eu-gdpr checks & test suites...©avepoint, inc. all rights reserved. confidential and proprietary...

Accessible content is available upon request.

EU-GDPR Checks & Test Suites Presented by Esad Ismailov AvePoint September 2016

©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.

EU-GDPR Response by AvePoint1. A Risk-Based Approach to

GDPR Compliance2. White Paper – The

Operational Impact of the European Union General Data Protection Regulation (GDPR) on IT

3. Preparing Data for the EU GDPR Blog Series

https://www.avepoint.com/GDPR/


The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents.

It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover." The Parliament's version contains increased fines up to 5%.

The regulation applies if the data controller or processor (organization) or the data subject (person) is based in the EU. Furthermore (and unlike the current Directive) the Regulation also applies to organizations based outside the European Union if they process personal data of EU residents. The regulation does not apply to the processing of personal data for national security activities or law enforcement ("competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties"). According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.


kCombining related areas to better optimize resources and risk management for information assets to support responsible,

ethical and lawful collection, use, sharing, maintenance and disposition of information.

Information Risk Management

Fair, ethical and lawful collection, use and sharing of information

Privacy

Records and information are retained according to defined and lawful retention periods and deleted thereafter in internal and external environments

Provide a full view of information-related risk and complianceLeverage and coordinate program elements to provide consistency and efficiencyProvide consistent messaging to key stakeholders on related topics

Defining critical data elements and putting measurable controls on data with well defined performance indicators

Protecting and securing information throughout the information lifecycle in internal and external environments

Records Management

DataGovernance

Information Security

Cross BorderTransfer

How information can be lawfully transferred across borders under privacy, outsourcing, bank secrecy and data localization laws

Benefits


Simple language allowing consumers to “Opt-In” with clear purpose means you can only collect

and store what you’ve asked permissions for.

P I A

Systematic process to assess risk to individuals, AND foresee problems with reasonable solutions.

Showcase a well thought-out plan that incorporates privacy policies and technology throughout the

flow of business to ensure long-term success.

Data Inventory & Mapping

Identify and classify data throughout its entire lifecycle in order to assess individual risk, or package

individual data for moving/deletion upon request.

Companies are responsible for any on-ward transferred data. So visibility into vendor and partner

data protection policies and processes critical.

Validation

Proof of having methods to identify ALL of an individual’s data, security policies and practices to

protect it, and actionable ability to resolve violations.,

Of annual global revenue for data

breaches.

Financial Penalties of


What is this?

• Client records• Employee records• Previous project files

Challenge: Collecting Data

What you use…

What you need to keep…

• Current project files• Current reference docs

Dark Data


[Most collected] data is garbage… 80% of data collected has no meaning whatsoever*

Only 28% of data stored today represents any value to day-to-day business*

Average cost of Data Management is 3.5% of revenue**

*IDC Advisory & Research Services**Forbes


Privacy and Information Security ConcernsMobile access to content a security risk“Social” software can expose data more easily

Information Governance ChallengeAccountability for regulated data Audits for security and controls Scalability


1) Compliance Guardian EU-GDPR Test Suite2) Support Vector Machine*3) Identify Exact Matches – Fingerprint Check


Compliance Guardian EU-GDPR Checks Overview A check is an XML file that defines the logic that Compliance Guardian uses to check files. Checks identify the purpose for the check (the type of check to run, such as a pattern of characters), the condition for the check (such as a social security number pattern), and the possible result of the check (true or false). Users can change the values in the checks to determine the check conditions, but the elements’ specific format defined by Compliance Guardian in the checks must stay the same.

EU-GDPR Checks

1


Compliance Guardian EU-GDPR Test Suite Overview A test suite is a logical grouping of test definition files, or a set of checks, that define how to present the scanned data. Test suites allow you to build scan plans for your specific regulations and requirements. These collections are the basis of Compliance Guardian scans. A test suite contains one or more checks and a configuration file that is used to define how to combine these checks and set risk levels for scan results.

SVM

Health Forms

Insurance Forms

Medical Reports

Clinical Results

2

Step 1 Step 2

2

EU-GDPR Checks & Test Suites 幻灯片编号 2What is the EU-GDPR?Risk Based Approach for GDPRGDPR Requirements and ImpactChallenge: Collecting Data幻灯片编号 7Challenge: Protecting Data How To Identify Information?Compliance Guardian EU-GDPR Checks Overview Compliance Guardian EU-GDPR Test Suite Overview EU-GDPR Personal Information Test SuiteEU-GDPR Personal Information Test Suite LogicEU-GDPR Sensitive Personal Information Test SuiteEU-GDPR Sensitive Personal Information Test Suite LogicEU-GDPR Test SuitesEU-GDPR: Define ScopeEU-GDPR: Define Scope SettingsEU-GDPR: Configure Scan RuleEU-GDPR: Configure Scan RuleEU-GDPR: Configure Action RuleEU-GDPR: Configure Action RuleIdentify Document Types using Support Vector MachineSVM: Pre-process, Train & PredictIdentify Exact Matches – Fingerprint checkDemo: Real Time Data Discovery & Classification in SharePointDemo: Real Time Data Discovery & Classification in SharePointDemo: Sensitive Personal InformationDemo: Sensitive Personal InformationDemo: Sensitive Personal Information moved to another locationDemo: Sensitive Personal Information moved to another locationDemo: Sensitive Personal Information moved to another locationIncident Management Center – All Scan RecordsIncident Management Center – SummaryIncident Management Center – Scan DetailsIncident Management Center – Taken ActionsIncident Management Center – Violation Highlight ReportIncident Management Center – PermissionsIncident Management Center – CommentsIncident Management Center – HistoryReport Center – DashboardReport Center – DashboardReport Center – DashboardReport Center – DashboardReport Center – DashboardReport Center – Platform HeatmapReport Center – Test Suite HeatmapReport Center – Test Suite Heatmap

eu-gdpr checks & test suites...©avepoint, inc. all rights reserved. confidential and proprietary...

Documents