Gearing up for GDPR in the Cloud
-
Upload
cloudlock -
Category
Technology
-
view
349 -
download
1
Transcript of Gearing up for GDPR in the Cloud
Gearing Up for EU GDPR Compliance in the Cloud
1
Presenters
2
Jennifer Sand
VP of Product Management,
CloudLock
Russell Miller
Director of Product Marketing,
CloudLock
Andrew Dyson
Partner, DLA Piper
Continuing Professional Education (CPE) Credits
Claim your CPE credit for attending this webinarhttps://www.isc2.org/
For more information or questions please contact us
3
Agenda
01
02
03
04
What is happening when
What do you need to know?
What do you need to do today?
What do you need to do in the next 2 years?
4
05 Questions
EU GDPR Timeline
555https://www.dlapiper.com/en/uk/focus/eu-data-protection-regulation/background/
EU GDPR vs. Privacy Shield
666
777
8 New Provisions
1 No ambiguity. One law across all 28 countries of the EU.
2 The law is global.
3 Increased fines. Up to 4% of global turnover or €20,000,000.
4 Breach notification. Mandatory within 72 hours.
5 New individual rights.
6 Liability extended to data processors as well as data controllers.
7 Information governance through the supply chain.
8 Privacy by design.
888
Who This Applies To
European offices Hold data on EU residents
Every Company Uses Cloud Services
999
1010
What You Need to Know
Where
What How
1111
What is Required
Appropriate Security Measures
Restrict Onward Transfers
Access/Manipulate Data
Sensitive Data is Out There
12
** CloudLock Cybersecurity Report: The Extended Parameter
A New Operating Paradigm
1313
Internal governance
Transparency
Customer controls
Incident management
Audit
Data protection officer
Disclosure of supply chain/transfer terms
Minimise level of data processed
Routine risk assessments/audits
Formal breach management
processes
Internal training/ audit & review
Internal register of processing
Regulate who and how processed
Manage Offshore data transfers
Appropriate security measures
EC Approved “Model Clauses”
EC approved Country
141414
Appropriate Security Measures in The Cloud
Automatic Detection of
Personal Data
Automated Action
Employee Involvement
Cloud Vendor Readiness Questions
Add bit.ly
151515
Dedicated Security Team?
Systems subjected to penetration testing?
Terms for ownership of data?
Share most recent vulnerability scan results?
Formal procedure for reporting a suspected security violation?
Access security of data facilities?
http://bit.ly/cloud-questions
What is security policy?
161616
What You Need to Do - Today
Tomorrow’s Task:5MAY
1 Document where and who process data
2 Audit and Prioritize Cloud Vendors
3 Consider technology at hand
171717
Do you comply?
bit.ly/cloudlock-assessment Come See Us At:
7-9 JuneOlympia, LondonBooth D202