Presentatie Inergy Talking Dinner pon
-
Upload
inergy -
Category
Presentations & Public Speaking
-
view
17 -
download
3
Transcript of Presentatie Inergy Talking Dinner pon
STRONGBRANDS,DEDICATEDPEOPLE
Privacy implementatie in de
praktijk
Rence Damming
Chief Information Security & Privacy Officer
Inergy Talking Dinner
Agenda
Slides by: [email protected]
• Introductie
• Hoe pakt u het implementatietraject aan, waar beginnen?
• Welke strategische overwegingen spelen er?
• Welke weerstand kunt u verwachten in uw organisatie?
• Stappenplan en ervaringen/best practices.
Me
Occupation: Chief Information Security & Privacy Officer of Pon Holdings
worldwide. Worked in IT, Strategy & Telecommunications for almost 18
years.
Studied Economics, started career as music professional
Experienced on: Data protection, Legislation, Contract management, Legal
Interception and Security
Past jobs include: Chief Privacy Officer of KPN, Head of Security Telfort,
Manager Legal Intercept, IT Project Manager and various positions in
Customer Operations
Slides by: [email protected]
Waar beginnen?
Slides by: [email protected]
Governance
Privacy Governance
Model
Policies
Compliance code
for Privacy
Awareness
Training and
Communications
Business
Processes
Business processes
With Privacy focus
Best Practice: ISF ontwikkelde hiervoor
een Data Privacy Framework:
• Start met Awareness (2 kanten op:
operatie vs beleid);
• Inventariseer je risico’s;
• Bepaal je ‘Risk appetite’ op basis
van de gestelde risico’s;
• Bedenk mitigerende maatregelen
• Borging van de maatregelen in
processen
• Vorm je beleid gebaseerd op de
afspraken met je klant (Privacy
Statement!)
• Governance…
Waar beginnen? Juiste communicatie! Elkaar begrijpen
Slides by: [email protected]
Privacy Officer:
“Are you processing data?”
Technical Officer:
“No, I only store data”
In legal terms:
Processing = being able to readIn technology terms:
Processing = changing
Strategische overwegingen: bouwblokken
Slides by: [email protected]
• Privacy
policy
• DPO and
Privacy
Officers
• Related
policies
• Data
Controllershi
p
• Training
• Awareness
• Guidelines
• Communicatio
n
• Data
Breach
procedure
• Third party
privacy
clauses
• Privacy
rights
handling
• Privacy by
design
• Privacy
Impact
Assessment
• Data register
/ Risk
mapping
• Website legal
requirements
• Privacy
controls
• Compliance
dash board
Governance People (DNA) Processes Systems Monitoring
Privacy & perceptie
Slides by: [email protected]
Building Rome ≠ 1 day
Slides by: [email protected]
Uit de praktijk
Slides by: [email protected]
3 Key learnings vanuit de praktijk:
• “Never waste a good crisis”. Incidenten zijn de
ultieme les om maturity te vergroten;
• Niet iedereen in je organisatie snapt het belang
van Privacy en wat dit betekent in zijn/haar
werk en hoe de wereld om ons heen beweegt
• Je kunt Privacy niet borgen, zonder adequate
Security en vice versa
Voorkom onnodige complexiteit
Slides by: [email protected]
Verwarring en hoeveelheid informatie
Slides by: [email protected]
Zorg voor overzicht!
Slides by: [email protected]
Voer bij verwerking van persoonsgegevens een Privacy Impact Assessment (PIA) uit:
A couple of rules that are easy to remember
Slides by: [email protected]
1) Everything you do with personal data, could affect privacy
2) Anonimized data is not personal data, therefor not regulated and can be freely used (be aware of
customer expectaction)
3) Don’t store personal data longer than strictly required
4) When asking explicit permission, it is only valid when it’s given in advance and
clearly describes the goal(s) of the processing
Slides by: [email protected]
Rence Damming
Chief Information Security & Privacy Officer
Pon Holdings
© ChiefPrivacyOfficer.nl / Classificatie: Publiek - Openbaar