Contenu connexe

Similaire à Do You Have a Roadmap for EU GDPR Compliance?(20)


Plus de Ulf Mattsson(20)


Do You Have a Roadmap for EU GDPR Compliance?

  1. Do You Have a Roadmap for EU GDPR Compliance? David Morris, Thought Leader and Pioneer in Cybersecurity United States Ian West, Specialist in GDPR, Data Governance, Data Privacy & Security United Kingdom Ulf Mattsson, CTO Security Solutions Atlantic BT, United States ulf.mattsson@atla Khizar A. Sheikh, Chair, Privacy, Cybersecurity, and Data Law, Mandelbaum Salsburg United States
  2. GDPR Case Studies
  3. Webcast - Aug 17 3 Title : Do You Have a Roadmap for EU GDPR Compliance? Description : The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union. Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance? Join this webinar to learn: • Case study and legal/regulatory impact to GDPR • Security Metrics • Oversight of third parties • How to measure cybersecurity preparedness Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh Date & Time : Aug 17 2017 5:00 pm Timezone : United States - New York Webcast URL :
  4. GDPR Case Studies Source: EU GDPR Report, Crowd Research Partners, 2017 4 1.US and Spain – customer data 2.Italy, Germany and more – financial data 3.Germany – outsourcing 4.Sweden – PII data
  5. US Companies Ramping up GDPR Budgets
  6. PWC GDPR Survey Source: PWC GDPR Survey, 2017 6 PwC recently conducted a pulse survey of 200 CIOs, CISOs, General Counsels, CCOs, CPOs and CMOs from US companies with more than 500 employees. The survey asked the c-suite about their plans for Europe’s landmark General Data Protection Regulation (GDPR). The “pulse” revealed five surprising results.
  7. Over half of US multinationals say GDPR is their top data- protection priority Source: PWC GDPR Survey, 2017 7 The EU reached agreement on the GDPR in December 2015, and in the last twelve months preparing for the new law’s obligations have jumped to the top of corporate agendas. Of the 200 respondents to PwC’s recent pulse survey on GDPR preparedness, 54 % reported that GDPR readiness is the highest priority on their data-privacy and security agenda. Another 38% said GDPR is one of several top priorities, while only 7% said it isn’t a top priority.
  8. Information security enhancement is a top GDPR initiative Source: PWC GDPR Survey, 2017 8 Much of the discussion about the GDPR has focused on the law’s privacy-centric requirements, such as mandatory record keeping, the right to be forgotten and data portability. The GDPR’s relatively generic information-security obligations, however, figure prominently in GDPR plans of US companies. •Among the 23% of survey respondents who haven’t started preparing for GDPR, their top priorities are data discovery, information security enhancement, third-party risk management and GDPR gap assessment. •Among the 71% who have begun GDPR preparation, the most-cited initiatives in flight are information security, privacy policies, GDPR gap assessment and data discovery. •Among the 6% who have completed GDPR preparations, the most-cited projects are information security, GDPR gap assessment, data discovery, and third-party risk management. •IT re-architecture is the lowest priority for companies in all three phases.
  9. 77% plan to spend $1 million or more on GDPR Source: PWC GDPR Survey, 2017 9 Securing a $1 million budget for data privacy has been more an exception than a rule for many American corporations. The GDPR’s potential 4% fine of global revenues, however, has changed budget appetites for mitigating this GDPR risk. While 24% of respondents plan to spend under $1 million for GDPR preparations, 68% said they will invest between $1 million and $10 million. Nine percent (9%) expect to spend over $10 million to address GDPR obligations.
  10. Binding corporate rules are gaining popularity Source: PWC GDPR Survey, 2017 10 The pulse survey asked executives which EU cross-border data-transfer mechanism they planned to use for processing EU personal data outside of Europe. After the invalidation of the Safe Harbor agreement in October 2015, most Safe Harbor members implemented so-called model contractual clauses as a stop-gap measure. Many observers, especially those in the legal community, thought model clauses would become the new norm. While 58% of respondents reported that future strategies would include model contracts, a stunning 75% said they will pursue binding corporate rules (BCRs), while 77% plan to self- certify to the EU-US Privacy Shield agreement. The uncertain future of both model contracts and the Privacy Shield may drive US multinationals to adopt two or even all three of these options to hedge their risks.
  11. How US businesses are re-evaluating their presence in Europe Source: PWC GDPR Survey, 2017 11 US corporations that are heavily invested in Europe will probably stay the course in the near term. Indeed, 64% of executives reported that their top strategy for reducing GDPR exposure is centralization of data centers in Europe. Just over half (54%) said they plan to de-identify European personal data to reduce exposure. The threats of high fines and impactful injunctions, however, clearly have many others reconsidering the importance of the European market. In fact, 32% of respondents plan to reduce their presence in Europe, while 26% intend to exit the EU market altogether.
  12. Outlook: Striving to keep pace with the GDPR Source: PWC GDPR Survey, 2017 12 American multinationals that have not taken significant steps to prepare for GDPR are already behind their peers. The typical large US corporation is currently moving through a data- discovery and assessment phase toward a multi-million-dollar remediation initiative that includes shoring up standard data-privacy and security capabilities in US operations. As European regulators in 2017 further clarify how they interpret the GDPR, more American companies are likely to re-evaluate the return-on-investment of their European initiatives.
  13. GDPR WW Impact
  14. GDPR Key Findings Source: EU GDPR Report, Crowd Research Partners, 2017 14
  15. Familiarity with GDPR Source: EU GDPR Report, Crowd Research Partners, 2017 15
  16. GDPR Impact Source: EU GDPR Report, Crowd Research Partners, 2017 16
  17. GDPR Impact by Industry Source: EU GDPR Report, Crowd Research Partners, 2017 17
  18. GDPR Compliance by Region Source: EU GDPR Report, Crowd Research Partners, 2017 18
  19. GDPR Compliance by Industry Source: EU GDPR Report, Crowd Research Partners, 2017 19
  20. GDPR Preparedness Source: EU GDPR Report, Crowd Research Partners, 2017 20
  21. GDPR Organizational Ownership Source: EU GDPR Report, Crowd Research Partners, 2017 21
  22. GDPR - Challenges Source: EU GDPR Report, Crowd Research Partners, 2017 22
  23. GDPR Initiatives Source: EU GDPR Report, Crowd Research Partners, 2017 23
  24. GDPR Chapters of Concern Source: EU GDPR Report, Crowd Research Partners, 2017 24
  25. GDPR Articles of Concern Source: EU GDPR Report, Crowd Research Partners, 2017 25
  26. GDPR Impact on Security Practices Source: EU GDPR Report, Crowd Research Partners, 2017 26
  27. GDPR Impact on Security Budgets Source: EU GDPR Report, Crowd Research Partners, 2017 27
  28. GDPR Challenges
  29. GDPR Study - Demographics Source: Ponemon Institute, 2017 29
  30. GDPR – Our Sample Source: Ponemon Institute, 2017 30
  31. GDPR Most Difficult Source: Ponemon Institute, 2017 31
  32. GDPR PII Definition is more expansive Source: Ponemon Institute, 2017 32
  33. GDPR – Compliance to Breach Process Source: Ponemon Institute, 2017 33
  34. GDPR – Plan to meet GRC Requirements Source: Ponemon Institute, 2017 34
  35. GDPR IT Sec Budget Source: Ponemon Institute, 2017 35
  36. GDPR Data Governance Budgets Source: Ponemon Institute, 2017 36
  37. GDPR – Data Protection Officers Source: Ponemon Institute, 2017 37
  38. GDPR Governance In-place Source: Ponemon Institute, 2017 38
  39. GDPR – Rights to EU Citizens? Source: Ponemon Institute, 2017 39
  40. GDPR – Do you know Which Data has Gone to 3rd parties? Source: Ponemon Institute, 2017 40
  41. GDPR compared to PCI, HIPAA and more Source: Ponemon Institute, 2017 41
  42. Preparing for GDPR
  43. Preparing for GDPR 43
  44. Preparing for GDPR: People Source: IBM, 2017 44
  45. Preparing for GDPR: Process Source: IBM, 2017 45
  46. Preparing for GDPR: Technology Source: IBM, 2017 46
  47. Preparing for GDPR Moving Forward Source: IBM, 2017 47
  48. Steps for for Securing Data to Comply with the GDPR
  49. Does GDPR Apply? Source: Imperva, 2017 49
  50. Checklist for GDPR Source: Imperva, 2017 50
  51. Source: Imperva, 2017 51 Checklist for GDPR
  52. GDPR Rules Requires Data Protection Technology Source: Imperva, 2017 52
  53. GDPR Prep Now or Pay the Price Source: Imperva, 2017 53
  54. GDPR – Plan to go The Distance Source: Imperva, 2017 54
  55. GDPR Already a Reality
  56. GDPR Already a Reality Source: Cordery Legal Compliance, UK, 2017 56
  57. GDPR – Your Plan Source: Cordery Legal Compliance, UK, 2017 57
  58. Source: Cordery Legal Compliance, UK, 2017 58 GDPR – Your Plan
  59. GDPR 12 Steps to take now (ICO UK)
  60. Preparing for GDPR Source: ICO – Information Commissioner’s Office, UK, 2017 60
  61. GDPR Key Problems and Some Solutions
  62. 62 The Currency of Trust: The “Why” of GDPR Source: Exate, 2017
  63. What will GDPR cost? Source: Exate, 2017
  64. The Challenges … Source: Exate, 2017
  65. The Problem Source: Exate, 2017
  66. What If … Source: Exate, 2017