GDPR: More reasons for information security

GDPR: More reasons for information securityAndrew Cormack (@Janet_LegReg)

03/05/2023

Existing reasons

03/05/2023GDPR: More reasons for information security 2

Information Security

Reliability

Confidence

ReputationPolicy

Workload

General data protection regulation (GDPR) 2016/679

Personal data processing

May 2018» Almost certainly pre-Brexit» Services to EU people covered anyway

Becomes UK law automatically

GDPR supports proactive and reactive information security

Breach notification

Unauthorised/accidental loss, alteration, disclosure or access to personal data

All breaches

» Document

Risk to rights/freedoms

» Report to ICO (72 hour expectation)» Nature; number/type of records/people affected;

mitigationsHigh risk to

rights/freedoms» Also notify individuals (unless mitigated)» Can take ICO advice

Security and incident response

Very like security good practice (paper currently with journal reviewers)

“Ensuring network and information security … CSIRTs… providers of networks and services… ” (Rec.49)A legitimate interest… (for processing personal data)

If necessary/proportionate…

Balance of interests test…

Other tools mentioned

Encryption

» Mitigate damage from breaches

Data protection by design

Exercises » Test readiness

» Assist complianceAuthorisation

» Reduce riskPseudonyms

New incentives

Security/incident response clearly lawful

Increased public awareness

Much bigger fines (€20M/4%)

Damages, not just for monetary loss

Opportunities to improve

Regulator guidance

Lessons learned from breaches

Compare public notifications

NIS Directive => more sharing

Cloud security standards etc.

12 steps

Information Commissioner’s Office, [Preparing for the GDPR, 14/3/16], licensed under the Open Government Licence

Watch these spaces

» ICO:› https://ico.org.uk/for-organisations/data-protection-reform/

» Regulation (2016/679/EU):› http://ji.sc/gdpr-text

» Me:› http://ji.sc/dataprotection-regulation

jisc.ac.uk

One Castlepark Tower Hill Bristol BS2 0JA

customerservices@jisc.ac.uk

T 020 3697 5800

Except where otherwise noted, this work is licensed under CC-BY-NC-ND

Thanks

Andrew CormackChief Regulatory Adviser, Jisc TechnologiesAndrew.Cormack@jisc.ac.uk

GDPR: More reasons for information security

Technology

Transcript of GDPR: More reasons for information security

Seguridad y cumplimientoinfo.cloudchampion.es/rs/294-UWH-949/images/GDPR-CISO... · 2018. 1. 31. · GDPR: Seguridad y cumplimiento normativo. Guía para Chief Information Security

VARONIS DATA CLASSIFICATION FRAMEWORK: … · GET READY FOR GDPR Discover, manage, and protect your GDPR data with Varonis. Build a GDPR security policy to meet compliance PRODUCT

GDPR GUIDANCE - RSA Broker GDPR Guidance_group_… · Security Management System, security is equally important. Steps to achieve cyber security • Establish an effective governance

2019 GDPR Small Business Survey · GDPR Small Business Survey 2019 A report by ... the more technical aspects of data security, and a ... it was essential to comply with the GDPR.

The GDPR and NIS Directive A new age of accountability, security … · 2020-01-17 · GDPR – some more on breach notification GDPR and NIS Directive: Accountability, security and

GDPR Masterclass -Brochure - Information Security Institute · GDPR by Information-security Institute MASTERCLASS ... This 3-day course will focus on the latest advanced best-practices,

LMS Group - GDPR Checklist 03€¦ · IT Support Cloud Managed IT Services Telephony Cyber Security Connectivity IT Consultancy Your Business Name: GDPR Checklist

Inaxsys Integrated Security Solutions GDPR : How it ... · Présenté par Mark McRae Inaxsys Integrated Security Solutions GDPR : How it Affects Access Control and Alarms Systems

CLOUD SECURITY ALLIANCE CODE OF CONDUCT FOR GDPR … · Adherence Template (collectively, “CSA Code of Conduct for GDPR Compliance”) is licensed by the Cloud Security Alliance

Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions

NIS, GDPR and Cyber Security: Convergence of …NIS, GDPR and Cyber Security: Convergence of Cyber and Compliance Risk Tony Drewitt –Head of Consultancy IT Governance Ltd IT Governance

CLOUD SECURITY ALLIANCE CODE OF CONDUCT FOR GDPR …

GDPR compliance seminar...Knowledge of GDPR compliance, privacy controls, data security and change management Subject matter experts IT, compliance, HR, marketing, procurement, customer

SilkRoad Technology Security · OPERATIONAL SECURITY GENERAL DATA PROTECTION REGULATION (GDPR) ORGANIZATIONAL SECURITY PERSONALLY IDENTIFIABLE INFORMATION (PII) SilkRoad leverages

IBM Security technology and services for GDPR programs...••Conduct GDPR assessments across privacy, governance, people, processes, data, security ••Develop GDPR Readiness Roadmap

Powerful Data Security Made Easy. - Address GDPR Requirements · 2017-03-30 · Data Security 2. Data Accountability 3. Timely Response 4. Audit Trail. Address GDPR Requirements.

GDPR clinic - CloudWATCH at Cloud Security Expo 2017

ARTICLES IN THE GDPR CONTAINING FLEXIBILITIES ALLOWING · The main reasons for replacing the Directive with a Regulation, the General Data Protection Regulation (GDPR), was that a

GDPR, Cyber Security and Archives in the digital era · GDPR, Cyber Security and Archives in the digital era Vesselin Stoilov | CIO Adelina Kostova | DPO Elena Mena | Marketing manager

Network Security Forensics For GDPR Compliance - … Security Forensics For GDPR Compliance ... financial impact on the firm from the infringement ... invested in discovery and forensics