GDPREuropeanGeneralDataProtection
Regulation(GDPR)
EuropeanGeneralDataProtectionRegulation(GDPR)
WebcastmitSophos– 26.02.2016 2
• „EuropeanDirective“willreplaceall(28)nationaldatasecuritylaws• By2018• 2yearsofgraceperiod• Penaltiesmuchhigher– upto20MillionEUR
GDPR– TheTimetoActisNow
• Thursday14April2016o EuropeanParliamentapprovesnewrulesfitforthedigitalera
NewProvisions
• Finesupto4%ofannualWWturnover• Arighttobeforgotten• Clearandaffirmativeconsenttotheprocessingof
privatedatabythepersonconcerned• Arighttotransferyourdatatoanotherservice
provider• Therighttoknowwhenyourdatahasbeenhacked• Ensuringthatprivacypoliciesareexplainedinclear
andunderstandablelanguage
Timeline
• Memberstateshave2yearstotransposetheprovisionsofthedirectiveintonationallaw.
• Theregulationwillenterintoforce20daysafteritspublicationintheEUOfficialJournal.
• DuetoUKandIreland’sspecialstatus,thedirective’sprovisionswillonlyapplyinthesecountriestoalimitedextent.
• Denmarkwillbeabletodecidewithin6monthsafterthefinaladoptionofthedirectivewhetheritwantstoimplementitinitsnationallaw.
TechnicalControl
WebcastmitSophos– 26.02.2016 4
• Dutytousedataprotectionfriendlytechnologyo „Dataprotection by design“
• anddataprotectionfriendlyconfigutrationo „Dataprotectionbydefault“
• TheEUCommissioncandefinerequirementsforspecifictechnicalmeasures
• Itisexpectedthatdetailedsecuritystandardswillbedefinedinthemid-term
Dutytocommunicatedatabreaches
5
• Shouldapersonaldatabreachoccur,thecompanyisrequiredtonotifythesupervisoryauthoritywithin72hoursafterhavingbecomeawareofthebreach.
Credit CardNumber
Name
Address Salary
Date of Birth
FinancialSituation
TelephoneNumber
IP AddressRFID Tags
Geo Tags
Encryptionbecomespolitical
“For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe.”Tim Cook, CEO of Apple
Mac/PCComputer
Phone
Tablet
DataisEverywhere
8
Mac/PCComputer
HDD
TrueorFalse?FullDiskEncryptionisallyouneed?
9
FileEncryption
Mac/PCComputer
Cloud-basedFileShare
Servers/SharedFolders
Phone
Tablet
10
SynchronizedEncryption
EncryptIndividualFiles
11
SynchronizedEncryption
EncryptIndividualFiles
BYDEFAULT
EVERYWHERE
ALWAYSON
12
SecureContentCollaborationfortrustedusers
ContentstoredintheCloud
5
SecureContentCollaborationfortrustedusers
Preventhackersfromaccessingdatastored
intheCloud
ContentsharedviaemailandfromtheCloud
ContentstoredintheCloud
5
SecureContentCollaborationfortrustedusers
Contentdecryptedforinternaluser
Preventhackersfromaccessingdatastored
intheCloud
ContentsharedviaemailandfromtheCloud
ContentstoredintheCloud
5
ProductDemo
17
18
Whataboutexternalsharing?
19
21
22
Whatyoucandonow
23
• Usethetimelefttopreparecomplianceandstartnow• Analyseallprocesses• Documentsecuritymeasures• DataProtectionfriendlyuseoftechnologiesfromthestart
24