Presentatie Inergy Talking Dinner pon

STRONGBRANDS,DEDICATEDPEOPLE

Privacy implementatie in de

praktijk

Rence Damming

Chief Information Security & Privacy Officer

Inergy Talking Dinner

Agenda

Slides by: [email protected]

• Introductie

• Hoe pakt u het implementatietraject aan, waar beginnen?

• Welke strategische overwegingen spelen er?

• Welke weerstand kunt u verwachten in uw organisatie?

• Stappenplan en ervaringen/best practices.

Me

Occupation: Chief Information Security & Privacy Officer of Pon Holdings

worldwide. Worked in IT, Strategy & Telecommunications for almost 18

years.

Studied Economics, started career as music professional

Experienced on: Data protection, Legislation, Contract management, Legal

Interception and Security

Past jobs include: Chief Privacy Officer of KPN, Head of Security Telfort,

Manager Legal Intercept, IT Project Manager and various positions in

Customer Operations


Waar beginnen?


Governance

Privacy Governance

Model

Policies

Compliance code

for Privacy

Awareness

Training and

Communications

Business

Processes

Business processes

With Privacy focus

Best Practice: ISF ontwikkelde hiervoor

een Data Privacy Framework:

• Start met Awareness (2 kanten op:

operatie vs beleid);

• Inventariseer je risico’s;

• Bepaal je ‘Risk appetite’ op basis

van de gestelde risico’s;

• Bedenk mitigerende maatregelen

• Borging van de maatregelen in

processen

• Vorm je beleid gebaseerd op de

afspraken met je klant (Privacy

Statement!)

• Governance…

Waar beginnen? Juiste communicatie! Elkaar begrijpen


Privacy Officer:

“Are you processing data?”

Technical Officer:

“No, I only store data”

In legal terms:

Processing = being able to readIn technology terms:

Processing = changing

Strategische overwegingen: bouwblokken


• Privacy

policy

• DPO and

Privacy

Officers

• Related

policies

• Data

Controllershi

p

• Training

• Awareness

• Guidelines

• Communicatio

n

• Data

Breach

procedure

• Third party

privacy

clauses

• Privacy

rights

handling

• Privacy by

design

• Privacy

Impact

Assessment

• Data register

/ Risk

mapping

• Website legal

requirements

• Privacy

controls

• Compliance

dash board

Governance People (DNA) Processes Systems Monitoring

Privacy & perceptie


Building Rome ≠ 1 day


Uit de praktijk


3 Key learnings vanuit de praktijk:

• “Never waste a good crisis”. Incidenten zijn de

ultieme les om maturity te vergroten;

• Niet iedereen in je organisatie snapt het belang

van Privacy en wat dit betekent in zijn/haar

werk en hoe de wereld om ons heen beweegt

• Je kunt Privacy niet borgen, zonder adequate

Security en vice versa

Voorkom onnodige complexiteit


Verwarring en hoeveelheid informatie


Zorg voor overzicht!


Voer bij verwerking van persoonsgegevens een Privacy Impact Assessment (PIA) uit:

A couple of rules that are easy to remember


1) Everything you do with personal data, could affect privacy

2) Anonimized data is not personal data, therefor not regulated and can be freely used (be aware of

customer expectaction)

3) Don’t store personal data longer than strictly required

4) When asking explicit permission, it is only valid when it’s given in advance and

clearly describes the goal(s) of the processing


Rence Damming

Chief Information Security & Privacy Officer

Pon Holdings

[email protected]

© ChiefPrivacyOfficer.nl / Classificatie: Publiek - Openbaar

mailto:[email protected]

Presentatie Inergy Talking Dinner pon

Presentations & Public Speaking

Transcript of Presentatie Inergy Talking Dinner pon