GDPR one year in: Observations
•
2 gostaram•268 visualizações
Short talk at the Cyber Security Summit Belgium for Vlaamse Toezichts Comissie(VTC) about the what we learned about GDPR.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (18)
Semelhante a GDPR one year in: Observations
Semelhante a GDPR one year in: Observations (20)
Mais de B.A.
Mais de B.A. (20)
Último
Último (20)
GDPR one year in: Observations
- 1. Vlaamse Toezichtcommissie GDPR one year in Observations Jan Guldentops Vlaamse Toezichtcommissie Cyber Security Summit 12th of june 2019
- 2. • ° 2008: Monitor the transfer of personal data by flemish government entities • ° 2018 : Supervising data protection authority (DPA) for the Flemish public sector o (local) Government, • Our task are described in art. 57 and 58 of the GDPR o Advice, monitor, complaints, standardisation, promote awareness, report data leaks, etc. • Belgian situation o Flemish VTC & Federal DPA • More info : o https://overheid.vlaanderen.be/vlaamse-toezichtcommissie Vlaamse Toezichtcommissie QUID VTC ?
- 3. Who am I ? • Jan Guldentops (°1973) o I am building server, network and other ICT infrastructure o for > 25 years o Founder of Better Access (°1996) and BA (°2003) o Open Source Fundamentalist (after hours) o Strong practical background in the field of security and privacy • Security “expert” by accident o Documented the security problems of the first Belgian Internet bank. ( Beroepskrediet / Belgium Online ) o Right hand of big brother o “Certified” Data Protection Officer o Do a lot of R&D and testing (security, infrastructure, performance) o Backup member of the VTC board Vlaamse Toezichtcommissie
- 4. GDPR – one year • The runup to may 2018 almost felt like it was 1999 (Y2K) all over again. • That mix of real concern, panic, smooth sales, apocalyptic thinking, not understanding … • Lots of products, consultancy, privacy-washing, etc. • We didn’t explain the why enough o Why is the protection of personal data so important The situation has relaxed, companies and organizations. Vlaamse Toezichtcommissie
- 5. Howto GDPR ? • A combination of hard work, Common Sense, following policies and not reinventing the wheel • We see a lot of shortcuts and easy way’s out Vlaamse Toezichtcommissie
- 6. IT’s a continuous proces Vlaamse Toezichtcommissie
- 8. Realism : Vlaamse Toezichtcommissie • There is no such thing as absolute security ! • infallibility
- 9. Smart use of technology: encryption Vlaamse Toezichtcommissie
- 10. Is personal data more secure now? • Did the extra attention on documentation, procedures and inventories diminish the real work on security . • Did it mean we put less time in the real security work ? o Security plan ? o Real technical audits ? o Etc. • There is more than personal data to consider : o PCI DSS o Other regulatory rules Vlaamse Toezichtcommissie
- 11. A couple of examples Vlaamse Toezichtcommissie
- 12. Dataleaks reported to VTC • https://overheid.vlaanderen.be/overzicht- gegevenslekken-reeds-gemeld-aan-de- vlaamse-toezichtcommissie Vlaamse Toezichtcommissie
- 13. Standstill ? • Are we at a standstill ? • Belgian DPA’s took some time to get organized. • Commercial companies complain that they are not doing a lot of business • Not a lot of complaints / right enforced by citizens Vlaamse Toezichtcommissie
- 14. Important mission • Teach our citizens to enforce their rights o The right to be informed o The right of access o The right to rectification o The right to erasure o The right to restrict processing o The right to data portability o The right to object o Rights in relation to automated decision making and profiling. Vlaamse Toezichtcommissie