SlideShare a Scribd company logo

Privacy & Data Protection

Download as PPTX, PDF
S
sp_krishna

(ISC)2 Bangalore Chapter - Annual Conference

Law
1 of 17
The Road Ahead: Practical Implications & Best Practices PRIVACY & DATA PROTECTION  Phani Krishna, CISA, CISM, CISSP, CAIIB...Head of IT Audit, Essentra Plc. Disclaimer: The views, opinions, findings, and conclusions or recommendations expressed in this presentation are strictly those of the presenter and are for information purposes only. They do not necessarily reflect the views of Essentra or the other organizations served by the presenter. Essentra or the other organizations served, take no responsibility for any errors or omissions in, or for the correctness of, the information contained in this presentation. ‘Privacy’, a noun: “A state in which one is not observed or disturbed by other people” or “The state of being free from public attention”
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Privacy & Data Protection Data/ Information Privacy Security Legal Compliance ‘Privacy’ of a natural living person is the state of not being observed or disturbed without their explicit consent to do so.
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
PII & Scope http://www.usan.com/uncategorized/understanding-pii-personally-identifiable-information-in-the-contact-center/ Any information that can identify a natural person directly, indirectly or when combined with other available information The Seven Dimensions PRIVACY OF DATA AND IMAGE (INFORMATION) PRIVACY OF BEHAVIOR AND ACTION PRIVACY OF COMMUNICATION PRIVACY OF ASSOCIATION PRIVACY OF THOUGHTS AND FEELINGS PRIVACY OF LOCATION AND SPACE (TERRITORIAL) PRIVACY OF PERSON
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Data protection Law & Regulation Forrester’s 2016 Data Protection Heat Map- Countries are continuing to move toward the Europe standard for data protection (from 1 June 2017) Failure to report leakage, damage or loss of personal data Disclosure of personal information in breach of a lawful contract or without consent Serious or repeated breach of the Australian Privacy Principles Privacy Directives / EU GDPR Privacy Shield Industry specific such as HIPAA / Privacy act 1974 • 1980 OECD guidelines on the Protection of Privacy and Trans border flows of Personal Data (updated 2013) Only recommended to member countries • Global Privacy Enforcement Network (GPEN)
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Privacy objectives of General Data Protection Regulation (GDPR) 1 Protect the Privacy rights 2 Uniform regulation across EU 3 Define(widen) the scope of PII 4 Uniform cross boarder data transfers 5 Address the online data privacy concerns 6 Facilitate the economic activities with uniform privacy requirements 7 Harmonize the regulatory oversight
Rights of Data Subjects Data Subject - Right to privacy Know the Why? How? Where? Till when? etc. Request information through a defined method Request to rectify/ modify Object transfer or processing Right to be forgotten Data portability without hindrance where feasible Object the automated decision making including profiling
Organizational Requirements • Legitimate, specified & explicit consentCollection • Adequate, relevant and limitedData • Lawful, transparent & fairProcess • Accurate & up to dateQuality • As consented & necessaryRetention • Protect - State of the ArtSecure • Controllers & Processors – Civil & Criminal LiabilitiesAccountability • Detect, Contain & Notify – Administrative FinesBreach • One stop Data Protection Authority for EU businessOne Stop
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Assessment Data Assessment Framework Gap Assessment Privacy Impact Assessment Business Impact Assessment Risk Assessment
Framework & Controls ENTERPRISE GOVERNANCE Privacy Governance Privacy Policies & Procedures Privacy Risk Management Awareness Privacy Program Management Training Privacy Operations Support Planning & Selection Projects & Controls Monitor & Reporting Audit & Review Requireme nts RightsLogging BreachAssess MitigateMeasure Review
GDPR Compliance Best practices E N T E R P R I S E G R C F R A M E W O R K Assessment Framework & Controls Privacy by design – Data Minimization Data Quality & Rights Management Data Protection Officer Encryption & IT Security best practices Cross Border Data transfer Certification Logging & Monitoring
Discussion

Recommended

Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 

Recommended

Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Data protection
Data protectionData protection
Data protectionRaviPrashant5
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
GDPR
GDPRGDPR
GDPRGopi PD
 
GDPR
GDPRGDPR
GDPRYounes Boukamher
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR The Pathway Group
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataOpenAIRE
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 

More Related Content

What's hot

Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataOpenAIRE
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 

What's hot (20)

Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Data protection
Data protectionData protection
Data protection
 
Data protection
Data protectionData protection
Data protection
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
GDPR
GDPRGDPR
GDPR
 
GDPR
GDPRGDPR
GDPR
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
Data security
Data securityData security
Data security
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive data
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 

Viewers also liked

Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data miningharithavijay94
 
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelData Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelDATAVERSITY
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Cédric Laurant
 
Personal data protection in the EU
Personal data protection in the EUPersonal data protection in the EU
Personal data protection in the EUArete-Zoe, LLC
 
Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Tore Hoel
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
THE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIERTHE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIERBig Data Week
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533Hubbamar
 
Group 4 discussion leading
Group 4 discussion leadingGroup 4 discussion leading
Group 4 discussion leadingHsuan-Ting Chen
 
Simplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive SolutionsSimplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive SolutionsBart Knijnenburg
 

Viewers also liked (20)

Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
 
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelData Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...
 
Personal data protection in the EU
Personal data protection in the EUPersonal data protection in the EU
Personal data protection in the EU
 
Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Understanding Your Business
Understanding Your BusinessUnderstanding Your Business
Understanding Your Business
 
THE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIERTHE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIER
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
DATA PRIVACY
DATA PRIVACYDATA PRIVACY
DATA PRIVACY
 
International Data Privacy Day 2017
International Data Privacy Day 2017International Data Privacy Day 2017
International Data Privacy Day 2017
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud Services
 
Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533
 
Group 4 discussion leading
Group 4 discussion leadingGroup 4 discussion leading
Group 4 discussion leading
 
Simplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive SolutionsSimplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
 
Levensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheid
Levensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheidLevensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheid
Levensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheid
 

Similar to Privacy & Data Protection

My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRzayadeen2003
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data PrivacyPriyanka Aash
 
Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Michel Bitter
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1rtjbond
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
Le soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRLe soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRJürgen Ambrosi
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
Riot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPRRiot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPRDave Bowden
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR PolicyLen Murphy
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protectionmeritnorthwest
 
GDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to FollowGDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to Followetouches
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfmakaylaklenke
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
General data protection
General data protectionGeneral data protection
General data protectionBrijeshR3
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 

Similar to Privacy & Data Protection (20)

My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
 
Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Information Privacy?! (GDPR)
Information Privacy?! (GDPR)
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
Le soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRLe soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPR
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization
 
Riot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPRRiot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPR
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR Policy
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protection
 
GDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to FollowGDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to Follow
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdf
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
General data protection
General data protectionGeneral data protection
General data protection
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 

Recently uploaded

Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in IndiaLegal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in IndiaFinlaw Consultancy Pvt Ltd
 
Ricky French: Championing Truth and Change in Midlothian
Ricky French: Championing Truth and Change in MidlothianRicky French: Championing Truth and Change in Midlothian
Ricky French: Championing Truth and Change in MidlothianRicky French
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULEsreeramsaipranitha
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书Fir L
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书SS A
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书Sir Lt
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书Fir L
 
如何办理新西兰奥克兰商学院毕业证(本硕)AIS学位证书
如何办理新西兰奥克兰商学院毕业证(本硕)AIS学位证书如何办理新西兰奥克兰商学院毕业证(本硕)AIS学位证书
如何办理新西兰奥克兰商学院毕业证(本硕)AIS学位证书Fir L
 
Debt Collection in India - General Procedure
Debt Collection in India - General ProcedureDebt Collection in India - General Procedure
Debt Collection in India - General ProcedureBridgeWest.eu
 
Cleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson
 
PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxRRR Chambers
 
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书Fs Las
 
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书Fir L
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书Fir L
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptjudeplata
 
Mediation ppt for study materials. notes
Mediation ppt for study materials. notesMediation ppt for study materials. notes
Mediation ppt for study materials. notesPRATIKNAYAK31
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxMollyBrown86
 

Recently uploaded (20)

Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in IndiaLegal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
 
Ricky French: Championing Truth and Change in Midlothian
Ricky French: Championing Truth and Change in MidlothianRicky French: Championing Truth and Change in Midlothian
Ricky French: Championing Truth and Change in Midlothian
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
 
Russian Call Girls Rohini Sector 6 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 6 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...Russian Call Girls Rohini Sector 6 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 6 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书
 
如何办理新西兰奥克兰商学院毕业证(本硕)AIS学位证书
如何办理新西兰奥克兰商学院毕业证(本硕)AIS学位证书如何办理新西兰奥克兰商学院毕业证(本硕)AIS学位证书
如何办理新西兰奥克兰商学院毕业证(本硕)AIS学位证书
 
Debt Collection in India - General Procedure
Debt Collection in India - General ProcedureDebt Collection in India - General Procedure
Debt Collection in India - General Procedure
 
Cleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson's Commitment to Service
Cleades Robinson's Commitment to Service
 
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
 
PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptx
 
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
 
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
 
Mediation ppt for study materials. notes
Mediation ppt for study materials. notesMediation ppt for study materials. notes
Mediation ppt for study materials. notes
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 

Privacy & Data Protection

  • 1. The Road Ahead: Practical Implications & Best Practices PRIVACY & DATA PROTECTION  Phani Krishna, CISA, CISM, CISSP, CAIIB...Head of IT Audit, Essentra Plc. Disclaimer: The views, opinions, findings, and conclusions or recommendations expressed in this presentation are strictly those of the presenter and are for information purposes only. They do not necessarily reflect the views of Essentra or the other organizations served by the presenter. Essentra or the other organizations served, take no responsibility for any errors or omissions in, or for the correctness of, the information contained in this presentation. ‘Privacy’, a noun: “A state in which one is not observed or disturbed by other people” or “The state of being free from public attention”
  • 2. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 3. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 4. Privacy & Data Protection Data/ Information Privacy Security Legal Compliance ‘Privacy’ of a natural living person is the state of not being observed or disturbed without their explicit consent to do so.
  • 5. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 6. PII & Scope http://www.usan.com/uncategorized/understanding-pii-personally-identifiable-information-in-the-contact-center/ Any information that can identify a natural person directly, indirectly or when combined with other available information The Seven Dimensions PRIVACY OF DATA AND IMAGE (INFORMATION) PRIVACY OF BEHAVIOR AND ACTION PRIVACY OF COMMUNICATION PRIVACY OF ASSOCIATION PRIVACY OF THOUGHTS AND FEELINGS PRIVACY OF LOCATION AND SPACE (TERRITORIAL) PRIVACY OF PERSON
  • 7. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 8. Data protection Law & Regulation Forrester’s 2016 Data Protection Heat Map- Countries are continuing to move toward the Europe standard for data protection (from 1 June 2017) Failure to report leakage, damage or loss of personal data Disclosure of personal information in breach of a lawful contract or without consent Serious or repeated breach of the Australian Privacy Principles Privacy Directives / EU GDPR Privacy Shield Industry specific such as HIPAA / Privacy act 1974 • 1980 OECD guidelines on the Protection of Privacy and Trans border flows of Personal Data (updated 2013) Only recommended to member countries • Global Privacy Enforcement Network (GPEN)
  • 9. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 10. Privacy objectives of General Data Protection Regulation (GDPR) 1 Protect the Privacy rights 2 Uniform regulation across EU 3 Define(widen) the scope of PII 4 Uniform cross boarder data transfers 5 Address the online data privacy concerns 6 Facilitate the economic activities with uniform privacy requirements 7 Harmonize the regulatory oversight
  • 11. Rights of Data Subjects Data Subject - Right to privacy Know the Why? How? Where? Till when? etc. Request information through a defined method Request to rectify/ modify Object transfer or processing Right to be forgotten Data portability without hindrance where feasible Object the automated decision making including profiling
  • 12. Organizational Requirements • Legitimate, specified & explicit consentCollection • Adequate, relevant and limitedData • Lawful, transparent & fairProcess • Accurate & up to dateQuality • As consented & necessaryRetention • Protect - State of the ArtSecure • Controllers & Processors – Civil & Criminal LiabilitiesAccountability • Detect, Contain & Notify – Administrative FinesBreach • One stop Data Protection Authority for EU businessOne Stop
  • 13. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 15. Framework & Controls ENTERPRISE GOVERNANCE Privacy Governance Privacy Policies & Procedures Privacy Risk Management Awareness Privacy Program Management Training Privacy Operations Support Planning & Selection Projects & Controls Monitor & Reporting Audit & Review Requireme nts RightsLogging BreachAssess MitigateMeasure Review
  • 16. GDPR Compliance Best practices E N T E R P R I S E G R C F R A M E W O R K Assessment Framework & Controls Privacy by design – Data Minimization Data Quality & Rights Management Data Protection Officer Encryption & IT Security best practices Cross Border Data transfer Certification Logging & Monitoring