gdpr european general data protection regulation (gdpr) · 2016-11-14 · european general data...

GDPREuropeanGeneralDataProtection

Regulation(GDPR)

EuropeanGeneralDataProtectionRegulation(GDPR)

WebcastmitSophos– 26.02.2016 2

• „EuropeanDirective“willreplaceall(28)nationaldatasecuritylaws• By2018• 2yearsofgraceperiod• Penaltiesmuchhigher– upto20MillionEUR

GDPR– TheTimetoActisNow

• Thursday14April2016o EuropeanParliamentapprovesnewrulesfitforthedigitalera

NewProvisions

• Finesupto4%ofannualWWturnover• Arighttobeforgotten• Clearandaffirmativeconsenttotheprocessingof

privatedatabythepersonconcerned• Arighttotransferyourdatatoanotherservice

provider• Therighttoknowwhenyourdatahasbeenhacked• Ensuringthatprivacypoliciesareexplainedinclear

andunderstandablelanguage

Timeline

• Memberstateshave2yearstotransposetheprovisionsofthedirectiveintonationallaw.

• Theregulationwillenterintoforce20daysafteritspublicationintheEUOfficialJournal.

• DuetoUKandIreland’sspecialstatus,thedirective’sprovisionswillonlyapplyinthesecountriestoalimitedextent.

• Denmarkwillbeabletodecidewithin6monthsafterthefinaladoptionofthedirectivewhetheritwantstoimplementitinitsnationallaw.

TechnicalControl

WebcastmitSophos– 26.02.2016 4

• Dutytousedataprotectionfriendlytechnologyo „Dataprotection by design“

• anddataprotectionfriendlyconfigutrationo „Dataprotectionbydefault“

• TheEUCommissioncandefinerequirementsforspecifictechnicalmeasures

• Itisexpectedthatdetailedsecuritystandardswillbedefinedinthemid-term

Dutytocommunicatedatabreaches

5

• Shouldapersonaldatabreachoccur,thecompanyisrequiredtonotifythesupervisoryauthoritywithin72hoursafterhavingbecomeawareofthebreach.

Credit CardNumber

Name

Address Salary

Date of Birth

FinancialSituation

TelephoneNumber

IP AddressRFID Tags

Geo Tags

Encryptionbecomespolitical

“For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe.”Tim Cook, CEO of Apple

Mac/PCComputer

Phone

Tablet

DataisEverywhere

8

Mac/PCComputer

HDD

TrueorFalse?FullDiskEncryptionisallyouneed?

9

FileEncryption

Mac/PCComputer

Cloud-basedFileShare

Servers/SharedFolders

Phone

Tablet

10

SynchronizedEncryption

EncryptIndividualFiles

11

SynchronizedEncryption

EncryptIndividualFiles

BYDEFAULT

EVERYWHERE

ALWAYSON

12

SecureContentCollaborationfortrustedusers

ContentstoredintheCloud

5

SecureContentCollaborationfortrustedusers

Preventhackersfromaccessingdatastored

intheCloud

ContentsharedviaemailandfromtheCloud

ContentstoredintheCloud

5

SecureContentCollaborationfortrustedusers

Contentdecryptedforinternaluser

Preventhackersfromaccessingdatastored

intheCloud

ContentsharedviaemailandfromtheCloud

ContentstoredintheCloud

5

ProductDemo

17

18

Whataboutexternalsharing?

19

21

22

Whatyoucandonow

23

• Usethetimelefttopreparecomplianceandstartnow• Analyseallprocesses• Documentsecuritymeasures• DataProtectionfriendlyuseoftechnologiesfromthestart

24