CBC GDPR The Physics
•Télécharger en tant que PPTX, PDF•
0 j'aime•187 vues
Map that Data and Secure that Data !
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à CBC GDPR The Physics
Similaire à CBC GDPR The Physics (20)
Plus de Jason Chapman
Plus de Jason Chapman (20)
Dernier
Dernier (20)
CBC GDPR The Physics
- 1. GDPR – The next steps !
- 2. KEY TERMS IN GDPR Personal Data - Your customer and suppliers - includes online and offline information, such as Names, addresses, IP addresses and phone numbers. If you have DPA compliance, then the data you need to secure is very similar to GDPR. Data Subject – a living individual about who your personal data relates. Data Controller – a person who determines the uses and purposes for the personal data (in your company) Data Processor – a person who acts on the Controller’s behalf (this could be a third party under subcontract to you) Sensitive personal data – data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or data concerning health or sex life. Personal Data Breach – a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
- 3. 2016 TALKTALK FINED £400,000 FINE FOR SECURITY FAILINGS • October 2015 – Cyber Attack losing over 150,000 Data Subject records. • HOW ? • The company had not encrypted some personal details of customers. • The company bought Tiscali and failed to ensure the Tiscali Web pages were adequately secure allowing hackers access to the network and the unencrypted database • TalkTalk also avoided “two warnings” prior to the hack which should have alerted the firm to the problems with its
- 4. 1 - Existing business processes The way you capture, handle and process data today could be your biggest problem. To comply with the GDPR your business will need to keep a rigid record of how, when, and why stored data was used. You must also delete and update data where necessary. Carry out a Data Mapping Exercise and/or a Gap Analysis – Call the Owl, I can help ! THREE CORE CAUSES OF DATA BREACHES
- 5. THREE CORE CAUSES OF DATA BREACHES 2 - Staff Your whole company (full time, part time and contractors) needs to understand the significance of GDPR and the risks relating to breaches. Without the right training, Staff could unintentionally facilitate a cyber-attack or disclose personal data. Training in all aspects of Cybersecurity are widely available but beware of the validity and the relevance vs the cost !! IT Governance is, in the Owls opinion one of the better https://www.itgovernance.co.uk/shop/product/gdpr-staff- awareness-e-learning-course £25 + VAT per course
- 6. 3 - Cybersecurity Almost half of UK companies identified a cyber breach or attack in 2017. Companies commonly known to hold personal data are about 50% more likely to be attacked than those that don’t. The most common Cybersecurity threats, leading to breaches are:- • fraudulent emails • viruses and malware. • people impersonating organisations online and • ransomware THREE CORE CAUSES OF DATA BREACHES Almost ALL of these attacks could have been prevented with the right Awareness, Vigilance and Cyber Security
- 7. NEXT STEPS…. Carry out a Data Audit • What do I have ? • How do I get it ? • Where do I store it ? • Locally (digital), Locally (Physical) or Cloud digital • Who has access to it • How secure is it ? NOTE: GDPR applies to customers AND suppliers Documentation, Documentation, Documentation • Document the above • Proof of consent from all Data Subjects • Statements about information collected and processed and purpose • Documented process for protecting data • Information Security Policy etc. Secure that Data ! • “Appropriate technical and organisational Measures” (ISO/IEC 27001 ISMS)
- 8. NEXT STEPS…. Documentation and processes • IT Governance offer complete set of mandatory and supporting documentation templates “that are easy to use, customisable and ensure do a full compliance” • Data protection policy • Training policy • Information security policy • Data protection impact assessment procedure • Retention of records procedure • Subject access request form and procedure • Privacy procedure • International data transfer procedure • Data portability procedure • Data protection officer (DPO) job description • Complaints procedure • Audit checklist for compliance • Privacy notice • And more…. More info - https://www.itgovernance.co.uk/shop /Product/eu-general-data- protection-regulation-gdpr- documentation-toolkit
- 9. NEXT STEPS…. Map that Data and Secure that Data ! Owltech can help you here • Perform a Data Mapping exercise andGap Analysis • Factor in current security systems in the above and • Recommend any new requirements for security for compliance • General Data Security best practice • AntiVirus and AntiMalware • Encryption • E-Mail encryption and security • Cloud computing security Owltech can also deliver and manage these systems for you
- 10. Thank You !
Notes de l'éditeur
- Carry out a Data Mapping Exercise and a Gap Analysis
- Latest GDPR news 19/06/2017: 23% of small UK firms haven't started preparations for GDPR Nearly a quarter of small UK businesses still haven't started preparing for data protection rules that are less than a year away, according to a survey.