What is GDPR and Should You Care?

Similar documents
General Personal Data Protection Policy

GDPR: What Every MSP Needs to Know

A PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018

Preparing for the GDPR

Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations

General Data Protection Regulation - Explained

1 Privacy by Design: The Impact of the new European Regulation on Data protection. Introduction

THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)

DATA PROTECTION POLICY

General Data Protection Regulation

LAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems

What does the GDPR mean for recruitment?

GENERAL DATA PROTECTION REGULATION.

Preparing for the GDPR Orla O Hannaidh - Womble Bond Dickinson

Get ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie

ARTICLE 29 Data Protection Working Party

GDPR General Data Protection Regulation

EU GENERAL DATA PROTECTION REGULATION

SAP and SAP Ariba Solution Support for GDPR Compliance

ACCENTURE BINDING CORPORATE RULES ( BCR )

Data Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: Statement of Intent

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges

Hendre Infants School DATA PROTECTION POLICY. Nurture, Believe, Achieve Headteacher: A. J. Brett-Harris

General Data Privacy Regulation: It s Coming Are You Ready?

More information at cventconnect.com/europe/mobileapp

CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR. Legal02# v1[RXD02]

December 28, 2018, New Delhi, INDIA

GDPR factsheet Key provisions and steps for compliance

Preparing for the General Data Protection Regulation (GDPR)

EEA General Data Protection Regulation Privacy Notice - University of Rochester Applicants and Current Employees Located in the EEA

Global Privacy Policy

ARTICLE 29 DATA PROTECTION WORKING PARTY

GENERAL DATA PROTECTION REGULATION Guidance Notes

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

Data Privacy, Protection and Compliance From the U.S. to Europe and Beyond

Compliance. Checklist. 10 Steps to Compliance EU GDPR GDPR. Clearly. Raise Awareness. Data. with the New. and Consent. Protection.

With financial penalties of up to 4 percent of global annual turnover, are you up-to-date on the General Data Protection Regulation?

GDPR Factsheet - Key Provisions and steps for Compliance

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER

with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting

Data Protection Policy

New General Data Protection Regulation - an introduction

INTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT

GDPR & SMART PIA. Wageningen University Feb 2017

Vendor Agreements and the New EU GDPR Steps to Take Now

CAPTIFY S GDPR READY POSITION: + + EU REGULATION 25TH MAY 2018 UPDATE TO DPD PERSONAL DATA CONSENT

GDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry

Session 1. Asset Management and Risk Control Forum. bvrla.co.uk

NOT PROTECTIVELY MARKED

GDPR is coming in 108 days: Are you ready?

Accountability under the GDPR: What does it mean for Boards & Senior Management?

EU General Data Protection Regulation: What Impact for Businesses Established Outside the EU and EEA Francoise Gilbert 1

b. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law.

GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey

Foundation trust membership and GDPR

Privacy Policy RSL Ireland Ltd & Refrigeration Products (1999) Ltd

The Sage quick start guide for businesses

What you need to know. about GDPR. as a Financial Broker. Sponsored by

General Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR

Personal data: By Personal data we understand all information about identified or identifiable natural ( data subject ) according to GDPR

UK Research and Innovation (UKRI) Data Protection Policy

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) A brief guide

EU General Data Protection Regulation (GDPR)

DATA PROTECTION POLICY VERSION 1.0

General Data Protection Regulation. Jim Sneddon GDPR-P, CISSP

EEA General Data Protection Regulation Privacy Notice - University of Rochester Office of Advancement

GDPR: Are You Ready? Mapping the Road to GDPR Compliance. March 2018

What in the World is GDPR? Imran Ahmad, Partner Miller Thomson LLP

THE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE 1. INTRODUCTION... 2

Preparation Guide to the New European General Data Protection Regulation

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

GDPR Compliance Checklist

Brasenose College Data Protection Policy Statement v1.2

General Data Protection Regulation. What should community energy organisations be doing to prepare?

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION

BROOKS PERSONAL TRAINING

WHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT

Training Manual. DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Data Protection Officer is Mike Bandurak

European Union General Data Protection Regulation 25 th May 2018

Bulkington, Nuneaton & Bedworth (BNB) BNB U3A Data Protection Policy

GDPR is coming soon. Are you ready. Steven Ringelberg.

Dealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016

The GDPR Are you ready?

Xerox Privacy Notice: Rights of data subjects pursuant to the General Data Protection Regulation

The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry

DATA PROTECTION POLICY

Presenting a live 90-minute webinar with interactive Q&A. Today s faculty features:

GDPR Webinar : Overview & practical compliance steps. 23 October 2017

General Data Protection Regulation (GDPR) Key considerations and implications for brokers

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

Data protection in light of the GDPR

Data Protection Policy. UK Policy May 2018

A COMPANION DOCUMENT TO THE GDPR READINESS DECISION TREE QUESTIONS AND ANALYSIS. April 19, 2017

Effective Data Governance & GDPR Compliance for the Nonprofit CFP

Pensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes

EU General Data Protection Regulation ( GDPR ) FAQs External Version - 16 March 2018

GDPR-CERTIFIED ASSURANCE REPORT BASED PROCESSING ACTIVITIES

Data Protection (internal) Audit prior to May (In preparation for that date)

Transcription:

What is GDPR and Should You Care? Ingram Micro Inc. 1

Overview of Privacy Climate & Concerns 2 2

Today We Live In A World Where Advertisers read key words in your Facebook posts and emails and decide what you might want to buy. You can probably find a photo of your 70 year old mother on Google. Your mobile phone tracks and shares your location with all kinds of companies and service providers You can download an album from Aghani apps and discover you ve been subscribed to artist s fan page on Facebook without knowing it. The first thing you do when you get in details of a job candidates is search social media to find out more about them. 3

Why Do We Need Regulation? 4

Current Privacy Climate World Wide Privacy has become an ever-increasing ethical and legal issue a global issue worldwide New Privacy laws in Japan, Brazil, Turkey etc. New Data Protection Legislation in Europe. Snowden Leaks effects: Safe harbor invalidated by European Court of Justice. Tech companies got serious about privacy. Increased privacy awareness amongst customers and consumers. Litigations for privacy matters are growing. 5

What is GDPR? 6 6

What is the GDPR? What? Scope? Stands for General Data Protection Regulation. A Privacy law that applies to personal data of EU residents Applies globally to any organization holding or processing EU residents information. Main focus? Non-compliance? Personal Data i.e. any information relating to an individual whether they can be identified directly or indirectly GDPR Sever penalties and financial fines for non-compliance. Objective? Ensures individuals can control how information about them is used. Also ensures those holding the information protects it from disclosure When? 25 th May 2018 (Around 12 months to be ready) 7

Key GDPR Terms Personal data Any information relating to an identified/identifiable, natural person. DPO Data Protection Officer. Hiring a DPO is obligatory under the GDPR in some cases. Data Subject A natural person, who can be identified, or is identifiable, directly or indirectly. Data controller A person or body which determines the purposes and means of processing personal data. Data processor An entity which processes the data on behalf of the data controller. Supervisory Authority Supervisory authorities are national data protection authorities, empowered to enforce the GDPR in their own member state. Transfer The transfer of personal data to countries outside the European Union Area (EEA) or to international organizations. Process Any operation(s) which is performed on personal data whether or not by automated means. 8

GDPR Principles Seven Data Protection Principles Lawfulness, Fairness & Transparency Personal Data must be processed lawfully, fairly and in a transparent manner in relation to the data subject. Purpose Limitation Personal Data must be collected for specified explicit and legitimate purposes. Data Minimisation Personal Data must be adequate, relevant and limited to those which are necessary in relation to the purposes for which they are processed. Accuracy Personal Data must be accurate and, where necessary, kept up to date. Storage Limitation Integrity & Confidentiality Personal Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Appropriate technical and/or organizational measures have to be in place to ensure protection against unauthorized processing, accidental loss, destruction, and/or damage. Accountability The controller shall be responsible for and be able to demonstrate compliance with these principles. 9

What Does It Mean To Organizations? Obtain a clear consent. Obtain parents consent if data subject is under 16. Provide a copy of individual s Personal data on request. Erase all Personal records if Requested. Provide Adequate Security. Privacy Impact Assessment. One Supervisory Authority to deal with. Can select their preferred Supervisory Authority. 10

What Does It Mean To Individuals? The Right to be informed. The Right of Access. The Right to Rectification. The Right to Erasure. The Right to Restrict Processing. The Right to Data Portability. The Right to Object. Rights in Relation to Automated Decision Making and Profiling. 11

Mandatory Breach Notification If Personal Data Breach is Likely to result in a risk to the rights and freedoms of individuals Notify the Supervisory Authority within 72 Hours of becoming aware of the breach. If high risk breach likely to affect rights and freedom of individual. You must notify those concerned directly. Having strong Incident Management Capabilities is extremely important 12

Sanctions/Fines Administrative Fines two sets: Violation of GDPR provisions Up to E20,000,000 or 4% of annual global turnover Which ever is greater. Failing to notify a Data Security Breach Up to 10,000,000 or 2% of annual global turnover. An Individual can: Complain to Supervisory Authority. Right to Compensation. 13

Getting Ready for GDPR 14

Steps To Take Conduct Awareness Training. Identify Key Data Assets. Conduct Risk Assessment. Establish Policies. Use Existing Framework (ISO27k, NIST etc.). Monitor and Respond. 15

How Can Ingram Micro Help You Comply? 16

Ingram Micro Cyber Security Portfolio Services Trainings Vendors Basic Technical Assessment General Training Consultancy Service Certification Training Managed Security Service Specialized Training 17

Constancy Services Brief Description Organization of information security, Security strategy, structure, and roles and responsibilities Cyber Security Governance Assess Change management, patch management, malware protection, and network security management processes Security Operations review Policies & Procedures review Review the design and effectiveness of established security policies and procedures Assess physical and environmental controls at data processing facilities Physical Security Assessment Consultancy Services Risk Assessment Identify risks and propose mitigation measures Assess incident response capabilities including prevention, detection, and recovery. Incident management Compliance Assessment Access Control Review Assess controls of access provisioning, access removal, privilege assignment, and access monitoring Assess compliance against local and international security standards and regulations 18

Trainings & Certifications Domain Technology Operations Laws and regulations Credential Audience Those responsible for: Information technology Information security Software engineering Privacy by Design Those responsible for: Risk management Privacy operations Accountability Audit Privacy analytics Those responsible for: Legal Compliance Information management Data governance Human Resources 19

Tools To Help You Achieve Compliance Control Compliance Suite ControlPoint IBM Regulatory Compliance Analytics Delivers business-aware security and risk visibility so that customers are effectively able to align priorities across security, IT operations, and compliance Helps you achieve information compliance by making it possible to understand, classify, and reduce outdated and unnecessary legacy dark data content. Streamlines the identification of potential obligations in regulations, reduces time and costs of compliance, and enables sustainable management of controls through an effortless dashboard 20

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback