Yes, YOU are concerned with 20 000 000€ fines, even outside EU ! You've been watched by Global Data Regulation Privacy ! At first, I thought that was only a EU matter, but when traveling to the US, it is a serious topic that impacts many IT companies worldwide ! This presentation is an introduction on how to get structured rapidly and be ready for D-Day, and avoid HUGE fines... and make citizen's privacy at last secured ! Official Website : http://www.eugdpr.org

1. This presentation is intended to provide an overview of the GDPR and is not a definitive statement of the law.
Why GDPR matters
to your business
even outside EU ?
Vincent THAVONEKHAM @VISEO,
Microsoft Regional Director, MVP Azure

2. Russian
English
Шановний пані та панове, дякую
Shanovnyy pani ta panove, dyakuyu (Dear ladies and gentleman, thank you)
Привет
Privet
Dear ladies and gentleman, thank you (for joining us)

3. I’m a very dynamic Azure Practice Manager, RD, MVP @VISEO
Enjoy sharing the knowledge and ideas to the Cloud Community
3
www.thavo.com
@vThavo
2013-2015 : Microsoft vTSP Azure
2015: Microsoft p-Seller Azure + ALM TFS + Data
2015: WPC awarded Top 5 best pSeller partner France
2015,16,17,18: Azure MVP Award
2017: Microsoft Regional Director
CERTIFICATIONS / DEGREES:
Microsoft Certified Professional
ITIL v3, PRINCE2, ScrumMaster,
Master IT in Intelligent Systems (distinction & 1st place)
Author & co-author : DevOps & Azure
(France & l’international)
- Published book, white paper and magazine articles
- Round Table panel on live streaming
(for Electric Cloud, with Gene Kim, The Phoenix project)
MVP Community in Seatle !

4.  Why GDPR is good for citizens ?
4

5. Few concepts
25 May
2018
GDPR = GO LIVE !
Hertz =
40k€ fines
August 2017 : sensitive
data were exposed on
the net.
WORLDWIDE
EFFECT
As long as you
manipulate data related
to a EU citizen
€20 million
fines or 4% of annual
global revenues (which
ever is greater)
 As a EU citizen, your data are safer than ever before

6. Protecting customer
privacy with GDPR
What does this mean for my data?

7. Scared yet ??
 Start to warn on how
serious the EU / French
CNIL is not joking
about it
 Hertz 20 k€ fine: Sub-
contractor made the
error

8. Organizations who
violate the GDPR could
face fines up to the
greater of €20 million
or 4% of annual global
turnover (revenue),
whichever is greater
The regulation was
approved 27 April
2016 and enforcement
begins 25 May 2018
Preparing for GPDR is complex

9. 9

10. GDPR
overview
Very partial extract : each line is an entry point !
http://www.eugdpr.org/article-
summaries.html

11. Broad topic makes it hard to enforce
Personal
privacy
Controls and
notifications
Transparent
policies
IT and training
Organizations need to :
• Train privacy personnel &
employee
• Audit and update data
policies
• Employ a Data Protection
Officer (if required)
• Create & manage
compliant vendor
contracts
Organizations need to:
• Protect personal data using
appropriate security
• Notify authorities of
personal data breaches
• Obtain appropriate consents
for processing data
• Keep records detailing data
processing
Individuals have the right to:
• Access their personal
data
• Correct errors in their
personal data
• Erase their personal data
• Object to processing of
their personal data
• Export personal data
Organizations need to:
• Provide clear notice of
data collection
• Outline processing
purposes and use cases
• Define data retention
and deletion policies

12. People, Process, Technology
PEOPLE
PROCESSTECHNOLOGY
GDPR needs a change management
It is not just a matter of
securing data
Many aspects have to be taken
into account
Three axes :

13. COMPULSORY : Appointing a Data Protection Officer (DPO) dedicated to
the topic
- it could be outsourced = It could be you !
- DPO cares caries out the Data Protection Impact Assessments (DPIAs)
ADVISED : working with Leagal advisor consulting
 Other possible roles
 Chief Information Security Officer (CISO), Compliance, Data Center
Leadership, HR,
IT Leadership, Legal, Marketing/Digital, Operations, Processor,
Risk Management Office
Possibly : Third-Party Processors
 People, Process, Technology

14. How do I get started? DMPR !
Identify what personal data you have and
where it resides
Discover1
Govern how personal data is used
and accessed
Manage2
Establish security controls to prevent, detect,
and respond to vulnerabilities & data breaches
Protect3
Keep required documentation, manage data
requests and breach notifications
Report4
People, Process, Technology

15. People, Process,  Technology

16. 16

17. Why it matters for Businesses even outside EU ?
I’m outside EU, I don’t care !
- True IF you don’t have EU customers or data related to
EU citizens
I’m doing a Blockchain project. I’ve got nothing else to
secure !
- False, besides technology is only one ingredients out of
three

18.  How Microsoft & Azure could help ?
18

19. GDPR technological needs : Reminds you something ?
Protect the data from the inside
 People, Process, Technology

20. HIPAA
/
HITECH
Act
FERPAGxP
21 CFR Part
11
Singa
pore
MTCS
UK
G-
Clou
d
Austr
alia
IRAP/
CCSL
FISC
Japan
New
Zealand
GCIO
China
GB
1803
0
EU
Model
Clauses
ENI
SA
IAF
Argent
ina
PDPA
Japan
CS
Mark
Gold
CDSA
Shared
Assessments
Japan My
Number Act
FACT UK GLBA
Spa
in
EN
S
PCI DSS
Level 1
MARS-
E
FFIEC
Chi
na
TR
UC
S
Canada
Privacy
Laws
MPAA
Priv
acy
Shiel
d
In
di
a
M
eit
Y
German
y IT
Grundsc
hutz
workbo
ok
Sp
ain
DP
A
HITRUS
T
IG Toolkit
UK
Chi
na
DJ
CP
ITARSection
508
VPAT
SP 800-171 FIPS 140-2High
JAB P-
ATO
CJISDoD DISA
SRG Level 2
DoD DISA
SRG Level 4
IRS 1075DoD DISA
SRG Level 5
Moderate
JAB P-
ATO
GLOBA
L
US
GOV
INDUS
TRY
REGIO
NAL
ISO 27001
SOC 1
Type 2ISO 27018
CSA STAR
Self-Assessment
ISO 27017
SOC 2
Type 2
SOC 3ISO 22301 CSA STAR
Certification
CSA STAR
Attestation
ISO 9001
Azure has the deepest and most comprehensive compliance coverage in the industry
Azure deals with banking & heath data for years worldwide !
Azure has got 54 offerings So GDPR is a peace of cake ??

21. “Make no mistake, the GDPR sets a new
and higher bar for privacy rights, for
security, and for compliance.
And while your journey to GDPR may
seem challenging, Microsoft is here to
help all of our customers around the
world.”
Brad Smith
President & Chief Legal Officer
Microsoft Corporation

22. Providing clarity and consistency for the
protection of personal data
Enhanced personal privacy rights
Increased duty for protecting data
Mandatory breach reporting
Significant penalties for non-compliance
The General Data Protection
Regulation (GDPR) imposes new
rules on organizations in the European
Union (EU) and those that offer goods
and services to people in the EU, or that
collect and analyze data tied to EU
residents, no matter where they are
located.
Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights

23. Our commitment to you
To simplify your path to compliance, we are committing to
GDPR compliance across our cloud services when
enforcement begins on May 25, 2018.
We will share our experience in complying with complex
regulations such as the GDPR.
Together with our partners, we are prepared to help you
meet your policy, people, process, and technology goals on
your journey to GDPR.

24. Leverage guidance
from experts
Simplify your
privacy journey
GDPR
Compliance
GDPR
Compliance
GDPR
Compliance
Uncover risk &
take action

25. Microsoft can help perform assessment with Executive Summary Reports
Maturity levels : Starting, Progressing or Optimizing, with short description (full recommendations on the final detail page)

26. Microsoft can help perform assessment with Executive Summary Reports
Maturity and total actionable recommendations per theme, with focus areas (sub scenarios in the “Starting maturity level”)

27. People, Process,  Technology

28. GDPR : Focus on Azure helping
• Integrate Azure search for hosted
applications to locate personal data
across user-defined indexes
• Trace and identify personal data
stored in different data sources
Search &
identify
personal data
Protect data in
the cloud
Control access
Detect &
Remediate
threats
Classify
data
Record-
keeping
• Securely manage access to your
data, applications and other
resources
• Enforce separation of duties
• Easily determine and assign
relative values to your data
• Employ advanced encryption,
cryptography, and monitoring
• Restore data availability with a
variety of recovery and Geo-
redundant storage options
• Proactively prevent, detect and
respond quickly to threats
• Deliver verifiable transparency and
delivers tamper-resistant insights
with activity log
• Leverage comprehensive
compliance and privacy
documentation for Azure
Discover Manage Protect Report
People, Process,  Technology

29. 29
 Summary

30. Conclusion
25 May
2018
- GDPR = GO LIVE !
- €20 million or 4% gl rev
Not easy
Change Management :
People –Process-
Technology
START NOW !
- Do it iteratively
- Microsoft could help
- Legal could help
YOU ARE
CONCERNED
Even outside EU !
 As a EU citizen, your data are safer than ever before