![Page 1: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/1.jpg)
A Practical Approach To GDPRFeaturing Duncan Brown, IDC
![Page 2: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/2.jpg)
Agenda
Logistics
A Practical Approach to GDPR, Duncan Brown• GDPR Readiness
• The Role of DPO
• Technology Framework
• Recommended Timeline
• Action Plan
The Atos Approach to GDPR, Zeina Zakhour
Q&A
2
![Page 3: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/3.jpg)
Duncan Brown
Leads IDC’s security research program in Europe
Broad security expertise including:• Incident response
• Threat intelligence
• Global privacy
Established and leads IDC coverage:• GDPR
• RPEC
• NIS Directive
3
Duncan BrownAssociate Vice President
IDC
![Page 4: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/4.jpg)
A Practical Approach to GDPR
Duncan Brown
Associate Vice President, European Security
![Page 5: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/5.jpg)
GDPR is a game-changer
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 5
*Article 58
![Page 6: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/6.jpg)
GDPR is a game-changer
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 6
Fines up to 4% of global revenues• “Effective, proportionate and dissuasive”
![Page 7: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/7.jpg)
GDPR is a game-changer
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 7
Fines up to 4% of global revenues• “Effective, proportionate and dissuasive”
Mandatory Breach Notifications• Consequential loss of reputation
![Page 8: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/8.jpg)
GDPR is a game-changer
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 8
Fines up to 4% of global revenues• “Effective, proportionate and dissuasive”
Mandatory Breach Notifications• Consequential loss of reputation
Class-action lawsuits
• Brought by activists…?
![Page 9: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/9.jpg)
GDPR is a game-changer
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 9
*Article 58
Fines up to 4% of global revenues• “Effective, proportionate and dissuasive”
Mandatory Breach Notifications• Consequential loss of reputation
Class-action lawsuits• Brought by activists…?
Ban on personal data processing*• In extreme cases
![Page 10: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/10.jpg)
GDPR Readiness
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
It is mainly ready nowThere is a solid plan inplace to ensure
readiness by May 2018
We will start addressingit this year (2017)
We are awaiting furtherguidelines
We really do not knowwhere to start
Not relevant, as GDPRdoes not affect our
organization
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 10
Source: IDC EMEA GDPR Survey, March 2017, n=560
![Page 11: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/11.jpg)
GDPR Readiness
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
It is mainly ready nowThere is a solid plan inplace to ensure
readiness by May 2018
We will start addressingit this year (2017)
We are awaiting furtherguidelines
We really do not knowwhere to start
Not relevant, as GDPRdoes not affect our
organization
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 11
Source: IDC EMEA GDPR Survey, March 2017, n=560
43%
![Page 12: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/12.jpg)
GDPR Readiness
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
It is mainly ready nowThere is a solid plan inplace to ensure
readiness by May 2018
We will start addressingit this year (2017)
We are awaiting furtherguidelines
We really do not knowwhere to start
Not relevant, as GDPRdoes not affect our
organization
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 12
Source: IDC EMEA GDPR Survey, March 2017, n=560
43%57%
![Page 13: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/13.jpg)
Who leads GDPR?
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 13
Source: IDC EMEA GDPR Survey, March 2017, n=560
![Page 14: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/14.jpg)
Who leads GDPR?
39%
31%
7%
21%
2%Corporate management
IT
Finance and accounting
Legal
Other
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 14
Source: IDC EMEA GDPR Survey, March 2017, n=560
Q. In which division or department is the leader based?
![Page 15: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/15.jpg)
Who leads GDPR?
39%
31%
7%
21%
2%Corporate management
IT
Finance and accounting
Legal
Other
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 15
36%
64%
Yes
No
Source: IDC EMEA GDPR Survey, March 2017, n=560
Q. We have established a cross-functional
compliance taskforce or governance board?
Q. In which division or department is the leader based?
![Page 16: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/16.jpg)
The role of the Data Protection Officer
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 16
IDC does not provide legal advice
![Page 17: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/17.jpg)
The role of the Data Protection Officer
Mandatory for public bodies, and
• Processing of ‘large scale’ systematic monitoring
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 17
IDC does not provide legal advice
![Page 18: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/18.jpg)
The role of the Data Protection Officer
Mandatory for public bodies, and
• Processing of ‘large scale’ systematic monitoring
Voluntary DPOs are encouraged as good practice
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 18
IDC does not provide legal advice
![Page 19: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/19.jpg)
The role of the Data Protection Officer
Mandatory for public bodies, and
• Processing of ‘large scale’ systematic monitoring
Voluntary DPOs are encouraged as good practice
Applies to controllers & processors
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 19
IDC does not provide legal advice
![Page 20: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/20.jpg)
The role of the Data Protection Officer
Mandatory for public bodies, and
• Processing of ‘large scale’ systematic monitoring
Voluntary DPOs are encouraged as good practice
Applies to controllers & processors
Requires ‘expert knowledge’ and ‘ability to fulfil the tasks’
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 20
IDC does not provide legal advice
![Page 21: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/21.jpg)
The role of the Data Protection Officer
Mandatory for public bodies, and
• Processing of ‘large scale’ systematic monitoring
Voluntary DPOs are encouraged as good practice
Applies to controllers & processors
Requires ‘expert knowledge’ and ‘ability to fulfil the tasks’
In-house or external, full- or part-time
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 21
IDC does not provide legal advice
![Page 22: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/22.jpg)
The role of the Data Protection Officer
Mandatory for public bodies, and
• Processing of ‘large scale’ systematic monitoring
Voluntary DPOs are encouraged as good practice
Applies to controllers & processors
Requires ‘expert knowledge’ and ‘ability to fulfil the tasks’
In-house or external, full- or part-time
No conflict of interest
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 22
IDC does not provide legal advice
![Page 23: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/23.jpg)
The role of the Data Protection Officer
Mandatory for public bodies, and• Processing of ‘large scale’ systematic monitoring
Voluntary DPOs are encouraged as good practice
Applies to controllers & processors
Requires ‘expert knowledge’ and ‘ability to fulfil the tasks’
In-house or external, full- or part-time
No conflict of interest
Can’t be fired for ‘performing their duties’
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 23
IDC does not provide legal advice
![Page 24: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/24.jpg)
Sourcing a DPO
51%
22%
13%
7%
7%
Appoint someone from within the organization
We already have a DPO in place
Appoint a dedicated person from outside the organization
Not appoint a DPO
Use a contract resource
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 24
Source: IDC EMEA GDPR
Survey, March 2017,
n=560
![Page 25: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/25.jpg)
GDPR Technology Framework
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 25
Review State of the Art
Meeting Specific Requirements
Information Governance
![Page 26: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/26.jpg)
GDPR Technology Framework
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 26
Information GovernanceWhat personal data do I have, where is it, how sensitive is it,
why do I have it, do I have consent to use it, can I delete it, etc.
![Page 27: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/27.jpg)
GDPR Technology Framework
Discovery Data visibility assessment
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 27
Information GovernanceWhat personal data do I have, where is it, how sensitive is it,
why do I have it, do I have consent to use it, can I delete it, etc.
![Page 28: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/28.jpg)
GDPR Technology Framework
Discovery Data visibility assessment
Automation is essential
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 28
Information GovernanceWhat personal data do I have, where is it, how sensitive is it,
why do I have it, do I have consent to use it, can I delete it, etc.
![Page 29: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/29.jpg)
GDPR Technology Framework
Discovery Data visibility assessment
Automation is essential
Data loss prevention for real-time classification &
protection of data-in-transit
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 29
Information GovernanceWhat personal data do I have, where is it, how sensitive is it,
why do I have it, do I have consent to use it, can I delete it, etc.
![Page 30: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/30.jpg)
GDPR Technology Framework
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 30
Meeting Specific RequirementsRTBF, Consent, Encryption, Data Loss Prevention, Data Portability,
Access Control, Record keeping, Incident Response, etc.
![Page 31: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/31.jpg)
GDPR Technology Framework
Data Discovery, Classification
and Control
Access Control & Identity
Management
Privileged User Management
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 31
Meeting Specific RequirementsRTBF, Consent, Encryption, Data Loss Prevention, Data Portability,
Access Control, Record keeping, Incident Response, etc.
![Page 32: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/32.jpg)
GDPR Technology Framework
Data Discovery, Classification
and Control
Access Control & Identity
Management
Privileged User Management
Encryption and Pseudonymization
Auditing and Forensics
Breach Detection and Notification
Managed Services
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 32
Meeting Specific RequirementsRTBF, Consent, Encryption, Data Loss Prevention, Data Portability,
Access Control, Record keeping, Incident Response, etc.
![Page 33: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/33.jpg)
GDPR Technology Framework
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 33
Review State of the Art“appropriate technical and organisational measures”
Encryption, backup & restore, testing, and everything else…
![Page 34: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/34.jpg)
GDPR Technology Framework
“Taking into account state of the art…”
Cost
Risk
Context
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 34
Review State of the Art“appropriate technical and organisational measures”
Encryption, backup & restore, testing, and everything else…
![Page 35: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/35.jpg)
When to start?
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 35
![Page 36: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/36.jpg)
When to start?
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 36
![Page 37: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/37.jpg)
When to start?
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 37
![Page 38: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/38.jpg)
When to start?
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 38
![Page 39: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/39.jpg)
When to start?
![Page 40: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/40.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 42
Manage Discover Assess Review
![Page 41: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/41.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 43
Manage
![Page 42: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/42.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 44
Manage
Select a leader
![Page 43: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/43.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 45
Manage
Select a leader
It’s a program!
![Page 44: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/44.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 46
Manage
Select a leader
It’s a program!
Stakeholder
engagement
![Page 45: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/45.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 47
Manage Discover
Select a leader
It’s a program!
Stakeholder
engagement
![Page 46: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/46.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 48
Manage Discover
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
![Page 47: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/47.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 49
Manage Discover
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
Risk exposure
![Page 48: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/48.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 50
Manage Discover
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
Risk exposure
Scale of effort
![Page 49: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/49.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 51
Manage Discover Assess
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
Risk exposure
Scale of effort
![Page 50: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/50.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 52
Manage Discover Assess
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
Risk exposure
Scale of effort
Role of Technology
![Page 51: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/51.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 53
Manage Discover Assess
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
Risk exposure
Scale of effort
Role of Technology
Impact assessments
![Page 52: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/52.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 54
Manage Discover Assess
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
Risk exposure
Scale of effort
Role of Technology
Impact assessments
Behaviour changes
![Page 53: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/53.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 55
Manage Discover Assess Review
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
Risk exposure
Scale of effort
Role of Technology
Impact assessments
Behaviour changes
![Page 54: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/54.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 56
Manage Discover Assess Review
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
Risk exposure
Scale of effort
Role of Technology
Impact assessments
Behaviour changes
Access control
![Page 55: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/55.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 57
Manage Discover Assess Review
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
Risk exposure
Scale of effort
Role of Technology
Impact assessments
Behaviour changes
Access control
Data control
![Page 56: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/56.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 58
Manage Discover Assess Review
Select a leader
It’s a program!
Stakeholder
engagement
Visibility
Risk exposure
Scale of effort
Role of Technology
Impact assessments
Behaviour changes
Access control
Data control
Breach response
![Page 57: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/57.jpg)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 59
![Page 58: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/58.jpg)
Thank you
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 60
![Page 59: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/59.jpg)
Zeina Zakhour
17 years cybersecurity
Manages end-to-end spectrum• Security advisory
• Integration
• Managed security services
• IoT & big data security
CISSP
ISO 27005 certified Risk Manager
61
Zeina ZakhourGlobal CTO Cybersecurity
Atos
![Page 60: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/60.jpg)
Atos approach to GDPR
Journey towards compliance
![Page 61: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/61.jpg)
63
How to get prepared ? The Journey for GDPR compliance
Do you know where the personal data is stored in your organization,Who has access and how data is used/exchanged?
Did you identify none-compliance risks related to personal data processing?
Are you using cloud service for personal data ?
Do your business lines understand the impacts of this regulation? (changes to Data ConsentForms, providing legal forms for access/modification/erasure, running Data Protection ImpactAnalysis (DPIA) for projects processing personal data?)
Do your suppliers mobilize their efforts to implement compliancy procedures to the regulation?How do they demonstrate compliance?
Can you report personal data breaches (stolen personal data) and notify the national authoritieswithin 72 hours?
Did you nominate a DPO (Data Protection Officer) for your organization and does he or she have aclear visibility of all personal data lifecycle?
Can you demonstrate the compliance of your organization to the GDPR?
![Page 62: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/62.jpg)
Businessprocesses
update
GDPRGovernance
Data protection
DPIAPersonal
Data Breach Notification
▶ Personal data mapping▶ GDPR Readiness Assessment ▶ Data classification▶ Data Protection Impact
Assessment
▶ Contractual commitmentupdate (New/old)
▶ Define organisational andtechnical controlsUpdate SLAs for GDPR compliancefollow-up
▶ Auditability and Traceability of access, data flows
▶ Incident management ▶ CERT/CSIRT▶ Data breach notification▶ People, Process &
Information alignment
▶ Agile architecture ▶ Security controls
(Including data encryption Article 33)
▶ 24/7 security monitoring▶ Audit and penetration testing▶ Compliance Reporting
▶ Consent forms update▶ Security by Design &
implementation of DPIA▶ Provide forms for data
access/modification/withdrawal requests
64
How to get prepared ? A structured and continuous improvement approach
![Page 63: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/63.jpg)
Atos & Digital Guardian GDPR Readiness Assessment
▶ 30-day software guided datasecurity consulting assessment
▶ Data at Rest Assessment
▶Discover personal data across network shares, databases and cloud storage
▶ Data in Motion Assessment
▶ Identify sensitive content leavingyour network (web and email)
▶ Detailed report on data protection risks & recommendations
▶ Requires no additional customer resources
65
![Page 64: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/64.jpg)
66
Atos & Digital Guardian Locate Personal Data & Gaps with GDPR
![Page 65: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/65.jpg)
Data processor Technology Catalog
▶ IAM / PAM
▶ Data Encryption
▶ Data Masking
▶ SIEM/TI
▶ CSIRT
▶ Data Breach Notification Process
▶ Data Breach Emergency Process
Data Controller
IT Managed Services data processing
Cu
sto
mer l
eg
al
Resp
on
sib
ilit
y
ag
ain
st
data
priv
acy a
uth
orit
ies
Data Catalogueavailable
Risk Assessment
Define Data Location / Restrictions / Controls / Contractual agreement
Operate Controls and defined services
Monthly Reporting
Monthly discussion, reassessment and adoption of measures (aligned process for change requests and cost impact)
Define Metrics / KPI
GDPR GovernanceShared responsibility on GDPR compliance
Create Data Catalogue
Visibility study to identify personal data
67
![Page 66: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/66.jpg)
GDPR Response
CISO Processes Interface
CISO Processes Interface
DB – Notification readiness
DB – Notification exec
DB – Insurance
DB – Forensics
GDPR Reporting
GDPR KPI setting & reporting automation
GDPR Compliance Dashboard
GDPR Data Protection
GDPR Data Protection ControlsSecurity Service Packages
AHPS (Detection & Monitoring)
Access Control (Privileged Account Management)
Access Control (IAM)
Data Encryption/Masking
Data Loss Prevention
Behavior Analytics
Threat Intelligence
AHPS (Log Management)
68
![Page 67: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/67.jpg)
Intelligence Driven Security ManagementFor GDPR Compliance
CustomerSecurity Interface
Security Reports
Security Dashboard
Change Mgmt.
Security Operations Center Analysts
Incident Mgmt. L1/L2 Ticket Management
Computer Security Incident Response
TeamIncident Mgmt L3 Forensics Services
Threat Intelligence
Global Threat IntelligenceTargeted Threat
Intelligence
Governance Risk and ComplianceCompliance Management Services
Testi
ng
, V
uln
erab
ilit
y a
nd
Rem
ed
iati
on
Secure Data Center Operation and Orchestration
Data
Atos High Performance Security Prescriptive Analytics
Knowledge Base
Data LossPrevention
Malware Scanning
APT Detection & Remediation
Endpoint Protection Services
DDoS Mitigation Services
69
Identity and Access
Management
Microsegmentation
FW & IPSServices
Infrastructure & Network Protection
![Page 68: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/68.jpg)
Think Extended Enterprise
70
You cannot protect what you don’t see
GDPR compliance is a journey towards a secure & efficient data management lifecycle
![Page 69: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/69.jpg)
Think Extended Enterprise
71
You cannot protect what you don’t see
Break the Silos
GDPR compliance is a journey towards a secure & efficient data management lifecycle
![Page 70: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/70.jpg)
Think Extended Enterprise
72
You cannot protect what you don’t see
Break the Silos
Adopt Purpose Driven Data Collection
GDPR compliance is a journey towards a secure & efficient data management lifecycle
![Page 71: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/71.jpg)
Think Extended Enterprise
73
You cannot protect what you don’t see
Break the Silos
Adopt Purpose Driven Data Collection
GDPR compliance is a journey towards a secure & efficient data management lifecycle
Think Extended Enterprise
![Page 72: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/72.jpg)
Think Extended Enterprise
74
You cannot protect what you don’t see
Break the Silos
Adopt Purpose Driven Data Collection
Adopt Auditable & Controlled Data Processing
GDPR compliance is a journey towards a secure & efficient data management lifecycle
Think Extended Enterprise
![Page 73: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/73.jpg)
Think Extended Enterprise
75
You cannot protect what you don’t see
Break the Silos
Adopt Purpose Driven Data Collection
Adopt Auditable & Controlled Data Processing
GDPR compliance is a journey towards a secure & efficient data management lifecycle
Update your Risk Assessment matrix
Think Extended Enterprise
![Page 74: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/74.jpg)
76
You cannot protect what you don’t see
Break the Silos
Adopt Purpose Driven Data Collection
Adopt Auditable & Controlled Data Processing
The challenge is not to be ready on May 25th 2018 but to remain compliant thereafter…
Update your Risk Assessment matrix
Think Extended Enterprise
![Page 75: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/75.jpg)
Questions & Answers
![Page 76: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/76.jpg)
Thank You
![Page 77: A Practical Approach To GDPR - Digital Guardian · 2020-06-08 · GDPR Readiness 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% There is a solid plan in It is mainly ready now place to ensure](https://reader033.vdocuments.mx/reader033/viewer/2022043019/5f3b561b17a6b37ea3675672/html5/thumbnails/77.jpg)
Atos, the Atos logo, Atos Codex, Atos Consulting, Atos Worldgrid, Worldline, BlueKiwi, Bull, Canopy the Open Cloud Company, Unify, Yunano, Zero Email, Zero Email Certified and The Zero Email Company are registered trademarks of the Atos group. May 2017. © 2017 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos.
Thank YouFor more information please contact:[email protected]