Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyberforum 2018 March 8, 2018 Los Angeles GDPR & SECURITY

Published byLouis Bourget Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyberforum 2018 March 8, 2018 Los Angeles GDPR & SECURITY"— Presentation transcript:

1 Cyberforum 2018 March 8, 2018 Los Angeles GDPR & SECURITY
Peter Z. Stockburger, Senior Managing Associate, Dentons Francoise Gilbert, Shareholder, Greenberg Traurig, LLP Thomas Peistrup, General Counsel, InStyler/Tre Milano Elvis Stumbergs, Counsel, Office of Privacy, Sprint

2 Security – One of the 7 Data Protection Principles
Personal data must be processed in a manner that ensures appropriate security of the personal data, including Protection against unauthorized or unlawful processing Protection against accidental loss, destruction, or damages Using appropriate technical and organizational measures Controller is responsible for, and must be able to demonstrate compliance

3 Security Obligations of Controllers & Processors
Implement appropriate technical and organizational security measures that take into account the state of the art, the cost of implementation, the nature, scope, context and purpose of the processing, and the risk of varying likelihood and severity for the rights and freedoms of individuals (Art. 32) Including, as appropriate: Pseudonymization and encryption of personal data Ability to ensure confidentiality, integrity, availability and resilience of the processing systems and services Ability to restore the availability and access to personal data in a timely manner in the event of physical and or technical incident Process for regularly testing, assessing and evaluating the effectiveness of the measure Maintain a record of the technical and organizational security measures (Art. 30) May instead comply with a Code of Conduct

4 Security Obligations of Controllers & Processors
Data Protection Impact Assessment (DPIA), when required, must: Indicate the measures envisaged to address the risks to the data and to the rights of the data subjects, including the security measures and mechanisms to ensure the protection of personal data, and Demonstrate compliance with the GDPR Controller dealing with Processors Conduct appropriate due diligence when selecting processors and subprocessors Enter into written contracts with processors regarding scope of data uses and protection of personal data

5 Personal Data Breach “Personal Data Breach” : a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, access to, personal data transmitted, stored or otherwise processed Controller must document any personal data breach: Facts relating to the breach Its effects The remedial action taken Documentation must enable the Supervisory Authority to verify compliance Controller Notification to Supervisory Authority (Art. 33) Without undue delay, and where feasible within 72 hours of identifying an incident If notification is not made within 72 hours, Controller must provide reasons for the delay Exception: If Controller can demonstrate that the breach is unlikely to result in a risk to the rights and freedoms of individuals

6 Personal Data Breach Controller notification to affected individuals (Art. 34) Required only if the breach is likely to result in a high-risk to the rights and freedom of the individuals Not required if data is unintelligible, Controller has taken measures to ensure that the high risk is no longer likely; or contacting each individual would require disproportionate effort Supervisory Authority may require the Controller to make the notification, even if the Controller previously determined that the notification was not required Processor Notification to Controller Required without undue delay

Download ppt "Cyberforum 2018 March 8, 2018 Los Angeles GDPR & SECURITY"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.

E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October 2012 1.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.

Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Www.clarkholt.com Clark Holt Limited (Co. No. 8774683), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
General Data Protection Regulations: Key Articles Overview Craig Clark Information Security & Compliance Manager UNIVERSITY OF EAST LONDON – LONDON’S LEADING.

General Data Protection Regulations: Key Articles Overview Craig Clark Information Security & Compliance Manager UNIVERSITY OF EAST LONDON – LONDON’S LEADING.
Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.

Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Nassau Association of School Technologists

Nassau Association of School Technologists
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
Unpacking the European Commission General Data Protection Regulation

Unpacking the European Commission General Data Protection Regulation

Similar presentations

Ads by Google