Submit Search
Upload
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
•
2 likes
•
177 views
Capgemini
Follow
gdpr or how to eat the elephant a bit at a time
Read less
Read more
Presentations & Public Speaking
Report
Share
Report
Share
1 of 13
Download Now
Download to read offline
Recommended
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)
Happiest Minds Technologies
Data privacy and security in uae
Data privacy and security in uae
RishalHalid1
2020 B2C Audience Portait Infographic
2020 B2C Audience Portait Infographic
IDG
Accenture Banking Security Index
Accenture Banking Security Index
accenture
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
- Mark - Fullbright
Compliance: The Digital Imperative in Financial Services
Compliance: The Digital Imperative in Financial Services
Appian
Indusrty Strategy For Action
Indusrty Strategy For Action
Barry Greene
More Related Content
What's hot
GDPR Compliance: The challenge for HR and how Cezanne HR helps
GDPR Compliance: The challenge for HR and how Cezanne HR helps
Cezanne HR
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
accenture
The realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national security
Deloitte United States
Cyber security basics for law firms
Cyber security basics for law firms
Robert Westmacott
ACCA Smart Finance Series - Trust in the Digital AgePresented by PwC
ACCA Smart Finance Series - Trust in the Digital AgePresented by PwC
ACCASG Community Manager
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...
CNseg
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
Mourad Khalil
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
Resilient Systems
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ
GDPR Readiness
GDPR Readiness
NGA Human Resources
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Shawn Tuma
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
Ray Bugg
A Focus on Data, Best's Review, September 2018
A Focus on Data, Best's Review, September 2018
Gates Ouimette
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
DVV Solutions Third Party Risk Management
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
DVV Solutions Third Party Risk Management
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
Phil Agcaoili
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – Finance
Xenith Document Systems Ltd
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for IT
FERMA
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
Proofpoint
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
Phil Agcaoili
What's hot
(20)
GDPR Compliance: The challenge for HR and how Cezanne HR helps
GDPR Compliance: The challenge for HR and how Cezanne HR helps
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
The realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national security
Cyber security basics for law firms
Cyber security basics for law firms
ACCA Smart Finance Series - Trust in the Digital AgePresented by PwC
ACCA Smart Finance Series - Trust in the Digital AgePresented by PwC
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
GDPR Readiness
GDPR Readiness
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
A Focus on Data, Best's Review, September 2018
A Focus on Data, Best's Review, September 2018
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – Finance
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for IT
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
Similar to CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
People are the biggest risk
People are the biggest risk
Evan Francen
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
EC-Council
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
CipherCloud
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Shawn Tuma
Security For Free
Security For Free
gwarden
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software Technology
Shawn Tuma
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
Joel Cardella
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
SurfWatch Labs
Sit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docx
jennifer822
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
ITSM Academy, Inc.
Sem 001 sem-001
Sem 001 sem-001
SelectedPresentations
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
PECB
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
NetIQ
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
EC-Council
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
IBM Sverige
Jim Noble SEASIM Keynote
Jim Noble SEASIM Keynote
SeattleSIM
Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019
Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019
TechMeetups
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
John Bedrick
Information security for business majors
Information security for business majors
Paul Melson
Similar to CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
(20)
People are the biggest risk
People are the biggest risk
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Security For Free
Security For Free
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software Technology
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
Sit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docx
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
Sem 001 sem-001
Sem 001 sem-001
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
Jim Noble SEASIM Keynote
Jim Noble SEASIM Keynote
Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019
Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
Information security for business majors
Information security for business majors
More from Capgemini
Top Healthcare Trends 2022
Top Healthcare Trends 2022
Capgemini
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022
Capgemini
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022
Capgemini
Top Trends in Payments 2022
Top Trends in Payments 2022
Capgemini
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022
Capgemini
Retail Banking Trends book 2022
Retail Banking Trends book 2022
Capgemini
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
Capgemini
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
Capgemini
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
Capgemini
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
Capgemini
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
Capgemini
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
Capgemini
Top Trends in Payments: 2021
Top Trends in Payments: 2021
Capgemini
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
Capgemini
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
Capgemini
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
Capgemini
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
Capgemini
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
Capgemini
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
Capgemini
Top Trends in Payments: 2020
Top Trends in Payments: 2020
Capgemini
More from Capgemini
(20)
Top Healthcare Trends 2022
Top Healthcare Trends 2022
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022
Top Trends in Payments 2022
Top Trends in Payments 2022
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022
Retail Banking Trends book 2022
Retail Banking Trends book 2022
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
Top Trends in Payments: 2021
Top Trends in Payments: 2021
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
Top Trends in Payments: 2020
Top Trends in Payments: 2020
Recently uploaded
Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54
ZhazgulNurdinova
The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!
Loay Mohamed Ibrahim Aly
Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024
Gokulks007
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
eCommerce Institute
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
kb31670
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
kb31670
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
Access Innovations, Inc.
Dynamics of Professional Presentationpdf
Dynamics of Professional Presentationpdf
ravleel42
Recently uploaded
(8)
Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54
The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!
Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
Dynamics of Professional Presentationpdf
Dynamics of Professional Presentationpdf
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
1.
GDPR or ‘How
to Eat the Elephant a bit at a time’! Andy Powell VP UK Cybersecurity Sep17
2.
2Copyright © Capgemini
2014. All Rights Reserved Owned by Capgemini/Andy Powell (28 Mar 17) – This DOES NOT constitute any form of legal or legally binding advice This is NOT an Elephant?! It is in fact a vaguely purple Octopus!
3.
3Copyright © Capgemini
2014. All Rights Reserved Worried about GDPR, but not sure why? How to eat the GDPR Elephant a bit at a time! Andy Powell will … Simplify what GDPR really means and outline an Enterprise approach – so that even the CFO gets it! Explain the Threat – without hype – and why the Threat is not just from ‘Hackers’ but also in other forms! Explain how the Enterprise-wide principles of ‘Build, Watch, Proact and React’, as practiced in Medieval Warfare, and viewed through the lens of data management and Cybersecurity will help you be ready! There is NO silver bullet to dispatch the GDPR Elephant, just good old fashioned common sense, prioritisation of effort and a balanced programme of measures across people, process and tools!!
4.
4Copyright © Capgemini
2014. All Rights Reserved The GDPR Octopus Transparency Accountability Governance Consent Rights Safeguards Data Management Legal/Contracts Breach Reporting Security ‘ACCOUNTABILITY’ Appoint DPO Controllers/Processors 3rd Parties External to EU Understand Exclusions Etc...... Rights of: Being Informed Access Rectification Erasure Restrict Processing Data Portability Objection Automated Processing Audit ‘HOW’ Legacy GDPR by Design ‘Show Workings’ PIA The ‘WHO’ owns - Board OWN Plus Enterprise-wide Responsibility NOT Security/CIO Definition of Private Data In-built e.g Encryption, Access etc.. And Security Controls e.g Review SANS/CSC 20 v GDPR and adjust Data: Discovery, Analytics Store/Access/Dispose etc.. Owned by Capgemini/Andy Powell (28 Mar 17) – This DOES NOT constitute any form of legal or legally binding advice
5.
5Copyright © Capgemini
2014. All Rights Reserved Some Quotes….! ‘… to correct the scaremongering and misunderstanding, we will not be looking to make early Examples to make a point on GDPR Compliance….’. Elizabeth Denham, ICO “The Government’s recent Cyber Risk Survey found that whilst 69 per cent of businesses say their senior management consider cyber security is a very or fairly high priority for their organisation only half of businesses have actually taken recommended actions to identify cyber risks.” ICO “I want organisations to think to themselves: ‘we base our online user experience around what consumers want. We shape our products and services around what consumers want. We need to shape our data protection approach around what consumers expect’.” ICO “To meet the challenges I’ve described, we need to move from a mindset of compliance to a mindset of commitment: commitment to managing data sensitively and ethically.” ICO …the Vendor/Supplier base is over hyping the Cyber Risk and GDPR impact to panic Business into investing in products and solutions they do not need….’ NCSC Leadership
6.
6Copyright © Capgemini
2014. All Rights Reserved The GDPR ‘Threat (s)’! GDPR ‘Threats’ ‘Hackers’ Internal Readiness/Complacency External/Legal Rights - Clients/Customers Why? Personal Data has value Identity is the ‘new boundary’ Rights awareness. Who? Criminals – organized to various degrees?! Employees and Clients/Customers Lawyers - ‘There is money to be made by helping’! Likely Impact on Business Positive – ‘FINALLY! EXPLOIT YOUR DATA FOR BUSINESS ADVANTAGE’! Negative – ‘FAIL TO PROTECT YOUR DATA – LOSE BRAND, SHAREHOLDER CONFIDENCE, CLIENTS and YOUR JOB’!
7.
7Copyright © Capgemini
2014. All Rights Reserved Countering the Threat – ‘a truly Medieval Approach’ BUILD Create a Keep (for precious things) and build security into your Castle (NOT just walls, but small rooms and staircases to contain threat once inside (it will get in!) • Locate and Track Precious Data • Segment Architecture • Target Security Controls • Think Resilience WATCH Constant Reconnaissance Outside and inside the walls • Sentries Looking Out and In • Understand the Threat • Impact of Change! • Adjust your Defence posture constantly PROACT Be proactive and unpredictable • Deny the enemy cover (Access Management) • Slow their advance (Cyber Hygiene) • Change where and when you patrol (Audits, Patching etc..) REACT Be prepared to act! • Be Prepared to Deal with a Breach • Tried and Tested Consent and Access Process • Test and Adjust Think laterally and like a human! CxO!
8.
8Copyright © Capgemini
2014. All Rights Reserved Build Think Data Life Cycle Management from the start and Design to support Secure but Ready Access 1 • Understand Where Your Data is and How it Flows • Compartment your Network and Data via Hard and Soft Means • Build Resilience into your Components and Links • Build to Change • Instrument ‘think laterally and indirectly, how could someone navigate through this and get at something vital for good or bad!”
9.
9Copyright © Capgemini
2014. All Rights Reserved Watch2 The key to Data Management and Security is constantly watching And adapting your data processes And security • Strategic and Specific Intelligence • Internal Threat Management • People • Data Flow • Patterns • External Threat Management • Recruit, Train and Retain • Users • Data managers • Security • Network “Intelligence-led, human in the loop, all process harnessed to manage the data for effect, securely”
10.
10Copyright © Capgemini
2014. All Rights Reserved Proact3 The 7 Ps! There is NO silver bullet. A combination of Training, Awareness Governance and Process, Underpinned by Tools! • People • Select, Train and Test • Awareness • Process • Governance • Consent • Access • Audit • Change Management • Tools • Patch • Run VM • Data “Mitigate the Threat by Preparation – Good Data Management and Cyber Hygiene is cheap!”
11.
11Copyright © Capgemini
2014. All Rights Reserved React4 Be Decisive, Meet Obligations, Be Ready for Changes, and Practice! • To Access Requests and Consent Changes • To Events and Breaches • Stop it and Immediate Forensics! • External – Client, Media, Peers, Authority • Internal – Lessons, Implement and Sustain • Share – Intelligence with Peers and Authority • Compliance/Mandate – Legal obligations
12.
12Copyright © Capgemini
2014. All Rights Reserved Synopsis, Bio & Picture Andy Powell - VP Cyber Security - Capgemini About Andy Andy is Vice-President (VP) for UK Cybersecurity at Capgemini with over 30 years experience in Defence and Security roles and recent senior leadership roles as CIO and CISO for the Royal Air Force, Joint Operations and as head of the Ministry of Defence’s Cyber Defence Operations and Network Operations. As VP for UK Cybersecurity at Capgemini Andy leads a business that covers all Sectors from Public to Energy and Utilities, and including Consumer, Private Sector and Finance – delivering a broad range of Consulting, Project and Managed Cyber Services. A Systems and Electronic Warfare engineer by training he describes Cyber as ‘ the constant battle of wits between attacker and defender where people, process and technology must converge to enable the business!’ Andy.powell@capgemini.com 07891151835
13.
13Copyright © Capgemini
2014. All Rights Reserved Interrogation and/or Torture can commence!
Download Now