SlideShare uma empresa Scribd logo

Data Protection Scotland Summit 2019

Ray Bugg
Ray Bugg

The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice. When GDPR came into force in May 2018 it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 18 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed. The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance. Core conference topics include: • Key legal issues and obligations • Data security and encryption • Privacy Impact Assessments • Databases, data mapping and classification • Privacy by design • Practical strategy implementation

Dados e análise
1 de 156
Baixar para ler offline
WELCOME TO DIGIT’S 3RD ANNUAL DATA SUMMIT 2019 PROTECTION EDINBURGH - DYNAMIC EARTH - TUESDAY 10TH DECEMBER LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot
DELEGATE WIFI Network: delegates Password: OneTrust19 CONFERENCE APP Mobile App 1. Go to your app store 2. Search CC Events 3. Download and register 4. Enter our event code: digitevents Web App Open your mobile/ laptop web browser and enter: digiteventsapp.co.uk DRINKS RECEPTION 3.40pm – 4.30pm in the Exhibition area iOS (Apple) – point your phone’s camera at the QR code above Android – download a free QR scanner then point to code above GET THE OFFICIAL EVENT APP TO ENHANCE YOUR DAY.
MARK STEPHENJOURNALIST & BROADCASTER @markstephen60 @digitfyi #DPscot BBC Scotland
RAY BUGGFOUNDER @digitfyi @digitfyi #DPscot DIGIT
2020 EVENTS MORE 28TH MAY DIGIT LEADERS 18TH JUNE INTELLIGENT AUTOMATION 29TH & 30TH SEPT FINTECH + AWARDS 24TH NOV DIGIT EXPO 8TH DECEMBER DATA PROTECTION SUMMIT www.digifutures.co.ukwww.scot-secure.com www.digitalenergyscot.com OPEN OPEN
KEN MACDONALDHEAD OF REGIONS @ICOnews @digitfyi #DPscot ICO
Data Protection in the GDPR Era Ken Macdonald Head of ICO Regions December 2019
UK Information Commissioner’s Office
We’ve been busy…… ….VERY busy !
Main Helpline enquiries 0 5000 10000 15000 20000 25000 30000 Pre-GDPR Post-GDPR Average calls per month
Scotland Office enquiries 0 100 200 300 400 500 600 Apr May June July Aug Sept Oct Nov Dec Jan Feb Mar 2016-17 2017-18 2018-19
Complaints received 0 5000 10000 15000 20000 25000 30000 35000 40000 45000 2017/18 2018/19
Data breach reports received 0 2000 4000 6000 8000 10000 12000 14000 16000 2016-17 2017-18 2018/19
Top 10 sectors reporting breaches Business 21% Health 18% Education 15% Lenders 12% Local Gov 9% Legal 8% Retail 6% Charities 4% Central Gov 4% Property 3%
Staff numbers (FTE) 0 100 200 300 400 500 600 700 800 16/17 17/18 18/19 19/20
We’ve new roles and powers
Regulatory activities • Overseeing DPIAs • Pre-legislative consultation • Warnings • Reprimands • Requiring affected subjects to be notified of a breach
Supporting activities • Overseeing data protection certification mechanisms • Encouraging codes of conduct
For Small Organisations
Four Persistent Myths
Myth 1 Consent is the only option ! • Consent • Contract • Legal obligation • Vital interests • Public task • Legitimate interests
Myth 2 You have to report every breach ▪ Only applies to personal data breaches as per the definition in GDPR ▪ Only reportable where it is likely there is a risk to people’s rights and freedoms ▪ Report with 72 hours of breach discovery – includes evenings/weekends/bank holidays (not just working hours) ▪ Provide the information set out in Art 33 of the GDPR, where feasible
Myth 3 We have to see every DPIA Only consult when you have identified a high risk which cannot be mitigated We need : ▪ A description of the respective roles and responsibilities of any joint controllers or processors; ▪ The purposes and methods of the intended processing; ▪ The measures and safeguards taken to protect individuals; ▪ The contact details of your DPO (if you have one); and ▪ A copy of the DPIA. We may : ▪ Tell you that you can proceed ▪ Suggest other mitigations ▪ Issue a warning or otherwise limit your processing
Myth 4 We are your DPO ! Your DPO will ▪ Inform and advise you how to comply with the GDPR ▪ Monitor compliance with the GDPR and other DP laws ▪ Raise awareness of your internal data protection policies ▪ Advise on, and monitor, data protection impact assessments ▪ Be the first point of contact for the ICO and data subjects
Help us to help you
Current Consultations Right of Access (SAR) (closes 12 Feb 2020) Explaining AI Decisions (closes 24 Jan 2020)
ICO Scotland 45 Melville Street Edinburgh EH3 7HL T: 0303 123 1115 E: Scotland@ico.org.uk @ICONEWS
EVIE KYRIAKIDESChief Data Protection & Chief Privacy Officer @digitfyi #DPscot
Practitioner Observations on the Evolving Data Protection Landscape EVIE KYRIAKIDES CHIEF DATA PROTECTION & CHIEF PRIVACY OFFICER MARS INCORPORATED
Overview 1. The evolving privacy and data protection landscape, trends, and observations 2. How have trust, privacy and customer expectation shifted 3. Tips for Boards and Business Leaders Disclaimer: The views expressed in this presentation are those of the presenter and do not represent Mars Incorporated.
The Evolving Landscape
The Major Changes Regulatory Changes Europe Russia China Asia US Lat Am Technological Changes AI Transformation Operational Changes Internal changes Consumer perspectives
Regulatory Change Considerations 1. General Data Protection Regulation & California Consumer Privacy Act – China, Russia, SE Asia, LGPD, and more to come 2. The Speed of Change 3. Data transfers
Technological Change Considerations 1. Artificial Intelligence 2. Block chain, ransomware and transforming technologies
Operational Change Considerations 1. Internal changes, e.g. data protection officers 2. Addressing consumer concerns, e.g., loyalty and savvy
Shifting Expectations HOW HAVE TRUST, PRIVACY AND CUSTOMER EXPECTATIONS SHIFTED
Trust, privacy and customer expectations have shifted! GDPR CCPA Cambridge Analytica
How business can control the shift 1. View privacy as a differentiator 2. Data minimization 3. Technology 4. Clear communication
Privacy as a brand differentiator 1. Encourage trust and brand loyalty 2. Establish the new status quo 3. Encourage consumers to tie together trust in the product with trust in data protection
Data minimization 1. Limit collection 2. Require PIAs 3. Discuss needs with business
Tips for Boards & Senior Leaders
Consider Impact on Operations ❖Policies and procedures relating to data security and privacy ❖Employment, supplier, customer and other third- party contracts ❖IT systems dealing with data storage, transfer and security ❖Compliance programs and procedures, including ongoing monitoring ❖Preparedness plans for a data breach and related regulatory and reputational issues ❖Assess capabilities to identify and respond to the policy developments unfolding at the state and federal levels in the US and around the globe
Helpful Actions ❖Adapt thinking to consider privacy ❖Prepare to hire professionals ❖Evolve and maintain a consistent approach to privacy ❖Update policies
Questions?
CHARLIE GREYPRIVACY CONSULTANT @OneTrust @digitfyi #DPscot OneTrust
ISO 27001 & the GDPR: Identifying Overlap and Streamlining Efforts
QUESTIONS & DISCUSSION @digitfyi #DPscot
REFRESHMENTS & NETWORKING @digitfyi #DPscot
DATA SUMMIT 2019 PROTECTION EDINBURGH - DYNAMIC EARTH - TUESDAY 10TH DECEMBER LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot
DELEGATE WIFI Network: delegates Password: OneTrust19 CONFERENCE APP Mobile App 1. Go to your app store 2. Search CC Events 3. Download and register 4. Enter our event code: digitevents Web App Open your mobile/ laptop web browser and enter: digiteventsapp.co.uk DRINKS RECEPTION 3.40pm – 16.30pm in the Exhibition area iOS (Apple) – point your phone’s camera at the QR code above Android – download a free QR scanner then point to code above GET THE OFFICIAL EVENT APP TO ENHANCE YOUR DAY.
2020 EVENTS MORE 28TH MAY DIGIT LEADERS 18TH JUNE INTELLIGENT AUTOMATION 29TH & 30TH SEPT FINTECH + AWARDS 24TH NOV DIGIT EXPO 8TH DECEMBER DATA PROTECTION SUMMIT www.digifutures.co.ukwww.scot-secure.com www.digitalenergyscot.com OPEN OPEN
DATA SUMMIT 2019 PROTECTION EDINBURGH - DYNAMIC EARTH - TUESDAY 10TH DECEMBER LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot
HELENA BROWNPARTNER @digitfyi #DPscot ADDLESHAW GODDARD @AGprivacy
CONSUMERISATION OF PRIVACY: LEGAL IMPACT Helena Brown Partner, Data Protection & Commercial Services
THE CONSUMERISATION OF PRIVACY: LEGAL IMPACT Rights Requests Class Actions FinesDamages Claims
1 HIGHER FINES & CHANGING FOCUS… .
FINES: THE REGULATORS TAKE THE GLOVES OFF… ● British Airways hit with a notice of intent to fine for £183M. ● Marriott International also received a notice of intent to fine for £99M. ● 22 fines during 12 months up to 31 March 2019 totalling £3,010,610 – all for fines under the Data Protection Act 1998. ● Approx 128 fines to date throughout Europe ● Security breaches continue to dominate, but the first fines for transparency breaches emerge….
TRANSPARENCY A GREATER FOCUS ● Privacy notices are “gateway” to compliance. ● An area of greater focus for supervisory authorities with enforcement action taken against:- Google – CNIL issued a 50M euro fine for inaccessible notices (5/6 layers of info) and unclear processing information. La Liga - Spanish authority issued 250k euro fine for use of microphone on mobile devices via mobile app – lack of awareness of users.
BOUNTY (UK) LIMITED – FINED £400K (PRE-GDPR) ● 14M individuals affected (35M records) ● ICO found breaches of the first data protection principle:- ○ Lack of transparency – insufficient information given in relation to third parties that received data from Bounty (e.g. Sky, Equifax and third party marketing agencies); ○ Lack of fairness – failed to consider reasonable expectations and only justification seemed to be financial gain; and ○ Consent was not specific or informed. Offline registrations gave no choice. ● Significant decision for the data brokerage industry.
DO WE “LIKE” THIS ANYMORE? FASHION ID CASE The ECJ found that FashionID could be considered a joint controller of personal data collected by Facebook’s “Like” button to the extent that they jointly determined the purposes and means for which data was collected by the “Like” button. This appeared NOT to be limited to (a) collecting personal data via the “Like” button, and (b) transferring it to Facebook for so that Facebook could display that items had been ‘liked’. ○ Consent may be needed but a question of fact. ○ Privacy notices need carefully considered. ○ Article 26 requires an agreement in place between controllers.
….AND FACEBOOK FIGHTS BACK ● Facebook were fined £500,000 by the ICO in July 2018 in the wake of Cambridge Analytica for: ○ Unfair & unlawful processing ○ Monitoring ● Facebook alleged procedural errors, unfairness and bias ● In June 2019 the First Tier Tribunal (FTT) held allegations should be considered in an appeal and asked ICO to disclose materials on decision making process ● This was appealed by the ICO in September 2019 ● Settlement reached in October 2019: ○ Facebook pays the fine in full with no admission of liability; ○ Both parties withdraw appeals and each pay their own legal costs
MITIGATION STRATEGIES - LIAS ● LIAs are increasingly being used by businesses as a risk mitigation measure. ● Used to demonstrate decision making process when relying on legitimate interests to process personal data when balancing business interests vs rights and freedoms of data subjects. ● Being sought by privacy rights groups especially in marketing space where legitimate interests are relied upon rather than consent. ● Should be embedded within processes and documented in Register of Processing Activities.
2 RIGHTS REQUESTS CONTINUE TO IMPACT BUSINESS .
HANDLING DATA SUBJECT ACCESS REQUESTS ● 42% of all issues raised with ICO relate to DSARs. General perception that there is an increase in DSARs, triggered in case of data breach or issues in business, e.g. employment case. ● Technology / rights groups submitting DSARs on behalf of data subjects increasing. These are disappearing as fast as they are appearing. ● Magnacrest fined in criminal courts for ignoring DSAR and failing to comply with ICO Enforcement Notice. ● Follows similar action against SCL Elections (Cambridge Analytica).
ICO DRAFT GUIDANCE ON ACCESS – 4 DECEMBER ● Consider forms that can be submitted electronically ● 2 month extension if: ○ Complex; or ○ Received a number of requests from the individual at the same time ● What is complex? ○ Technical difficulty (electronic archive) (but no ‘technology exemption’) ○ Exemptions applied to large amounts of sensitive information ○ Issues re child and legal guardian ○ Specialist redaction work Simply a large volume of information does NOT make a request complex
ICO DRAFT GUIDANCE ON ACCESS – 4 DECEMBER ● Online portal SARs can be valid if: ○ Don’t have to sign up for a service ○ It is possible to identify the data subject ○ The identity of the third party can be verified ● WHAT IS MANIFESTLY UNFOUNDED OR EXCESSIVE? ○ Individual clearly has no intent to exercise rights – offers to settle ○ Intent to cause disruption is stated / systematic sending of requests (weekly) / unsubstantiated accusations / grudge against an individual ○ Excessive: repeats / overlaps with previous requests ○ Request focused – not individual focused
RUDD V BRIDLE 2019 – POST GDPR DSAR DECISION ● No stone needs left unturned when searching for documentation. A reasonable and proportionate search is acceptable. ● Exemptions still need carefully considered, i.e. can’t be applied in a broad brush fashion. ● No right to disclosure of documents. ● Requirement to provide information about the processing undertaken as per Article 13(1). ● Categories of recipients do not need to be defined to the extent that you are disclosing the names of the parties but you do need to factor in giving “any information available” as to the source. ● Purposes of processing can be broadly defined.
3.CLAIMS AND CLASS ACTIONS
A RISE IN ‘NUISANCE’ PRIVACY CLAIMS? ● Is privacy the new ‘slip & trip’? ● What damages are likely? ○ Halliday v Creation Consumer Finance (2013): nominal damages of £1 – no evidence of distress from non-compliance ○ AB v MoJ: £2250 for distress caused by 16 month DSAR delay (2014) ○ Art 8 & PECR claims? Watch this space…
CLASS ACTIONS: THE SCOPE WIDENS ● Lloyd v Google 2019 ○ Court of Appeal held that damages are, in principle, capable of being awarded for loss of control of data under the DPA, without proving pecuniary loss or distress. ○ Claimant sued in a representative capacity on behalf of a class of other residents of England and Wales who were also said to have been affected. ○ English “opt out” style class action.
CLASS ACTIONS: THE NEW NORM? ● Morrisons is currently under appeal to UK supreme court which will consider: ○ Can vicarious liability be excluded for data protection matters ○ Can vicarious liability be excluded for common law privacy breaches …in Morrisons there was no ICO enforcement action ● British Airways? ● Others?
4 ADTECH & COOKIES: TIME TO TAKE ANOTHER BITE? .
E-PRIVACY REGULATION ● Key changes as at 4 Oct 2019 following European Presidency Draft:- ○ Soft opt in will be narrowed – ○ to “purchased” goods and services; ○ shorter time line applied to how long you can rely on right – to be agreed by member states ○ B2B marketing impacted.
NEW ICO GUIDANCE ● ICO expects consent to meet GDPR standards in new guidance focussed on cookies and other tracking technology used in most websites and apps. ● Strictly necessary cookies do not need consent but need included in a cookie policy. ○ Security cookies. ○ Shopping basket cookies. ● Anything else needs GDPR consent. ● Pre-set options (e.g. sliders, pre-ticked boxes) are not acceptable. ● Conflicts with CNIL guidance – challenge for international business. ● European Court of Justice (Planet 49 case) confirmed approach in effect outlawing pre-ticked boxes. Spanish supervisory authority also fined Vueling 30,000 euros for failure to give granular consent.
HELENA BROWN Partner +44 (0)131 222 9544 +44 (0)7407735118 helena.brown@addleshawgoddard.com @AGPRIVACY QUESTIONS?
Solving Mass Data Fragmentation Alan Gardiner, Group Marketing Director 10th December 2019
77 supports 3.4 million bus journeys in the UK every day underpins £millions of financial trades every minute protects more than 3 million musical copyrights helps 700 million football fans support their favourite club enables 1 million gamers to play online each month helps deliver local services to over 11 million people supports the provision of over 150,000 affordable homes iomart…
Mass Data Fragmentation Confidential & Proprietary GDPR Compliance Multiple Copies Unstructured Data
79
FRAGMENTATION ACROSS SILOS1 ARCHIVING/ LTR FILE & OBJECT SERVERS TEST & DEVELOPMENT SEARCH/ ANALYTICS BACKUP & RECOVERY Confidential & Proprietary The Challenges Organisations Face With Managing Data
FRAGMENTATION ACROSS SILOS1 ARCHIVING/ LTR FILE & OBJECT SERVERS TEST & DEVELOPMENT SEARCH/ ANALYTICS BACKUP & RECOVERY Confidential & Proprietary The Challenges Organisations Face With Managing Data Media/Master Servers TapeSoftware Software Shares Appliances NAS Servers Search Software Storage Servers Masking Copies Policies Indexing Storage Software Servers FRAGMENTATION WITHIN SILOS 2
Clouds CLOUD BACKUP FILE & OBJECT STORAGE SEARCH/ ANALYTICS TEST & DEVELOPMENT ARCHIVING/ LTR FRAGMENTATION ACROSS SILOS Media/Master Svrs BACKUP & RECOVERY TapeSoftware FILE & OBJECT SERVERS Software Shares Appliances NAS SEARCH/ ANALYTICS Servers Search Software Storage TEST & DEVELOPMENT Servers Masking Copies Policies ARCHIVING/ LTR Indexing Storage Software Servers 1 Data Centers/ROBOs 2 FRAGMENTATION WITHIN SILOS FRAGMENTATION ACROSS SILOS1 2 FRAGMENTATION ACROSS LOCATIONS3 FRAGMENTATION WITHIN SILOS FRAGMENTATION FROM REDUNDANT COPIES4 FRAGMENTATION FROM REDUNDANT COPIES4 And Cloud Has Just Made It Worse Confidential & Proprietary
Mass Data Fragmentation noun mass da·​ta frag·​men·​ta·​tion | ˈmas ˈdā-tə frag-mən-ˈtā-shən, Growing proliferation of data spread across a myriad of different locations, infrastructure silos, and management systems that prevents organizations from fully utilizing its value Confidential & Proprietary
• First of its kind • 900 respondents • Senior IT decision makers • US, UK, Germany, France, Australia, Japan • Multiple sectors Global Market Study: Fielded By Vanson Bourne Confidential & Proprietary
Secondary data is fragmented and is / will become nearly impossible to manage. Confidential & Proprietary Mass Data Fragmentation: The Critical Challenge
of organisations have between 4-15 copies of the same data. Confidential & Proprietary Data Copies are Multiplying
store data between 2-5 public clouds Confidential & Proprietary Data Sprawl is Growing Exponentially
It will also consume significantly more time without more effective tools. Additional Time Confidential & Proprietary Consequences of Mass Data Fragmentation
of organisations’ leadership are concerned about the level of visibility that the IT team has into secondary data across all sites Compliance Risks Confidential & Proprietary Consequences of Mass Data Fragmentation
Mass Data Fragmentation Confidential & Proprietary
91
92
93 How Google Manages the World’s Consumer Data • CONSOLIDATION - Web-Scale File System • APPS and SERVICES • MANAGEABILITY 93
What If….. Confidential & Proprietary We could apply the Google principle within the Enterprise?
95
96 Introducing The New Architecture for Data Management 96 One Platform - All workloads & data One UI - Simple global management Run Apps & Services - Move compute to data • DataPlatform powered by • SpanFS • Helios • Cohesity MarketPlace
Integrated and Efficient ✓ Collapse legacy silos, eliminate copies ✓ Single GUI to manage all apps & data ✓ Policy-based automation Open and Extensible ✓ Fast self-service access to production data ✓ Easily spin up cloud or DC environments ✓ APIs for custom development/reports Safe and Compliant ✓ Google-like search for regulated data ✓ Near-instant restore, sub-5 minute RPO ✓ Highly available, non-disruptive ✓ Software-defined, “install & go” ✓ One-click reconfiguration & policy changes ✓ Run apps anywhere across DC/ Cloud/ Edge Fast and Flexible Confidential & Proprietary A Clean Sheet Approach to an Old Problem
98 Unified Global Management • Manage distributed locations • Global actionable search • Real-time monitoring and reporting • ML-driven, proactive alerts for anomalies • Global access & control of compute and data Control Everything with a Single UI ©2019 Cohesity, Inc. Confidential & Proprietary.98
99 99 Filer & Object Store aaS Test/Dev aaSCloud Native Backup Long-Term Retention aaS Backup as a Service Disaster Recovery as a Service One Platform for Multiple as-a-Service Offerings + Analytics as a Service - Generate Value from Untapped Data File / object access
What could be the Rewards? Confidential & Proprietary
Complete visibility of all your data Confidential & Proprietary Get value and insight from your secondary data Make sure you’re always compliant Complete control of all your data 28% thought they would see revenue increase
Mass Data Fragmentation Confidential & Proprietary
• Mass Data Fragmentation is a problem for all of us, and it’s only getting worse • Gives you back control of your data • Instant search capability • Eliminates data silos, copies and sprawl • It works across your hybrid infrastructure, simplifying everything • It’s a PAYG model • Helps ensure compliance • It let’s you drive value from your data Confidential & Proprietary In Summary
For more information download the Secondary Data Market Study by visiting: https://info.iomart.com/cohesity-secondary-data-market-report
How to deliver effective GDPR training Megan Kane GDPR Practitioner iCaaS GDPR Software
Risks of No Training Why are businesses not delivering it? • Non-compliance leading to ICO fines • Data breaches caused by employee error • Loss of customer trust • Reputational damage • Unhappy employees
Benefits of Training Avoid the long term consequences • Greater consumer confidence • Strong supply chain • Compliancy across rights and breaches • Reduced complaints • Empowered staff • Increased alignment of evolving technology
Delivery of Training Making it relevant, a priority and ongoing • Training is most effective when focused, relevant and role- based • Train to the necessary level • Training reflective of your business processing
Useful Tips • Evidence of training • It’s not a one stop shop - retrain • Less is more • Put yourself in their shoes • Use real life examples • Use software to assist
Q&A Megan.kane@myicaas.com
THANK YOU Megan Kane, iCaaS Megan.kane@myicaas.com
DATA SUMMIT 2019 PROTECTION EDINBURGH - DYNAMIC EARTH - TUESDAY 10TH DECEMBER LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot
ALICE WILSONDPO @digitfyi #DPscot HEFESTIS @HEFESTIS
Debunking GDPR and Data Sharing Myths & Misconceptions Alice Wilson & Lisa Powell Data Protection Officer (DPO) DPO Shared Services
GDPR, DPA – our approach to supporting clients • Team of 8 DPOs • Regional areas - assigned to FEs and HEs • Supported clients in preparation of 25th May 2018 • Privacy Notices • Article 30 Register • Contracts • Data Sharing • Policies and procedures • Training • Advice and guidance
Data Protection in HE/FE Sector •Legal Framework •Staff and Students •Legitimate Interests •Data processors •Data Sharing •Vulnerable Groups
Data Protection in HE/FE Sector •Research •Public interest •Data minimisation •Anonymisation •Pseudonymisation •Big data
DPO Shared Services - Benefits • DPO Shared Services benefits • Network of experts • Resources management where large projects involved • Incident management • Allows flexibility for absences • Development of templates, guidance and training • Economic Savings and Efficiencies
DPO Shared ServiceTeam role in Data Sharing Agreements •Benefits of a team of DPOs •Lead assigned to liaise with other organisations •DSAs developed •Team response on behalf of clients •Finalised agreements for all clients and stakeholder organisations
Supporting clients in Data Sharing •FEs/HEs share personal data for a variety of reasons •Government bodies and statutory purposes - e.g: •Scottish Funding Council •Skills Development Scotland (SDS) •Local Authorities and schools •Colleges sharing with Universities •Awarding Bodies
MYTH BUSTING – Myth 1: Consent •Lawful basis is new under GDPR •Consent is the only lawful basis •I can use another basis as a back up to consent
Myth 2: Barriers •GDPR says no! • The DPO is a barrier
Myth 3: Subject Access Requests If a SAR concerns a LARGE amount of personal data: • we can refuse to comply under ‘disproportionate effort’ • it is ‘excessive’ and we can refuse to comply with the request • Manifestly unfounded or excessive – ICO guidance https://ico.org.uk/for- organisations/guide-to-data-protection/guide-to-the-general-data-protection- regulation-gdpr/individual-rights/right-of-access/#17 • Narrowing the scope - Recital 63 https://ico.org.uk/for-organisations/guide-to-data- protection/guide-to-the-general-data-protection-regulation-gdpr/individual- rights/right-of-access/#11
Myth 4: Data Protection Impact Assessments •DPIAs must be done for ALL new projects •Article 35(1) •ICO / EDPB – Screening Questionnaire •These must be signed off by the ICO •Article 36(1)
Myth 5: Data Protection Officer •Data Protection is the DPO’s responsibility • Article 39 - tasks of the DPO • Article 38(6) – other task and duties • Slovenia’s ICO defines DPO’s additional tasks that could result in a conflict of interests https://eurocloud.org/news/article/slovenias-ico-defines- dpos-additional-tasks-that-could-result-in-a-conflict-of- interests/
CHANGING PERCEPTIONS – the HEFESTIS way •Raising staff awareness – eLearning is not the only answer •Opportunities •Be creative
Thank you Email: awilson@ucss.ac.uk and lpowell@ucss.ac.uk HESFESTIS DPO Shared Service: http://www.hefestis.ac.uk/#!/dpo
DATA SUMMIT 2019 PROTECTION EDINBURGH - DYNAMIC EARTH - TUESDAY 10TH DECEMBER LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot
CALUM LIDDLEEEA DATA PROTECTION MANAGER @InfoGovScotland @digitfyi #DPscot Facebook
CHARTING A WAY FORWARD >> Data Portability, and the Rise of Data Intermediaries
Calum Liddle Data Protection Manager calum@fb.com
“[E]ffective privacy and data protection needs a globally harmonized framework… New privacy regulation in the United States and around the world should build on the protections GDPR provides.” “If you share with one service, you should be able to move it to another” - Mark Zuckerberg, Washington Post, 30 March 2019. A drive towards data portability
What is the Right to Data Portability? Art. 20 General Data Protection Regulation: (1) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: (a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) [consent] or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried out by automated means. (2) In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Data Portability Today • Since 2010, Facebook has offered Download Your Information • We’re confident we can offer people even more control through a new generation of data portability tools that protect privacy and support innovation. • That’s why we joined the Data Transfer Project. Download Your Information
The Challenge
Data Portability and Privacy White Paper • We recently published a white paper that sets forth five questions about data portability and privacy • We hope it will help advance a global conversation about what it means to build privacy-protective data portability. • These are complex questions—we hope to make a small contribution to the existing thought and research from experts around the world.
Unpacking Data Portability
Data Portability & Responsibility 4. How should we protect privacy while enabling portability? What responsibilities, if any, should transferring providers have with respect to (1) requesting users, (2) others whose interests may be implicated by a transfer, and (3) potential recipients of the data?
Risks – let’s explore • Those to requesting users: informed choices; transparency; duty of care beyond the law? • Those to non-requesting users: data associated with other people; accountability; consent v permissions. • Potential recipients of personal data – and intermediaries: potential data misuse. Paucity – Confusion - Contradiction
Where next?
Photo Transfer Tool
Thank you!
ALI SHAHHEAD OF TECHNOLOGY POLICY @ICOnews @digitfyi #DPscot ICO
AI at the ICO Ali Shah - Head of Technology Policy ali.shah@ico.org.uk
- Cyber security - Age appropriate design code - Adtech - Biometrics (facial recognition technology) - Enabling data sharing (data trusts, anonymisation and PETs) and - AI ICO Priorities 14 5
Why AI? 14 6 https://dilbert.com/search_results?sort=date_asc&terms=Machine+Learning
14 7 ICO AI Audit Framework ▪ Develop a solid methodology for the ICO to supervise the use of personal data in AI systems. ▪ Support the development of internal knowledge, capabilities, and toolkits to support the work of the ICO, and in particular the assurance and investigations teams. ▪ Inform additional external guidance for organisations on how to manage data protection risks in AI systems; and support innovation and adoption of “safe” AI. Framework objectives ▪ GDPR put much more focus on automated processing and decisions making through new technologies such as AI. ▪ It also strengthened individuals' rights (e.g. the right to object to profiling), as well as the ICO powers (e.g. compulsory audits and fines) ▪ The ICO made AI one of its top three strategic priorities and appointed its first Postdoctoral Research Fellow in AI to develop its AI Auditing framework. Background
14 8 Large data and complex sets required to train, test and deploy AI systemsData minimisation and accuracy Often based on data collected for another purpose (e.g. crash analytics -> ad targeting) Purpose limitation Low interpretability and explainability of complex AI models and applications Transparency and fairness Human input slows down and may result in less accurate / consistent decisions Art. 22 restricts fully automated decision making with legal / significant effect. SOME EXAMPLES OF TENSIONS BETWEEN DATA PROTECTION AND AI
14 9 RISK APPETITE LEADERSHIP ENGAGEMENT AND OVERSIGHT DATA PROTECTION BY DESIGN AND DEFAULT MANAGEMENT AND REPORTING STRUCTURES COMPLIANCE AND ASSURANCE CAPABILITIES POLICIES AND PROCEDURES 1. GOVERNANCE AND ACCOUNTABILITY DOCUMENTATION AND AUDIT TRAILS TRAINING AND AWARENESS FAIRNESS AND TRANSPARENCY IN PROFILING ACCURACY FULLY AUTOMATED DECISION MAKING MODELS SECURITY AND CYBER TRADE-OFFs DATA MINIMISATION AND PURPOSE LIMITATION 2. AI-SPECIFIC RISK AREAS EXERCISE OF RIGHTS IMPACT ON BROADER PUBLIC RIGHTS
15 0 ▪ Managing training data ▪ Re-using AI models for new purposes FAIRNESS AND TRANSPARENCY IN PROFILING ACCURACY FULLY AUTOMATED DECISION MAKING MODELS SECURITY AND CYBER TRADE-OFFs DATA MINIMISATION AND PURPOSE LIMITATION EXERCISE OF RIGHTS IMPACT ON BROADER PUBLIC RIGHTS ▪ Bias and discrimination ▪ Sensitive inferences ▪ Interpretability of AI systems ▪ Explainability of AI decisions to data subject (ICO project ExplAIn) ▪ Accuracy of AI outputs and performance measures ▪ Meaningful human review in non-fully automated decision making AI systems ▪ Human review of decisions made by fully automated decision making AI systems ▪ Testing and verification challenges and model integrity ▪ Privacy attacks on Machine Learning models ▪ Existing security risks exacerbated by the use of AI ▪ Trade-offs between: - Precision vs recall - Accuracy vs privacy - Fairness vs accuracy - Fairness vs privacy - Accuracy vs generalisability ▪ Right to: - Be forgotten (right to erasure) - Data portability - Have inaccurate data corrected ▪ Public legitimacy ▪ Autonomy ▪ Freedom of association ▪ Freedom of speech ▪ Individual distress: offensive ad targeting OVERALL RISK MANAGEMENT CONSIDERATIONS AND COMMON THEMES ACROSS FRAMEWORKS ELEMENTS (E.G. OUTSOURCING RISKS)
Where next for the AI framework? Call for input through ICO dedicated microsite March – October 2019 Formal consultation January 2020 AI Framework finalisation and external guidance published Spring 2020 Timeline AIAuditingFramework@ico.org.uk 15 1
thank you ali.shah@ico.org.uk AIAuditingFramework@ico.org.uk 15 2
CALUM LIDDLE EEA DATA PROTECTION MANAGER Facebook @InfoGovScotland ALICE WILSON DPO HEFESTIS ALI SHAH HEAD OF TECHNOLOGY POLICY @ICOnews ICO MARK STEPHEN JOURNALIST & BROADCASTER @markstephen60 BBC Scotland ELIZABETH FAIRLEY COO AND CO-FOUNDER @EFBServices Talking Medicines PAUL SHERRARD SR PROPOSITION AND DATA PROTECTION MANAGER @StandardLifeUK Standard Life Assurance, part of the Phoenix Group @digitfyi #DPscot
QUESTIONS & DISCUSSION @digitfyi #DPscot
DRINKS RECEPTION @digitfyi #DPscot
THANK YOU FOR JOINING US! LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot FOLLOW US ON SOCIAL FOR TECH NEWS AND EVENT UPDATES

Recomendados

ScotSecure 2020
ScotSecure 2020ScotSecure 2020
ScotSecure 2020Ray Bugg
 
The Secure Business in the Digital Age - 27th September 2017
The Secure Business in the Digital Age - 27th September 2017The Secure Business in the Digital Age - 27th September 2017
The Secure Business in the Digital Age - 27th September 2017Exponential_e
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
Becoming your customer's security partner in the digital age
Becoming your customer's security partner in the digital ageBecoming your customer's security partner in the digital age
Becoming your customer's security partner in the digital ageExponential_e
 
Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Ray Bugg
 
Sample Customer Advisory Board Deck
Sample Customer Advisory Board DeckSample Customer Advisory Board Deck
Sample Customer Advisory Board DeckRichard Smiraldi
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cAanchal579958
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 

Recomendados

ScotSecure 2020
ScotSecure 2020ScotSecure 2020
ScotSecure 2020Ray Bugg
 
The Secure Business in the Digital Age - 27th September 2017
The Secure Business in the Digital Age - 27th September 2017The Secure Business in the Digital Age - 27th September 2017
The Secure Business in the Digital Age - 27th September 2017Exponential_e
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
Becoming your customer's security partner in the digital age
Becoming your customer's security partner in the digital ageBecoming your customer's security partner in the digital age
Becoming your customer's security partner in the digital ageExponential_e
 
Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Ray Bugg
 
Sample Customer Advisory Board Deck
Sample Customer Advisory Board DeckSample Customer Advisory Board Deck
Sample Customer Advisory Board DeckRichard Smiraldi
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cAanchal579958
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Kevin Duffey
 
apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB
apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYBapidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB
apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYBapidays
 
Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Ray Bugg
 
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutThe 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutBernard Marr
 
Asean 1017 ezine_14pp
Asean 1017 ezine_14ppAsean 1017 ezine_14pp
Asean 1017 ezine_14ppPekerja lepas
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalNETSCOUT
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaFuture Agenda
 
Top blockchain usage cases in the real world
Top blockchain usage cases in the real worldTop blockchain usage cases in the real world
Top blockchain usage cases in the real worldGlobal Tech Council
 
SMACIC_Clean
SMACIC_CleanSMACIC_Clean
SMACIC_CleanAssad Jees
 
BlockchainPaper
BlockchainPaperBlockchainPaper
BlockchainPaperSanjeev Verma, PhD
 
Top Tech Trends of 2020
Top Tech Trends of 2020Top Tech Trends of 2020
Top Tech Trends of 2020The TNS Group
 
Blockchain for Social Impact: Moving Beyond the Hype
Blockchain for Social Impact: Moving Beyond the HypeBlockchain for Social Impact: Moving Beyond the Hype
Blockchain for Social Impact: Moving Beyond the HypeStanford Graduate School of Business
 
Cyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial ServicesCyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial ServicesKevin Duffey
 
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Kevin Duffey
 
Cybersecurity regulation will be challenging
Cybersecurity regulation will be challengingCybersecurity regulation will be challenging
Cybersecurity regulation will be challengingJoe Orlando
 
Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Ubisecure
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksEvernym
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securitySamo Zavašnik
 
Future value of data Final report - Draft summary lr 15 dec 2018
Future value of data Final report - Draft summary lr 15 dec 2018Future value of data Final report - Draft summary lr 15 dec 2018
Future value of data Final report - Draft summary lr 15 dec 2018Future Agenda
 
A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinFranco Coin
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdprExponential_e
 

Mais conteúdo relacionado

Mais procurados

Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Kevin Duffey
 
apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB
apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYBapidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB
apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYBapidays
 
Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Ray Bugg
 
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutThe 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutBernard Marr
 
Asean 1017 ezine_14pp
Asean 1017 ezine_14ppAsean 1017 ezine_14pp
Asean 1017 ezine_14ppPekerja lepas
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalNETSCOUT
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaFuture Agenda
 
Top blockchain usage cases in the real world
Top blockchain usage cases in the real worldTop blockchain usage cases in the real world
Top blockchain usage cases in the real worldGlobal Tech Council
 
Top Tech Trends of 2020
Top Tech Trends of 2020Top Tech Trends of 2020
Top Tech Trends of 2020The TNS Group
 
Cyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial ServicesCyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial ServicesKevin Duffey
 
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Kevin Duffey
 
Cybersecurity regulation will be challenging
Cybersecurity regulation will be challengingCybersecurity regulation will be challenging
Cybersecurity regulation will be challengingJoe Orlando
 
Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Ubisecure
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksEvernym
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securitySamo Zavašnik
 
Future value of data Final report - Draft summary lr 15 dec 2018
Future value of data Final report - Draft summary lr 15 dec 2018Future value of data Final report - Draft summary lr 15 dec 2018
Future value of data Final report - Draft summary lr 15 dec 2018Future Agenda
 

Mais procurados (20)

Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
 
apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB
apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYBapidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB
apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB
 
Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)
 
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutThe 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
 
Asean 1017 ezine_14pp
Asean 1017 ezine_14ppAsean 1017 ezine_14pp
Asean 1017 ezine_14pp
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a Hospital
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agenda
 
Top blockchain usage cases in the real world
Top blockchain usage cases in the real worldTop blockchain usage cases in the real world
Top blockchain usage cases in the real world
 
SMACIC_Clean
SMACIC_CleanSMACIC_Clean
SMACIC_Clean
 
BlockchainPaper
BlockchainPaperBlockchainPaper
BlockchainPaper
 
Top Tech Trends of 2020
Top Tech Trends of 2020Top Tech Trends of 2020
Top Tech Trends of 2020
 
Blockchain for Social Impact: Moving Beyond the Hype
Blockchain for Social Impact: Moving Beyond the HypeBlockchain for Social Impact: Moving Beyond the Hype
Blockchain for Social Impact: Moving Beyond the Hype
 
Cyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial ServicesCyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial Services
 
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
 
Cybersecurity regulation will be challenging
Cybersecurity regulation will be challengingCybersecurity regulation will be challenging
Cybersecurity regulation will be challenging
 
Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL security
 
Future value of data Final report - Draft summary lr 15 dec 2018
Future value of data Final report - Draft summary lr 15 dec 2018Future value of data Final report - Draft summary lr 15 dec 2018
Future value of data Final report - Draft summary lr 15 dec 2018
 

Semelhante a Data Protection Scotland Summit 2019

A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinFranco Coin
 
Impact of GDPR on Consumers and Firms
Impact of GDPR on Consumers and FirmsImpact of GDPR on Consumers and Firms
Impact of GDPR on Consumers and FirmsRay Poynter
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
Gdprplan.com affiliate huddle 10th may 2018
Gdprplan.com affiliate huddle 10th may 2018Gdprplan.com affiliate huddle 10th may 2018
Gdprplan.com affiliate huddle 10th may 2018Micky Khanna
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc
 
The GDPR Is Only for Europe—Right?
The GDPR Is Only for Europe—Right?The GDPR Is Only for Europe—Right?
The GDPR Is Only for Europe—Right?Priyanka Aash
 
Privacy and video surveillance: Advanced technology and best practices protec...
Privacy and video surveillance: Advanced technology and best practices protec...Privacy and video surveillance: Advanced technology and best practices protec...
Privacy and video surveillance: Advanced technology and best practices protec...Salvatore D'Agostino
 
Jowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownJowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownAgile PR
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Aaron Banham
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPiwik PRO
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisAngad Dayal
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.James Seville
 
GDPR in the Digital World
GDPR in the Digital WorldGDPR in the Digital World
GDPR in the Digital WorldeZ Systems
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadVisitor Analytics
 

Semelhante a Data Protection Scotland Summit 2019 (20)

A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.Coin
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
Impact of GDPR on Consumers and Firms
Impact of GDPR on Consumers and FirmsImpact of GDPR on Consumers and Firms
Impact of GDPR on Consumers and Firms
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
Gdprplan.com affiliate huddle 10th may 2018
Gdprplan.com affiliate huddle 10th may 2018Gdprplan.com affiliate huddle 10th may 2018
Gdprplan.com affiliate huddle 10th may 2018
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
 
GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016
 
The GDPR Is Only for Europe—Right?
The GDPR Is Only for Europe—Right?The GDPR Is Only for Europe—Right?
The GDPR Is Only for Europe—Right?
 
Privacy and video surveillance: Advanced technology and best practices protec...
Privacy and video surveillance: Advanced technology and best practices protec...Privacy and video surveillance: Advanced technology and best practices protec...
Privacy and video surveillance: Advanced technology and best practices protec...
 
GDPR Information
GDPR InformationGDPR Information
GDPR Information
 
Jowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownJowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens Scown
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e book
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.
 
GDPR in the Digital World
GDPR in the Digital WorldGDPR in the Digital World
GDPR in the Digital World
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free Download
 

Mais de Ray Bugg

Digit Leaders 2023
Digit Leaders 2023 Digit Leaders 2023
Digit Leaders 2023 Ray Bugg
 
DIGIT North 2022
DIGIT North 2022DIGIT North 2022
DIGIT North 2022Ray Bugg
 
Digital Transformation Summit 2021
Digital Transformation Summit 2021Digital Transformation Summit 2021
Digital Transformation Summit 2021Ray Bugg
 
DIGIT Expo 2019
DIGIT Expo 2019DIGIT Expo 2019
DIGIT Expo 2019Ray Bugg
 
DIGIT Expo 2019
DIGIT Expo 2019DIGIT Expo 2019
DIGIT Expo 2019Ray Bugg
 
Scotland's FinTech Summit 2019
Scotland's FinTech Summit 2019Scotland's FinTech Summit 2019
Scotland's FinTech Summit 2019Ray Bugg
 
Intelligent Automation 2019
Intelligent Automation 2019Intelligent Automation 2019
Intelligent Automation 2019Ray Bugg
 
DIGIT Leader 2019
DIGIT Leader 2019DIGIT Leader 2019
DIGIT Leader 2019Ray Bugg
 
DIgital Energy 2019
DIgital Energy 2019DIgital Energy 2019
DIgital Energy 2019Ray Bugg
 
Digital Transformation Scotland 2019
Digital Transformation Scotland 2019Digital Transformation Scotland 2019
Digital Transformation Scotland 2019Ray Bugg
 
GDPR Scotland 2018
GDPR Scotland 2018GDPR Scotland 2018
GDPR Scotland 2018Ray Bugg
 
Fintech 2018 Edinburgh
Fintech 2018 EdinburghFintech 2018 Edinburgh
Fintech 2018 EdinburghRay Bugg
 
DIGIT Leader Summit 2018 - Edinburgh
DIGIT Leader Summit 2018 - EdinburghDIGIT Leader Summit 2018 - Edinburgh
DIGIT Leader Summit 2018 - EdinburghRay Bugg
 
IoT Scotland 2018
IoT Scotland 2018IoT Scotland 2018
IoT Scotland 2018Ray Bugg
 
Digital Energy 2018 Day 1
Digital Energy 2018 Day 1Digital Energy 2018 Day 1
Digital Energy 2018 Day 1Ray Bugg
 
Scot Secure 2018
Scot Secure 2018Scot Secure 2018
Scot Secure 2018Ray Bugg
 
Digital Transformation 2018 - Edinburgh
Digital Transformation 2018 - EdinburghDigital Transformation 2018 - Edinburgh
Digital Transformation 2018 - EdinburghRay Bugg
 
Big Data Scotland 2017
Big Data Scotland 2017Big Data Scotland 2017
Big Data Scotland 2017Ray Bugg
 
IT In The Park 2017
IT In The Park 2017IT In The Park 2017
IT In The Park 2017Ray Bugg
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017Ray Bugg
 

Mais de Ray Bugg (20)

Digit Leaders 2023
Digit Leaders 2023 Digit Leaders 2023
Digit Leaders 2023
 
DIGIT North 2022
DIGIT North 2022DIGIT North 2022
DIGIT North 2022
 
Digital Transformation Summit 2021
Digital Transformation Summit 2021Digital Transformation Summit 2021
Digital Transformation Summit 2021
 
DIGIT Expo 2019
DIGIT Expo 2019DIGIT Expo 2019
DIGIT Expo 2019
 
DIGIT Expo 2019
DIGIT Expo 2019DIGIT Expo 2019
DIGIT Expo 2019
 
Scotland's FinTech Summit 2019
Scotland's FinTech Summit 2019Scotland's FinTech Summit 2019
Scotland's FinTech Summit 2019
 
Intelligent Automation 2019
Intelligent Automation 2019Intelligent Automation 2019
Intelligent Automation 2019
 
DIGIT Leader 2019
DIGIT Leader 2019DIGIT Leader 2019
DIGIT Leader 2019
 
DIgital Energy 2019
DIgital Energy 2019DIgital Energy 2019
DIgital Energy 2019
 
Digital Transformation Scotland 2019
Digital Transformation Scotland 2019Digital Transformation Scotland 2019
Digital Transformation Scotland 2019
 
GDPR Scotland 2018
GDPR Scotland 2018GDPR Scotland 2018
GDPR Scotland 2018
 
Fintech 2018 Edinburgh
Fintech 2018 EdinburghFintech 2018 Edinburgh
Fintech 2018 Edinburgh
 
DIGIT Leader Summit 2018 - Edinburgh
DIGIT Leader Summit 2018 - EdinburghDIGIT Leader Summit 2018 - Edinburgh
DIGIT Leader Summit 2018 - Edinburgh
 
IoT Scotland 2018
IoT Scotland 2018IoT Scotland 2018
IoT Scotland 2018
 
Digital Energy 2018 Day 1
Digital Energy 2018 Day 1Digital Energy 2018 Day 1
Digital Energy 2018 Day 1
 
Scot Secure 2018
Scot Secure 2018Scot Secure 2018
Scot Secure 2018
 
Digital Transformation 2018 - Edinburgh
Digital Transformation 2018 - EdinburghDigital Transformation 2018 - Edinburgh
Digital Transformation 2018 - Edinburgh
 
Big Data Scotland 2017
Big Data Scotland 2017Big Data Scotland 2017
Big Data Scotland 2017
 
IT In The Park 2017
IT In The Park 2017IT In The Park 2017
IT In The Park 2017
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
 

Último

April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysismanisha194592
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxEmmanuel Dauda
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfLars Albertsson
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystSamantha Rae Coolbeth
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiSuhani Kapoor
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxolyaivanovalion
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130Suhani Kapoor
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxStephen266013
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationshipsccctableauusergroup
 
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls DubaiDubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubaihf8803863
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...Suhani Kapoor
 

Último (20)

April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptx
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdf
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data Analyst
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docx
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
 
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls DubaiDubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
 

Data Protection Scotland Summit 2019

  • 1. WELCOME TO DIGIT’S 3RD ANNUAL DATA SUMMIT 2019 PROTECTION EDINBURGH - DYNAMIC EARTH - TUESDAY 10TH DECEMBER LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot
  • 2. DELEGATE WIFI Network: delegates Password: OneTrust19 CONFERENCE APP Mobile App 1. Go to your app store 2. Search CC Events 3. Download and register 4. Enter our event code: digitevents Web App Open your mobile/ laptop web browser and enter: digiteventsapp.co.uk DRINKS RECEPTION 3.40pm – 4.30pm in the Exhibition area iOS (Apple) – point your phone’s camera at the QR code above Android – download a free QR scanner then point to code above GET THE OFFICIAL EVENT APP TO ENHANCE YOUR DAY.
  • 3. MARK STEPHENJOURNALIST & BROADCASTER @markstephen60 @digitfyi #DPscot BBC Scotland
  • 5. 2020 EVENTS MORE 28TH MAY DIGIT LEADERS 18TH JUNE INTELLIGENT AUTOMATION 29TH & 30TH SEPT FINTECH + AWARDS 24TH NOV DIGIT EXPO 8TH DECEMBER DATA PROTECTION SUMMIT www.digifutures.co.ukwww.scot-secure.com www.digitalenergyscot.com OPEN OPEN
  • 6. KEN MACDONALDHEAD OF REGIONS @ICOnews @digitfyi #DPscot ICO
  • 7. Data Protection in the GDPR Era Ken Macdonald Head of ICO Regions December 2019
  • 10. Main Helpline enquiries 0 5000 10000 15000 20000 25000 30000 Pre-GDPR Post-GDPR Average calls per month
  • 11. Scotland Office enquiries 0 100 200 300 400 500 600 Apr May June July Aug Sept Oct Nov Dec Jan Feb Mar 2016-17 2017-18 2018-19
  • 13. Data breach reports received 0 2000 4000 6000 8000 10000 12000 14000 16000 2016-17 2017-18 2018/19
  • 14. Top 10 sectors reporting breaches Business 21% Health 18% Education 15% Lenders 12% Local Gov 9% Legal 8% Retail 6% Charities 4% Central Gov 4% Property 3%
  • 16. We’ve new roles and powers
  • 17. Regulatory activities • Overseeing DPIAs • Pre-legislative consultation • Warnings • Reprimands • Requiring affected subjects to be notified of a breach
  • 18. Supporting activities • Overseeing data protection certification mechanisms • Encouraging codes of conduct
  • 21. Myth 1 Consent is the only option ! • Consent • Contract • Legal obligation • Vital interests • Public task • Legitimate interests
  • 22. Myth 2 You have to report every breach ▪ Only applies to personal data breaches as per the definition in GDPR ▪ Only reportable where it is likely there is a risk to people’s rights and freedoms ▪ Report with 72 hours of breach discovery – includes evenings/weekends/bank holidays (not just working hours) ▪ Provide the information set out in Art 33 of the GDPR, where feasible
  • 23. Myth 3 We have to see every DPIA Only consult when you have identified a high risk which cannot be mitigated We need : ▪ A description of the respective roles and responsibilities of any joint controllers or processors; ▪ The purposes and methods of the intended processing; ▪ The measures and safeguards taken to protect individuals; ▪ The contact details of your DPO (if you have one); and ▪ A copy of the DPIA. We may : ▪ Tell you that you can proceed ▪ Suggest other mitigations ▪ Issue a warning or otherwise limit your processing
  • 24. Myth 4 We are your DPO ! Your DPO will ▪ Inform and advise you how to comply with the GDPR ▪ Monitor compliance with the GDPR and other DP laws ▪ Raise awareness of your internal data protection policies ▪ Advise on, and monitor, data protection impact assessments ▪ Be the first point of contact for the ICO and data subjects
  • 25. Help us to help you
  • 26. Current Consultations Right of Access (SAR) (closes 12 Feb 2020) Explaining AI Decisions (closes 24 Jan 2020)
  • 27. ICO Scotland 45 Melville Street Edinburgh EH3 7HL T: 0303 123 1115 E: Scotland@ico.org.uk @ICONEWS
  • 28. EVIE KYRIAKIDESChief Data Protection & Chief Privacy Officer @digitfyi #DPscot
  • 29. Practitioner Observations on the Evolving Data Protection Landscape EVIE KYRIAKIDES CHIEF DATA PROTECTION & CHIEF PRIVACY OFFICER MARS INCORPORATED
  • 30. Overview 1. The evolving privacy and data protection landscape, trends, and observations 2. How have trust, privacy and customer expectation shifted 3. Tips for Boards and Business Leaders Disclaimer: The views expressed in this presentation are those of the presenter and do not represent Mars Incorporated.
  • 32. The Major Changes Regulatory Changes Europe Russia China Asia US Lat Am Technological Changes AI Transformation Operational Changes Internal changes Consumer perspectives
  • 33. Regulatory Change Considerations 1. General Data Protection Regulation & California Consumer Privacy Act – China, Russia, SE Asia, LGPD, and more to come 2. The Speed of Change 3. Data transfers
  • 34. Technological Change Considerations 1. Artificial Intelligence 2. Block chain, ransomware and transforming technologies
  • 35. Operational Change Considerations 1. Internal changes, e.g. data protection officers 2. Addressing consumer concerns, e.g., loyalty and savvy
  • 36. Shifting Expectations HOW HAVE TRUST, PRIVACY AND CUSTOMER EXPECTATIONS SHIFTED
  • 37. Trust, privacy and customer expectations have shifted! GDPR CCPA Cambridge Analytica
  • 38. How business can control the shift 1. View privacy as a differentiator 2. Data minimization 3. Technology 4. Clear communication
  • 39. Privacy as a brand differentiator 1. Encourage trust and brand loyalty 2. Establish the new status quo 3. Encourage consumers to tie together trust in the product with trust in data protection
  • 40. Data minimization 1. Limit collection 2. Require PIAs 3. Discuss needs with business
  • 41. Tips for Boards & Senior Leaders
  • 42. Consider Impact on Operations ❖Policies and procedures relating to data security and privacy ❖Employment, supplier, customer and other third- party contracts ❖IT systems dealing with data storage, transfer and security ❖Compliance programs and procedures, including ongoing monitoring ❖Preparedness plans for a data breach and related regulatory and reputational issues ❖Assess capabilities to identify and respond to the policy developments unfolding at the state and federal levels in the US and around the globe
  • 43. Helpful Actions ❖Adapt thinking to consider privacy ❖Prepare to hire professionals ❖Evolve and maintain a consistent approach to privacy ❖Update policies
  • 46. ISO 27001 & the GDPR: Identifying Overlap and Streamlining Efforts
  • 49. DATA SUMMIT 2019 PROTECTION EDINBURGH - DYNAMIC EARTH - TUESDAY 10TH DECEMBER LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot
  • 50. DELEGATE WIFI Network: delegates Password: OneTrust19 CONFERENCE APP Mobile App 1. Go to your app store 2. Search CC Events 3. Download and register 4. Enter our event code: digitevents Web App Open your mobile/ laptop web browser and enter: digiteventsapp.co.uk DRINKS RECEPTION 3.40pm – 16.30pm in the Exhibition area iOS (Apple) – point your phone’s camera at the QR code above Android – download a free QR scanner then point to code above GET THE OFFICIAL EVENT APP TO ENHANCE YOUR DAY.
  • 51. 2020 EVENTS MORE 28TH MAY DIGIT LEADERS 18TH JUNE INTELLIGENT AUTOMATION 29TH & 30TH SEPT FINTECH + AWARDS 24TH NOV DIGIT EXPO 8TH DECEMBER DATA PROTECTION SUMMIT www.digifutures.co.ukwww.scot-secure.com www.digitalenergyscot.com OPEN OPEN
  • 52. DATA SUMMIT 2019 PROTECTION EDINBURGH - DYNAMIC EARTH - TUESDAY 10TH DECEMBER LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot
  • 54. CONSUMERISATION OF PRIVACY: LEGAL IMPACT Helena Brown Partner, Data Protection & Commercial Services
  • 55. THE CONSUMERISATION OF PRIVACY: LEGAL IMPACT Rights Requests Class Actions FinesDamages Claims
  • 56. 1 HIGHER FINES & CHANGING FOCUS… .
  • 57. FINES: THE REGULATORS TAKE THE GLOVES OFF… ● British Airways hit with a notice of intent to fine for £183M. ● Marriott International also received a notice of intent to fine for £99M. ● 22 fines during 12 months up to 31 March 2019 totalling £3,010,610 – all for fines under the Data Protection Act 1998. ● Approx 128 fines to date throughout Europe ● Security breaches continue to dominate, but the first fines for transparency breaches emerge….
  • 58. TRANSPARENCY A GREATER FOCUS ● Privacy notices are “gateway” to compliance. ● An area of greater focus for supervisory authorities with enforcement action taken against:- Google – CNIL issued a 50M euro fine for inaccessible notices (5/6 layers of info) and unclear processing information. La Liga - Spanish authority issued 250k euro fine for use of microphone on mobile devices via mobile app – lack of awareness of users.
  • 59. BOUNTY (UK) LIMITED – FINED £400K (PRE-GDPR) ● 14M individuals affected (35M records) ● ICO found breaches of the first data protection principle:- ○ Lack of transparency – insufficient information given in relation to third parties that received data from Bounty (e.g. Sky, Equifax and third party marketing agencies); ○ Lack of fairness – failed to consider reasonable expectations and only justification seemed to be financial gain; and ○ Consent was not specific or informed. Offline registrations gave no choice. ● Significant decision for the data brokerage industry.
  • 60. DO WE “LIKE” THIS ANYMORE? FASHION ID CASE The ECJ found that FashionID could be considered a joint controller of personal data collected by Facebook’s “Like” button to the extent that they jointly determined the purposes and means for which data was collected by the “Like” button. This appeared NOT to be limited to (a) collecting personal data via the “Like” button, and (b) transferring it to Facebook for so that Facebook could display that items had been ‘liked’. ○ Consent may be needed but a question of fact. ○ Privacy notices need carefully considered. ○ Article 26 requires an agreement in place between controllers.
  • 61. ….AND FACEBOOK FIGHTS BACK ● Facebook were fined £500,000 by the ICO in July 2018 in the wake of Cambridge Analytica for: ○ Unfair & unlawful processing ○ Monitoring ● Facebook alleged procedural errors, unfairness and bias ● In June 2019 the First Tier Tribunal (FTT) held allegations should be considered in an appeal and asked ICO to disclose materials on decision making process ● This was appealed by the ICO in September 2019 ● Settlement reached in October 2019: ○ Facebook pays the fine in full with no admission of liability; ○ Both parties withdraw appeals and each pay their own legal costs
  • 62. MITIGATION STRATEGIES - LIAS ● LIAs are increasingly being used by businesses as a risk mitigation measure. ● Used to demonstrate decision making process when relying on legitimate interests to process personal data when balancing business interests vs rights and freedoms of data subjects. ● Being sought by privacy rights groups especially in marketing space where legitimate interests are relied upon rather than consent. ● Should be embedded within processes and documented in Register of Processing Activities.
  • 63. 2 RIGHTS REQUESTS CONTINUE TO IMPACT BUSINESS .
  • 64. HANDLING DATA SUBJECT ACCESS REQUESTS ● 42% of all issues raised with ICO relate to DSARs. General perception that there is an increase in DSARs, triggered in case of data breach or issues in business, e.g. employment case. ● Technology / rights groups submitting DSARs on behalf of data subjects increasing. These are disappearing as fast as they are appearing. ● Magnacrest fined in criminal courts for ignoring DSAR and failing to comply with ICO Enforcement Notice. ● Follows similar action against SCL Elections (Cambridge Analytica).
  • 65. ICO DRAFT GUIDANCE ON ACCESS – 4 DECEMBER ● Consider forms that can be submitted electronically ● 2 month extension if: ○ Complex; or ○ Received a number of requests from the individual at the same time ● What is complex? ○ Technical difficulty (electronic archive) (but no ‘technology exemption’) ○ Exemptions applied to large amounts of sensitive information ○ Issues re child and legal guardian ○ Specialist redaction work Simply a large volume of information does NOT make a request complex
  • 66. ICO DRAFT GUIDANCE ON ACCESS – 4 DECEMBER ● Online portal SARs can be valid if: ○ Don’t have to sign up for a service ○ It is possible to identify the data subject ○ The identity of the third party can be verified ● WHAT IS MANIFESTLY UNFOUNDED OR EXCESSIVE? ○ Individual clearly has no intent to exercise rights – offers to settle ○ Intent to cause disruption is stated / systematic sending of requests (weekly) / unsubstantiated accusations / grudge against an individual ○ Excessive: repeats / overlaps with previous requests ○ Request focused – not individual focused
  • 67. RUDD V BRIDLE 2019 – POST GDPR DSAR DECISION ● No stone needs left unturned when searching for documentation. A reasonable and proportionate search is acceptable. ● Exemptions still need carefully considered, i.e. can’t be applied in a broad brush fashion. ● No right to disclosure of documents. ● Requirement to provide information about the processing undertaken as per Article 13(1). ● Categories of recipients do not need to be defined to the extent that you are disclosing the names of the parties but you do need to factor in giving “any information available” as to the source. ● Purposes of processing can be broadly defined.
  • 69. A RISE IN ‘NUISANCE’ PRIVACY CLAIMS? ● Is privacy the new ‘slip & trip’? ● What damages are likely? ○ Halliday v Creation Consumer Finance (2013): nominal damages of £1 – no evidence of distress from non-compliance ○ AB v MoJ: £2250 for distress caused by 16 month DSAR delay (2014) ○ Art 8 & PECR claims? Watch this space…
  • 70. CLASS ACTIONS: THE SCOPE WIDENS ● Lloyd v Google 2019 ○ Court of Appeal held that damages are, in principle, capable of being awarded for loss of control of data under the DPA, without proving pecuniary loss or distress. ○ Claimant sued in a representative capacity on behalf of a class of other residents of England and Wales who were also said to have been affected. ○ English “opt out” style class action.
  • 71. CLASS ACTIONS: THE NEW NORM? ● Morrisons is currently under appeal to UK supreme court which will consider: ○ Can vicarious liability be excluded for data protection matters ○ Can vicarious liability be excluded for common law privacy breaches …in Morrisons there was no ICO enforcement action ● British Airways? ● Others?
  • 72. 4 ADTECH & COOKIES: TIME TO TAKE ANOTHER BITE? .
  • 73. E-PRIVACY REGULATION ● Key changes as at 4 Oct 2019 following European Presidency Draft:- ○ Soft opt in will be narrowed – ○ to “purchased” goods and services; ○ shorter time line applied to how long you can rely on right – to be agreed by member states ○ B2B marketing impacted.
  • 74. NEW ICO GUIDANCE ● ICO expects consent to meet GDPR standards in new guidance focussed on cookies and other tracking technology used in most websites and apps. ● Strictly necessary cookies do not need consent but need included in a cookie policy. ○ Security cookies. ○ Shopping basket cookies. ● Anything else needs GDPR consent. ● Pre-set options (e.g. sliders, pre-ticked boxes) are not acceptable. ● Conflicts with CNIL guidance – challenge for international business. ● European Court of Justice (Planet 49 case) confirmed approach in effect outlawing pre-ticked boxes. Spanish supervisory authority also fined Vueling 30,000 euros for failure to give granular consent.
  • 75. HELENA BROWN Partner +44 (0)131 222 9544 +44 (0)7407735118 helena.brown@addleshawgoddard.com @AGPRIVACY QUESTIONS?
  • 76. Solving Mass Data Fragmentation Alan Gardiner, Group Marketing Director 10th December 2019
  • 77. 77 supports 3.4 million bus journeys in the UK every day underpins £millions of financial trades every minute protects more than 3 million musical copyrights helps 700 million football fans support their favourite club enables 1 million gamers to play online each month helps deliver local services to over 11 million people supports the provision of over 150,000 affordable homes iomart…
  • 78. Mass Data Fragmentation Confidential & Proprietary GDPR Compliance Multiple Copies Unstructured Data
  • 79. 79
  • 80. FRAGMENTATION ACROSS SILOS1 ARCHIVING/ LTR FILE & OBJECT SERVERS TEST & DEVELOPMENT SEARCH/ ANALYTICS BACKUP & RECOVERY Confidential & Proprietary The Challenges Organisations Face With Managing Data
  • 81. FRAGMENTATION ACROSS SILOS1 ARCHIVING/ LTR FILE & OBJECT SERVERS TEST & DEVELOPMENT SEARCH/ ANALYTICS BACKUP & RECOVERY Confidential & Proprietary The Challenges Organisations Face With Managing Data Media/Master Servers TapeSoftware Software Shares Appliances NAS Servers Search Software Storage Servers Masking Copies Policies Indexing Storage Software Servers FRAGMENTATION WITHIN SILOS 2
  • 82. Clouds CLOUD BACKUP FILE & OBJECT STORAGE SEARCH/ ANALYTICS TEST & DEVELOPMENT ARCHIVING/ LTR FRAGMENTATION ACROSS SILOS Media/Master Svrs BACKUP & RECOVERY TapeSoftware FILE & OBJECT SERVERS Software Shares Appliances NAS SEARCH/ ANALYTICS Servers Search Software Storage TEST & DEVELOPMENT Servers Masking Copies Policies ARCHIVING/ LTR Indexing Storage Software Servers 1 Data Centers/ROBOs 2 FRAGMENTATION WITHIN SILOS FRAGMENTATION ACROSS SILOS1 2 FRAGMENTATION ACROSS LOCATIONS3 FRAGMENTATION WITHIN SILOS FRAGMENTATION FROM REDUNDANT COPIES4 FRAGMENTATION FROM REDUNDANT COPIES4 And Cloud Has Just Made It Worse Confidential & Proprietary
  • 83. Mass Data Fragmentation noun mass da·​ta frag·​men·​ta·​tion | ˈmas ˈdā-tə frag-mən-ˈtā-shən, Growing proliferation of data spread across a myriad of different locations, infrastructure silos, and management systems that prevents organizations from fully utilizing its value Confidential & Proprietary
  • 84. • First of its kind • 900 respondents • Senior IT decision makers • US, UK, Germany, France, Australia, Japan • Multiple sectors Global Market Study: Fielded By Vanson Bourne Confidential & Proprietary
  • 85. Secondary data is fragmented and is / will become nearly impossible to manage. Confidential & Proprietary Mass Data Fragmentation: The Critical Challenge
  • 86. of organisations have between 4-15 copies of the same data. Confidential & Proprietary Data Copies are Multiplying
  • 87. store data between 2-5 public clouds Confidential & Proprietary Data Sprawl is Growing Exponentially
  • 88. It will also consume significantly more time without more effective tools. Additional Time Confidential & Proprietary Consequences of Mass Data Fragmentation
  • 89. of organisations’ leadership are concerned about the level of visibility that the IT team has into secondary data across all sites Compliance Risks Confidential & Proprietary Consequences of Mass Data Fragmentation
  • 91. 91
  • 92. 92
  • 93. 93 How Google Manages the World’s Consumer Data • CONSOLIDATION - Web-Scale File System • APPS and SERVICES • MANAGEABILITY 93
  • 94. What If….. Confidential & Proprietary We could apply the Google principle within the Enterprise?
  • 95. 95
  • 96. 96 Introducing The New Architecture for Data Management 96 One Platform - All workloads & data One UI - Simple global management Run Apps & Services - Move compute to data • DataPlatform powered by • SpanFS • Helios • Cohesity MarketPlace
  • 97. Integrated and Efficient ✓ Collapse legacy silos, eliminate copies ✓ Single GUI to manage all apps & data ✓ Policy-based automation Open and Extensible ✓ Fast self-service access to production data ✓ Easily spin up cloud or DC environments ✓ APIs for custom development/reports Safe and Compliant ✓ Google-like search for regulated data ✓ Near-instant restore, sub-5 minute RPO ✓ Highly available, non-disruptive ✓ Software-defined, “install & go” ✓ One-click reconfiguration & policy changes ✓ Run apps anywhere across DC/ Cloud/ Edge Fast and Flexible Confidential & Proprietary A Clean Sheet Approach to an Old Problem
  • 98. 98 Unified Global Management • Manage distributed locations • Global actionable search • Real-time monitoring and reporting • ML-driven, proactive alerts for anomalies • Global access & control of compute and data Control Everything with a Single UI ©2019 Cohesity, Inc. Confidential & Proprietary.98
  • 99. 99 99 Filer & Object Store aaS Test/Dev aaSCloud Native Backup Long-Term Retention aaS Backup as a Service Disaster Recovery as a Service One Platform for Multiple as-a-Service Offerings + Analytics as a Service - Generate Value from Untapped Data File / object access
  • 100. What could be the Rewards? Confidential & Proprietary
  • 101. Complete visibility of all your data Confidential & Proprietary Get value and insight from your secondary data Make sure you’re always compliant Complete control of all your data 28% thought they would see revenue increase
  • 103. • Mass Data Fragmentation is a problem for all of us, and it’s only getting worse • Gives you back control of your data • Instant search capability • Eliminates data silos, copies and sprawl • It works across your hybrid infrastructure, simplifying everything • It’s a PAYG model • Helps ensure compliance • It let’s you drive value from your data Confidential & Proprietary In Summary
  • 104. For more information download the Secondary Data Market Study by visiting: https://info.iomart.com/cohesity-secondary-data-market-report
  • 105. How to deliver effective GDPR training Megan Kane GDPR Practitioner iCaaS GDPR Software
  • 106. Risks of No Training Why are businesses not delivering it? • Non-compliance leading to ICO fines • Data breaches caused by employee error • Loss of customer trust • Reputational damage • Unhappy employees
  • 107. Benefits of Training Avoid the long term consequences • Greater consumer confidence • Strong supply chain • Compliancy across rights and breaches • Reduced complaints • Empowered staff • Increased alignment of evolving technology
  • 108. Delivery of Training Making it relevant, a priority and ongoing • Training is most effective when focused, relevant and role- based • Train to the necessary level • Training reflective of your business processing
  • 109. Useful Tips • Evidence of training • It’s not a one stop shop - retrain • Less is more • Put yourself in their shoes • Use real life examples • Use software to assist
  • 111. THANK YOU Megan Kane, iCaaS Megan.kane@myicaas.com
  • 112. DATA SUMMIT 2019 PROTECTION EDINBURGH - DYNAMIC EARTH - TUESDAY 10TH DECEMBER LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot
  • 114. Debunking GDPR and Data Sharing Myths & Misconceptions Alice Wilson & Lisa Powell Data Protection Officer (DPO) DPO Shared Services
  • 115. GDPR, DPA – our approach to supporting clients • Team of 8 DPOs • Regional areas - assigned to FEs and HEs • Supported clients in preparation of 25th May 2018 • Privacy Notices • Article 30 Register • Contracts • Data Sharing • Policies and procedures • Training • Advice and guidance
  • 116. Data Protection in HE/FE Sector •Legal Framework •Staff and Students •Legitimate Interests •Data processors •Data Sharing •Vulnerable Groups
  • 117. Data Protection in HE/FE Sector •Research •Public interest •Data minimisation •Anonymisation •Pseudonymisation •Big data
  • 118. DPO Shared Services - Benefits • DPO Shared Services benefits • Network of experts • Resources management where large projects involved • Incident management • Allows flexibility for absences • Development of templates, guidance and training • Economic Savings and Efficiencies
  • 119. DPO Shared ServiceTeam role in Data Sharing Agreements •Benefits of a team of DPOs •Lead assigned to liaise with other organisations •DSAs developed •Team response on behalf of clients •Finalised agreements for all clients and stakeholder organisations
  • 120. Supporting clients in Data Sharing •FEs/HEs share personal data for a variety of reasons •Government bodies and statutory purposes - e.g: •Scottish Funding Council •Skills Development Scotland (SDS) •Local Authorities and schools •Colleges sharing with Universities •Awarding Bodies
  • 121. MYTH BUSTING – Myth 1: Consent •Lawful basis is new under GDPR •Consent is the only lawful basis •I can use another basis as a back up to consent
  • 122. Myth 2: Barriers •GDPR says no! • The DPO is a barrier
  • 123. Myth 3: Subject Access Requests If a SAR concerns a LARGE amount of personal data: • we can refuse to comply under ‘disproportionate effort’ • it is ‘excessive’ and we can refuse to comply with the request • Manifestly unfounded or excessive – ICO guidance https://ico.org.uk/for- organisations/guide-to-data-protection/guide-to-the-general-data-protection- regulation-gdpr/individual-rights/right-of-access/#17 • Narrowing the scope - Recital 63 https://ico.org.uk/for-organisations/guide-to-data- protection/guide-to-the-general-data-protection-regulation-gdpr/individual- rights/right-of-access/#11
  • 124. Myth 4: Data Protection Impact Assessments •DPIAs must be done for ALL new projects •Article 35(1) •ICO / EDPB – Screening Questionnaire •These must be signed off by the ICO •Article 36(1)
  • 125. Myth 5: Data Protection Officer •Data Protection is the DPO’s responsibility • Article 39 - tasks of the DPO • Article 38(6) – other task and duties • Slovenia’s ICO defines DPO’s additional tasks that could result in a conflict of interests https://eurocloud.org/news/article/slovenias-ico-defines- dpos-additional-tasks-that-could-result-in-a-conflict-of- interests/
  • 126. CHANGING PERCEPTIONS – the HEFESTIS way •Raising staff awareness – eLearning is not the only answer •Opportunities •Be creative
  • 127. Thank you Email: awilson@ucss.ac.uk and lpowell@ucss.ac.uk HESFESTIS DPO Shared Service: http://www.hefestis.ac.uk/#!/dpo
  • 128. DATA SUMMIT 2019 PROTECTION EDINBURGH - DYNAMIC EARTH - TUESDAY 10TH DECEMBER LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot
  • 129. CALUM LIDDLEEEA DATA PROTECTION MANAGER @InfoGovScotland @digitfyi #DPscot Facebook
  • 130. CHARTING A WAY FORWARD >> Data Portability, and the Rise of Data Intermediaries
  • 131. Calum Liddle Data Protection Manager calum@fb.com
  • 132. “[E]ffective privacy and data protection needs a globally harmonized framework… New privacy regulation in the United States and around the world should build on the protections GDPR provides.” “If you share with one service, you should be able to move it to another” - Mark Zuckerberg, Washington Post, 30 March 2019. A drive towards data portability
  • 133. What is the Right to Data Portability? Art. 20 General Data Protection Regulation: (1) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: (a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) [consent] or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried out by automated means. (2) In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  • 134. Data Portability Today • Since 2010, Facebook has offered Download Your Information • We’re confident we can offer people even more control through a new generation of data portability tools that protect privacy and support innovation. • That’s why we joined the Data Transfer Project. Download Your Information
  • 136. Data Portability and Privacy White Paper • We recently published a white paper that sets forth five questions about data portability and privacy • We hope it will help advance a global conversation about what it means to build privacy-protective data portability. • These are complex questions—we hope to make a small contribution to the existing thought and research from experts around the world.
  • 138. Data Portability & Responsibility 4. How should we protect privacy while enabling portability? What responsibilities, if any, should transferring providers have with respect to (1) requesting users, (2) others whose interests may be implicated by a transfer, and (3) potential recipients of the data?
  • 139. Risks – let’s explore • Those to requesting users: informed choices; transparency; duty of care beyond the law? • Those to non-requesting users: data associated with other people; accountability; consent v permissions. • Potential recipients of personal data – and intermediaries: potential data misuse. Paucity – Confusion - Contradiction
  • 143. ALI SHAHHEAD OF TECHNOLOGY POLICY @ICOnews @digitfyi #DPscot ICO
  • 144. AI at the ICO Ali Shah - Head of Technology Policy ali.shah@ico.org.uk
  • 145. - Cyber security - Age appropriate design code - Adtech - Biometrics (facial recognition technology) - Enabling data sharing (data trusts, anonymisation and PETs) and - AI ICO Priorities 14 5
  • 147. 14 7 ICO AI Audit Framework ▪ Develop a solid methodology for the ICO to supervise the use of personal data in AI systems. ▪ Support the development of internal knowledge, capabilities, and toolkits to support the work of the ICO, and in particular the assurance and investigations teams. ▪ Inform additional external guidance for organisations on how to manage data protection risks in AI systems; and support innovation and adoption of “safe” AI. Framework objectives ▪ GDPR put much more focus on automated processing and decisions making through new technologies such as AI. ▪ It also strengthened individuals' rights (e.g. the right to object to profiling), as well as the ICO powers (e.g. compulsory audits and fines) ▪ The ICO made AI one of its top three strategic priorities and appointed its first Postdoctoral Research Fellow in AI to develop its AI Auditing framework. Background
  • 148. 14 8 Large data and complex sets required to train, test and deploy AI systemsData minimisation and accuracy Often based on data collected for another purpose (e.g. crash analytics -> ad targeting) Purpose limitation Low interpretability and explainability of complex AI models and applications Transparency and fairness Human input slows down and may result in less accurate / consistent decisions Art. 22 restricts fully automated decision making with legal / significant effect. SOME EXAMPLES OF TENSIONS BETWEEN DATA PROTECTION AND AI
  • 149. 14 9 RISK APPETITE LEADERSHIP ENGAGEMENT AND OVERSIGHT DATA PROTECTION BY DESIGN AND DEFAULT MANAGEMENT AND REPORTING STRUCTURES COMPLIANCE AND ASSURANCE CAPABILITIES POLICIES AND PROCEDURES 1. GOVERNANCE AND ACCOUNTABILITY DOCUMENTATION AND AUDIT TRAILS TRAINING AND AWARENESS FAIRNESS AND TRANSPARENCY IN PROFILING ACCURACY FULLY AUTOMATED DECISION MAKING MODELS SECURITY AND CYBER TRADE-OFFs DATA MINIMISATION AND PURPOSE LIMITATION 2. AI-SPECIFIC RISK AREAS EXERCISE OF RIGHTS IMPACT ON BROADER PUBLIC RIGHTS
  • 150. 15 0 ▪ Managing training data ▪ Re-using AI models for new purposes FAIRNESS AND TRANSPARENCY IN PROFILING ACCURACY FULLY AUTOMATED DECISION MAKING MODELS SECURITY AND CYBER TRADE-OFFs DATA MINIMISATION AND PURPOSE LIMITATION EXERCISE OF RIGHTS IMPACT ON BROADER PUBLIC RIGHTS ▪ Bias and discrimination ▪ Sensitive inferences ▪ Interpretability of AI systems ▪ Explainability of AI decisions to data subject (ICO project ExplAIn) ▪ Accuracy of AI outputs and performance measures ▪ Meaningful human review in non-fully automated decision making AI systems ▪ Human review of decisions made by fully automated decision making AI systems ▪ Testing and verification challenges and model integrity ▪ Privacy attacks on Machine Learning models ▪ Existing security risks exacerbated by the use of AI ▪ Trade-offs between: - Precision vs recall - Accuracy vs privacy - Fairness vs accuracy - Fairness vs privacy - Accuracy vs generalisability ▪ Right to: - Be forgotten (right to erasure) - Data portability - Have inaccurate data corrected ▪ Public legitimacy ▪ Autonomy ▪ Freedom of association ▪ Freedom of speech ▪ Individual distress: offensive ad targeting OVERALL RISK MANAGEMENT CONSIDERATIONS AND COMMON THEMES ACROSS FRAMEWORKS ELEMENTS (E.G. OUTSOURCING RISKS)
  • 151. Where next for the AI framework? Call for input through ICO dedicated microsite March – October 2019 Formal consultation January 2020 AI Framework finalisation and external guidance published Spring 2020 Timeline AIAuditingFramework@ico.org.uk 15 1
  • 153. CALUM LIDDLE EEA DATA PROTECTION MANAGER Facebook @InfoGovScotland ALICE WILSON DPO HEFESTIS ALI SHAH HEAD OF TECHNOLOGY POLICY @ICOnews ICO MARK STEPHEN JOURNALIST & BROADCASTER @markstephen60 BBC Scotland ELIZABETH FAIRLEY COO AND CO-FOUNDER @EFBServices Talking Medicines PAUL SHERRARD SR PROPOSITION AND DATA PROTECTION MANAGER @StandardLifeUK Standard Life Assurance, part of the Phoenix Group @digitfyi #DPscot
  • 156. THANK YOU FOR JOINING US! LEAD SPONSOR CO-SPONSORS @digitfyi #DPscot FOLLOW US ON SOCIAL FOR TECH NEWS AND EVENT UPDATES