SlideShare a Scribd company logo

GDPR SECURITY ISSUES

Download as PPTX, PDF
S
Sylvain Martinez

The document discusses the GDPR from an information security perspective, highlighting its role in personal data protection and compliance needs for organizations handling the data of EU citizens. It outlines key characteristics of GDPR such as consent, fines, data portability, and rights of data subjects including the right to access and the right to be forgotten. The document concludes that GDPR will impact IT governance and encourages secure data management practices aligned with established information security standards.

Technology
Related topics:
Cyber-Security
1 of 9
Download to read offline
1
2
3
4
5
6
7
8
9
GDPR from the Information Security Perspective Dr. Kaleem Usmani kaleem.usmani@gmail.com kusmani@cert.ncb.mu (Alternate)
Personal Data Protection • Personal data protection plays an important role in the digital era. The right to privacy is expressly provided in Sections 3 and 9 of the Constitution of Mauritius and Article 22 of the Mauritian Civil Code. • Mauritius enacted the Data Protection Act in 2004. In light of the digital evolution in Mauritius, the Data Protection Act has been replaced by the new Data Protection Act 2017 which came into force on 15 January 2018. • The Act aims at strengthening the control and personal autonomy of data subjects over their personal data and for matters related thereto. It seeks to bring Mauritius data protection framework into line with the General Data Protection Regulation (Regulation (EU) 2016/679). 2
Why GDPR ? • The GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. • It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. • The GDPR also regulates the exportation of personal data outside the EU. 3
GDPR Impact on Organisations • It will have an impact on any organisation that processes personal data. • Breaches will apply to firms that do not have adequate customer consent for processing their personal data or violate the principle of the privacy- by-design concepts and model. • It is important to note that both data controllers and processors are subject to the rules, especially if they fail to either carry out a privacy impact assessment or notify the concerned authority about a breach. 4
Characteristics of GDPR 1.Scope: GDPR defines how EU citizens’ data must be handled by countries inside and outside the EU. 2.Consent: GDPR has changed and reinforced the conditions of consent in that it expects clear, plain language consent from data subjects in an easy, accessible and intelligible form. 3.Fines and Penalties: GDPR sanctions substantial fines of up to €20m or four percent of annual revenue whichever is greater. 5
Characteristics of GDPR ( Contd.) 4.Privacy by Design Processes will need to be amended to consider privacy by design whereby the controller must apply adequate technical and organisational procedures to fulfill the requirements of GDPR and protect the rights of individuals (data subjects) 5.Data Portability Personally identifiable data must be portable by open use of common file formats that are machine-readable when the data subject receives them. 6.Right to Access GDPR provides the right to data subjects to request the data controller to confirm whether their personally identifiable data is being processed, where, and for what purpose. In addition to this, the data controller must provide a free electronic copy of any personally identifiable data. 6
Characteristics of GDPR ( Contd.) 7.Right to be Forgotten The data subject is entitled to request that the data controller permanently or on-demand delete his/her personally identifiable data, cease further distribution of the data, and demand third parties halt processing of the data. 8.Breach Notification As a data breach is likely to result in a risk to the rights and freedoms of individuals, GDPR requires a mandatory breach notification to be submitted to the relevant authority within 72 hours of the organisation first becoming aware of the breach. 9.Data Protection Officer (DPO) It will be mandatory for data controllers and processors to appoint a DPO 7
Sum-up • IT Governance will be impacted by the requirements of the GDPR and will bring benefits as well. • The regulations will encourage organisations to have a more secure data management approach in place. • GDPR introduces several privacy arrangements and control mechanisms that are intended to safeguard personal identifiable data. • Many of those controls are also recommended by the ISO 27000 series of information security standards including ISO 27001:2013, ISO 27002:2013 as well as the COBIT 5 standards. 8
Thank You 9

More Related Content

PDF
Talk1 esc7 muscl-gdpr_debate_v1_2
Sylvain Martinez
 
PPTX
DPA and GDPR
SabahtHussein
 
PDF
Introduction to gdpr
3GDR
 
PDF
General Data Protection Regulation: what do you need to do to get prepared? -...
IISPEastMids
 
PDF
ESET Quick Guide to the EU General Data Protection Regulation
ESET
 
PPTX
What is GDPR?
Faidepro
 
PPTX
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
MediaPost
 
PPTX
UK GDPR: What New Direction?
David Erdos
 
Talk1 esc7 muscl-gdpr_debate_v1_2
Sylvain Martinez
 
DPA and GDPR
SabahtHussein
 
Introduction to gdpr
3GDR
 
General Data Protection Regulation: what do you need to do to get prepared? -...
IISPEastMids
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET
 
What is GDPR?
Faidepro
 
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
MediaPost
 
UK GDPR: What New Direction?
David Erdos
 

What's hot (17)

PDF
Dai Davies - GDPR Presentation
Sagittarius
 
PDF
GDPR-Overview
Erica Walker
 
PDF
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
Nordic APIs
 
PPTX
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Lauren Isaacs
 
PPTX
GDPR From Implementation to Opportunity
Dean Sappey
 
PPTX
Introduction to GDPR
Priyab Satoshi
 
PPTX
EU GDPR - 12 Steps To Compliance
Tom Haynes
 
PPTX
Getting Ready for GDPR
Jessvin Thomas
 
PPTX
The GDPR Armageddon – One year on
Insight Data
 
PPTX
An Essential Guide to EU GDPR
Tripwire
 
PPTX
Everything you need to know about the GDPR
Spoon London
 
PPTX
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
eHealth Forum
 
PDF
The Essential Guide to GDPR
Tim Hyman LLB
 
PDF
GDPR infographic
Marketing Team at Crown Worldwide Group
 
PPTX
GDPR Compliance: What You Need to Know Before May 2018
Infosec
 
PDF
Québec's Privacy Modernization: Bill 64
Alexander Davis
 
PDF
"If we're leaving the EU, does GDPR even matter?" And other FAQs
Tech Data
 
Dai Davies - GDPR Presentation
Sagittarius
 
GDPR-Overview
Erica Walker
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
Nordic APIs
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Lauren Isaacs
 
GDPR From Implementation to Opportunity
Dean Sappey
 
Introduction to GDPR
Priyab Satoshi
 
EU GDPR - 12 Steps To Compliance
Tom Haynes
 
Getting Ready for GDPR
Jessvin Thomas
 
The GDPR Armageddon – One year on
Insight Data
 
An Essential Guide to EU GDPR
Tripwire
 
Everything you need to know about the GDPR
Spoon London
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
eHealth Forum
 
The Essential Guide to GDPR
Tim Hyman LLB
 
GDPR infographic
Marketing Team at Crown Worldwide Group
 
GDPR Compliance: What You Need to Know Before May 2018
Infosec
 
Québec's Privacy Modernization: Bill 64
Alexander Davis
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
Tech Data
 
Ad

Similar to GDPR SECURITY ISSUES (20)

PPTX
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
PPTX
Operational impact of gdpr finance industries in the caribbean
EquiGov Institute
 
PPTX
GDPRR: The Key Changes
Craig Clark ITIL, CIS LI,EU GDPR P
 
PPTX
Gdpr action plan
Ulf Mattsson
 
PPTX
GDPR
Gopi PD
 
PDF
All you need to know about GDPR
Hubilo
 
PDF
The Definitive GDPR Guide for Event Professionals
Hubilo
 
PPTX
GDPR: Are you Ready?
EngageHub
 
PPTX
A Brief Overview on GDPR
Neha Patel
 
PPTX
Members evening - data protection
MRS
 
PDF
GDPR- Get the facts and prepare your business
Mark Baker
 
PDF
GDPRIBMWhitePaper
Jim Wilson
 
PDF
Fasten Your Belts for GDPR
"John "Jeb"" Beckwith
 
PDF
Fasten Your Belts for #GDPR
"John "Jeb"" Beckwith
 
PDF
Are You Prepared for the GDPR?
PrivacyPolicies.com
 
PPTX
The General Data Protection Regulation ("GDPR")
Parsons Behle & Latimer
 
PDF
Aon GDPR white paper
Graeme Cross
 
PDF
The Evolution of Data Privacy: 3 things you didn’t know
Symantec
 
DOCX
General data protection regulation - European union
Rohana K Amarakoon
 
PDF
GDPR - Are you ready?
VILT
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
Operational impact of gdpr finance industries in the caribbean
EquiGov Institute
 
GDPRR: The Key Changes
Craig Clark ITIL, CIS LI,EU GDPR P
 
Gdpr action plan
Ulf Mattsson
 
GDPR
Gopi PD
 
All you need to know about GDPR
Hubilo
 
The Definitive GDPR Guide for Event Professionals
Hubilo
 
GDPR: Are you Ready?
EngageHub
 
A Brief Overview on GDPR
Neha Patel
 
Members evening - data protection
MRS
 
GDPR- Get the facts and prepare your business
Mark Baker
 
GDPRIBMWhitePaper
Jim Wilson
 
Fasten Your Belts for GDPR
"John "Jeb"" Beckwith
 
Fasten Your Belts for #GDPR
"John "Jeb"" Beckwith
 
Are You Prepared for the GDPR?
PrivacyPolicies.com
 
The General Data Protection Regulation ("GDPR")
Parsons Behle & Latimer
 
Aon GDPR white paper
Graeme Cross
 
The Evolution of Data Privacy: 3 things you didn’t know
Symantec
 
General data protection regulation - European union
Rohana K Amarakoon
 
GDPR - Are you ready?
VILT
 
Ad

More from Sylvain Martinez (20)

PDF
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
PDF
INTRODUCTION TO CRYPTOGRAPHY
Sylvain Martinez
 
PDF
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
PDF
DATA LOSS PREVENTION OVERVIEW
Sylvain Martinez
 
PDF
2019 CYBER SECURITY TRENDS REPORT REVIEW
Sylvain Martinez
 
PDF
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
PDF
PHISHING PROTECTION
Sylvain Martinez
 
PDF
VIRTUAL CISO AND OTHER KEY CYBER ROLES
Sylvain Martinez
 
PDF
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 
PDF
OFFENSIVE IDS
Sylvain Martinez
 
PDF
IOT Security
Sylvain Martinez
 
PDF
ARE YOU RED TEAM READY?
Sylvain Martinez
 
PDF
Mobile Security Assessment
Sylvain Martinez
 
PDF
The Art of CTF
Sylvain Martinez
 
PDF
OFFICE 365 SECURITY
Sylvain Martinez
 
PDF
Risk on Crypto Currencies
Sylvain Martinez
 
PDF
INTRODUCTION TO CYBER FORENSICS
Sylvain Martinez
 
PDF
Talk1 esc7 muscl-dataprotection_v1_2
Sylvain Martinez
 
PPTX
Ethical Hacking
Sylvain Martinez
 
PDF
INCIDENT HANDLING IN ORGANISATIONS
Sylvain Martinez
 
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
INTRODUCTION TO CRYPTOGRAPHY
Sylvain Martinez
 
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
DATA LOSS PREVENTION OVERVIEW
Sylvain Martinez
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
Sylvain Martinez
 
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
PHISHING PROTECTION
Sylvain Martinez
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
Sylvain Martinez
 
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 
OFFENSIVE IDS
Sylvain Martinez
 
IOT Security
Sylvain Martinez
 
ARE YOU RED TEAM READY?
Sylvain Martinez
 
Mobile Security Assessment
Sylvain Martinez
 
The Art of CTF
Sylvain Martinez
 
OFFICE 365 SECURITY
Sylvain Martinez
 
Risk on Crypto Currencies
Sylvain Martinez
 
INTRODUCTION TO CYBER FORENSICS
Sylvain Martinez
 
Talk1 esc7 muscl-dataprotection_v1_2
Sylvain Martinez
 
Ethical Hacking
Sylvain Martinez
 
INCIDENT HANDLING IN ORGANISATIONS
Sylvain Martinez
 

Recently uploaded (20)

PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Cloud computing and distributed systems.
kkkkkhan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
A Presentation on Artificial Intelligence
memembruh336
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 

GDPR SECURITY ISSUES

  • 1. GDPR from the Information Security Perspective Dr. Kaleem Usmani kaleem.usmani@gmail.com kusmani@cert.ncb.mu (Alternate)
  • 2. Personal Data Protection • Personal data protection plays an important role in the digital era. The right to privacy is expressly provided in Sections 3 and 9 of the Constitution of Mauritius and Article 22 of the Mauritian Civil Code. • Mauritius enacted the Data Protection Act in 2004. In light of the digital evolution in Mauritius, the Data Protection Act has been replaced by the new Data Protection Act 2017 which came into force on 15 January 2018. • The Act aims at strengthening the control and personal autonomy of data subjects over their personal data and for matters related thereto. It seeks to bring Mauritius data protection framework into line with the General Data Protection Regulation (Regulation (EU) 2016/679). 2
  • 3. Why GDPR ? • The GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. • It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. • The GDPR also regulates the exportation of personal data outside the EU. 3
  • 4. GDPR Impact on Organisations • It will have an impact on any organisation that processes personal data. • Breaches will apply to firms that do not have adequate customer consent for processing their personal data or violate the principle of the privacy- by-design concepts and model. • It is important to note that both data controllers and processors are subject to the rules, especially if they fail to either carry out a privacy impact assessment or notify the concerned authority about a breach. 4
  • 5. Characteristics of GDPR 1.Scope: GDPR defines how EU citizens’ data must be handled by countries inside and outside the EU. 2.Consent: GDPR has changed and reinforced the conditions of consent in that it expects clear, plain language consent from data subjects in an easy, accessible and intelligible form. 3.Fines and Penalties: GDPR sanctions substantial fines of up to €20m or four percent of annual revenue whichever is greater. 5
  • 6. Characteristics of GDPR ( Contd.) 4.Privacy by Design Processes will need to be amended to consider privacy by design whereby the controller must apply adequate technical and organisational procedures to fulfill the requirements of GDPR and protect the rights of individuals (data subjects) 5.Data Portability Personally identifiable data must be portable by open use of common file formats that are machine-readable when the data subject receives them. 6.Right to Access GDPR provides the right to data subjects to request the data controller to confirm whether their personally identifiable data is being processed, where, and for what purpose. In addition to this, the data controller must provide a free electronic copy of any personally identifiable data. 6
  • 7. Characteristics of GDPR ( Contd.) 7.Right to be Forgotten The data subject is entitled to request that the data controller permanently or on-demand delete his/her personally identifiable data, cease further distribution of the data, and demand third parties halt processing of the data. 8.Breach Notification As a data breach is likely to result in a risk to the rights and freedoms of individuals, GDPR requires a mandatory breach notification to be submitted to the relevant authority within 72 hours of the organisation first becoming aware of the breach. 9.Data Protection Officer (DPO) It will be mandatory for data controllers and processors to appoint a DPO 7
  • 8. Sum-up • IT Governance will be impacted by the requirements of the GDPR and will bring benefits as well. • The regulations will encourage organisations to have a more secure data management approach in place. • GDPR introduces several privacy arrangements and control mechanisms that are intended to safeguard personal identifiable data. • Many of those controls are also recommended by the ISO 27000 series of information security standards including ISO 27001:2013, ISO 27002:2013 as well as the COBIT 5 standards. 8