SlideShare a Scribd company logo

Privacy & Data Protection

Download as PPTX, PDF
S
sp_krishna

(ISC)2 Bangalore Chapter - Annual Conference

Law
1 of 17
The Road Ahead: Practical Implications & Best Practices PRIVACY & DATA PROTECTION  Phani Krishna, CISA, CISM, CISSP, CAIIB...Head of IT Audit, Essentra Plc. Disclaimer: The views, opinions, findings, and conclusions or recommendations expressed in this presentation are strictly those of the presenter and are for information purposes only. They do not necessarily reflect the views of Essentra or the other organizations served by the presenter. Essentra or the other organizations served, take no responsibility for any errors or omissions in, or for the correctness of, the information contained in this presentation. ‘Privacy’, a noun: “A state in which one is not observed or disturbed by other people” or “The state of being free from public attention”
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Privacy & Data Protection Data/ Information Privacy Security Legal Compliance ‘Privacy’ of a natural living person is the state of not being observed or disturbed without their explicit consent to do so.
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
PII & Scope http://www.usan.com/uncategorized/understanding-pii-personally-identifiable-information-in-the-contact-center/ Any information that can identify a natural person directly, indirectly or when combined with other available information The Seven Dimensions PRIVACY OF DATA AND IMAGE (INFORMATION) PRIVACY OF BEHAVIOR AND ACTION PRIVACY OF COMMUNICATION PRIVACY OF ASSOCIATION PRIVACY OF THOUGHTS AND FEELINGS PRIVACY OF LOCATION AND SPACE (TERRITORIAL) PRIVACY OF PERSON
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Data protection Law & Regulation Forrester’s 2016 Data Protection Heat Map- Countries are continuing to move toward the Europe standard for data protection (from 1 June 2017) Failure to report leakage, damage or loss of personal data Disclosure of personal information in breach of a lawful contract or without consent Serious or repeated breach of the Australian Privacy Principles Privacy Directives / EU GDPR Privacy Shield Industry specific such as HIPAA / Privacy act 1974 • 1980 OECD guidelines on the Protection of Privacy and Trans border flows of Personal Data (updated 2013) Only recommended to member countries • Global Privacy Enforcement Network (GPEN)
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Privacy objectives of General Data Protection Regulation (GDPR) 1 Protect the Privacy rights 2 Uniform regulation across EU 3 Define(widen) the scope of PII 4 Uniform cross boarder data transfers 5 Address the online data privacy concerns 6 Facilitate the economic activities with uniform privacy requirements 7 Harmonize the regulatory oversight
Rights of Data Subjects Data Subject - Right to privacy Know the Why? How? Where? Till when? etc. Request information through a defined method Request to rectify/ modify Object transfer or processing Right to be forgotten Data portability without hindrance where feasible Object the automated decision making including profiling
Organizational Requirements • Legitimate, specified & explicit consentCollection • Adequate, relevant and limitedData • Lawful, transparent & fairProcess • Accurate & up to dateQuality • As consented & necessaryRetention • Protect - State of the ArtSecure • Controllers & Processors – Civil & Criminal LiabilitiesAccountability • Detect, Contain & Notify – Administrative FinesBreach • One stop Data Protection Authority for EU businessOne Stop
What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
Assessment Data Assessment Framework Gap Assessment Privacy Impact Assessment Business Impact Assessment Risk Assessment
Framework & Controls ENTERPRISE GOVERNANCE Privacy Governance Privacy Policies & Procedures Privacy Risk Management Awareness Privacy Program Management Training Privacy Operations Support Planning & Selection Projects & Controls Monitor & Reporting Audit & Review Requireme nts RightsLogging BreachAssess MitigateMeasure Review
GDPR Compliance Best practices E N T E R P R I S E G R C F R A M E W O R K Assessment Framework & Controls Privacy by design – Data Minimization Data Quality & Rights Management Data Protection Officer Encryption & IT Security best practices Cross Border Data transfer Certification Logging & Monitoring
Discussion

Recommended

Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRPriyab Satoshi
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 

Recommended

Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRPriyab Satoshi
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataOpenAIRE
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?Martin Hawksey
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection PresentationIBM Business Insight
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data miningharithavijay94
 

More Related Content

What's hot

Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataOpenAIRE
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 

What's hot (20)

Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Data protection
Data protectionData protection
Data protection
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive data
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and Security
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 

Viewers also liked

Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data miningharithavijay94
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelData Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelDATAVERSITY
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Cédric Laurant
 
Personal data protection in the EU
Personal data protection in the EUPersonal data protection in the EU
Personal data protection in the EUArete-Zoe, LLC
 
Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Tore Hoel
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
THE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIERTHE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIERBig Data Week
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533Hubbamar
 
Group 4 discussion leading
Group 4 discussion leadingGroup 4 discussion leading
Group 4 discussion leadingHsuan-Ting Chen
 
Simplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive SolutionsSimplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive SolutionsBart Knijnenburg
 

Viewers also liked (20)

Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelData Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...
 
Personal data protection in the EU
Personal data protection in the EUPersonal data protection in the EU
Personal data protection in the EU
 
Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Understanding Your Business
Understanding Your BusinessUnderstanding Your Business
Understanding Your Business
 
THE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIERTHE NEW ETHICS OF BIG DATA - KENNETH CUKIER
THE NEW ETHICS OF BIG DATA - KENNETH CUKIER
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
DATA PRIVACY
DATA PRIVACYDATA PRIVACY
DATA PRIVACY
 
International Data Privacy Day 2017
International Data Privacy Day 2017International Data Privacy Day 2017
International Data Privacy Day 2017
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud Services
 
Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533Chapter 8 big data and privacy - social media 3533
Chapter 8 big data and privacy - social media 3533
 
Group 4 discussion leading
Group 4 discussion leadingGroup 4 discussion leading
Group 4 discussion leading
 
Simplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive SolutionsSimplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
Simplifying Privacy Decisions: Towards Interactive and Adaptive Solutions
 
Levensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheid
Levensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheidLevensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheid
Levensloop kortrijk - Social Media in de praktijk - Privacy & mediawijsheid
 

Similar to Privacy & Data Protection

(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data PrivacyPriyanka Aash
 
Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Michel Bitter
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1rtjbond
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
Le soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRLe soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRJürgen Ambrosi
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
Riot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPRRiot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPRDave Bowden
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR PolicyLen Murphy
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protectionmeritnorthwest
 
GDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to FollowGDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to Followetouches
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfmakaylaklenke
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
General data protection
General data protectionGeneral data protection
General data protectionBrijeshR3
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliantSiddharth Ram Dinesh
 

Similar to Privacy & Data Protection (20)

(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
 
Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Information Privacy?! (GDPR)
Information Privacy?! (GDPR)
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
Le soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRLe soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPR
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization
 
Riot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPRRiot Games - Tech radar #13 GDPR
Riot Games - Tech radar #13 GDPR
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR Policy
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protection
 
GDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to FollowGDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to Follow
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdf
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
General data protection
General data protectionGeneral data protection
General data protection
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
 

Recently uploaded

Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791BlayneRush1
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxAdityasinhRana4
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,18822020000445musaib
 
Presentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointPresentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointMohdYousuf40
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791BlayneRush1
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 

Recently uploaded (20)

Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptx
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882
 
Presentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointPresentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal point
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 

Privacy & Data Protection

  • 1. The Road Ahead: Practical Implications & Best Practices PRIVACY & DATA PROTECTION  Phani Krishna, CISA, CISM, CISSP, CAIIB...Head of IT Audit, Essentra Plc. Disclaimer: The views, opinions, findings, and conclusions or recommendations expressed in this presentation are strictly those of the presenter and are for information purposes only. They do not necessarily reflect the views of Essentra or the other organizations served by the presenter. Essentra or the other organizations served, take no responsibility for any errors or omissions in, or for the correctness of, the information contained in this presentation. ‘Privacy’, a noun: “A state in which one is not observed or disturbed by other people” or “The state of being free from public attention”
  • 2. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 3. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 4. Privacy & Data Protection Data/ Information Privacy Security Legal Compliance ‘Privacy’ of a natural living person is the state of not being observed or disturbed without their explicit consent to do so.
  • 5. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 6. PII & Scope http://www.usan.com/uncategorized/understanding-pii-personally-identifiable-information-in-the-contact-center/ Any information that can identify a natural person directly, indirectly or when combined with other available information The Seven Dimensions PRIVACY OF DATA AND IMAGE (INFORMATION) PRIVACY OF BEHAVIOR AND ACTION PRIVACY OF COMMUNICATION PRIVACY OF ASSOCIATION PRIVACY OF THOUGHTS AND FEELINGS PRIVACY OF LOCATION AND SPACE (TERRITORIAL) PRIVACY OF PERSON
  • 7. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 8. Data protection Law & Regulation Forrester’s 2016 Data Protection Heat Map- Countries are continuing to move toward the Europe standard for data protection (from 1 June 2017) Failure to report leakage, damage or loss of personal data Disclosure of personal information in breach of a lawful contract or without consent Serious or repeated breach of the Australian Privacy Principles Privacy Directives / EU GDPR Privacy Shield Industry specific such as HIPAA / Privacy act 1974 • 1980 OECD guidelines on the Protection of Privacy and Trans border flows of Personal Data (updated 2013) Only recommended to member countries • Global Privacy Enforcement Network (GPEN)
  • 9. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 10. Privacy objectives of General Data Protection Regulation (GDPR) 1 Protect the Privacy rights 2 Uniform regulation across EU 3 Define(widen) the scope of PII 4 Uniform cross boarder data transfers 5 Address the online data privacy concerns 6 Facilitate the economic activities with uniform privacy requirements 7 Harmonize the regulatory oversight
  • 11. Rights of Data Subjects Data Subject - Right to privacy Know the Why? How? Where? Till when? etc. Request information through a defined method Request to rectify/ modify Object transfer or processing Right to be forgotten Data portability without hindrance where feasible Object the automated decision making including profiling
  • 12. Organizational Requirements • Legitimate, specified & explicit consentCollection • Adequate, relevant and limitedData • Lawful, transparent & fairProcess • Accurate & up to dateQuality • As consented & necessaryRetention • Protect - State of the ArtSecure • Controllers & Processors – Civil & Criminal LiabilitiesAccountability • Detect, Contain & Notify – Administrative FinesBreach • One stop Data Protection Authority for EU businessOne Stop
  • 13. What are we planning to cover?  Introduction to Privacy & Data Protection  PII definition and Scope  Data protection Law & Regulation  ASIA (India)  EMEA (EU)  Americas (USA)  Practical Implications of Privacy & GDPR  Objectives  Rights of Data subjects  Organizational Requirements  Best Practices for GDPR compliance  Assessment  Framework & Controls  Compliance
  • 15. Framework & Controls ENTERPRISE GOVERNANCE Privacy Governance Privacy Policies & Procedures Privacy Risk Management Awareness Privacy Program Management Training Privacy Operations Support Planning & Selection Projects & Controls Monitor & Reporting Audit & Review Requireme nts RightsLogging BreachAssess MitigateMeasure Review
  • 16. GDPR Compliance Best practices E N T E R P R I S E G R C F R A M E W O R K Assessment Framework & Controls Privacy by design – Data Minimization Data Quality & Rights Management Data Protection Officer Encryption & IT Security best practices Cross Border Data transfer Certification Logging & Monitoring