non-Executive Directory at the fintech startup Red Deer ©Veridium IP, Ltd. All Rights Reserved BEFORE WE BEGIN
  • 5. • What is the GDPR and what does it mean for businesses • How to achieve compliance • The role technology plays in compliance • How biometrics can help companies achieve compliance, and how to be compliant with biometric data AGENDA
  • 6. A single set of rules on data protection valid across the European Union Includes: • Personal data that forms part of a filing system • Processing of personal data wholy or partly by automated means The GDPR is more descriptive than prescriptive. • A regulation not a directive • Enforceable by sanctions • Its goal is to protect individuals • Regulates personal data processing • Defines individual’s rights • Extra-territorial in reach • Makes the organization accountable • Goes into effect 25 May 2018 WHAT IS THE GDPR? ©Veridium IP, Ltd. All Rights Reserved
  • 7. 1. Businesses established in the EU 2. Business outside the EU that offer goods and services to, or monitor, individuals in the EU 3. Fines 1. Effective, proportionate and dissuasive 2. Up to 4% of annual worldwide turnover 4. Authorities can audit, issue warnings, and issue bans on personal data processing 5. Individuals can sue for compensation to recover material and non- material damage 1. Possibility of class action lawsuits Businesses with no presence in the EU that have to comply have to appoint a representative in the EU. 7 WHAT DOES COMPLIANCE MEAN? ©Veridium IP, Ltd. All Rights Reserved
  • 8. High Risk • Large scale data processing • Regular and systematic monitoring • Transfering data to 3rd parties • Unauthorized or unlawful processing • Accidental loss, destruction, or damage • Sensitive or child data Impact on individuals: Physical or material damage; discrimination, identity theft or fraud; financial loss; damage to reputation; revealing of sensitive details such as political persuasion; or lack of access by individuals’ to their personal data. Risks UNDERSTANDING THE RISKS ©Veridium IP, Ltd. All Rights Reserved
  • 9. • Right to access their own personal data • Right to rectify inaccurate personal data • Right to challenge automated decision making • Right to object to direct marketing • Right “to be forgotten” • Right to data portability 9 DATA SUBJECTS’ RIGHTS ©Veridium IP, Ltd. All Rights Reserved
  • 10. PROCESSING IS ONLY LAWFUL IF: • Data subject has given consent • It’s necessary for the performance of a contract or to enter into a contract • It’s a legal obligation to which the controller is subject • It’s to protect vital interests of a person • It’s necessary for public interest or official authority • It’s for the legitimate interests of the controller JOINT LIABILITY BETWEEN CONTROLLERS AND PROCESSORS • Processors must act only on the instructions of controllers LAWFULNESS OF PROCESSING ©Veridium IP, Ltd. All Rights Reserved
  • 11. • Businesses must comply and be able to demonstrate compliance with the six general principals. 1. Lawfulness, fairness and transparency 2. Purpose limitation 3. Data minimization 4. Accuracy 5. Retention 6. Integrity and confidentiality • If you are carrying out “high risk” processing, you must conduct privacy impact assessments and work with your supervisory authority. 11 ACCOUNTABILITY ©Veridium IP, Ltd. All Rights Reserved
  • 12. • Implementation of data protection policies • Data protection by design and by default • Record keeping obligations • Cooperation with supervisory authorities • Data protection impact assessments • Prior consultation with data protection authorities in high-risk cases • Mandatory Data Protection Officers in some cases. NEW RESPONSIBILITIES ©Veridium IP, Ltd. All Rights Reserved
  • 13. • Acceptable and legal • Legal mechanisms must be in place • Access to a datacenter in the EU from a 3rd country counts as a data transfer TRANSFERS OUTSIDE EU ©Veridium IP, Ltd. All Rights Reserved
  • 16. • What personal data do you collect? • Do you have consent? • Do you keep records of processing? • Where physically do you hold the data? • Is the personal data sensitive? • How does it flow through the organization? • Why is it being processed and stored? PERSONAL DATA MAPPING READINESS ASSESSMENT DATA CLASSIFICATION DATA PROTECTION IMPACT ASSESSMENTS PERSONAL DATA ASSESSMENT ©Veridium IP, Ltd. All Rights Reserved
  • 17. • Have you appointed a DPO or a GDPR lead? • Are your privacy notices and SLAs compliant? • Are your processor contracts and data sharing agreements compliant and up to date? • Do you have an employee training program in place? • Do you have data retention periods defined CONTRACTUAL UPDATES ORGANISATIONAL CONTROLS TECHNICAL CONTROLS UPDATED PRIVACY NOTICES AND SLAs AUDITABILITY / TRACEABILITY OF ACCESS AND DATA FLOWS EMPLOYEE TRAINING GOVERNANCE ©Veridium IP, Ltd. All Rights Reserved
  • 18. • Are your consent forms freely given, specific and unambiguous? • Do you consider data protection at the outset of any new innovation? • Do you evaluate impact of technology on the rights of individuals and ensure protection? • Do you have a method for individuals to exercise their rights? UPDATED CONSENT FORMS SECURITY BY DESIGN DATA PROTECTION IMPACT ASSESSMENTS ON INNOVATION FORMS FOR DATA ACCESS, MODIFICATION, ERASURE REQUESTS PROCESS UPDATES ©Veridium IP, Ltd. All Rights Reserved
  • 19. • What technologies are you using? • Who has access to data? • Do you understand when and where data leaves your organization? • How do you classify, monitor and control personal data to limit exposure? AGILE ARCHITECTURE SECURITY CONTROLS 24/7 SECURITY MONITORING AUDIT AND PENETRATION TESTING COMPLIANCE REPORTING DATA PROTECTION ©Veridium IP, Ltd. All Rights Reserved
  • 20. • Do you have an incident response team in place? • Do you have a process for notifying authorities of breaches? • Do you have a process for notifying individuals, if necessary, of breaches? • Have you tested your incident response plans? • Do you keep records of all data breaches? INCIDENT MANAGEMENT INCIDENT RESPONSE TEAM DATA BREACH NOTIFICATION PEOPLE, PROCESS AND INFORMATION ALIGNMENT PERSONAL DATA BREACH NOTIFICATION ©Veridium IP, Ltd. All Rights Reserved
  • 22. • Data visability assessment • Automation is essential • Data loss prevention for real-time classification • Protection of data in transit INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
  • 23. • Data discovery, classification, and control • Access control and identity management • Privileged user management • Encryption and psedonymization • Auditing and forensics • Breach detection and notification INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
  • 24. • Cost • Risk • Context INFORMATION GOVERNANCE MEETING SPECIFIC REQUIREMENTS REVIEW STATE OF THE ART TECHNOLOGY FRAMEWORK ©Veridium IP, Ltd. All Rights Reserved
  • 25. • Data discovery • Data classification and control • GDPR Article 25: Data protection by design and by default TECHNOLOGY TOOLS DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION ©Veridium IP, Ltd. All Rights Reserved
  • 26. • Unauthorized access • Unauthorized processing • Control of access to specific systems and services that deal with personal data • Evidence of access attempts & activity • Monitoring abuse of privileged access to system • GDPR Article 30: Records of Categories of Personal Data Processing Activities TECHNOLOGY TOOLS DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION ©Veridium IP, Ltd. All Rights Reserved
  • 27. • Encryption key management • Alternatives to public/private keys? • GDPR Article 32: Security of Processing DATA LOSS PREVENTION ACCESS CONTROL, IDENTITY MANAGEMENT AND PRIVILEGED USER MANAGEMENT ENCRYPTION TECHNOLOGY TOOLS ©Veridium IP, Ltd. All Rights Reserved
  • 28. 1. You must have a leader 2. Must be a cross functional task force 3. Understand your current situation 4. Technology will help with compliance 5. There will be impacts on organizational behavior and corporate practices 6. There is no end date MAIN TAKEAWAYS ©Veridium IP, Ltd. All Rights Reserved
  • 29. Email: Info@VeridiumID.com Phone: 1 877.301.0299 Web: www.VeridiumID.com Twitter: @VeridiumID LinkedIn: Veridium QUESTIONS? Email: support@gdpr365.com Web: www.gdpr365.com