gearing up for gdpr in the cloud
TRANSCRIPT
![Page 1: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/1.jpg)
Gearing Up for EU GDPR Compliance in the Cloud
1
![Page 2: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/2.jpg)
Presenters
2
Jennifer Sand
VP of Product Management,
CloudLock
Russell Miller
Director of Product Marketing,
CloudLock
Andrew Dyson
Partner, DLA Piper
![Page 3: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/3.jpg)
Continuing Professional Education (CPE) Credits
Claim your CPE credit for attending this webinarhttps://www.isc2.org/
For more information or questions please contact us
3
![Page 4: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/4.jpg)
Agenda
01
02
03
04
What is happening when
What do you need to know?
What do you need to do today?
What do you need to do in the next 2 years?
4
05 Questions
![Page 5: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/5.jpg)
EU GDPR Timeline
555https://www.dlapiper.com/en/uk/focus/eu-data-protection-regulation/background/
![Page 6: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/6.jpg)
EU GDPR vs. Privacy Shield
666
![Page 7: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/7.jpg)
777
8 New Provisions
1 No ambiguity. One law across all 28 countries of the EU.
2 The law is global.
3 Increased fines. Up to 4% of global turnover or €20,000,000.
4 Breach notification. Mandatory within 72 hours.
5 New individual rights.
6 Liability extended to data processors as well as data controllers.
7 Information governance through the supply chain.
8 Privacy by design.
![Page 8: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/8.jpg)
888
Who This Applies To
European offices Hold data on EU residents
![Page 9: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/9.jpg)
Every Company Uses Cloud Services
999
![Page 10: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/10.jpg)
1010
What You Need to Know
Where
What How
![Page 11: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/11.jpg)
1111
What is Required
Appropriate Security Measures
Restrict Onward Transfers
Access/Manipulate Data
![Page 12: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/12.jpg)
Sensitive Data is Out There
12
** CloudLock Cybersecurity Report: The Extended Parameter
![Page 13: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/13.jpg)
A New Operating Paradigm
1313
Internal governance
Transparency
Customer controls
Incident management
Audit
Data protection officer
Disclosure of supply chain/transfer terms
Minimise level of data processed
Routine risk assessments/audits
Formal breach management
processes
Internal training/ audit & review
Internal register of processing
Regulate who and how processed
Manage Offshore data transfers
Appropriate security measures
EC Approved “Model Clauses”
EC approved Country
![Page 14: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/14.jpg)
141414
Appropriate Security Measures in The Cloud
Automatic Detection of
Personal Data
Automated Action
Employee Involvement
![Page 15: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/15.jpg)
Cloud Vendor Readiness Questions
Add bit.ly
151515
Dedicated Security Team?
Systems subjected to penetration testing?
Terms for ownership of data?
Share most recent vulnerability scan results?
Formal procedure for reporting a suspected security violation?
Access security of data facilities?
http://bit.ly/cloud-questions
What is security policy?
![Page 16: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/16.jpg)
161616
What You Need to Do - Today
Tomorrow’s Task:5MAY
1 Document where and who process data
2 Audit and Prioritize Cloud Vendors
3 Consider technology at hand
![Page 17: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/17.jpg)
171717
![Page 18: Gearing up for GDPR in the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022022205/58cfab441a28ab6b088b5f3f/html5/thumbnails/18.jpg)
Do you comply?
bit.ly/cloudlock-assessment Come See Us At:
7-9 JuneOlympia, LondonBooth D202