gdpr: more reasons for information security

GDPR: More reasons for information security Andrew Cormack (@Janet_LegReg) 05/07/20 22

Upload: jisc

Post on 16-Apr-2017

621 views

Category:

Technology

3 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: GDPR: More reasons for information security

GDPR: More reasons for information securityAndrew Cormack (@Janet_LegReg)

03/05/2023

Page 2: GDPR: More reasons for information security

Existing reasons

03/05/2023GDPR: More reasons for information security 2

Information Security

Reliability

Confidence

Trust

ReputationPolicy

Workload

etc

Page 3: GDPR: More reasons for information security

General data protection regulation (GDPR) 2016/679

03/05/2023GDPR: More reasons for information security 3

Personal data processing

May 2018» Almost certainly pre-Brexit» Services to EU people covered anyway

Becomes UK law automatically

Page 4: GDPR: More reasons for information security

GDPR supports proactive and reactive information security

03/05/2023GDPR: More reasons for information security 4

Page 5: GDPR: More reasons for information security

Breach notification

Unauthorised/accidental loss, alteration, disclosure or access to personal data

03/05/2023GDPR: More reasons for information security 5

All breaches

» Document

Risk to rights/freedoms

» Report to ICO (72 hour expectation)» Nature; number/type of records/people affected;

mitigationsHigh risk to

rights/freedoms» Also notify individuals (unless mitigated)» Can take ICO advice

Page 6: GDPR: More reasons for information security

Security and incident response

03/05/2023GDPR: More reasons for information security 6

Very like security good practice (paper currently with journal reviewers)

“Ensuring network and information security … CSIRTs… providers of networks and services… ” (Rec.49)A legitimate interest… (for processing personal data)

If necessary/proportionate…

Balance of interests test…

Page 7: GDPR: More reasons for information security

Other tools mentioned

03/05/2023GDPR: More reasons for information security 7

Encryption

» Mitigate damage from breaches

Data protection by design

Exercises » Test readiness

» Assist complianceAuthorisation

» Reduce riskPseudonyms

Page 8: GDPR: More reasons for information security

New incentives

03/05/2023GDPR: More reasons for information security 8

Security/incident response clearly lawful

Increased public awareness

Much bigger fines (€20M/4%)

Damages, not just for monetary loss

Page 9: GDPR: More reasons for information security

Opportunities to improve

03/05/2023GDPR: More reasons for information security 9

Regulator guidance

Lessons learned from breaches

Compare public notifications

NIS Directive => more sharing

Cloud security standards etc.

Page 10: GDPR: More reasons for information security

12 steps

03/05/2023GDPR: More reasons for information security 10

Information Commissioner’s Office, [Preparing for the GDPR, 14/3/16], licensed under the Open Government Licence

Page 11: GDPR: More reasons for information security

Watch these spaces

» ICO:› https://ico.org.uk/for-organisations/data-protection-reform/

» Regulation (2016/679/EU):› http://ji.sc/gdpr-text

» Me:› http://ji.sc/dataprotection-regulation

03/05/2023GDPR: More reasons for information security 11

https://ico.org.uk/for-organisations/data-protection-reform/

http://ji.sc/gdpr-text

http://ji.sc/dataprotection-regulation

Page 12: GDPR: More reasons for information security

jisc.ac.uk

One Castlepark Tower Hill Bristol BS2 0JA

[email protected]

T 020 3697 5800

Except where otherwise noted, this work is licensed under CC-BY-NC-ND

Thanks

Andrew CormackChief Regulatory Adviser, Jisc [email protected]

03/05/2023GDPR: More reasons for information security 12

http://www.jisc.ac.uk/

GDPR compliance seminar...Knowledge of GDPR compliance, privacy controls, data security and change management Subject matter experts IT, compliance, HR, marketing, procurement, customer

Db2 zOS Security - DUGIdugi.molaro.be/wp-content/uploads/2018/03/Db2-zOS... · 2018. 3. 18. · 2 IBM Security False Myths and GDPR •Art. 34 GDPR: Communication of a personal data

Komfo Seminar - GDPR and cyber security (Part 2)

GDPR Compliance and Its Impact on Security and Data Protection … · 2020-01-24 · GDPR Compliance and Its Impact on Security and Data Protection Programs Any organization currently

CLOUD SECURITY ALLIANCE CODE OF CONDUCT FOR GDPR …

A Security Admin's Survival Guide to the GDPR copy · Scope of this guide The GDPR requirements that need ... guide aims to provide the exact actions that security administrators

CLOUD SECURITY ALLIANCE CODE OF CONDUCT FOR GDPR COMPLIANCE · Template (collectively, “CSA Code of Conduct for GDPR Compliance”) is licensed by the Cloud Security Alliance under

Example architectures for data security and the GDPR

Network Security Forensics For GDPR Compliance - … Security Forensics For GDPR Compliance ... financial impact on the firm from the infringement ... invested in discovery and forensics

GDPR and Security Culture: Measuring effectiveness

IMPACT OF THE GDPR ON CYBER SECURITY OUTCOMES

GDPR Masterclass -Brochure - Information Security Institute · GDPR by Information-security Institute MASTERCLASS ... This 3-day course will focus on the latest advanced best-practices,

GDPR, Physical Security, and STANLEY IntelAssure · For physical security systems, including video surveillance and access control, there are significant requirements that GDPR places

for Operational Compliance with GDPR and Improved Privacy ... · GDPR – New Regulatory Concepts ... Shows the linkages among PII, data flows, data protection [including security]

GDPR Compliance and Its Impact on Security and Data

IBM Security technology and services for GDPR programs...••Conduct GDPR assessments across privacy, governance, people, processes, data, security ••Develop GDPR Readiness Roadmap

Respond to GDPR Secure your Print and Scan …5 Security of Processing – Reduce Risks To ensure the security when processing personal data, GDPR requires implementation of technical

Office 365 security concerns, EU General Data Protection Regulation (GDPR)

SilkRoad Technology Security · OPERATIONAL SECURITY GENERAL DATA PROTECTION REGULATION (GDPR) ORGANIZATIONAL SECURITY PERSONALLY IDENTIFIABLE INFORMATION (PII) SilkRoad leverages

GDPR GUIDANCE - RSA Broker GDPR Guidance_group_… · Security Management System, security is equally important. Steps to achieve cyber security • Establish an effective governance

Seguridad y cumplimientoinfo.cloudchampion.es/rs/294-UWH-949/images/GDPR-CISO... · 2018. 1. 31. · GDPR: Seguridad y cumplimiento normativo. Guía para Chief Information Security

Powerful Data Security Made Easy. - Address GDPR Requirements · 2017-03-30 · Data Security 2. Data Accountability 3. Timely Response 4. Audit Trail. Address GDPR Requirements

LMS Group - GDPR Checklist 03€¦ · IT Support Cloud Managed IT Services Telephony Cyber Security Connectivity IT Consultancy Your Business Name: GDPR Checklist

The GDPR and NIS Directive A new age of accountability, security … · 2020-01-17 · GDPR – some more on breach notification GDPR and NIS Directive: Accountability, security and

Software Testing, Data Security and GDPR · Software Testing, Data Security and GDPR May 14, 2019 Michael Ogechi Agbamoro . ... • OWASP- Open Web Application Security Project

ARTICLES IN THE GDPR CONTAINING FLEXIBILITIES ALLOWING · The main reasons for replacing the Directive with a Regulation, the General Data Protection Regulation (GDPR), was that a

GDPR - Passport by Exclusivepassport.exclusive-networks.it/upload/workdoc/GDPR... · 2017. 5. 30. · Fortinet Security Fabric . 30 Don’t trust advertising messages • A GDPR solution

4° Sessione Oracle - CRUI: Data Security and GDPR - How to protect our data and be compliant to GDPR

Reasons to choose cloud security

Supporting Your EU GDPR Compliance Journey€¦ · Introduction On May 25, 2018, the General Data Protection Regulation (GDPR) comes into effect. GDPR is a European privacy and security

Security Incident Management Procedure (GDPR)

Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions

VARONIS DATA CLASSIFICATION FRAMEWORK: … · GET READY FOR GDPR Discover, manage, and protect your GDPR data with Varonis. Build a GDPR security policy to meet compliance PRODUCT

GDPR for Security Professionals

The Security Compliance Countdown: How to Get Ahead of the GDPR [Infographic]