Gearing up for GDPR in the Cloud

Gearing Up for EU GDPR Compliance in the Cloud

1

Presenters

2

Jennifer Sand

VP of Product Management,

CloudLock

Russell Miller

Director of Product Marketing,

CloudLock

Andrew Dyson

Partner, DLA Piper

Continuing Professional Education (CPE) Credits

Claim your CPE credit for attending this webinarhttps://www.isc2.org/

For more information or questions please contact us

[email protected]

3

https://www.isc2.org/

https://www.isc2.org/

mailto:[email protected]


Agenda

01

02

03

04

What is happening when

What do you need to know?

What do you need to do today?

What do you need to do in the next 2 years?

4

05 Questions

EU GDPR Timeline

555https://www.dlapiper.com/en/uk/focus/eu-data-protection-regulation/background/

EU GDPR vs. Privacy Shield

666

777

8 New Provisions

1 No ambiguity. One law across all 28 countries of the EU.

2 The law is global.

3 Increased fines. Up to 4% of global turnover or €20,000,000.

4 Breach notification. Mandatory within 72 hours.

5 New individual rights.

6 Liability extended to data processors as well as data controllers.

7 Information governance through the supply chain.

8 Privacy by design.

888

Who This Applies To

European offices Hold data on EU residents

http://cdn.xl.thumbs.canstockphoto.com/canstock1764143.jpg

Every Company Uses Cloud Services

999

http://appirio.com/wp-content/uploads/2016/01/gmail-2014.png

http://www.google.com/drive/images/drive/logo-drive.png

http://gettinderbox.com/wp-content/uploads/2015/01/box.png

https://pbs.twimg.com/profile_images/378800000041139697/cf1e6299ecb533ed82725abe96bb96a9_400x400.png

https://updraftplus.com/wp-content/uploads/2013/01/dropbox-02-1024x1024.png

https://ellislab.com/asset/images/community/slack.png

https://upload.wikimedia.org/wikipedia/commons/thumb/1/1d/AmazonWebservices_Logo.svg/2000px-AmazonWebservices_Logo.svg.png

https://pbs.twimg.com/profile_images/634474652967006208/46qwP9AX.png

http://yakketyyakllc.com/wp-content/uploads/2014/11/Pinterest_logo-3.jpg

https://www.facebook.com/images/fb_icon_325x325.png

https://pbs.twimg.com/profile_images/458647290358423552/RkL-auoU_400x400.png

https://login.salesforce.com/img/logo198.png

http://a2.mzstatic.com/us/r30/Purple30/v4/75/e2/1a/75e21a5e-59ff-993f-e50a-64dad06a92bd/icon128.png

http://rolandoldengarm.com/wp-content/uploads/2015/07/yammer.png

http://www.miami.edu/EE/images/uploads/it/logophotos/o365-logo.jpg

http://burkeassists.com/wp-content/uploads/2014/06/logo_system_WebEx-150x150.png

https://d3kjp0zrek7zit.cloudfront.net/uploads/product/image/1460/large_detail_1412537092.jpg

https://pbs.twimg.com/profile_images/674026885580386304/a3rxT9ck.jpg

http://cdn1.macworld.co.uk/cmsdata/features/3523783/iCloud-Drive-800_thumb800.jpg

http://d1oiazdc2hzjcz.cloudfront.net/website/share-image.png

https://recodetech.files.wordpress.com/2016/02/20160202-uber-new-logo.jpg?quality=80&strip=info&w=640

https://s0.wp.com/wp-content/themes/vip/skype-main/assets/images/logo.png

http://16315-presscdn-0-27.pagely.netdna-cdn.com/wp-content/uploads/2015/05/splunk-logo.jpg

http://ecx.images-amazon.com/images/I/617%2B%2BQuyyTL._SL1000_.jpg

http://allthingsd.com/files/2011/10/ADP-logo-feature.png

http://www.appconfig.org/www/appconfig-content/uploads/2015/08/workday_logo2.png

https://jfqcza.bn1.livefilestore.com/y2paqP_3uagi8J3WlP4-pNt4kJoOzRKmuohSQUsrjaegIaoNbNZJ7EXLEflIO6XYAOKM6scpKxbtXPg10RL5OO3A9bc6m-zERVRHUYB1OEGq8s/Concur_Logo_VT_Color_500px.png?psid=1

http://www.androidenthusiast.tk/wp-content/uploads/2015/11/maps.jpg

1010

What You Need to Know

Where

What How

1111

What is Required

Appropriate Security Measures

Restrict Onward Transfers

Access/Manipulate Data

Sensitive Data is Out There

12

** CloudLock Cybersecurity Report: The Extended Parameter

A New Operating Paradigm

1313

Internal governance

Transparency

Customer controls

Incident management

Audit

Data protection officer

Disclosure of supply chain/transfer terms

Minimise level of data processed

Routine risk assessments/audits

Formal breach management

processes

Internal training/ audit & review

Internal register of processing

Regulate who and how processed

Manage Offshore data transfers

Appropriate security measures

EC Approved “Model Clauses”

EC approved Country

141414

Appropriate Security Measures in The Cloud

Automatic Detection of

Personal Data

Automated Action

Employee Involvement

Cloud Vendor Readiness Questions

Add bit.ly

151515

Dedicated Security Team?

Systems subjected to penetration testing?

Terms for ownership of data?

Share most recent vulnerability scan results?

Formal procedure for reporting a suspected security violation?

Access security of data facilities?

http://bit.ly/cloud-questions

What is security policy?

161616

What You Need to Do - Today

Tomorrow’s Task:5MAY

1 Document where and who process data

2 Audit and Prioritize Cloud Vendors

3 Consider technology at hand

171717

Do you comply?

bit.ly/cloudlock-assessment Come See Us At:

7-9 JuneOlympia, LondonBooth D202

http://bit.ly/cloudlock-assessment

http://bit.ly/cloudlock-assessment

Thank You

Questions & Answers

www.cloudlock.com [email protected] 781.996.4332

21

http://www.cloudlock.com

http://www.cloudlock.com



Technology

Gearing up for GDPR in the Cloud