SlideShare a Scribd company logo

PECB Webinar: The End of Safe Harbour! What happens Next?

PECB
PECB

The webinar covers: • What is Safe Harbour, and how companies were relied on it • How the end of it will affect US firms • What will happen next • How companies will react • The implications of this act • What is the solution to this Presenter: This session was hosted by Mr. Graeme Parker, Managing Director of Parker Solutions Group, a PECB representative in UK. Mr. Parker has more than 20 years of experience in information security, and data privacy, and was also involved with many companies that were relied on Safe Harbour. Link of the recorded session published on YouTube: https://youtu.be/cbPUTVtxem0

Education
1 of 24
The End of Safe Harbour Graeme Parker
2 The End of Safe Harbour Today’s Webinar a. What is/was Safe Harbour? b. Why it mattered? c. What are the alternatives? d. What next?
3 What is/was Safe Harbour? Context  Safe Harbour was introduced as a self certification process for US based organization to demonstrate their compliance to EU Data Protection Regulations.  Before we discuss this however we need to set some context as to why this scheme was introduced.  To do this we need to quickly look at the history and the EU Privacy Legislation.
4 1970 1973 1980 2000 2009 US Safe Harbour agreement Civil Society Declaration Madrid GAAP National Privacy Law Introduced in Sweden National Privacy Law introduced in France German Law Hesse Publication of OECD principles on Protection of Privacy EU Directive on processing of personal data History of Privacy Regulation Important Dates 1978 1995 2011 Publication of ISO 29100
5 Privacy Legislation – EU - Directive 95/46/EC Data Protection Directive  Developed from the OECD Principles Governing the Protection of Privacy and Trans-Border Flows of Personal Data (1980).  Considers the Human Rights Principle of respect for ones private and family life.  Is enacted across the EU in data protection acts which have 8 key principles at their heart.  Concerned with the collection and processing of PII.
6 Privacy Legislation – EU - Directive 95/46/EC The Eight Data Protection Principles are:  Personal data shall be processed fairly and lawfully  Personal data shall be obtained only for one or more specified lawful purposes  Personal data shall be relevant, adequate and not excessive for the purpose  Personal data shall be accurate and where necessary kept up to date  Personal data shall not be kept for longer than is necessary for the purpose  Appropriate technical and organizational measures shall be implemented  Personal Data shall not be transferred outside the EEA unless equivalent protection is in place.
7 What countries have adequate protection? Context
8 But the US does have Privacy Legislation There are many acts with privacy implications in the USA such as:  Fair Credit Reporting Act (FCRA)  Fair and Accurate Credit Transactions Act (FACTA)  Health Insurance Portability and Accountability Act (HIPPA)  Gramm-Leach-Bliley Act  Children's Online Privacy Protection Act 1998(COPPA)  Drivers Privacy Protection Act These deal with many specifics but none are an overall approach.
9 Safe Harbour There are two safe harbour agreements US-EU US Switzerland  US organizations can apply the controls and self certify.  The scheme is managed by the Federal Trade Commission and applies to organizations subject to the jurisdiction of the Federal Trade Commission (FTC) or U.S. air carriers and ticket agents subject to the jurisdiction of the Department of Transportation (DOT) may participate in the Safe Harbour.  The programme is self regulating, the FTC can step in if it is deemed that an organization is potentially guilty of misrepresentation.  The Safe Harbour agreement has 7 principles.
10 7 Safe Harbour Principles The 7 principles are similar to the EU Principles:  Notice: People must be advised about the use of their data.  Choice: People must have the option to “opt out” or in the case of sensitive data “opt in”.  Onward Transfer: Must fall inline with notice and choice principles and the third party must be inline with Safe Harbour or “have adequate controls related to privacy in place”.  Access: Individuals have the right to access and correct data about them.  Security: Organizations must take steps to ensure the security of the personal data.  Data Integrity: Personal data must be relevant accurate and up to date.  Enforcement: Mechanisms to investigate and address complaints must be in place.
11 The ruling  On the 6th of October 2015 the European Court of Justice ruled that the existing Safe Harbour agreement was invalid. The decision was based on a case brought by Austrian Max Schrems that involved data transfers from Ireland to the US by Facebook.  Max Schrems a Facebook users since 2008 approached the Irish Information Commissioner after the Snowden revelations in 2013 to express concern about the privacy of his personal data when it was transferred to the US. The Irish Information Commissioner rejected his concerns based on the fact that the European Commission had determined Safe Harbour to be adequate.  The case highlighted that Information Commissioners (supervisory authorities) have the right to challenge the “adequacy” decision made by the European Commission.  The European Commission looked only at Safe Harbour and not the national law of the USA when making an “adequacy” decision. A flawed decision as Safe Harbour does not apply to USA government agencies.  See the note at the end of the ruling, it is down to the Irish Information Commissioner to make a judgement.
12 Who does this apply to? Many organizations may argue that they do not transfer data to the USA. Actually any organization engaged in Outsourcing data processing of personal data or using cloud services need to investigate this. Examples of where data processing of personal data may become relevant here is:  Use of cloud services to store or process data  Payroll services  CRM and sales systems  HR systems  Document storage solutions  Email and messaging services  Application services  Database services
13 What are the Alternatives Solution Description EU Model Contract Clauses These are rules embedded in contract between the company and the US based service provider. This can be applied even in the same organization. Will rely on the involvement of legal counsel and ongoing monitoring as things develop. Binding Corporate Rules For internal overseas transfers, formal rules can be agreed. However to be valid these will need some agreement with EU regulators. Review and Implementation of a Privacy Framework In order to really ensure risk is being managed organizations transferring EU citizen data to the USA (or indeed any other country not deemed as “adequate”) will need to also implement strict control and demonstrate the management of such controls.
14 Next Steps The immediate response for effected organizations are: Work to Implement an effective framework Consider the ISO 29100 Framework? Address Contractual Issues or Seek Alternatives Work with suppliers, can you implement EU Model Contract Clauses or seek alternatives? Review and Risk Assessment Assess organizational data flows (does personal data leave the EU?) identify the associated risks
15 ISO 29100  Specifies high level framework for protecting Personally Identifiable Information.  Clause written using the verb “should”.  Broken into 5 sections covering terminology, framework elements, and privacy principles.  Organization cannot obtain certification against this standard.
16 Choose a Methodological Framework to Manage the Privacy framework Implementation Project 4. Act 4.1 Treatment of problems 4.2 Continual Improvement 3. Check 3.1 Monitoring, Measurement, Analysis and Evaluation 3.2 Internal Audit 3.3 Management Review 2. Do 2.2 Document Management 2.3 Design of Controls & Procedures 2.5 Awareness & Training 2.8 Operations Management 2.7 Incident Management 2.4 Communication 2.1 Organizational Structure 2.6 Implementation of Controls 1. Plan 1.2 Understanding the organization 1.3 Analyze the existing System 1.5 Scope 1.6 Privacy Policy 1.1 Initiating the framework 1.4 Leadership and Project Approval 1.8 Controls ____Statement 1.7 Risk Assessment
17 Definition of Privacy What is Privacy? There are many different views depending on location and culture but in general there are four points: • Privacy of personal information • Privacy of the person • Privacy of personal behaviour • Privacy of personal communication
18 Definition of Privacy Framework ISO 29100 The Privacy framework proposed by ISO 29100 states: The privacy framework is intended to help organizations define their privacy safeguarding requirements related to PII within an ICT environment by: • Specifying a common privacy terminology; • Defining the actors and their roles in processing PII; • Describing privacy safeguarding requirements; and • Referencing known privacy principles. Note: An effective working framework consists of policies, procedures, guidelines, and associated resources and activities
19 Linkage Between ISO 29100 and ISO 27001 ISO 29100 and ISO 27001 Concepts ISO/IEC 29100 concepts Correspondence with ISO/IEC 27001 concepts Privacy Stakeholder Stakeholder PII Information Asset Privacy Breach Information Security Incident Privacy Control Control Privacy Risk Risk Privacy Risk Management Risk Management Privacy Safeguarding Requirements Control Objectives
20 Generally Accepted Privacy Principles  The Generally Accepted Privacy Principles (GAPP) were developed in 2009 by the American Institute of CPAs and the Canadian Institute of Chartered Accountants (CICA) in order to present an approach for a privacy framework.  This course uses the principles of GAPP and ISO 29100 to build a comprehensive privacy framework.
21 Generally accepted privacy principles Canadian Institute of Chartered Accounts ISO 29100 ISO 29100 An implementation can consist of good practices from a number of sources: Comission Nationale de l’Informatique et des Libertes
22 What else could be coming? Other developments? There could be more as things develop: • The new EU Data Protection directive is in development • Proposals for a Safe Harbour 2.0 • Transatlantic Trade and Investment Partnership (TTIP) • More recognition of ISO 27018 for the Cloud Industry? • International recognition of privacy means this becomes a global harmonization challenge not just an EU/US issue
23 Questions?
24

Recommended

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Karina Matos
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrityAxon Lawyers
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
 
Gdpr data p rotection
Gdpr data p rotectionGdpr data p rotection
Gdpr data p rotectionFileOM
 
Migration approachquestionnaire checklist
Migration approachquestionnaire checklistMigration approachquestionnaire checklist
Migration approachquestionnaire checklistNandeep Nagarkar
 
The EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawThe EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawSilverpop
 

Recommended

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Karina Matos
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrityAxon Lawyers
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
 
Gdpr data p rotection
Gdpr data p rotectionGdpr data p rotection
Gdpr data p rotectionFileOM
 
Migration approachquestionnaire checklist
Migration approachquestionnaire checklistMigration approachquestionnaire checklist
Migration approachquestionnaire checklistNandeep Nagarkar
 
The EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawThe EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawSilverpop
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
Legal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landyLegal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landyIFCLA - International Federation of Computer Law Associations
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
 
Compliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enCompliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enBalázs Antók
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsHubilo
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?BrightPay Payroll and Auto Enrolment Software
 
GDPR Workshop
GDPR WorkshopGDPR Workshop
GDPR WorkshopCurt Lewis
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing MindsetNetworkIQ
 
What happens if you’re not ready for the GDPR?
What happens if you’re not ready for the GDPR?What happens if you’re not ready for the GDPR?
What happens if you’re not ready for the GDPR?Digital Transformation EXPO Event Series
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfIso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfLakshy Management Consultant Pvt Ltd
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer PlatformShanmugavel Sankaran
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smkiSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantIlesh Dattani
 
ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie StefanMathuvis
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 

More Related Content

What's hot

ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
 
Compliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enCompliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enBalázs Antók
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsHubilo
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing MindsetNetworkIQ
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer PlatformShanmugavel Sankaran
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantIlesh Dattani
 
ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie StefanMathuvis
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 

What's hot (20)

ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
Legal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landyLegal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landy
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001
 
Compliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enCompliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_en
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event Professionals
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?
 
GDPR Workshop
GDPR WorkshopGDPR Workshop
GDPR Workshop
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
What happens if you’re not ready for the GDPR?
What happens if you’re not ready for the GDPR?What happens if you’re not ready for the GDPR?
What happens if you’re not ready for the GDPR?
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
 
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfIso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
 
ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 

Similar to PECB Webinar: The End of Safe Harbour! What happens Next?

Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideSharefpottfb
 
六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideShare六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideSharevgfnrtwr
 
六合彩
六合彩六合彩
六合彩fawymar
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04Jan Dhont
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsThe Economist Media Businesses
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India SadanandGahivare
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
Privacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slidesharePrivacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slideshareFreddy Ntwari
 
Privacy Laws in Europe
Privacy Laws in EuropePrivacy Laws in Europe
Privacy Laws in EuropeMartyn Ripley
 
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxPECB
 

Similar to PECB Webinar: The End of Safe Harbour! What happens Next? (20)

Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy Shield
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
2017 10 26 webinar - gdpr final
2017 10 26 webinar - gdpr final2017 10 26 webinar - gdpr final
2017 10 26 webinar - gdpr final
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideShare六合彩-香港六合彩 » SlideShare
六合彩-香港六合彩 » SlideShare
 
六合彩
六合彩六合彩
六合彩
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Privacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slidesharePrivacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slideshare
 
Privacy Laws in Europe
Privacy Laws in EuropePrivacy Laws in Europe
Privacy Laws in Europe
 
GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016
 
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Recently uploaded

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Association for Project Management
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 

Recently uploaded (20)

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 

PECB Webinar: The End of Safe Harbour! What happens Next?

  • 1. The End of Safe Harbour Graeme Parker
  • 2. 2 The End of Safe Harbour Today’s Webinar a. What is/was Safe Harbour? b. Why it mattered? c. What are the alternatives? d. What next?
  • 3. 3 What is/was Safe Harbour? Context  Safe Harbour was introduced as a self certification process for US based organization to demonstrate their compliance to EU Data Protection Regulations.  Before we discuss this however we need to set some context as to why this scheme was introduced.  To do this we need to quickly look at the history and the EU Privacy Legislation.
  • 4. 4 1970 1973 1980 2000 2009 US Safe Harbour agreement Civil Society Declaration Madrid GAAP National Privacy Law Introduced in Sweden National Privacy Law introduced in France German Law Hesse Publication of OECD principles on Protection of Privacy EU Directive on processing of personal data History of Privacy Regulation Important Dates 1978 1995 2011 Publication of ISO 29100
  • 5. 5 Privacy Legislation – EU - Directive 95/46/EC Data Protection Directive  Developed from the OECD Principles Governing the Protection of Privacy and Trans-Border Flows of Personal Data (1980).  Considers the Human Rights Principle of respect for ones private and family life.  Is enacted across the EU in data protection acts which have 8 key principles at their heart.  Concerned with the collection and processing of PII.
  • 6. 6 Privacy Legislation – EU - Directive 95/46/EC The Eight Data Protection Principles are:  Personal data shall be processed fairly and lawfully  Personal data shall be obtained only for one or more specified lawful purposes  Personal data shall be relevant, adequate and not excessive for the purpose  Personal data shall be accurate and where necessary kept up to date  Personal data shall not be kept for longer than is necessary for the purpose  Appropriate technical and organizational measures shall be implemented  Personal Data shall not be transferred outside the EEA unless equivalent protection is in place.
  • 7. 7 What countries have adequate protection? Context
  • 8. 8 But the US does have Privacy Legislation There are many acts with privacy implications in the USA such as:  Fair Credit Reporting Act (FCRA)  Fair and Accurate Credit Transactions Act (FACTA)  Health Insurance Portability and Accountability Act (HIPPA)  Gramm-Leach-Bliley Act  Children's Online Privacy Protection Act 1998(COPPA)  Drivers Privacy Protection Act These deal with many specifics but none are an overall approach.
  • 9. 9 Safe Harbour There are two safe harbour agreements US-EU US Switzerland  US organizations can apply the controls and self certify.  The scheme is managed by the Federal Trade Commission and applies to organizations subject to the jurisdiction of the Federal Trade Commission (FTC) or U.S. air carriers and ticket agents subject to the jurisdiction of the Department of Transportation (DOT) may participate in the Safe Harbour.  The programme is self regulating, the FTC can step in if it is deemed that an organization is potentially guilty of misrepresentation.  The Safe Harbour agreement has 7 principles.
  • 10. 10 7 Safe Harbour Principles The 7 principles are similar to the EU Principles:  Notice: People must be advised about the use of their data.  Choice: People must have the option to “opt out” or in the case of sensitive data “opt in”.  Onward Transfer: Must fall inline with notice and choice principles and the third party must be inline with Safe Harbour or “have adequate controls related to privacy in place”.  Access: Individuals have the right to access and correct data about them.  Security: Organizations must take steps to ensure the security of the personal data.  Data Integrity: Personal data must be relevant accurate and up to date.  Enforcement: Mechanisms to investigate and address complaints must be in place.
  • 11. 11 The ruling  On the 6th of October 2015 the European Court of Justice ruled that the existing Safe Harbour agreement was invalid. The decision was based on a case brought by Austrian Max Schrems that involved data transfers from Ireland to the US by Facebook.  Max Schrems a Facebook users since 2008 approached the Irish Information Commissioner after the Snowden revelations in 2013 to express concern about the privacy of his personal data when it was transferred to the US. The Irish Information Commissioner rejected his concerns based on the fact that the European Commission had determined Safe Harbour to be adequate.  The case highlighted that Information Commissioners (supervisory authorities) have the right to challenge the “adequacy” decision made by the European Commission.  The European Commission looked only at Safe Harbour and not the national law of the USA when making an “adequacy” decision. A flawed decision as Safe Harbour does not apply to USA government agencies.  See the note at the end of the ruling, it is down to the Irish Information Commissioner to make a judgement.
  • 12. 12 Who does this apply to? Many organizations may argue that they do not transfer data to the USA. Actually any organization engaged in Outsourcing data processing of personal data or using cloud services need to investigate this. Examples of where data processing of personal data may become relevant here is:  Use of cloud services to store or process data  Payroll services  CRM and sales systems  HR systems  Document storage solutions  Email and messaging services  Application services  Database services
  • 13. 13 What are the Alternatives Solution Description EU Model Contract Clauses These are rules embedded in contract between the company and the US based service provider. This can be applied even in the same organization. Will rely on the involvement of legal counsel and ongoing monitoring as things develop. Binding Corporate Rules For internal overseas transfers, formal rules can be agreed. However to be valid these will need some agreement with EU regulators. Review and Implementation of a Privacy Framework In order to really ensure risk is being managed organizations transferring EU citizen data to the USA (or indeed any other country not deemed as “adequate”) will need to also implement strict control and demonstrate the management of such controls.
  • 14. 14 Next Steps The immediate response for effected organizations are: Work to Implement an effective framework Consider the ISO 29100 Framework? Address Contractual Issues or Seek Alternatives Work with suppliers, can you implement EU Model Contract Clauses or seek alternatives? Review and Risk Assessment Assess organizational data flows (does personal data leave the EU?) identify the associated risks
  • 15. 15 ISO 29100  Specifies high level framework for protecting Personally Identifiable Information.  Clause written using the verb “should”.  Broken into 5 sections covering terminology, framework elements, and privacy principles.  Organization cannot obtain certification against this standard.
  • 16. 16 Choose a Methodological Framework to Manage the Privacy framework Implementation Project 4. Act 4.1 Treatment of problems 4.2 Continual Improvement 3. Check 3.1 Monitoring, Measurement, Analysis and Evaluation 3.2 Internal Audit 3.3 Management Review 2. Do 2.2 Document Management 2.3 Design of Controls & Procedures 2.5 Awareness & Training 2.8 Operations Management 2.7 Incident Management 2.4 Communication 2.1 Organizational Structure 2.6 Implementation of Controls 1. Plan 1.2 Understanding the organization 1.3 Analyze the existing System 1.5 Scope 1.6 Privacy Policy 1.1 Initiating the framework 1.4 Leadership and Project Approval 1.8 Controls ____Statement 1.7 Risk Assessment
  • 17. 17 Definition of Privacy What is Privacy? There are many different views depending on location and culture but in general there are four points: • Privacy of personal information • Privacy of the person • Privacy of personal behaviour • Privacy of personal communication
  • 18. 18 Definition of Privacy Framework ISO 29100 The Privacy framework proposed by ISO 29100 states: The privacy framework is intended to help organizations define their privacy safeguarding requirements related to PII within an ICT environment by: • Specifying a common privacy terminology; • Defining the actors and their roles in processing PII; • Describing privacy safeguarding requirements; and • Referencing known privacy principles. Note: An effective working framework consists of policies, procedures, guidelines, and associated resources and activities
  • 19. 19 Linkage Between ISO 29100 and ISO 27001 ISO 29100 and ISO 27001 Concepts ISO/IEC 29100 concepts Correspondence with ISO/IEC 27001 concepts Privacy Stakeholder Stakeholder PII Information Asset Privacy Breach Information Security Incident Privacy Control Control Privacy Risk Risk Privacy Risk Management Risk Management Privacy Safeguarding Requirements Control Objectives
  • 20. 20 Generally Accepted Privacy Principles  The Generally Accepted Privacy Principles (GAPP) were developed in 2009 by the American Institute of CPAs and the Canadian Institute of Chartered Accountants (CICA) in order to present an approach for a privacy framework.  This course uses the principles of GAPP and ISO 29100 to build a comprehensive privacy framework.
  • 21. 21 Generally accepted privacy principles Canadian Institute of Chartered Accounts ISO 29100 ISO 29100 An implementation can consist of good practices from a number of sources: Comission Nationale de l’Informatique et des Libertes
  • 22. 22 What else could be coming? Other developments? There could be more as things develop: • The new EU Data Protection directive is in development • Proposals for a Safe Harbour 2.0 • Transatlantic Trade and Investment Partnership (TTIP) • More recognition of ISO 27018 for the Cloud Industry? • International recognition of privacy means this becomes a global harmonization challenge not just an EU/US issue
  • 24. 24