O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Pianificare oggi per essere pronti fra 24 mesi
Sergio Fumagalli, Clusit - ZEROPIU
Milano, 29 GENNAIO 2016
#READY4EUDATAP
#READY4EUDATAP
2016 2017 2018
Mar Apr Mag Giu Lug Ago Set Ott Nov Dic Gen Feb Mar Apr Mag Giu Lug Ago Set Ott Nov Dic Gen ...
#READY4EUDATAP
Months
Organization
Processes
Technology
Training
Control
Security measures & Risk Management
Data Protecti...
#READY4EUDATAP
Prevent
• Review: policies, security measures, technologies, awareness
• Design: new policies/measures
• Im...
#READY4EUDATAP
Article 32
Communication of a personal data breach to the data subject
1. … the controller shall communicat...
#READY4EUDATAP
Article 77
Right to compensation and liability
1. Any person who has suffered material or
immaterial damage...
#READY4EUDATAP
Article 79
General conditions for imposing administrative fines
…
2a. … When deciding whether to impose … a...
#READY4EUDATAP
The benefit of complying
Cobit
ISO
2700x
GDPR PCIdss
285
(263)
SOX
…
Personal data ore just one of the asse...
#READY4EUDATAP
Cobit
ISO
2700x
GDPR PCIdss
285
(263)
SOX
…
Contratti
Brevetti
Digital
transform
ation
Strategie
Organigra
...
#READY4EUDATAP
Facci una domanda sul Blog
Contattaci su Twitter
Próximos SlideShares
Carregando em…5
×
Próximos SlideShares
Europrivacy Guasconi il dpo e gli schemi di certificazione
Avançar
Transfira para ler offline e ver em ecrã inteiro.

3

Compartilhar

Baixar para ler offline

#Ready4EUdataP Pianificare oggi per essere pronti fra 24 mesi Sergio Fumagalli

Baixar para ler offline

Le Slide dell'intervento di Sergio Fumagalli alla giornata #Ready4EUdataP organizzata da Europrivacy

Livros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo

#Ready4EUdataP Pianificare oggi per essere pronti fra 24 mesi Sergio Fumagalli

  1. 1. Pianificare oggi per essere pronti fra 24 mesi Sergio Fumagalli, Clusit - ZEROPIU Milano, 29 GENNAIO 2016 #READY4EUDATAP
  2. 2. #READY4EUDATAP 2016 2017 2018 Mar Apr Mag Giu Lug Ago Set Ott Nov Dic Gen Feb Mar Apr Mag Giu Lug Ago Set Ott Nov Dic Gen Feb Budget 2017 Budget 2018 Article 91 Entry into force and application 1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. 2. It shall apply from [two years from the date referred to in paragraph 1]. * * OJ: insert the date This Regulation shall be binding in its entirety and directly applicable in all Member States. Analyse, evaluate, test, decide Design, develop, train Implement Why care now?
  3. 3. #READY4EUDATAP Months Organization Processes Technology Training Control Security measures & Risk Management Data Protection Officer Data Breach Privacy by Design Data Controller/Processor Profilazione It takes time
  4. 4. #READY4EUDATAP Prevent • Review: policies, security measures, technologies, awareness • Design: new policies/measures • Implement: technologies, training • Keep informed: trends, technologies, malware Detect • The sooner the better: less damages, less responsibilities • Monitoring: processes, responsibilities • Document: what, when, why, where • Keep informed: trends, technologies, malware React • Countermeasures: stop breach, minimize damages • Evaluate: personal data, which ones, how many people, how long • Comply: which laws/regulations/policies • Communicate: Management, Supervisor, Data subject, Market One example: data breach
  5. 5. #READY4EUDATAP Article 32 Communication of a personal data breach to the data subject 1. … the controller shall communicate the personal data breach to the data subject without undue delay 2. … 3. The communication to the data subject … shall not be required if: (a) the controller has implemented appropriate technical and organisational protection measures, … the data unintelligible to any person who is not authorised to access it, such as encryption; or … 2016 2017 2018 Mar Apr Mag Giu Lug Ago Set Ott Nov Dic Gen Feb Mar Apr Mag Giu Lug Ago Set Ott Nov Dic Gen Feb Budget 2017 Budget 2018 One example: data breach
  6. 6. #READY4EUDATAP Article 77 Right to compensation and liability 1. Any person who has suffered material or immaterial damage as a result of an infringement of the Regulation shall have the right to receive compensation from the controller or processor for the damage suffered. 2. Any controller involved in the processing shall be liable for the damage caused by the processing which is not in compliance with this Regulation. … 3. A controller or processor shall be exempted from liability in accordance with paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage. 4. …, each controller or processor shall be held liable for the entire damage, in order to ensure effective compensation of the data subject. The cost of not complying Not only Fines Full liability Cost of proving exemption
  7. 7. #READY4EUDATAP Article 79 General conditions for imposing administrative fines … 2a. … When deciding whether to impose … and deciding on the amount of the administrative fine … due regard shall be given to the following: (a) the nature, gravity and … … (e) the degree of responsibility … having regard to technical and organisational measures implemented by them pursuant to Articles 23 and 30; 3(new). Infringments of the following provisions shall … be subject to administrative fines up to 10 000 000 EUR, or … up to 2% of the total worlwide annual turnover … whichever is higher: (a) the obligations … pursuant to Articles 8, 10, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 39 and 39a; 3a(new). Infringments of the following provisions shall… be subject to administrative fines up to 20 000 000 EUR, … up to 4% of the total worlwide annual turnover …, whichever is higher: (a) the basic principles for processing, including conditions for consent, pursuant to Articles 5, 6, 7 and 9; (b) the data subjects’ rights pursuant to Articles 12-20; (ba) the transfers of personal data to a recipient in a third country or an international organisation pursuant to Articles 40-44 Fines and liabilities can impact on the bottom line The cost of not complying Article 23 Data protection by design and by default Article 30 Security of processing
  8. 8. #READY4EUDATAP The benefit of complying Cobit ISO 2700x GDPR PCIdss 285 (263) SOX … Personal data ore just one of the assets to protect Standards, methodologies, best practices, laws and regulations converge Each asset protection benefits from each compliance Compliance siloes reduce benefits
  9. 9. #READY4EUDATAP Cobit ISO 2700x GDPR PCIdss 285 (263) SOX … Contratti Brevetti Digital transform ation Strategie Organigra mmi Business continuity Data protection Can your boss afford posponing?
  10. 10. #READY4EUDATAP Facci una domanda sul Blog Contattaci su Twitter
  • RobertoSerran

    Sep. 19, 2016
  • bromar

    Feb. 3, 2016
  • guglielmotroiano

    Jan. 31, 2016

Le Slide dell'intervento di Sergio Fumagalli alla giornata #Ready4EUdataP organizzata da Europrivacy

Vistos

Vistos totais

1.552

No Slideshare

0

De incorporações

0

Número de incorporações

181

Ações

Baixados

153

Compartilhados

0

Comentários

0

Curtir

3

×