Presentation is loading. Please wait.

Presentation is loading. Please wait.

WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.

Published byAllan Stafford Modified over 5 years ago

Similar presentations

Presentation on theme: "WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information."— Presentation transcript:

1 WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown
Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information Commissioner of the Republic of Slovenia.

2 WHAT IS GDPR? GDPR is short for General Data Protection Regulation (Regulation EU 2016/679). GDPR is a result of European Parliament, European Council and European Commission efforts to strenghten and unify personal data protection. GDPR was adopted on 27. April 2016. It enteres into application on 25. May 2018, after a two year transition period. Until then personal data protection is regulated by current national legislation.

3 NEW SANCTIONS Slovenian Personal Data Protection Act (PDPA) has relatively mild sanctions for personal data violations. Fine for legal person: EUR Fine for responsible person of legal person: 830 EUR Fine for individual: 200 EUR However, GDPR will introduce very high maximum fines. Up to EUR or up to 4% of the annual worldwide turnover of the perceding financial year n a case of an enterprise.

4 (SOME OF) WHAT WILL GDPR BRING
Representatives of controllers or processors not established in the EU. Data protection by design and by default. Data protection impact assessment. Prior consultation with the supervisory authority. Notification of a personal data breach to the supervisory authority. Communication of a personal data breach to the data subject Data protection officer. Codes of conduct. Certification.

5 MORE INFORMATION SECURITY?
GDPR demands more effort from data controllers and data processors regarding information security. In what way? Article 32 demands: the pseudonymisation and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

6 EXPORTING PERSONAL DATA
If there is an adequacy decision made by Commission that a third country, territory or sector ensures adequate level of personal data protection. If there is no adequancy decision, there are several options (if controller/processor has provided appropriate safeguards and effective legal remedies for data subjects are available): A legally binding and enforceable instrument between public authorities Binding corporate rules. Standard data protection clauses adopted by the Commission. Standard data protection clauses adopted by a supervisory authority. An approved code of conduct together with binding and enforceable commitments of the controller or processor. An approved certification mechanism together with binding and enforceable commitments of the controller or processor.

7 BOTTOM LINE New personal data legislation will enable new opportunities for data controllers, processors and interested third parties. GDPR puts more emphasis on information security. Export of personal data to third countries should be a bit easier. Noncompliance to GDPR provisions will be harshly sanctioned. Only time will tell if GDPR provisions will be successfully implemented into reality.

Download ppt "WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information."

Similar presentations

Draft EU Privacy Regulation Corporate Privacy Forum January 26, 2012.

Draft EU Privacy Regulation Corporate Privacy Forum January 26, 2012.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
Preparation of future ENI CBC programmes - State of Play Vanessa De Bruyn (DG DEVCO) 3 December 2012.

Preparation of future ENI CBC programmes - State of Play Vanessa De Bruyn (DG DEVCO) 3 December 2012.
©2012 Morrison & Foerster (UK) LLP | All Rights Reserved | mofo.com Data Protection Masterclass: The New Draft EU Data Protection Regulation 19 September.

©2012 Morrison & Foerster (UK) LLP | All Rights Reserved | mofo.com Data Protection Masterclass: The New Draft EU Data Protection Regulation 19 September.
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
1 TAIEX JHA 52182 - Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council.

Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.
Regulation models addressing data protection issues in the EU concerning RFID technology Ioannis Iglezakis Assistant Professor in Computers & Law Faculty.

Regulation models addressing data protection issues in the EU concerning RFID technology Ioannis Iglezakis Assistant Professor in Computers & Law Faculty.
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
The General Data Protection Regulation

The General Data Protection Regulation
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
General Data Protection Regulations: The Key Changes

General Data Protection Regulations: The Key Changes
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
E-VOLUTION OF DATA PROTECTION (IMPLEMENTATION OF DATA PROTECTION REFORM) Developments and Challenges in EU Privacy Law Aspects from a German Perspective.

E-VOLUTION OF DATA PROTECTION (IMPLEMENTATION OF DATA PROTECTION REFORM) Developments and Challenges in EU Privacy Law Aspects from a German Perspective.
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
Making the Connection ISO Master Class An Overview.

Making the Connection ISO Master Class An Overview.
TRUSTED | PROTECTED | SECURED

TRUSTED | PROTECTED | SECURED

Similar presentations

Ads by Google