belgian data protection commission's new audit programme
TRANSCRIPT
Belgian Data Protection Commission’s new
company audit programme: Preparing for a new European
legal frameworkWillem Debeuckelaere,
President Belgian Privacy Commission
Marc Vael, Deputy member Flemish Supervisory Commission for Electronic
Administrative Data Flows
The competences of the Belgian DPA (established by the 1992 Privacy/Data Protection Act)
1. Opinions 2. Recommendations 3. Mediation based on compliants 4. Investigations 5. Enforcement by notifying proper
authorities when privacy violations occur 6. Legal actions
➢Independent
➢At own initiative
The competences of the Belgian DPA (established by the 1992 Privacy/Data Protection Act)
➢Public register
➢Public sector: prior authorization
➢Security advisors
The competences of the Belgian DPA (established by the 1992 Privacy/Data Protection Act)
CAE top 10 privacy questions
1. What are the relevant laws and regulations? 2. What personal information is collected? 3. Are policies & procedures in place? 4. Are responsibility & accountability assigned? 5. Are personal data storage locations known? 6. Which protection mechanisms are in place? 7. Any disclosures to third parties? 8. Is employee training adequate? 9. Sufficient resources allocated to a privacy
program? 10.Are privacy practices periodically assessed?
Belgian Cyber Security GuidePrinciple 1: Look beyond the technology
Principle 2: Compliance is not enough
Principle 3: Translate your security ambition into an information security policy
Principle 4: Ensure top management commitment
Principle 5: Create a visible security role in your company and embed personal responsibility
Principle 6: Remain secure even when you outsource
Principle 7: Ensure security is an enabler for innovation
Principle 8: Keep challenging yourself
Principle 9: Maintain focus
Principle 10: Be prepared to handle incidents
Belgian Cyber Security GuidePrinciple 1: Look beyond the technology
Principle 2: Compliance is not enough
Principle 3: Translate your security ambition into an information security policy
Principle 4: Ensure top management commitment
Principle 5: Create a visible security role in your company and embed personal responsibility
Principle 6: Remain secure even when you outsource
Principle 7: Ensure security is an enabler for innovation
Principle 8: Keep challenging yourself
Principle 9: Maintain focus
Principle 10: Be prepared to handle incidents
Belgian Cyber Security GuideAction 1: Implement user education & awareness
Action 2: Keep systems up to date
Action 3: Protect information
Action 4: Apply mobile device security
Action 5: Only give access to information on a “need to know” basis
Action 6: Enforce safe surfing rules
Action 7: Use strong passwords and keep them safe
Action 8: Make and check backup copies of business data and information
Action 9: Apply a layered approach against viruses and other malware
Action 10: Prevent, detect and act
Belgian Cyber Security GuideAction 1: Implement user education & awareness
Action 2: Keep systems up to date
Action 3: Protect information
Action 4: Apply mobile device security
Action 5: Only give access to information on a “need to know” basis
Action 6: Enforce safe surfing rules
Action 7: Use strong passwords and keep them safe
Action 8: Make and check backup copies of business data and information
Action 9: Apply a layered approach against viruses and other malware
Action 10: Prevent, detect and act
Belgian Cyber Security Guide
• 11 public organisations • 8 private not-for-profit organisations
• 17 frameworks
31
Marc Vael Deputy member Flemish Supervisory
Commission for Electronic Administrative Data Flows
Contact information
+32 473 993 031
[email protected] http://www.linkedin.com/in/marcvael
@marcvael
+32 2 274 4801 [email protected]
Willem Debeuckelaere President Belgian Privacy Commission