SlideShare uma empresa Scribd logo

mplementing and Auditing GDPR Series (10 of 10)

Jim Kaplan CIA CFE
Jim Kaplan CIA CFE

Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater. Learning Outcomes: This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training. It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role. Webinar 10 • Handling data subject access requests (DSARs). • The roles of controllers and processors, and the relationships between them. • Transferring personal data outside the EU and the mechanisms for compliance. • How to become GDPR compliant using a compliance gap assessment

Negócios
1 de 22
Baixar para ler offline
10/14/2020 1 Richard Cascarino CISM, CIA, ACFE, CRMA General Data Protection Regulation (GDPR) Webinar 10 Becoming GDPR Compliant About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  IIA Bradford Cadmus Memorial Award Recipient  Local Government Auditor’s Lifetime Award  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2 1 2
10/14/2020 2 ABOUT AUDITNET® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 3,300 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you meet the criteria for earning CPE, you will receive a link via email to download your certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated if you did not receive the first mailing. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • You must answer the survey questions after the Webinar or before downloading your certificate. 3 4
10/14/2020 3 IMPORTANT INFORMATION REGARDING CPE! • ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated after the initial distribution. • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • You must opt-in for our mailing list. If you indicate, you do not want to receive our emails your registration will be cancelled, and you will not be able to attend the Webinar. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC 5 6
10/14/2020 4 ABOUT RICHARD CASCARINO, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of The Complete Guide for CISA Examination Preparation out 5 October 2020 7 Copyright Richard Cascarino TODAY’S AGENDA Page 8 • Handling data subject access requests (DSARs). • The roles of controllers and processors, and the relationships between them. • Transferring personal data outside the EU and the mechanisms for compliance. • How to become GDPR compliant using a compliance gap assessment tool. 7 8
10/14/2020 5 WHAT IS A DSAR? Page 9 Article 15 of the General Data Protection Regulation (GDPR) grants Europeans the right to ask for a copy of the personal data A request from a data subject to be provided with a copy of the personal data being processed by a Controller and an explanation of the purposes for which personal data is being used Specifically when anyone asks to receive a copy of the personal data you may hold for them Must come from the individual themselves (or an authorized agent/parent/guardian) Could be sent to any department and come from a variety of sources May be submitted by email or social media and may be addressed to the “wrong” department or person Must be forwarded to the DPO WHY REQUEST? Page 10 To ensure: The individual’s personal information is being processed Who can access that information The organization’s lawful basis for processing The names or categories of any third parties that the information has been shared with The estimated period for which the personal data will be stored The criteria used to determine the storage period How the personal data was obtained Information about automated decision-making, including profiling, and the reasoning for and potential consequences of the automation 9 10
10/14/2020 6 OBLIGATIONS Page 11 Organizations don’t automatically have to comply with every DSAR they receive manifestly unfounded  one that the individual sends to disrupt the organisation, or which contains unsubstantiated accusations against the organisation excessive  based on how often you collect personal data Repetitive Organizations that reject on those bases must be capable of demonstrating their justification Each request to be considered on a case-by-case basis YOU MAY NEED Page 12 Proof of ID (if the requester is an employee or ex employee this may not be necessary if it is obvious to you who they are) Proof of relationship/authority (for example if information is requested about a child or by an agent) Whether they are interested in specific information (if they request ALL personal data you cannot restrict this) To know what their relationship is with your organization Whether they wish to see CCTV images of them (if relevant) and request a photograph, description of clothes worn, dates of visits etc. Whether they require the information to be provided in writing or whether they will accept it in an electronic form 11 12
10/14/2020 7 PROCESSING REQUIREMENTS Page 13 No fee allowed In most circumstances A “reasonable fee” when a request is manifestly unfounded, excessive or repetitive Access may be refused if excessive, unfounded or repetitive requests Refusal includes right to appeal to the organization’s supervisory authority Fee must be based on the administrative cost of complying with the request If no personal data is held about the individual they must be informed of this RESPONSE TIMES Page 14 Generally organizations required to provide the requested information within one month Where requests are complex or numerous, organizations are permitted to extend the deadline to three months Response explaining delay still required within one month No limit on how a DSAR must be made Verbally Electronically If request is made electronically, the information must be provided in a commonly used file format 13 14
10/14/2020 8 WHAT TO RELEASE Page 15 If the information contains personal data relating to other individuals consideration must be given whether/how to redact this or judge it to be reasonable to disclose Such information can be disclosed with the consent of other parties Where consent is not feasible consideration must be given to the privacy impact and/or how your duty of confidentiality to these other parties should the information be disclosed Any justification for disclosure of personal relating to other parties must be documented CONTROLLERS AND PROCESSORS GDPR imposes specific obligations on “Processors”, “Controllers”, and others with regard to their vendor relationships and the protection of “Personal Data” GDPR requires companies to conduct appropriate due diligence on processors and to have contracts containing specific provisions relating to data protection Duty of the processor to notify the controller and the controller to notify the supervisory authority when the personal data breach is likely to lead to a high risk to the data subject’s rights and freedoms 15 16
10/14/2020 9 CONTROLLERS AND PROCESSORS “Controller”  the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. “Processor”  a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller CONTROLLERS AND PROCESSORS When the processing of personal data of EU data subjects is done by a controller or processor that is not present in the EU, the GDPR applies in activities related to offering goods or services to EU citizens (free and paying services) and behavior monitoring of EU data subjects A non-EU company which processes the data of EU citizens needs to appoint a representative in the EU 17 18
10/14/2020 10 CONTROLLERS AND PROCESSORS The GDPR concerns all companies which process personal data of citizens (‘data subjects’) who reside in the EU, regardless of where these companies (the ‘data processors’ and ‘data controllers’) are located When the processing of personal data of EU data subjects is done by a controller or processor that is not present in the EU, the GDPR applies in activities related to offering goods or services to EU citizens (free and paying services) and behavior monitoring of EU data subjects  Controller  Alone or jointly with others determines the purposes and means of processing personal data.  Processor  Processes personal data on behalf of the controller.  Both controllers and processors regulated directly under GDPR.  Controllers have more responsibilities, for example:  Providing notices to data subjects, responding to exercise of subject rights, appointing representative in EEA, notifying supervisory authorities and data subjects of data breaches, maintaining records of processing. 39 CONTROLLER VS. PROCESSOR 19 20
10/14/2020 11 CONTROLLER AND PROCESSOR  Tasks and responsibilities of Controller, Processor and Data Protection Officer:  Records of processing activities and Logging  Personal data breach handling (Incident handling  Data protection impact assessment and Prior consultation  Security of processing and Data protection by design and by Default THE DATA PROCESSOR Someone who processes personal data on behalf of the data controller Examples include external payroll providers The obligation to comply with the Act is on the controller who must make sure that the processor processes data fairly and lawfully- under GDPR Data Processor has some direct obligations 21 22
10/14/2020 12 PRIVACY SHIELD (USA ONLY)  The decision on the EU-U.S. Privacy Shield was adopted by the European Commission on 12 July, 2016 Removed 2020  Commercial sector  Strong obligations on companies and robust enforcement  U.S Government access  Clear safeguards and transparency obligations  Redress  Directly with the company  With the data protection authority  Privacy shield panel  Monitoring  Annual joint review mechanism between US Department of commerce and EU Commission TRANSFERRING PERSONAL DATA OUTSIDE THE EU  Article 2(g): “recipient” shall mean a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients  Generally - (GDPR) restricts transfers of personal data to countries outside the EEA. These restrictions apply to all transfers, no matter the size of transfer or how often you carry them out  Article 44: General principle for transfers  Any transfer of personal data by controller or processor shall take place only if certain conditions are complied with:  a. Transfers on the basis of adequacy;  b. Transfers subject to the appropriate safeguards  c. Binding corporate rules apply. 23 24
10/14/2020 13 ADEQUACY Transfers on the basis of adequacy  A transfer may take place where there is an adequate level of protection  The adequacy criteria:  – the rule of law;  – respect for human rights and fundamental freedoms;  – relevant legislation, both general and sectoral, including:  concerning public security  defense  national security  criminal law SUBJECT TO APPROPRIATE SAFEGUARDS  Legally binding agreement between public authorities or bodies  Standard data protection clauses in the form of template transfer clauses adopted by the Commission  Standard data protection clauses in the form of template transfer clauses adopted by a supervisory authority and approved by the Commission 25 26
10/14/2020 14 SUBJECT TO APPROPRIATE SAFEGUARDS  Compliance with an approved code of conduct approved by a supervisory authority  Certification under an approved certification mechanism as provided for in the GDPR  Contractual clauses agreed authorized by the competent supervisory authority  Provisions inserted in to administrative arrangements between public authorities or bodies authorized by the competent supervisory authority DEROGATIONS (EXEMPTIONS)  Necessary for the establishment, exercise or defense of legal claims  Necessary to protect the vital interests of the data subject or other persons, where the data subject is physically or legally incapable of giving consent  Made from a register which under UK or EU law is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register) 27 28
10/14/2020 15 DEROGATIONS (EXEMPTIONS)  Made with the individual’s informed consent  Necessary for the performance of a contract between the individual and the organization or for pre-contractual steps taken at the individual’s request  Necessary for the performance of a contract made in the interests of the individual between the controller and another person  Necessary for important reasons of public interest BINDING CORPORATE RULES  Binding Corporate Rules (BCRs) are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA  Applicants must demonstrate that their BCRs put in place adequate safeguards for protecting personal data throughout the organization  Existing model BCRs are Data Protection Directive (DPD)- related 29 30
10/14/2020 16 BECOMING GDPR COMPLIANT Page 31  Step one – Understand the GDPR legal framework. ...  Step two – create a Data Register. ...  Step three – classify your data. ...  Step four – Start with your top priority. ...  Step five – assess and document additional risks and processes ...  Step six – revise and repeat. THE PROCESS  Planning and Mobilization  Setup the team, finalize the scope  Determine what resources are needed  Identify process owners and stakeholders, establish consultation plan  Perform the Assessment  Consult stakeholders, analyze risks and legal gaps, create risk map  Determine necessary controls and remediation measures to address legal gaps and risks  Create risk management plan, get sign off  Implement the control framework  Deploy risk management controls  Address legal gaps through remediation measures  Monitor and evaluate on a regular basis 31 32
10/14/2020 17 BECOMING GDPR COMPLIANT Page 33 Prepare for your GDPR project Create a project plan to implement GDPR. Include the right stakeholders in your GDPR project Conduct a readiness assessment to find out what tasks you need to perform Define your Personal Data Policy and other top- level documents BECOMING GDPR COMPLIANT Page 34 Create an inventory of processing activities List your processing activities and how these map to legitimate purposes defined in GDPR Be sure your company has published the necessary privacy notices for data subjects Define an approach to manage data subject rights 33 34
10/14/2020 18 BECOMING GDPR COMPLIANT Page 35 Implement a Data Protection Impact Assessment (DPIA) Conduct a DPIA when initiating a new project, or when implementing a change to your information systems or a product Secure personal data transfers Analyze what personal data is being transferred outside of your company, and when Take necessary legal and security measures to adequately protect personal data when personal data is transferred outside of the company BECOMING GDPR COMPLIANT Page 36 Amend third-party contracts Amend third-party contracts that include processing of personal data to become compliant with the GDPR Ensure the security of personal and sensitive data Implement the necessary organizational and technical measures to protect the personal data of data subjects Consider privacy and protection when designing new systems and processes Define how to handle data breaches. Set up the processes to identify and handle personal data breaches Prepare for notifications to the Supervisory Authority and data subjects, if required, in the case of a personal data breach 35 36
10/14/2020 19 AUTOMATED PERFORMANCE TOOLS  One Trust  Maintain Ongoing, Scalable Records to Demonstrate Global Privacy Compliance  Integrate Privacy by Design into Existing Processes  Sharing Project Assessments Externally  CENTRL's Privacy360  Automate the full assessment process  Use standard assessment templates or upload proprietary ones  Track issues and manage process to remediation  Reporting and analytics  Vigilant Software  Identify data security risks and determine the likelihood of their occurrence and impact.  Easily review and update DPIAs when changes in processing activities occur.  Share DPIA findings with stakeholders and data processors.  Demonstrate that appropriate measures have been taken to comply with the requirements of the GDPR. ONETRUST  OneTrust is the #1 most widely used privacy, security and trust technology. More than 6,000 customers, including half of the Fortune 500, use OneTrust to build integrated programs that comply with the CCPA, GDPR, LGPD, PDPA, ISO27001 and hundreds of the world’s privacy and security laws. The OneTrust platform is powered by the OneTrust Athena™ AI and robotic automation engine https://www.onetrust.com/products/assessment-automation 37 38
10/14/2020 20 PRIVACY 360  As the compliance process continues, the Data Protection Officer faces specific challenges that are preventing the company from going forth with the envisioned data privacy model  Privacy 360 is a reporting module and a perfect solution for the Data Protection Officer’s challenges. It gives a DPO an overview of all data and locations where personal information is stored about the specific data subject  https://dataprivacymanager.net/solutions/privacy-360/ VIGILANT SOFTWARE  Vigilant Software  DPIA Tool – Conduct a data protection impact assessment in six simple steps  Assess and treat data security risks for every process in your organization.  Easily demonstrate measures taken for GDPR (General Data Protection Regulation) compliance, essential to help you meet Article 35 requirements.  Avoid unnecessary work with screening questions to determine if a DPIA (data protection impact assessment) is necessary.  Export reports, and share findings with stakeholders and third parties.  Avoid errors and ensure completeness with a proven tool, aligned with the GDPR and ICO’s (Information Commissioner’s Office) requirements.  Review, update and maintain DPIAs year after year. https://www.vigilantsoftware.co.uk/topic/dpia 39 40
10/14/2020 21 QUESTIONS? Any Questions? Don’t be Shy! AUDITNET® AND CRISK ACADEMY • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week 41 42
10/14/2020 22 THANK YOU! Page 43 Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Follow Me on Twitter for Special Offers - @auditnet Join my LinkedIn Group – https://www.linkedin.com/groups/44252/ Like my Facebook business page https://www.facebook.com/pg/AuditNetLLC Richard Cascarino & Associates Cell: +1 970 819 7963 Tel +1 303 747 6087 (Skype Worldwide) Tel: +1 970 367 5429 eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino 43

Recomendados

Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliersJim Kaplan CIA CFE
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 

Recomendados

Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliersJim Kaplan CIA CFE
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 Jim Kaplan CIA CFE
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal AuditorsJim Kaplan CIA CFE
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analyticsJim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal AuditorJim Kaplan CIA CFE
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsJim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditorsJim Kaplan CIA CFE
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewJim Kaplan CIA CFE
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reportingJim Kaplan CIA CFE
 
Auditing Social Media
Auditing Social MediaAuditing Social Media
Auditing Social MediaJim Kaplan CIA CFE
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity SlidesJim Kaplan CIA CFE
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Jim Kaplan CIA CFE
 

Mais conteúdo relacionado

Mais procurados

How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 Jim Kaplan CIA CFE
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analyticsJim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal AuditorJim Kaplan CIA CFE
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsJim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewJim Kaplan CIA CFE
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reportingJim Kaplan CIA CFE
 

Mais procurados (20)

How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal Auditors
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & Culture
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital world
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud review
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reporting
 
Auditing Social Media
Auditing Social MediaAuditing Social Media
Auditing Social Media
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 

Semelhante a mplementing and Auditing GDPR Series (10 of 10)

Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Jim Kaplan CIA CFE
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling Jim Kaplan CIA CFE
 
Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Jim Kaplan CIA CFE
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsJim Kaplan CIA CFE
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniquesJim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsJim Kaplan CIA CFE
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
 
Using Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudUsing Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudFraudBusters
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection Jim Kaplan CIA CFE
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATJim Kaplan CIA CFE
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slidesJim Kaplan CIA CFE
 

Semelhante a mplementing and Auditing GDPR Series (10 of 10) (20)

GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10)
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and Countermeasures
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal Auditors
 
Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal Auditors
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniques
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analytics
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data Analytics
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics
 
Internal Auditing Basics
Internal Auditing BasicsInternal Auditing Basics
Internal Auditing Basics
 
Fieldwork Webinar
Fieldwork WebinarFieldwork Webinar
Fieldwork Webinar
 
Using Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudUsing Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay Fraud
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
 
It52015 slides
It52015 slidesIt52015 slides
It52015 slides
 
Robotic Process Auditing
Robotic Process Auditing Robotic Process Auditing
Robotic Process Auditing
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAAT
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slides
 

Último

8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 

Último (20)

8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 

mplementing and Auditing GDPR Series (10 of 10)

  • 1. 10/14/2020 1 Richard Cascarino CISM, CIA, ACFE, CRMA General Data Protection Regulation (GDPR) Webinar 10 Becoming GDPR Compliant About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  IIA Bradford Cadmus Memorial Award Recipient  Local Government Auditor’s Lifetime Award  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2 1 2
  • 2. 10/14/2020 2 ABOUT AUDITNET® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 3,300 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you meet the criteria for earning CPE, you will receive a link via email to download your certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated if you did not receive the first mailing. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • You must answer the survey questions after the Webinar or before downloading your certificate. 3 4
  • 3. 10/14/2020 3 IMPORTANT INFORMATION REGARDING CPE! • ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated after the initial distribution. • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • You must opt-in for our mailing list. If you indicate, you do not want to receive our emails your registration will be cancelled, and you will not be able to attend the Webinar. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC 5 6
  • 4. 10/14/2020 4 ABOUT RICHARD CASCARINO, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of The Complete Guide for CISA Examination Preparation out 5 October 2020 7 Copyright Richard Cascarino TODAY’S AGENDA Page 8 • Handling data subject access requests (DSARs). • The roles of controllers and processors, and the relationships between them. • Transferring personal data outside the EU and the mechanisms for compliance. • How to become GDPR compliant using a compliance gap assessment tool. 7 8
  • 5. 10/14/2020 5 WHAT IS A DSAR? Page 9 Article 15 of the General Data Protection Regulation (GDPR) grants Europeans the right to ask for a copy of the personal data A request from a data subject to be provided with a copy of the personal data being processed by a Controller and an explanation of the purposes for which personal data is being used Specifically when anyone asks to receive a copy of the personal data you may hold for them Must come from the individual themselves (or an authorized agent/parent/guardian) Could be sent to any department and come from a variety of sources May be submitted by email or social media and may be addressed to the “wrong” department or person Must be forwarded to the DPO WHY REQUEST? Page 10 To ensure: The individual’s personal information is being processed Who can access that information The organization’s lawful basis for processing The names or categories of any third parties that the information has been shared with The estimated period for which the personal data will be stored The criteria used to determine the storage period How the personal data was obtained Information about automated decision-making, including profiling, and the reasoning for and potential consequences of the automation 9 10
  • 6. 10/14/2020 6 OBLIGATIONS Page 11 Organizations don’t automatically have to comply with every DSAR they receive manifestly unfounded  one that the individual sends to disrupt the organisation, or which contains unsubstantiated accusations against the organisation excessive  based on how often you collect personal data Repetitive Organizations that reject on those bases must be capable of demonstrating their justification Each request to be considered on a case-by-case basis YOU MAY NEED Page 12 Proof of ID (if the requester is an employee or ex employee this may not be necessary if it is obvious to you who they are) Proof of relationship/authority (for example if information is requested about a child or by an agent) Whether they are interested in specific information (if they request ALL personal data you cannot restrict this) To know what their relationship is with your organization Whether they wish to see CCTV images of them (if relevant) and request a photograph, description of clothes worn, dates of visits etc. Whether they require the information to be provided in writing or whether they will accept it in an electronic form 11 12
  • 7. 10/14/2020 7 PROCESSING REQUIREMENTS Page 13 No fee allowed In most circumstances A “reasonable fee” when a request is manifestly unfounded, excessive or repetitive Access may be refused if excessive, unfounded or repetitive requests Refusal includes right to appeal to the organization’s supervisory authority Fee must be based on the administrative cost of complying with the request If no personal data is held about the individual they must be informed of this RESPONSE TIMES Page 14 Generally organizations required to provide the requested information within one month Where requests are complex or numerous, organizations are permitted to extend the deadline to three months Response explaining delay still required within one month No limit on how a DSAR must be made Verbally Electronically If request is made electronically, the information must be provided in a commonly used file format 13 14
  • 8. 10/14/2020 8 WHAT TO RELEASE Page 15 If the information contains personal data relating to other individuals consideration must be given whether/how to redact this or judge it to be reasonable to disclose Such information can be disclosed with the consent of other parties Where consent is not feasible consideration must be given to the privacy impact and/or how your duty of confidentiality to these other parties should the information be disclosed Any justification for disclosure of personal relating to other parties must be documented CONTROLLERS AND PROCESSORS GDPR imposes specific obligations on “Processors”, “Controllers”, and others with regard to their vendor relationships and the protection of “Personal Data” GDPR requires companies to conduct appropriate due diligence on processors and to have contracts containing specific provisions relating to data protection Duty of the processor to notify the controller and the controller to notify the supervisory authority when the personal data breach is likely to lead to a high risk to the data subject’s rights and freedoms 15 16
  • 9. 10/14/2020 9 CONTROLLERS AND PROCESSORS “Controller”  the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. “Processor”  a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller CONTROLLERS AND PROCESSORS When the processing of personal data of EU data subjects is done by a controller or processor that is not present in the EU, the GDPR applies in activities related to offering goods or services to EU citizens (free and paying services) and behavior monitoring of EU data subjects A non-EU company which processes the data of EU citizens needs to appoint a representative in the EU 17 18
  • 10. 10/14/2020 10 CONTROLLERS AND PROCESSORS The GDPR concerns all companies which process personal data of citizens (‘data subjects’) who reside in the EU, regardless of where these companies (the ‘data processors’ and ‘data controllers’) are located When the processing of personal data of EU data subjects is done by a controller or processor that is not present in the EU, the GDPR applies in activities related to offering goods or services to EU citizens (free and paying services) and behavior monitoring of EU data subjects  Controller  Alone or jointly with others determines the purposes and means of processing personal data.  Processor  Processes personal data on behalf of the controller.  Both controllers and processors regulated directly under GDPR.  Controllers have more responsibilities, for example:  Providing notices to data subjects, responding to exercise of subject rights, appointing representative in EEA, notifying supervisory authorities and data subjects of data breaches, maintaining records of processing. 39 CONTROLLER VS. PROCESSOR 19 20
  • 11. 10/14/2020 11 CONTROLLER AND PROCESSOR  Tasks and responsibilities of Controller, Processor and Data Protection Officer:  Records of processing activities and Logging  Personal data breach handling (Incident handling  Data protection impact assessment and Prior consultation  Security of processing and Data protection by design and by Default THE DATA PROCESSOR Someone who processes personal data on behalf of the data controller Examples include external payroll providers The obligation to comply with the Act is on the controller who must make sure that the processor processes data fairly and lawfully- under GDPR Data Processor has some direct obligations 21 22
  • 12. 10/14/2020 12 PRIVACY SHIELD (USA ONLY)  The decision on the EU-U.S. Privacy Shield was adopted by the European Commission on 12 July, 2016 Removed 2020  Commercial sector  Strong obligations on companies and robust enforcement  U.S Government access  Clear safeguards and transparency obligations  Redress  Directly with the company  With the data protection authority  Privacy shield panel  Monitoring  Annual joint review mechanism between US Department of commerce and EU Commission TRANSFERRING PERSONAL DATA OUTSIDE THE EU  Article 2(g): “recipient” shall mean a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients  Generally - (GDPR) restricts transfers of personal data to countries outside the EEA. These restrictions apply to all transfers, no matter the size of transfer or how often you carry them out  Article 44: General principle for transfers  Any transfer of personal data by controller or processor shall take place only if certain conditions are complied with:  a. Transfers on the basis of adequacy;  b. Transfers subject to the appropriate safeguards  c. Binding corporate rules apply. 23 24
  • 13. 10/14/2020 13 ADEQUACY Transfers on the basis of adequacy  A transfer may take place where there is an adequate level of protection  The adequacy criteria:  – the rule of law;  – respect for human rights and fundamental freedoms;  – relevant legislation, both general and sectoral, including:  concerning public security  defense  national security  criminal law SUBJECT TO APPROPRIATE SAFEGUARDS  Legally binding agreement between public authorities or bodies  Standard data protection clauses in the form of template transfer clauses adopted by the Commission  Standard data protection clauses in the form of template transfer clauses adopted by a supervisory authority and approved by the Commission 25 26
  • 14. 10/14/2020 14 SUBJECT TO APPROPRIATE SAFEGUARDS  Compliance with an approved code of conduct approved by a supervisory authority  Certification under an approved certification mechanism as provided for in the GDPR  Contractual clauses agreed authorized by the competent supervisory authority  Provisions inserted in to administrative arrangements between public authorities or bodies authorized by the competent supervisory authority DEROGATIONS (EXEMPTIONS)  Necessary for the establishment, exercise or defense of legal claims  Necessary to protect the vital interests of the data subject or other persons, where the data subject is physically or legally incapable of giving consent  Made from a register which under UK or EU law is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register) 27 28
  • 15. 10/14/2020 15 DEROGATIONS (EXEMPTIONS)  Made with the individual’s informed consent  Necessary for the performance of a contract between the individual and the organization or for pre-contractual steps taken at the individual’s request  Necessary for the performance of a contract made in the interests of the individual between the controller and another person  Necessary for important reasons of public interest BINDING CORPORATE RULES  Binding Corporate Rules (BCRs) are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA  Applicants must demonstrate that their BCRs put in place adequate safeguards for protecting personal data throughout the organization  Existing model BCRs are Data Protection Directive (DPD)- related 29 30
  • 16. 10/14/2020 16 BECOMING GDPR COMPLIANT Page 31  Step one – Understand the GDPR legal framework. ...  Step two – create a Data Register. ...  Step three – classify your data. ...  Step four – Start with your top priority. ...  Step five – assess and document additional risks and processes ...  Step six – revise and repeat. THE PROCESS  Planning and Mobilization  Setup the team, finalize the scope  Determine what resources are needed  Identify process owners and stakeholders, establish consultation plan  Perform the Assessment  Consult stakeholders, analyze risks and legal gaps, create risk map  Determine necessary controls and remediation measures to address legal gaps and risks  Create risk management plan, get sign off  Implement the control framework  Deploy risk management controls  Address legal gaps through remediation measures  Monitor and evaluate on a regular basis 31 32
  • 17. 10/14/2020 17 BECOMING GDPR COMPLIANT Page 33 Prepare for your GDPR project Create a project plan to implement GDPR. Include the right stakeholders in your GDPR project Conduct a readiness assessment to find out what tasks you need to perform Define your Personal Data Policy and other top- level documents BECOMING GDPR COMPLIANT Page 34 Create an inventory of processing activities List your processing activities and how these map to legitimate purposes defined in GDPR Be sure your company has published the necessary privacy notices for data subjects Define an approach to manage data subject rights 33 34
  • 18. 10/14/2020 18 BECOMING GDPR COMPLIANT Page 35 Implement a Data Protection Impact Assessment (DPIA) Conduct a DPIA when initiating a new project, or when implementing a change to your information systems or a product Secure personal data transfers Analyze what personal data is being transferred outside of your company, and when Take necessary legal and security measures to adequately protect personal data when personal data is transferred outside of the company BECOMING GDPR COMPLIANT Page 36 Amend third-party contracts Amend third-party contracts that include processing of personal data to become compliant with the GDPR Ensure the security of personal and sensitive data Implement the necessary organizational and technical measures to protect the personal data of data subjects Consider privacy and protection when designing new systems and processes Define how to handle data breaches. Set up the processes to identify and handle personal data breaches Prepare for notifications to the Supervisory Authority and data subjects, if required, in the case of a personal data breach 35 36
  • 19. 10/14/2020 19 AUTOMATED PERFORMANCE TOOLS  One Trust  Maintain Ongoing, Scalable Records to Demonstrate Global Privacy Compliance  Integrate Privacy by Design into Existing Processes  Sharing Project Assessments Externally  CENTRL's Privacy360  Automate the full assessment process  Use standard assessment templates or upload proprietary ones  Track issues and manage process to remediation  Reporting and analytics  Vigilant Software  Identify data security risks and determine the likelihood of their occurrence and impact.  Easily review and update DPIAs when changes in processing activities occur.  Share DPIA findings with stakeholders and data processors.  Demonstrate that appropriate measures have been taken to comply with the requirements of the GDPR. ONETRUST  OneTrust is the #1 most widely used privacy, security and trust technology. More than 6,000 customers, including half of the Fortune 500, use OneTrust to build integrated programs that comply with the CCPA, GDPR, LGPD, PDPA, ISO27001 and hundreds of the world’s privacy and security laws. The OneTrust platform is powered by the OneTrust Athena™ AI and robotic automation engine https://www.onetrust.com/products/assessment-automation 37 38
  • 20. 10/14/2020 20 PRIVACY 360  As the compliance process continues, the Data Protection Officer faces specific challenges that are preventing the company from going forth with the envisioned data privacy model  Privacy 360 is a reporting module and a perfect solution for the Data Protection Officer’s challenges. It gives a DPO an overview of all data and locations where personal information is stored about the specific data subject  https://dataprivacymanager.net/solutions/privacy-360/ VIGILANT SOFTWARE  Vigilant Software  DPIA Tool – Conduct a data protection impact assessment in six simple steps  Assess and treat data security risks for every process in your organization.  Easily demonstrate measures taken for GDPR (General Data Protection Regulation) compliance, essential to help you meet Article 35 requirements.  Avoid unnecessary work with screening questions to determine if a DPIA (data protection impact assessment) is necessary.  Export reports, and share findings with stakeholders and third parties.  Avoid errors and ensure completeness with a proven tool, aligned with the GDPR and ICO’s (Information Commissioner’s Office) requirements.  Review, update and maintain DPIAs year after year. https://www.vigilantsoftware.co.uk/topic/dpia 39 40
  • 21. 10/14/2020 21 QUESTIONS? Any Questions? Don’t be Shy! AUDITNET® AND CRISK ACADEMY • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week 41 42
  • 22. 10/14/2020 22 THANK YOU! Page 43 Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Follow Me on Twitter for Special Offers - @auditnet Join my LinkedIn Group – https://www.linkedin.com/groups/44252/ Like my Facebook business page https://www.facebook.com/pg/AuditNetLLC Richard Cascarino & Associates Cell: +1 970 819 7963 Tel +1 303 747 6087 (Skype Worldwide) Tel: +1 970 367 5429 eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino 43