O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson

gdpr – threat, overhead or opportunity

  • Entre para ver os comentários

CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson

  1. 1. GDPR – Threat, Overhead or Opportunity? Telford, Sept 2017 - Doug Davidson
  2. 2. 2Copyright © 2016 Capgemini and Sogeti. All Rights Reserved. Securing the Journey to the Cloud | #CWIN16 Sept 2016 So what are the GDPR changes? GDPR represents the biggest change to Data Privacy in the modern age Definitions of Personal data have changed Clear unambiguous need for consent, Legal compliance or legitimate interests Data portability GDPR Responsibility and accountability to individuals Geographical scope Privacy by design and default Mandatory Data Protection Impact Assessments (PIA’s) Data Protection Officer (DPO) & Data Processor Single set of rules across EU Data Controllers and Data Processors.. Data breaches Individual Rights (SAR’s)
  3. 3. 3Copyright © 2016 Capgemini and Sogeti. All Rights Reserved. Securing the Journey to the Cloud | #CWIN16 Sept 2016 Where to start? – Create a GDPR Programme  Undertake a controlled lifecycle approach to addressing GDPR requirements encompassing the following areas (as a minimum):  Governance – Board awareness, ownership, organisation, roles, responsibilities, policies and processes, oversight  Business Processes – Review and revise existing business processes to de-risk/de-scope risks and support compliance  People – skills, knowledge, education and awareness, communication  Data – Personally Identifiable Information (PII) and linked Meta Data that you hold and its controls to support or enable business processes  Security – the risk assessments, PIA’s, controls, policies and procedures that you use to secure PII data for staff and external 3rd parties GDPR Services Consultancy support Sustainability Remediation Discovery The Capgemini GDPR Lifecycle
  4. 4. 4Copyright © 2016 Capgemini and Sogeti. All Rights Reserved. Securing the Journey to the Cloud | #CWIN16 Sept 2016 Discovery: Incorporate the ICO 12 Steps into your approach .. Awareness Information you hold 1 2 4 7 8 9 11 Communicating privacy information Individuals’ rights Subject access requests Consent Legal basis for processing personal data Children Data breaches Data Protection by Design and Data Protection Impact Assessments Data Protection Officer (DPO) International 3 5 6 10 12 Discovery 25th May 2018
  5. 5. 5Copyright © 2016 Capgemini and Sogeti. All Rights Reserved. Securing the Journey to the Cloud | #CWIN16 Sept 2016 Discovery: Creating a Baseline Business Process 1: Internal Business Process Business Process 2: External 3rd Party Process PII Data Business Output Undertake a GDPR Assessment of your business processes and data holdings to identify your current exposure under GDPR..  Board strategy and company’s organisational knowledge of GDPR?  Governance structures in place?  Data Protection Officer (DPO) in place?  A defined Programme to prepare for GDPR?  Key Information Stakeholders identified and aware of their responsibilities?  Clear understanding of your legal right to process PII data?, and current Consent Management?  Clear understanding of how PII data is managed through-life?  Are you prepared for Subject Access Requests?  Incident management processes, up to date and effective? Business Output
  6. 6. 6Copyright © 2016 Capgemini and Sogeti. All Rights Reserved. Securing the Journey to the Cloud | #CWIN16 Sept 2016 Remediation: Starting the Journey to Compliance Business Process 1: Internal Business Process Business Process 2: External 3rd Party Process PII Data Business Output Business Output 25th May 2018 Remediation REMEDIATION Data Handling Model: Data Management Lifecycle: 3rd Party Compliance DPO & Governance Structure Consent & Rights Mgt: Data Breach Mgt: Education & Awareness
  7. 7. 7Copyright © 2016 Capgemini and Sogeti. All Rights Reserved. Securing the Journey to the Cloud | #CWIN16 Sept 2016 Sustainability: Effective on-going GDPR Compliance Ongoing GDPR Compliance must be retained and incorporated into the DNA and “through life” assurance approach of the business ..  Effective Governance structures and Data Protection Officer (DPO) in place  Data Lifecycle Management integrated across all business and supply chain services  Integrated Business Unit supporting the DPO and managing User Rights processes, Incident reporting, (etc) as part of the overarching Data security and management approach  “Security by design” Gateway Processes ensuring all new business services are GDPR compliant at release  GDPR training aligned and integrated into mainstream compliance education and awareness processes and culture GDPR Compliant Business Process 1: Internal Business Process Business Process 2: External 3rd Party Process PII Data Business Output Business Output 25th May 2018 Sustainability
  8. 8. 8 Securing the Journey to the Cloud | 2016 Copyright © 2016 Capgemini and Sogeti. All Rights Reserved Cloud Services Security is Possible! Any Questions?
  9. 9. 9Copyright © 2016 Capgemini and Sogeti. All Rights Reserved. Securing the Journey to the Cloud | #CWIN16 Sept 2016 Contact information Doug Davidson UK Cyber Security CTO & UK Cyber GDPR Lead doug.davidson@capgemini.com Grange Central, Telford TF3 4ER Insert contact picture
  10. 10. The information contained in this presentation is proprietary. Copyright © 2016 Capgemini and Sogeti. All rights reserved. Rightshore® is a trademark belonging to Capgemini. www.capgemini.com www.sogeti.com About Capgemini and Sogeti With more than 180,000 people in over 40 countries, Capgemini is a global leader in consulting, technology and outsourcing services. The Group reported 2015 global revenues of EUR 11.9 billion. Together with its clients, Capgemini creates and delivers business, technology and digital solutions that fit their needs, enabling them to achieve innovation and competitiveness. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience™, and draws on Rightshore®, its worldwide delivery model. Learn more about us at www.capgemini.com. Sogeti is a leading provider of technology and software testing, specializing in Application, Infrastructure and Engineering Services. Sogeti offers cutting-edge solutions around Testing, Business Intelligence & Analytics, Mobile, Cloud and Cyber Security. Sogeti brings together more than 20,000 professionals in 15 countries and has a strong local presence in over 100 locations in Europe, USA and India. Sogeti is a wholly-owned subsidiary of Cap Gemini S.A., listed on the Paris Stock Exchange.

×