Le téléchargement de votre SlideShare est en cours. ×

GDPR Compliance: What You Need to Know Before May 2018

•

13 déc. 2017

• •

Publicité

Publicité

Publicité

Publicité

Publicité

Publicité

Publicité

Publicité

Publicité

Publicité

Publicité

Publicité

Today
● What is the GDPR?
● Protected Data Types
● GDPR & Personal Data Rights
● GDPR Business Requirements
● Consequences...

What is GDPR?
The General Data Protection Regulation (GDPR):
● Defines personal and sensitive data
● Details how personal ...

Protected Data Types
Personal Data
Information used to determine individual identities
Sensitive Personal Data
Special cat...

Personal Data Rights for EU Citizens
1. Consent for personal
data to be shared and
processed
2. Access to personal data
3....

GDPR Regulations Apply To
Data Processors
Entities processing data on behalf of the controller (Clouds)
Data Controllers
E...

Business Regulations for EU Organizations
EU organizations may need to:
● Appoint a data protection officer
● Review data ...

Business Regulations for Non-EU Organizations
Businesses with just one EU-
based client or employee are
subject to GPDR co...

Consequences of Non-Compliance
Fine Amount Reasons
2% of annual global revenue, or €10 million
(whichever is higher)
● Dat...

Meeting GDPR Compliance

Meeting GDPR Compliance

Meeting GDPR Compliance

Meeting GDPR Compliance

Meeting GDPR Compliance

Meeting GDPR Compliance

Other Impacts of Non-Compliance
● Cost of rectification
● Damaged company
reputation
● Lost consumer trust
● Declining sha...

Employee Training Requirements
GDPR mandates:
● Awareness raising and training of staff involved in the processing
operati...

Meeting GDPR Compliance with SecurityIQ
Privacy & EU GDPR training module including:
● GDPR definition & purpose
● Protect...

Meeting GDPR Compliance with SecurityIQ
Role-based Training
Data protection principles exercise
Personal data lifecycle ex...

GDPR Compliance: What You Need to Know Before May 2018

GDPR Compliance: What You Need to Know Before May 2018

GDPR Compliance: What You Need to Know Before May 2018

GDPR Compliance: What You Need to Know Before May 2018

GDPR Compliance: What You Need to Know Before May 2018

GDPR Compliance: What You Need to Know Before May 2018

GDPR Compliance: What You Need to Know Before May 2018

SlideShares suivants

Prochain SlideShare

GDPR is Coming, Five Things You Can Do Now To Prepare

GDPR is Coming, Five Things You Can Do Now To Prepare

Chargement dans…3

×

Consultez-les par la suite

GDPR Guide: The ICO's 12 Recommended Steps To Take Now

GDPR The New Data Protection Law coming into effect May 2018. What does it me...

MindMap AVG Louwers Advocaten V 4.0 (EN)

What is the new data protection regulation GDPR and why should you care? Jesp...

What does GDPR mean for your charity?

NCVO - National Council for Voluntary Organisations

EY General Data Protection Regulation: Are you ready?

Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...

Findability Day 2016 - What is GDPR?

GDPR Compliance: What You Need to Know Before May 2018

13 déc. 2017

• •

Télécharger pour lire hors ligne

Scheduled to come into effect May 25, 2018, the General Data Protection Regulation (GDPR) has struck fear into compliance officers around the world. Much confusion surrounds this new regulation as organizations everywhere work to understand its new requirements and adjust business processes accordingly.

In this webinar, we review:
-- Key GDPR requirements
-- Data types regulated under GDPR
-- How GDPR impacts EU and non-EU businesses
-- Steps to becoming GDPR compliant
-- Consequences of non-compliance
-- How SecurityIQ helps you meet security awareness GPDR requirements

To learn more about SecurityIQ, visit: https://securityiq.infosecinstitute.com/

Scheduled to come into effect May 25, 2018, the General Data Protection Regulation (GDPR) has struck fear into compliance officers around the world. Much confusion surrounds this new regulation as organizations everywhere work to understand its new requirements and adjust business processes accordingly.

In this webinar, we review:
-- Key GDPR requirements
-- Data types regulated under GDPR
-- How GDPR impacts EU and non-EU businesses
-- Steps to becoming GDPR compliant
-- Consequences of non-compliance
-- How SecurityIQ helps you meet security awareness GPDR requirements

To learn more about SecurityIQ, visit: https://securityiq.infosecinstitute.com/

Plus De Contenu Connexe

GDPR Guide: The ICO's 12 Recommended Steps To Take Now

GDPR The New Data Protection Law coming into effect May 2018. What does it me...

MindMap AVG Louwers Advocaten V 4.0 (EN)

What is the new data protection regulation GDPR and why should you care? Jesp...

What does GDPR mean for your charity?

NCVO - National Council for Voluntary Organisations

EY General Data Protection Regulation: Are you ready?

Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...

Findability Day 2016 - What is GDPR?

Simple GDPR Overview

An Overview of GDPR

The Pathway Group

Quick Introduction to the EU GDPR by Sami Zahran

Dr. Sami Zahran

General Data Protection Regulation (GDPR) - Moving from confusion to readiness

GDPR Demystified

EU General Data Protection Regulation - Update 2017

General Data Protection Regulation

BCC - Solutions for IBM Collaboration Software

GDPR Introduction and overview

Sebastian Dramburg

GDPR Basics - General Data Protection Regulation

GDPR infographic

Marketing Team at Crown Worldwide Group

GDPR Guide: The ICO's 12 Recommended Steps To Take Now

29 diapositives

GDPR The New Data Protection Law coming into effect May 2018. What does it me...

15 diapositives

MindMap AVG Louwers Advocaten V 4.0 (EN)

What is the new data protection regulation GDPR and why should you care? Jesp...

What does GDPR mean for your charity?

NCVO - National Council for Voluntary Organisations

19 diapositives

EY General Data Protection Regulation: Are you ready?

17 diapositives

Satori GDPR Overview 2018

A Brief Overview on GDPR

A practical guide to GDPR preparation

Promapp Solutions

GDPR: What does it mean for your business?

BrightPay Payroll and Auto Enrolment Software

GDPR webinar presentation | LawBite

Why GDPR Must Be an Integral Part of Your GRC Framework

What's Next - General Data Protection Regulation (GDPR) Changes

Ogilvy Consulting

General Data Protection Regulation (GDPR) Implications for Canadian Firms

All you need to know about GDPR

The Definitive GDPR Guide for Event Professionals

The Right Steps to Becoming GDPR Compliant

Data breaches, privacy programs and what will change for processors

Teleran Data Protection - Addressing 5 Critical GDPR Requirements

Chris Doolittle

GDPR SECURITY ISSUES

Sylvain Martinez

Understanding & Working with the GDPR

Taking the Fear Out of GDPR

GDPR in the Healthcare Industry

GDPR what you should know and how to minimize impact on your business

GDPR & the Travel Industry: Practical recommendations for holiday rental owners

Spain-Holiday.com

Travelodge GDPR Case Study

Satori GDPR Overview 2018

A Brief Overview on GDPR

28 diapositives

A practical guide to GDPR preparation

Promapp Solutions

26 diapositives

GDPR: What does it mean for your business?

BrightPay Payroll and Auto Enrolment Software

39 diapositives

GDPR webinar presentation | LawBite

58 diapositives

Why GDPR Must Be an Integral Part of Your GRC Framework

41 diapositives

Skills training value: How to differentiate your staff and your organization ...

Security awareness training - 4 topics that matter most

Threat hunting foundations: People, process and technology.pptx

Learn intrusion detection: Using Zeek and Elastic for incident response

CompTIA PenTest+: Everything you need to know about the exam

CompTIA CASP+ | Everything you need to know about the new exam

CompTIA network+ | Everything you need to know about the new exam

Isaca career paths - the highest paying certifications in the industry

CMMC case study: Inside a CMMC assessment

CMMC rollout: How CMMC will impact your organization

Solar winds supply chain breach - Insights from the trenches

From machine learning to deepfakes - how AI is revolutionizing cybersecurity

CompTIA Security+: Everything you need to know about the SY0-601 update

NICE Cybersecurity Workforce Framework: Close your skills gap with role-based...

CompTIA cysa+ certification changes: Everything you need to know

Infosec IQ MSP Implementation Webinar - 2019.10.08

Infosec IQ Essentials

Infosec IQ Essentials

What's New in Infosec IQ - Summer 2019

PenTest+: Everything you need to know about CompTIA’s new certification

Skills training value: How to differentiate your staff and your organization ...

15 diapositives

Security awareness training - 4 topics that matter most

16 diapositives

Threat hunting foundations: People, process and technology.pptx

25 diapositives

Learn intrusion detection: Using Zeek and Elastic for incident response

14 diapositives

CompTIA PenTest+: Everything you need to know about the exam

26 diapositives

CompTIA CASP+ | Everything you need to know about the new exam

24 diapositives

METAVERSE .pptx

WP REST API - modifying responses

Jonathan Bossenger

usabilityofwebapplication.pdf

Internet of Things (IOT) Proliferation.pdf

Apixel IT Support

CLI_CISCO SW 300 SERIES.pdf

ap700-AIRONET.pdf

The Spotight is On Passwordless Authentication

How to develop healthcare app.docx

EMT 11_12 Q1 0201 PF LED.pptx

NS-CUK Seminar: J.H.Lee, Review on "Hyperbolic graph convolutional neural net...

Network Science Lab, The Catholic University of Korea

SESSION 01-ALPHABET-NUMBERS-DEMOSRATIVE.pdf

Sang_Graphormer.pdf

Network Science Lab, The Catholic University of Korea

System Implementation.pptx

MohamedNowfeek1

IOT DEVENDRA SHRIVASH.pptx

DEVENDRA SHRIVASH

Introduction to Cloud

Djordje Zivanovic

A_Middleware_based_on_Service_Oriented_Architectur.pdf

Acknowledgment.pptx

HabtamuTadesseWorku

METAVERSE .pptx

13 diapositives

WP REST API - modifying responses

Jonathan Bossenger

19 diapositives

usabilityofwebapplication.pdf

13 diapositives

Internet of Things (IOT) Proliferation.pdf

Apixel IT Support

GDPR Compliance: What You Need to Know Before May 2018

1. Today ● What is the GDPR? ● Protected Data Types ● GDPR & Personal Data Rights ● GDPR Business Requirements ● Consequences of Non-Compliance ● 6 Steps to Becoming GDPR Compliant ● Personnel Training Requirements
2. What is GDPR? The General Data Protection Regulation (GDPR): ● Defines personal and sensitive data ● Details how personal and sensitive data must be handled ● Establishes fines for noncompliance ● Sets new requirements for breach notifications
3. Protected Data Types Personal Data Information used to determine individual identities Sensitive Personal Data Special categories of personal data requiring strong protections
4. Personal Data Rights for EU Citizens 1. Consent for personal data to be shared and processed 2. Access to personal data 3. Right to be forgotten 4. Right to portability 5. Right to rectification
5. GDPR Regulations Apply To Data Processors Entities processing data on behalf of the controller (Clouds) Data Controllers Entities deciding what personal data must be processed and how processing will occur
6. Business Regulations for EU Organizations EU organizations may need to: ● Appoint a data protection officer ● Review data collection procedures ● Create a data protection awareness program ● Perform ongoing information audits ● Complete Data Protection Impact Assessments
7. Business Regulations for Non-EU Organizations Businesses with just one EU- based client or employee are subject to GPDR compliance
8. Consequences of Non-Compliance Fine Amount Reasons 2% of annual global revenue, or €10 million (whichever is higher) ● Data breaches ● Not employing the services of a DPO ● Not conducting a DPIA ● Not keeping appropriate records 4% of annual global revenue, or €20 million (whichever is higher) ● Failing to gain consent ● Not upholding consumer rights under GDPR rules ● Moving data outside the EU within the confines of Chapter 5 of the GDPR
9. Meeting GDPR Compliance
10. Meeting GDPR Compliance
11. Meeting GDPR Compliance
12. Meeting GDPR Compliance
13. Meeting GDPR Compliance
14. Meeting GDPR Compliance
15. Other Impacts of Non-Compliance ● Cost of rectification ● Damaged company reputation ● Lost consumer trust ● Declining share value
16. Employee Training Requirements GDPR mandates: ● Awareness raising and training of staff involved in the processing operations (Article 37) ● Appropriate data protection training to personnel having permanent or regular access to personal data (Article 43)
17. Meeting GDPR Compliance with SecurityIQ Privacy & EU GDPR training module including: ● GDPR definition & purpose ● Protected data types ● Information lifecycle ● Non-compliance consequences ● Data protection principles ● Personal data rights
18. Meeting GDPR Compliance with SecurityIQ Role-based Training Data protection principles exercise Personal data lifecycle exercise Data use exercises Data disposal exercise Engaging exercises, animations, voice narration for better results Comprehensive library 100+ phishing simulation templates 100+ security awareness modules

Notes de l'éditeur

The General Data Protection Regulation (GDPR) evolved from its predecessor, the Data Protection Directive 95/46/EC.
GDPR is a fully fledged regulation for modern, cloud-based data transactions. It mandates specific controls over how personal data of EU citizens is handled and unifies privacy laws across EU states.
The GDPR covers two types of data, specified in the regulation as:

1. Personal Data
Personal data is information that can be used to determine individual identities. It can be thought of as an “identifier” used to directly or indirectly link data to individuals. This can include names, locations or online identifiers like IP addresses. It also includes economic, cultural or physiological data that could be linked together to determine individual identities.

2. Sensitive Personal Data
Sensitive personal data under the GDPR are special categories of personal data that require stronger protections. Sensitive personal data includes genetic data, biometric data and other data types that can reveal information such as religion, race or ethnic origin.
Consent for personal data to be shared and processed. The GDPR requires organizations to gain consent from individuals prior to data sharing and processing. Consent must be given in the form of a “clear affirmative act,” meaning consent must be expressly collected and demonstrated. Opt-out buttons are no longer allowed, and organizations must implement a mechanism to manage users’ revocations of consent.
Access to personal data. Individuals must be allowed to easily access their data collected and stored by organizations. The GDPR specifically states the “data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily.”
Right to be forgotten. This is one of the most difficult-to-manage requirements of the GDPR. Under this directive, individuals must be able to remove all traces of their personal data from an organization if they wish. This would apply, for example, if the user removes consent to share.
Right to portability. The data subject must be allowed to transfer their data easily between controllers.
Right to rectification. The data subject must have the right to have inaccurate data rectified.
Appoint a Data Protection Officer (DPO).
Article 37 of the GDPR requires organizations to assign a DPO if the organization’s core activities involve either of the following:
Data processing requiring regular and systematic monitoring of individuals on a large scale.
Large-scale processing of special categories of data and personal data relating to criminal convictions.

A DPO has a number of duties, including balancing regulatory requirements with business processes, training staff on proper data handling and liaising with supervisory authorities.

Some organizations may be exempt from the DPO requirement if they do not handle personal data. Smaller organizations may also work with a consultant to remain in compliance without adding significantly to overhead.

Review data collection procedures for compliance with GDPR requirements.
This must include the entire lifecycle of data collection, storage, management, processing and data deletion/archival.

Create a data protection awareness program.
This will ensure staff members are aware of the various GDPR rules around data processing and breach notifications.

Perform ongoing information audits.
This step will ensure the organization knows what data is collected and how it is processed at all times.

Complete Data Protection Impact Assessments (DPIA).
Essentially, DPIAs are Privacy Impact Assessments. According to the GDPR, DPIAs will “evaluate, in particular, the origin, nature, particularity and severity” of the “risk to the rights and freedoms of natural persons.”
Noncompliance with GDPR carries more than a large fine. The GDPR is ultimately about protecting personal information. If you do not protect your customers’ personal information, you may also find there are other consequences. These include:

1. Cost of rectification. Data has intrinsic value to everyone. This includes your organization, your customers and cybercriminals. The Ponemon Institute values the average cost of rectification following a breach as $141 per record.
2. Damaged company reputation. If your company suffers a breach, you must notify supervisory authorities within 72 hours. If the breach is deemed high risk, you must also inform those impacted (your customers).
3. Lost consumer trust. Compensation claims and customer attrition could well outstrip noncompliance fines.
4. Declining share value. A study by Oxford Economics found share value can drop by 1.8 percent after a cyberattack.
Depending on the role of the employee, your training program should include the following topics:
● What is the purpose of the GDPR?
● What constitutes personal and sensitive personal data?
● What are the principles of the GDPR? Which Articles exemplify each principal?
● What are the roles of the processor, controller and DPO?
● What data does your organization need to collect? Why?
● How do the new consent rules affect your current data collection processes?
● What are the rights of the data subject?
● What types of breaches fall under GDPR notification requirements?
● What type of rules impact collection of data on children?
● Where and when can techniques like pseudonymization and anonymization be used?
SecurityIQ by InfoSec Institute helps you fulfill these personnel training requirements under GDPR. (articles 37 & 43)

It does this by integrating
Role-based security awareness training
Real-life phishing simulations
And automatically personalized learning plans for each employee
All into a single easy-to-use platform.

Our goal is to help you prevent data breaches by boosting your employees’ security aptitude and transforming their security behaviors.
With SecurityIQ, our clients have demonstrated drops in their phishing susceptibility rates to near 0%.
One of the ways SecurityIQ fulfills GDPR’s personnel training requirements is through our Privacy & EU GDPR training module which covers all the education components you see here.
Here’s a quick example of a GDPR training module

What our clients really appreciate with SecurityIQ is how it automates the often tedious program development and ongoing management of their security awareness initiatives.
What our clients really appreciate with SecurityIQ is how it automates the often tedious program development and ongoing management of their security awareness initiatives.

First of all, we provide them:
More than 130 frequently updated training modules
And over 200+ real-world phishing simulation templates
All ready to use out-of-the box or to customize as they needed
More importantly, SecurityIQ continually monitors and tracks employees’ learning progress and security behaviors. It uses this data to automatically create personalized security education experiences for each employee by providing the right level of training and reinforcement at the right time and frequency to keep them engaged and motivated.
I encourage you to give SecurityIQ a try and see for yourself. Simply go to securityiq.infosecinstitute.com to get started with a free account.