1 / 15

General Data Protection Regulations (GDPR) Effective 25.05.2018

Learn about the Just Seven Things framework for implementing General Data Protection Regulations (GDPR). Gain insights on governance, risk management, security, evidence-based practices, rights, records management, and penalties. Discover how this framework can impact organizations and sectors such as local governments, trading companies, SMEs, and schools.

lbrantley
Download Presentation

General Data Protection Regulations (GDPR) Effective 25.05.2018

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. General Data Protection Regulations (GDPR) Effective 25.05.2018 Ian Gibbs Head of ICT Governance & Security oneSource Just Seven Things Framework Governance & Accountability Risk Management Security Evidence Based Rights Records Management Penalties

  2. Impact on Organisations • LB Havering • LB Newham • Trading companies • SMEs • Havering Schools • Newham Schools • Advice for commissioned services • Resources • Team • Budget • Technology • People • Communication

  3. EU Board Review what is working and what is not. Member States • Independent • Enforcement • Fines • Codes of Conduct Supervisory Body (SA) (ICO) Data Controller Single & Shared Processor Data Subject (DS) • Outsources by the Controller • Does not determine the purpose or means of processing the data. • Must comply with the law. • Must demonstrate compliance to the SA and DS. • Export of data outside the EU • Meet ‘adequacy’ (same as EU laws) • May use ‘ Blind Corporate rules’) Third Party Countries Third Parties • Work for DS • Access to data

  4. Implications

  5. Implementation of GDPR • Governance arrangement • Personal & Sensitive data (biometric and genetic data) • Data security • Data management (digital & paper) – emphasis on deletion • Data mapping • Review information online and documents • Review online forms and explicit consent forms • Review processes, agreements, suppliers and • Staff training – eLearning portal, workshops and information • Awareness campaign • Use of privacy impact assessments • Consent record keeping • Compliance evidence • Audit

  6. GDPR Model • Data management • Data security • Data mapping • Evidence based • Learning & awareness • Published information • Agreements • Risk assessment • Granular consent • Information rights • Procedures

  7. Scope

  8. Examples of Personal Data

  9. Data Mapping Online Data mapping Risk assessment Notification Templates Workflow

  10. What Needs To Be Done? 99 GDPR Articles mapped to evidence, ICO and EU Working Party • Secure mail • Better spam protection • Threat Analytics • Data Loss Prevention • Containerisation • Deep scan • Spoofed email • Improved Edge Protection • Permissions & Identity Man Push, Pull & Transparency

  11. Tasks

  12. What Would It Look Like? 1 2 3 4 5 Agile, Flexible & Invisible

  13. Summary

  14. GDPR Questions Just Seven Things Framework Governance & Accountability Risk Management Security Evidence Based Rights Records Management Penalties

More Related