Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data protection certification and cloud computing

Published byAgathe Audet Modified over 5 years ago

Similar presentations

Presentation on theme: "Data protection certification and cloud computing"— Presentation transcript:

1 Data protection certification and cloud computing
Gwendal Le Grand Director of technology and innovation CNIL (French DPA)

2 Privacy certification
Certification of products or procedures (art. 11) Audit procedures, privacy governance, training, e-safes Assessment by the CNIL Privacy seals delivered by the CNIL Data protection certification and cloud computing

3 Data protection certification and cloud computing
CNIL recommendations Published guidance with models of contractual clauses (2012) WP29 recommendations Opinion 5/2012 on cloud computing Cloud security alliance Privacy Level Agreement Outline for cloud services in the EU Star certification Cloud code of conduct (EU level) Opinion 2/2015 on C-SIG draft code of conduct Transition to GDPR ; CoC vs enforcement by DPAs ; governance of the code ; Location of the processing ; International transfers ; liability ; security ; right to audit … Data protection certification and cloud computing

4 Data protection certification and cloud computing
ISO standards ISO/IEC 29100 Privacy framework  Terminology and principles to be used in every privacy related standard ISO/IEC 29151 Code of practice for PII protection Catalogue of generic privacy controls, in addition to ISO/IEC (information security controls) ISO/IEC Code of practice for information security controls for cloud computing services based on ISO/IEC 27002  Catalogue of information security controls specific to cloud computing, in addition to ISO/IEC 27002 ISO/IEC Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors Catalogue of privacy controls specific to cloud computing, (theorically) in addition to ISO/IEC 29151 ISO/IEC 27001 Information security management system (ISMS) Requirements for the certification of information security management systems ISO/IEC 27009 Sector specific application of ISO/IEC – Requirements Requirements for the creation of sector-specific standards that would fit in the ISO/IEC framework Next step: use ISO/IEC requirements to build the missing privacy requirements in a new standard, in order to be able to certify management systems including privacy and/or cloud computing specific aspects Data protection certification and cloud computing

5 Data protection certification and cloud computing
Conclusion Need to provide transparency and privacy assurance for Cloud providers Cloud customers Privacy and data protection are requested by users Privacy & Data protection are legal obligations and competitive advantages Data protection certification and cloud computing

Download ppt "Data protection certification and cloud computing"

Similar presentations

European Cloud Partnership Rainer Zimmermann European Commission Information Society and Media Directorate General Head of Unit Software & Service Architectures.

European Cloud Partnership Rainer Zimmermann European Commission Information Society and Media Directorate General Head of Unit Software & Service Architectures.
Public hearing European Standardization: improving competitiveness through a new regulatory framework - European Parliament / IMCO 6 key messages on European.

Public hearing European Standardization: improving competitiveness through a new regulatory framework - European Parliament / IMCO 6 key messages on European.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Geneva, Switzerland, 25-26 September 2012 m-Cloud for Homecare - Policy & Regulatory Challenges - Francesca Fontana, Associate at ICT Legal Consulting.

Geneva, Switzerland, September 2012 m-Cloud for Homecare - Policy & Regulatory Challenges - Francesca Fontana, Associate at ICT Legal Consulting.
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance.

Copyright © 2011 Cloud Security Alliance.
Www.cloudsecurityalliance.org Security and Privacy SLAs for Cloud services Dr. Jesus Luna, CSA Research Director EMEA Copyright © 2015 Cloud Security Alliance.

Security and Privacy SLAs for Cloud services Dr. Jesus Luna, CSA Research Director EMEA Copyright © 2015 Cloud Security Alliance.
Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.

Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.
Building trust in the Cloud: the CSA perspective Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance © Cloud Security.

Building trust in the Cloud: the CSA perspective Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance © Cloud Security.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
18 th Annual Canadian IT Law Association Conference Insider View from the EU Expert Group on Cloud Computing Dr Sam De Silva Partner, Head of IT & Outsourcing.

18 th Annual Canadian IT Law Association Conference Insider View from the EU Expert Group on Cloud Computing Dr Sam De Silva Partner, Head of IT & Outsourcing.
Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.

Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.

SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
Roles and Responsibilities

Roles and Responsibilities
12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:

12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:
The ISO 27000 Standards Get Familiar or Stay Away? PrivaTech Consulting www.privatech.ca Presenter: Fazila Nurani, B.A.Sc., (E.Eng.), LL.B., CIPP/C.

The ISO Standards Get Familiar or Stay Away? PrivaTech Consulting Presenter: Fazila Nurani, B.A.Sc., (E.Eng.), LL.B., CIPP/C.
Introduction to the ISO 27000 series ISO 27000 – principles and vocabulary (in development) ISO 27001 – ISMS requirements (BS7799 – Part 2) ISO 27002 –

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –
EHealth/mHealth Gisele Roesems Deputy Head of Unit Health and Well-Being DG CONNECT EUROPEAN COMMISSION 2 nd International Conference on Health Informatics.

EHealth/mHealth Gisele Roesems Deputy Head of Unit Health and Well-Being DG CONNECT EUROPEAN COMMISSION 2 nd International Conference on Health Informatics.

Similar presentations

Ads by Google