A solid privacy and security approach Alf Moens, Corporate Security Officer SURF Evelijn Jeunink, Legal adviser, Corporate Privacy Officer SURF.

Slides:

Advertisements

Similar presentations

+ African Legal Support Facility Negotiations of natural resource contracts : Role of ALSF 2013 African Legal Support Facility Stephen Karangizi Director,

Advertisements

1 The interconnection of business registers Judit Fischer – DG Internal Market and Services Budapest, 14 June 2010.

Enhancing ethical culture through ethical decision-making Ethics training.

UN Guiding Principles on Business and Human Rights

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The judicial system in Albania The judicial power is exercised by the courts of first instance, the courts of appeal and the High Court. Courts may be.

CSO’s on the Road to Busan: Key Messages and Proposals.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Case of Serbia: Relations between EU integration process and judiciry reform Dušan Brajković Between Transformation and Integration – South-East Europe’s.

The Treaties, Institutions and Policies of the EU

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

Overview of the EU and its institutions Stephanie Newman, IEEP 20 February 2013 Fisheries Secretariat Workshop: Fisheries Policy in.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

An introduction to the EU and its legislation. Member States currently 15 –Austria- Ireland –Belgium- Luxembourg –Denmark- Netherlands –Finland- Portugal.

COMMISSION FOR PERSONAL DATA PROTECTION 14 TH Meeting, CEEDPA may, Kyiv LEGAL FRAMEWORK FOR DATA PROTECTION, COMPETENCES AND PRIORITIES OF THE COMMISSION.

Internal Auditing and Outsourcing

“Framework for mainstreaming Ireland's experience" Siobhan Barron Director National Disability Authority Ireland.

A Common Immigration Policy for Europe Principles, actions and tools June 2008.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.

Annual seminar in Berlin – 27 th May Should EU corporate governance measures take into account the size of listed companies ? How ? Should a.

International Symposium on the changing role of Parliament in the budget process: Experiences from PUIC Countries and EU Member States Cooperation between.

Environmental Management System Definitions

Regional Training/Consultations on Capacity Development for Sustainable Growth and Human Development in Europe and CIS Application of Capacity Development.

Acquis communautaire Community Acquis DEFINITION.

Joana Mendes Amsterdam Centre for European Law and Governance, University of Amsterdam Jean Monnet Seminar, University of Macau 27 October 2011 Participation.

Open Method of Coordination Viveca Arrhenius Ministerial adviser Helsinki, 5 May 2009.

©2012 Morrison & Foerster (UK) LLP | All Rights Reserved | mofo.com Data Protection Masterclass: The New Draft EU Data Protection Regulation 19 September.

Policy Plan on Asylum An integrated approach to the protection of refugees across the European Union June 2008.

The structure of the European Union before the Lisbon Treaty.

The EU Directive on "Services in the internal market", COM(2004) 2 final/3 Agnese Knabe Project coordinator European Public Health Alliance Civic Alliance.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

Practical tools of Dutch legislative drafters Jan A.B. Janus Jakarta 4-7 July 2011.

Cooperation with the Seimas Audit Committee Tomas Mackevičius Deputy Auditor General.

Personal data processed in cloud infrastructures: main legal aspects Avv. Enrico Pelino Attorney at Law at Bologna Bar, Italy Senior Associate at ICTlegalconsulting.

European Labour Law Institutions and their Competencies JUDr. Jana Komendová, Ph.D.

MEMORANDUM OF AGREEMENT TEMPLATE Svilena Simeonova, Director of Internal Control Directorate, Ministry of Finance, Bulgaria.

Pilot Project on implementation of SEA for regional planning in Ukraine Prof. Dr. Michael Schmidt Dmitry Palekhov Brandenburg University of Technology.

Main findings and recommendations of the Bulgaria A&A ROSC Update 12 December 2008 Luc Cardinal.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

Be Prepared For Change Are you Prepared?. Be Prepared For Change Are you Prepared?

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

New approach in EU Accession Negotiations: Rule of Law Brussels, May 2013 Sandra Pernar Government of the Republic of Croatia Office for Cooperation.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 32 – Financial Control Bilateral screening:

Key Points for a Privacy Programme for Multinationals Steve Coope.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

UEAPME: Lobbying and Advocacy at EU level.

Data Protection Officer’s Overview of the GDPR

Accountability & Structured Privacy Management

Tackling the Privacy Challenge

EU Law Law 326.

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.

Decrypting Data Compliance in China

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

GDPR support January GDPR support January 2018.

Microsoft Corporation

INTRODUCTION TO GDPR 19/09/2018.

Bob Siegel President Privacy Ref, Inc.

Introduction to GDPR 09/11/2018.

General Data Protection Regulation

The role of the ECCP (1) The involvement of all relevant stakeholders – public authorities, economic and social partners and civil society bodies – at.

The European Anti-Corruption Report

European Commission proposals for data protection

THE EUROPEAN COUNCIL.

Health and safety at work in the EU

Getting Ready For GDPR Simon Marks Director

Presentation transcript:

A solid privacy and security approach Alf Moens, Corporate Security Officer SURF Evelijn Jeunink, Legal adviser, Corporate Privacy Officer SURF

Privacy compliance working program Security- framework- Audit A set of legal standards

SURFaudit is: o A collaboratieve audit-tool o A benchmarking proces o A maturity model o Based on ISO Standards o A little privacy added last year

Privacy compliance working program Security- framework- Audit A set of legal standards

After-shock 1: Almost nine in ten (88 percent) ICT decision-makers are changing their cloud buying behaviour, with over one in three (38 percent) amending their procurement conditions for cloud providers After-shock 2: Only 5 percent of respondents believe location does not matter at all when it comes to storing company data After-shock 3: More than three in ten (31 percent) ICT decision-makers are moving data to locations where the business knows it will be safe After-shock 4: Around six in ten (62 percent) of those not currently using cloud feel the revelations have prevented them from moving their ICT into the cloud After-shock 5: ICT decision-makers now prefer buying a cloud service which is located in their own region, especially EU respondents (97 percent) and US respondents (92 percent) After-shock 6: Just over half (52 percent) are carrying out greater due diligence on cloud providers than ever before After-shock 7: One in six (16 percent) is delaying or cancelling contracts with cloud service providers After-shock 8: More than four fifths (84 percent) feel they need more training on data protection Laws After-shock 9: 82 percent of all ICT decision-makers globally agree with proposals by Angela Merkel

Time line 1995 Privacy Directive National law (Wbp 2001 The Netherlands) 2011 starting point new regulation 2012 first draft 3132 amendments Voting in Parliament EU Elections (May) Council (June ?)

“ I have a clear message to the council: Any further postponement would be irresponsible,” said Jan Philipp Albrecht, the rapporteur for the regulation. “The citizens of Europe expect us to deliver a strong EU-wide data protection regulation. If there are some member states which do not want to deliver after two years of negotiations, the majority should go ahead without them.” EU Justice Commissioner Viviane Reding also voiced strong support for the vote. “The message the European Parliament is sending is unequivocal: This reform is a necessity and now it is irreversible.”

The EU Parliament's text represents: - a powerful statement in favour of people's ability to control their own data. The Parliament has carefully refined the data protection rights of individuals by trying at all times to put people in a position of power in terms of the uses made of their data; - strengthened protections around data transfers of EU citizens’ data to non-EU countries; - increase of the potential fines to firms in breach of the regulation to €100 million, or five percent of global turnover,; -ensure EU citizens have a right to be forgotten and to not be profiled; -reinforcing the so-called accountability principle by requiring the adoption and regular review of compliance policies and procedures bolstering new principles like data protection by design and by default establishing brand new obligations such as the requirement to carry out risk assessments of most processing operations and ongoing data protection compliance reviews - requiring the compulsory appointment of data protection officers

Privacy initiative group: o Community wide working program o Cooperation to be better prepared for the upcoming EU regulation and to fix shortcomings already there o Act as an intermediary for the parties as the DPA o Synergy and quality, but also gain legitimacy for sector wide policies and implementations

Privacy initiative group: Representatives from - universities - colleges - teaching hospitals mix of - lawyers - privacy officers - security officers - Information Managers SURF is doing the project management, provides coordination and support within sector, informs SURF organization and community

Privacy compliance working program Security- framework- Audit A set of legal standards

Legal standard framework for cloud services: o Confidentiality o Privacy o Intellectual property o continuity

Considerations: o Support and commitment. Support is necessary to acquire a strong negotiating position Privacy and confidentiality are important for SURF. Much research done and involvement. Dutch DPA opinion on cloud computing and report on the Patriot Act. Framework brings this all together. External legal expertise and lawyers from the institutions involved to achieve best practice clauses and – again- commitment

Legal Framework: o Contractual provisions to be included in the contract with the cloud supplier o Contains a differentiation depending on risk analysis o An explanation is included that refers to relevant legislation and common practice