SlideShare a Scribd company logo

Personal Data Protection Regulation and Technical Aspects

Eryk Budi Pratama
Eryk Budi Pratama

The document provides an overview of personal data protection regulations and technical aspects related to data privacy. It discusses key aspects of the draft Indonesian Personal Data Protection Bill, including rights of data owners and obligations of data controllers. It also covers technical topics like identity and access management, data loss prevention, and incident management. The presentation aims to provide a basic understanding of both regulatory requirements and technical controls for protecting personal data.

Technology
1 of 30
Download to read offline
11 PERSONAL DATA PROTECTION Eryk B. Pratama IT Advisory & Cyber Security Consultant at Global Consulting Firm Komunitas Data Privacy & Protection Indonesia 11 July 2020 | 20:00 Komunitas Orang Siber Indonesia Webinar Basic Regulation and Technical Aspects
Agenda 01 Introduction 02 Regulation Aspects 03 Technical Aspects
Introduction
Data Ethics & Privacy News Introduction
Data/Information Lifecycle Introduction Source: ISACA – Getting Started with Data Governance with COBIT 5 It is important to plan the life cycle of data along with their placement within the governance structure. As practices operate, the data supporting or underlying them reach the various levels of their natural life cycles. Data is planned, designed, acquired, used, monitored and disposed of. Critical information security control Store | Data at Rest Share | Data in Motion Use | Data in Use
Mind-map Introduction Regulation Technical Aspects EU General Data Protection Regulation (GDPR) US California Consumer Protection Act (CCPA) RUU Perlindungan Data Pribadi (RUU PDP) Pre-Breach Identity & Access Management Data Loss Prevention Privilege Access Management Cyber Hygiene During & Post Breach Incident Management Crisis Management PP 71 2019 - PSTE Peraturan Kominfo No 20 2016 - Data Pribadi pada PSE
Regulation Aspects
RUU Perlindungan Data Pribadi Regulation Aspects Key Highlight ▪ Explicit Consent is required from the data owner for personal data processing. ▪ Responding timelines for Data subject rights have been separately called out in the RUU PDP. ▪ Data controller to notify the data owner and the Minister within 3 days of data breach. ▪ Penalties for non-compliance may range from Rp 20 Billion to Rp 70 Billion or Imprisonment ranging from 2 to 7 years Data Owner Data Controller Data Processor Data Protection Officer
Data Owner – Pemilik Data Pribadi Regulation Aspects Hak Pemilik Data Pribadi Pasal Deskripsi Pasal 4 meminta Informasi tentang kejelasan identitas, dasar kepentingan hukum, tujuan permintaan dan penggunaan Data Pribadi, dan akuntabilitas pihak yang meminta Data Pribadi. Pasal 5 melengkapi Data Pribadi miliknya sebelum diproses oleh Pengendali Data Pribadi. Pasal 6 mengakses Data Pribadi miliknya sesuai dengan ketentuan peraturan perundang-undangan. Pasal 7 memperbarui dan/atau memperbaiki kesalahan dan/atau ketidakakuratan Data Pribadi miliknya sesuai dengan ketentuan perundang-undangan. Pasal 8 mengakhiri pemrosesan, menghapus, dan/atau memusnahkan Data Pribadi miliknya. Pasal 9 menarik kembali persetujuan pemrosesan Data Pribadi miliknya yang telah diberikan kepada Pengendali Data Pribadi Pasal 10 mengajukan keberatan atas tindakan pengambilan keputusan yang hanya didasarkan pada pemrosesan secara otomatis terkait profil seseorang (profiling). Pasal 11 memilih atau tidak memilih pemrosesan Data Pribadi melalui mekanisme pseudonim untuk tujuan tertentu Pasal 12 menunda atau membatasi pemrosesan Data Pribadi secara proporsional sesuai dengan tujuan pemrosesan Data Pribadi Pasal 13 menuntut dan menerima ganti rugi atas pelanggaran Data Pribadi miliknya sesuai dengan ketentuan peraturan perundang-undangan.
Data Masking Regulation Aspects Encryption Tokenization Anonymization Pseudonymization Source: https://teskalabs.com/blog/data-privacy-pseudonymization-anonymization-encryption Pseudonymized Anonymized
Data Masking - Tokenization Regulation Aspects Source: https://blog.thalesesecurity.com/2015/02/05/token-gesture-vormetric-unveils-new-tokenization-solution/ No sensitive data is stored in the production database
Data Controller – Pengendali Data Pribadi Regulation Aspects Kewajiban Data Controller Pasal Deskripsi Pasal 24 ▪ wajib menyampaikan Informasi mengenai legalitas dari pemrosesan , tujuan pemrosesan , jenis dan relevansi pemrosesan, periode retensi dokumen, rincian informasi yang dikumpulkan, dan jangka waktu pemrosesan data ▪ menunjukkan bukti persetujuan yang telah diberikan oleh Pemilik Data Pribadi Pasal 25 wajib menghentikan pemrosesan Data Pribadi dalam hal Pemilik Data Pribadi menarik kembali persetujuan pemrosesan Data Pribadi Pasal 27 wajib melindungi dan memastikan keamanan Data Pribadi yang diprosesnya dengan melakukan: ▪ penyusunan dan penerapan langkah teknis operasional untuk melindungi Data Pribadi ▪ penentuan tingkat keamanan Data Pribadi dengan memperhatikan sifat dan risiko dari Data Pribadi yang harus dilindungi dalam pemrosesan Data Pribadi Pasal 28 wajib melakukan pengawasan terhadap setiap pihak yang terlibat dalam pemrosesan Data Pribadi Pasal 29 wajib memastikan pelindungan Data Pribadi dari pemrosesan Data Pribadi yang tidak sah Pasal 36 wajib melakukan pemrosesan Data Pribadi sesuai dengan tujuan pemrosesan Data Pribadi yang disetujui oleh Pemilik Data Pribadi. (Explisit / Implicit Consent) Pasal 38 Pasal 39 Penghapusan dan pemusnahan data pribadi
Data Protection Officer – Fungsi Perlindungan Data Pribadi Regulation Aspects ▪ harus ditunjuk berdasarkan kualitas profesional, pengetahuan mengenai hukum dan praktik pelindungan Data Pribadi. ▪ dapat berasal dari dalam dan/atau luar Pengendali Data Pribadi atau Prosesor Data Pribadi. ▪ menginformasikan dan memberikan saran untuk Data Controller dan Data Processor ▪ memantau dan memastikan kepatuhan terhadap Undang-Undang ini dan kebijakan Pengendali Data Pribadi atau Prosesor Data Pribadi ▪ memberikan saran mengenai penilaian dampak pelindungan Data Pribadi dan memantau kinerja Data Controller dan Data Processor ▪ berkoordinasi dan bertindak sebagai narahubung untuk isu yang berkaitan dengan pemrosesan Data Pribadi ▪ Dalam melaksanakan tugas, harus memperhatikan risiko terkait pemrosesan Data Pribadi, dengan mempertimbangkan sifat, ruang lingkup, konteks, dan tujuan pemrosesan
Technical Aspects
Identity and Access Management Technical Aspects – Identity & Access Management Security Management Provides the overarching framework, policies, and procedures Identity Management Access Management Manages individual identities and their access to resources and services Manages the “who has access to what” question and allows access based on individual relationship with the resources and services Directory Services Maintains an identity repository that store identity data and attributes, and provides access and authorization information “ IAM grants authorized users the right to use a service, while preventing access to non-authorized users “
From Simply Managing Identities to Managing Complex Relationships Technical Aspects – Identity & Access Management Identity Access Management Identity Relationship Management Source: Forrester Research
Identity Management Basic Process Technical Aspects – Identity & Access Management Authoritative/Trusted Source Middleware / Identity Management Solution Target System HR Data IDM Solution Active Directory Email Server ERP Others Applications Provisioning Reconciliation Create,Update,Revoke
Access Management Basic Process Technical Aspects – Identity & Access Management Receive Request Verification Provide Rights Log and Track Access ▪ Change requests ▪ Services requests ▪ HR requests ▪ App / Script requests ▪ Valid user ? ▪ Valid request ? ▪ Request access ? ▪ Remove access ? ▪ Provide access ▪ Remove access ▪ Restrict access ▪ Check and monitor identity status ▪ Violations to Incident Management Process Business Rules, Policies, Procedures, Controls ISMS
User and Access Management primary concern Technical Aspects – Identity & Access Management User access provisioning and de-provisioning Periodic access reviews Privileged user accounts Segregation of duties System authentication User Management Access Management
Data Governance: Common Area Technical Aspects – Data Loss Prevention Source: https://www.pinterest.com/pin/838584393089888744/ Data Security is one of foundational and important area in Data Governance
Data Loss/Leakage Prevention Solution Technical Aspects – Data Loss Prevention A Data Loss Prevention (DLP) solution typically incorporates people, process, and technology to protect sensitive data traversing throughout an organization. Data within an organization is often categorized and protected by DLP in the following three different forms: Data in Motion Data at Rest Data in Use Data that is transmitted or moved, both through electronic or non-electronic means. Data that is actively traveling on a network, such as email or web traffic. Data that resides on a stable medium, including servers, network shares, databases, individual computers, and portable media. Data that has been obtained and are being processed or actively used. Typically, referring to data on end-user computing device or host systems. Structured Data Unstructured Data Semi-structured Data Data commonly stored in databases or applications Exists in filesystems or documents Examples of such data format types include email Data Type
Sample Deployment Technical Aspects – Data Loss Prevention ILLUSTRATIVE DLP Manager DLP Monitor DLP Prevent DLP Prevent Host DLP DLP Discover DLP End Point
DLP Implementation Key Activities Technical Aspects – Data Loss Prevention Review of the organisation data protection policy and conduct gap assessment Define data flows, data classification and information asset list DLP Framework and High-level Policy Definition Base policy creation and tuning Metrics definition Incident response workflow creation User awareness
DLP Implementation Strategy Technical Aspects – Data Loss Prevention Organizations often deploy DLP solutions using a phased approach. This includes initial implementation of the DLP solution in monitoring mode and/or within selected business unit(s) to help ensure policies/rules effectiveness and assess business impact before turning on any automated “prevent “functions. LowHigh Near Term Long Term ImplementationComplexity Email Monitoring Network Monitoring Endpoint Monitoring and Discovery Email Filtering/Blocking Network Filtering/Blocking Endpoint Filtering/Blocking Timeline Prevent PhaseMonitor Phase Benefits ▪ By performing Email DLP first, existing technology is utilized and a high-risk use case is addressed quickly ▪ Implementing endpoint DLP after email DLP allows company to address the remaining high-risk use cases. ▪ Deploying DLP in monitoring mode followed by preventive mode allows company to pilot solution
DLP Use Case: Data in Motion Technical Aspects – Data Loss Prevention Data Origination Outbound Email from Internal Source (Sensitive Information) User Action Internal user sends email with sensitive information (e.g. PII, PCI, HR files, etc.) outbound to an external user or personal email address. DLP Response DLP monitors and analyzes outbound traffic based on policies for predefined data elements and company document tags. Document tagging allows DLP to fingerprint files in order to monitor and/or prohibit the movement of sensitive information based on policies. Available Action Monitor, record/block/encrypt, and notify Result Sensitive information is tracked and prevented from reaching unauthorized recipient. Sender, manager, security, and/or HR notified of policy violation or actions required/taken for authorized recipients (e.g. email and attachments marked to indicate level of confidentiality and encrypted, as required).
DLP Use Case: Data in Use Technical Aspects – Data Loss Prevention Data Origination Unauthorized Sensitive Information Download User Action User attempts to retain sensitive information for unauthorized use from an application or database through copy/paste functions, the “print screen” command, hard copy printing, or exploitation of current access privileges to execute excessive sensitive information downloads (e.g. prior to departure). DLP Response DLP monitors workstation and mobile device activity for the use and/or transfer of sensitive information based on policies for predefined data elements and company document tags. Company document tagging and user- defined fingerprinting allow DLP to monitor and/or prohibit the movement of sensitive information based on policies. Available Action Monitor/inventory, block, and notify Result Sensitive information is monitored, blocking the “print screen,” paste, and hard copy print actions. The user, manager, security, and/or HR are notified of policy violation. Utilize scan results to update/maintain inventory of endpoints containing sensitive information.
Incident Management Definition Technical Aspects – Incident Management What is an IT incident? An IT incident is any disruption to an organization's IT services that affects anything from a single user or the entire business . In short, an incident is anything that interrupts business continuity. What is IT incident management? Incident management is the process of managing IT service disruptions and restoring services within agreed service level agreements (SLAs). The scope of incident management starts with an end user reporting an issue and ends with a service desk team member resolving that issue. Analyst Incident Responder Digital Forensic Incident Escalation Layer 1 (L1) Layer 2 (L2) Layer 3 (L3) Incident Classification MediumHigh Low Incident Prioritization Critical High Medium Low
Incident Management Process Technical Aspects – Incident Management Incident Management process based on NIST SP 800-61
Practical Incident Management Process Technical Aspects – Incident Management Incident Logging Incident Categorization Incident Prioritization Incident Assignment Task Creation and Management SLA Management and escalation Incident Resolution Incident Closure
Thank You ☺ https://medium.com/@proferyk https://www.slideshare.net/proferyk IT Advisory & Risk (t.me/itadvindonesia) Data Privacy & Protection (t.me/dataprivid) Komunitas Data Privacy & Protection (t.me/dataprotectionid)

Recommended

Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
 
Melihat RUU Pelindungan Data Pribadi
Melihat RUU Pelindungan Data PribadiMelihat RUU Pelindungan Data Pribadi
Melihat RUU Pelindungan Data PribadiICT Watch
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 

Recommended

Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
 
Melihat RUU Pelindungan Data Pribadi
Melihat RUU Pelindungan Data PribadiMelihat RUU Pelindungan Data Pribadi
Melihat RUU Pelindungan Data PribadiICT Watch
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRPriyab Satoshi
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIEryk Budi Pratama
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
GDPR
GDPRGDPR
GDPRGopi PD
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policyCoi Xay
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Keamanan Informasi dan Perlindungan Data Pribadi
Keamanan Informasi dan Perlindungan Data PribadiKeamanan Informasi dan Perlindungan Data Pribadi
Keamanan Informasi dan Perlindungan Data PribadiWidy Widyawan
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR DemystifiedSPIN Chennai
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographicMarketing Team at Crown Worldwide Group
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationWatchful Software
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 

More Related Content

What's hot

GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIEryk Budi Pratama
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policyCoi Xay
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Keamanan Informasi dan Perlindungan Data Pribadi
Keamanan Informasi dan Perlindungan Data PribadiKeamanan Informasi dan Perlindungan Data Pribadi
Keamanan Informasi dan Perlindungan Data PribadiWidy Widyawan
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationWatchful Software
 

What's hot (20)

GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and Communications
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
 
Data protection
Data protectionData protection
Data protection
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
 
GDPR
GDPRGDPR
GDPR
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policy
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
Keamanan Informasi dan Perlindungan Data Pribadi
Keamanan Informasi dan Perlindungan Data PribadiKeamanan Informasi dan Perlindungan Data Pribadi
Keamanan Informasi dan Perlindungan Data Pribadi
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data Classification
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 

Similar to Personal Data Protection Regulation and Technical Aspects

Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
Salesforce Data Archive & Backup: How to Comply with the DPDP Act?
Salesforce Data Archive & Backup: How to Comply with the DPDP Act?Salesforce Data Archive & Backup: How to Comply with the DPDP Act?
Salesforce Data Archive & Backup: How to Comply with the DPDP Act?DataArchiva
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
 
Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3FRSecure
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository XeniT Solutions nv
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland
 
GDPR Webinar January 2018
GDPR Webinar January 2018GDPR Webinar January 2018
GDPR Webinar January 2018EDB
 
5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-ReadyEDB
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentBill Lisse
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxSteveNgigi2
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 

Similar to Personal Data Protection Regulation and Technical Aspects (20)

Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)
 
Salesforce Data Archive & Backup: How to Comply with the DPDP Act?
Salesforce Data Archive & Backup: How to Comply with the DPDP Act?Salesforce Data Archive & Backup: How to Comply with the DPDP Act?
Salesforce Data Archive & Backup: How to Comply with the DPDP Act?
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection CommissionersGDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
 
Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
 
Secure Software Design for Data Privacy
Secure Software Design for Data PrivacySecure Software Design for Data Privacy
Secure Software Design for Data Privacy
 
GDPR Webinar January 2018
GDPR Webinar January 2018GDPR Webinar January 2018
GDPR Webinar January 2018
 
5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy Development
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 

More from Eryk Budi Pratama

Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaEryk Budi Pratama
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykEryk Budi Pratama
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceEryk Budi Pratama
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Eryk Budi Pratama
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsEryk Budi Pratama
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsEryk Budi Pratama
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationEryk Budi Pratama
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
IT Operating Model - Fundamental
IT Operating Model - FundamentalIT Operating Model - Fundamental
IT Operating Model - FundamentalEryk Budi Pratama
 
Software Development Methodology - Unified Process
Software Development Methodology - Unified ProcessSoftware Development Methodology - Unified Process
Software Development Methodology - Unified ProcessEryk Budi Pratama
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 

More from Eryk Budi Pratama (20)

Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL Indonesia
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & Assurance
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOps
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT Skills
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
IT Operating Model - Fundamental
IT Operating Model - FundamentalIT Operating Model - Fundamental
IT Operating Model - Fundamental
 
Software Development Methodology - Unified Process
Software Development Methodology - Unified ProcessSoftware Development Methodology - Unified Process
Software Development Methodology - Unified Process
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 

Recently uploaded

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Recently uploaded (20)

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Personal Data Protection Regulation and Technical Aspects

  • 1. 11 PERSONAL DATA PROTECTION Eryk B. Pratama IT Advisory & Cyber Security Consultant at Global Consulting Firm Komunitas Data Privacy & Protection Indonesia 11 July 2020 | 20:00 Komunitas Orang Siber Indonesia Webinar Basic Regulation and Technical Aspects
  • 2. Agenda 01 Introduction 02 Regulation Aspects 03 Technical Aspects
  • 4. Data Ethics & Privacy News Introduction
  • 5. Data/Information Lifecycle Introduction Source: ISACA – Getting Started with Data Governance with COBIT 5 It is important to plan the life cycle of data along with their placement within the governance structure. As practices operate, the data supporting or underlying them reach the various levels of their natural life cycles. Data is planned, designed, acquired, used, monitored and disposed of. Critical information security control Store | Data at Rest Share | Data in Motion Use | Data in Use
  • 6. Mind-map Introduction Regulation Technical Aspects EU General Data Protection Regulation (GDPR) US California Consumer Protection Act (CCPA) RUU Perlindungan Data Pribadi (RUU PDP) Pre-Breach Identity & Access Management Data Loss Prevention Privilege Access Management Cyber Hygiene During & Post Breach Incident Management Crisis Management PP 71 2019 - PSTE Peraturan Kominfo No 20 2016 - Data Pribadi pada PSE
  • 8. RUU Perlindungan Data Pribadi Regulation Aspects Key Highlight ▪ Explicit Consent is required from the data owner for personal data processing. ▪ Responding timelines for Data subject rights have been separately called out in the RUU PDP. ▪ Data controller to notify the data owner and the Minister within 3 days of data breach. ▪ Penalties for non-compliance may range from Rp 20 Billion to Rp 70 Billion or Imprisonment ranging from 2 to 7 years Data Owner Data Controller Data Processor Data Protection Officer
  • 9. Data Owner – Pemilik Data Pribadi Regulation Aspects Hak Pemilik Data Pribadi Pasal Deskripsi Pasal 4 meminta Informasi tentang kejelasan identitas, dasar kepentingan hukum, tujuan permintaan dan penggunaan Data Pribadi, dan akuntabilitas pihak yang meminta Data Pribadi. Pasal 5 melengkapi Data Pribadi miliknya sebelum diproses oleh Pengendali Data Pribadi. Pasal 6 mengakses Data Pribadi miliknya sesuai dengan ketentuan peraturan perundang-undangan. Pasal 7 memperbarui dan/atau memperbaiki kesalahan dan/atau ketidakakuratan Data Pribadi miliknya sesuai dengan ketentuan perundang-undangan. Pasal 8 mengakhiri pemrosesan, menghapus, dan/atau memusnahkan Data Pribadi miliknya. Pasal 9 menarik kembali persetujuan pemrosesan Data Pribadi miliknya yang telah diberikan kepada Pengendali Data Pribadi Pasal 10 mengajukan keberatan atas tindakan pengambilan keputusan yang hanya didasarkan pada pemrosesan secara otomatis terkait profil seseorang (profiling). Pasal 11 memilih atau tidak memilih pemrosesan Data Pribadi melalui mekanisme pseudonim untuk tujuan tertentu Pasal 12 menunda atau membatasi pemrosesan Data Pribadi secara proporsional sesuai dengan tujuan pemrosesan Data Pribadi Pasal 13 menuntut dan menerima ganti rugi atas pelanggaran Data Pribadi miliknya sesuai dengan ketentuan peraturan perundang-undangan.
  • 10. Data Masking Regulation Aspects Encryption Tokenization Anonymization Pseudonymization Source: https://teskalabs.com/blog/data-privacy-pseudonymization-anonymization-encryption Pseudonymized Anonymized
  • 11. Data Masking - Tokenization Regulation Aspects Source: https://blog.thalesesecurity.com/2015/02/05/token-gesture-vormetric-unveils-new-tokenization-solution/ No sensitive data is stored in the production database
  • 12. Data Controller – Pengendali Data Pribadi Regulation Aspects Kewajiban Data Controller Pasal Deskripsi Pasal 24 ▪ wajib menyampaikan Informasi mengenai legalitas dari pemrosesan , tujuan pemrosesan , jenis dan relevansi pemrosesan, periode retensi dokumen, rincian informasi yang dikumpulkan, dan jangka waktu pemrosesan data ▪ menunjukkan bukti persetujuan yang telah diberikan oleh Pemilik Data Pribadi Pasal 25 wajib menghentikan pemrosesan Data Pribadi dalam hal Pemilik Data Pribadi menarik kembali persetujuan pemrosesan Data Pribadi Pasal 27 wajib melindungi dan memastikan keamanan Data Pribadi yang diprosesnya dengan melakukan: ▪ penyusunan dan penerapan langkah teknis operasional untuk melindungi Data Pribadi ▪ penentuan tingkat keamanan Data Pribadi dengan memperhatikan sifat dan risiko dari Data Pribadi yang harus dilindungi dalam pemrosesan Data Pribadi Pasal 28 wajib melakukan pengawasan terhadap setiap pihak yang terlibat dalam pemrosesan Data Pribadi Pasal 29 wajib memastikan pelindungan Data Pribadi dari pemrosesan Data Pribadi yang tidak sah Pasal 36 wajib melakukan pemrosesan Data Pribadi sesuai dengan tujuan pemrosesan Data Pribadi yang disetujui oleh Pemilik Data Pribadi. (Explisit / Implicit Consent) Pasal 38 Pasal 39 Penghapusan dan pemusnahan data pribadi
  • 13. Data Protection Officer – Fungsi Perlindungan Data Pribadi Regulation Aspects ▪ harus ditunjuk berdasarkan kualitas profesional, pengetahuan mengenai hukum dan praktik pelindungan Data Pribadi. ▪ dapat berasal dari dalam dan/atau luar Pengendali Data Pribadi atau Prosesor Data Pribadi. ▪ menginformasikan dan memberikan saran untuk Data Controller dan Data Processor ▪ memantau dan memastikan kepatuhan terhadap Undang-Undang ini dan kebijakan Pengendali Data Pribadi atau Prosesor Data Pribadi ▪ memberikan saran mengenai penilaian dampak pelindungan Data Pribadi dan memantau kinerja Data Controller dan Data Processor ▪ berkoordinasi dan bertindak sebagai narahubung untuk isu yang berkaitan dengan pemrosesan Data Pribadi ▪ Dalam melaksanakan tugas, harus memperhatikan risiko terkait pemrosesan Data Pribadi, dengan mempertimbangkan sifat, ruang lingkup, konteks, dan tujuan pemrosesan
  • 15. Identity and Access Management Technical Aspects – Identity & Access Management Security Management Provides the overarching framework, policies, and procedures Identity Management Access Management Manages individual identities and their access to resources and services Manages the “who has access to what” question and allows access based on individual relationship with the resources and services Directory Services Maintains an identity repository that store identity data and attributes, and provides access and authorization information “ IAM grants authorized users the right to use a service, while preventing access to non-authorized users “
  • 16. From Simply Managing Identities to Managing Complex Relationships Technical Aspects – Identity & Access Management Identity Access Management Identity Relationship Management Source: Forrester Research
  • 17. Identity Management Basic Process Technical Aspects – Identity & Access Management Authoritative/Trusted Source Middleware / Identity Management Solution Target System HR Data IDM Solution Active Directory Email Server ERP Others Applications Provisioning Reconciliation Create,Update,Revoke
  • 18. Access Management Basic Process Technical Aspects – Identity & Access Management Receive Request Verification Provide Rights Log and Track Access ▪ Change requests ▪ Services requests ▪ HR requests ▪ App / Script requests ▪ Valid user ? ▪ Valid request ? ▪ Request access ? ▪ Remove access ? ▪ Provide access ▪ Remove access ▪ Restrict access ▪ Check and monitor identity status ▪ Violations to Incident Management Process Business Rules, Policies, Procedures, Controls ISMS
  • 19. User and Access Management primary concern Technical Aspects – Identity & Access Management User access provisioning and de-provisioning Periodic access reviews Privileged user accounts Segregation of duties System authentication User Management Access Management
  • 20. Data Governance: Common Area Technical Aspects – Data Loss Prevention Source: https://www.pinterest.com/pin/838584393089888744/ Data Security is one of foundational and important area in Data Governance
  • 21. Data Loss/Leakage Prevention Solution Technical Aspects – Data Loss Prevention A Data Loss Prevention (DLP) solution typically incorporates people, process, and technology to protect sensitive data traversing throughout an organization. Data within an organization is often categorized and protected by DLP in the following three different forms: Data in Motion Data at Rest Data in Use Data that is transmitted or moved, both through electronic or non-electronic means. Data that is actively traveling on a network, such as email or web traffic. Data that resides on a stable medium, including servers, network shares, databases, individual computers, and portable media. Data that has been obtained and are being processed or actively used. Typically, referring to data on end-user computing device or host systems. Structured Data Unstructured Data Semi-structured Data Data commonly stored in databases or applications Exists in filesystems or documents Examples of such data format types include email Data Type
  • 22. Sample Deployment Technical Aspects – Data Loss Prevention ILLUSTRATIVE DLP Manager DLP Monitor DLP Prevent DLP Prevent Host DLP DLP Discover DLP End Point
  • 23. DLP Implementation Key Activities Technical Aspects – Data Loss Prevention Review of the organisation data protection policy and conduct gap assessment Define data flows, data classification and information asset list DLP Framework and High-level Policy Definition Base policy creation and tuning Metrics definition Incident response workflow creation User awareness
  • 24. DLP Implementation Strategy Technical Aspects – Data Loss Prevention Organizations often deploy DLP solutions using a phased approach. This includes initial implementation of the DLP solution in monitoring mode and/or within selected business unit(s) to help ensure policies/rules effectiveness and assess business impact before turning on any automated “prevent “functions. LowHigh Near Term Long Term ImplementationComplexity Email Monitoring Network Monitoring Endpoint Monitoring and Discovery Email Filtering/Blocking Network Filtering/Blocking Endpoint Filtering/Blocking Timeline Prevent PhaseMonitor Phase Benefits ▪ By performing Email DLP first, existing technology is utilized and a high-risk use case is addressed quickly ▪ Implementing endpoint DLP after email DLP allows company to address the remaining high-risk use cases. ▪ Deploying DLP in monitoring mode followed by preventive mode allows company to pilot solution
  • 25. DLP Use Case: Data in Motion Technical Aspects – Data Loss Prevention Data Origination Outbound Email from Internal Source (Sensitive Information) User Action Internal user sends email with sensitive information (e.g. PII, PCI, HR files, etc.) outbound to an external user or personal email address. DLP Response DLP monitors and analyzes outbound traffic based on policies for predefined data elements and company document tags. Document tagging allows DLP to fingerprint files in order to monitor and/or prohibit the movement of sensitive information based on policies. Available Action Monitor, record/block/encrypt, and notify Result Sensitive information is tracked and prevented from reaching unauthorized recipient. Sender, manager, security, and/or HR notified of policy violation or actions required/taken for authorized recipients (e.g. email and attachments marked to indicate level of confidentiality and encrypted, as required).
  • 26. DLP Use Case: Data in Use Technical Aspects – Data Loss Prevention Data Origination Unauthorized Sensitive Information Download User Action User attempts to retain sensitive information for unauthorized use from an application or database through copy/paste functions, the “print screen” command, hard copy printing, or exploitation of current access privileges to execute excessive sensitive information downloads (e.g. prior to departure). DLP Response DLP monitors workstation and mobile device activity for the use and/or transfer of sensitive information based on policies for predefined data elements and company document tags. Company document tagging and user- defined fingerprinting allow DLP to monitor and/or prohibit the movement of sensitive information based on policies. Available Action Monitor/inventory, block, and notify Result Sensitive information is monitored, blocking the “print screen,” paste, and hard copy print actions. The user, manager, security, and/or HR are notified of policy violation. Utilize scan results to update/maintain inventory of endpoints containing sensitive information.
  • 27. Incident Management Definition Technical Aspects – Incident Management What is an IT incident? An IT incident is any disruption to an organization's IT services that affects anything from a single user or the entire business . In short, an incident is anything that interrupts business continuity. What is IT incident management? Incident management is the process of managing IT service disruptions and restoring services within agreed service level agreements (SLAs). The scope of incident management starts with an end user reporting an issue and ends with a service desk team member resolving that issue. Analyst Incident Responder Digital Forensic Incident Escalation Layer 1 (L1) Layer 2 (L2) Layer 3 (L3) Incident Classification MediumHigh Low Incident Prioritization Critical High Medium Low
  • 28. Incident Management Process Technical Aspects – Incident Management Incident Management process based on NIST SP 800-61
  • 29. Practical Incident Management Process Technical Aspects – Incident Management Incident Logging Incident Categorization Incident Prioritization Incident Assignment Task Creation and Management SLA Management and escalation Incident Resolution Incident Closure
  • 30. Thank You ☺ https://medium.com/@proferyk https://www.slideshare.net/proferyk IT Advisory & Risk (t.me/itadvindonesia) Data Privacy & Protection (t.me/dataprivid) Komunitas Data Privacy & Protection (t.me/dataprotectionid)