GDPR infographic
-
Upload
yves-van-tongerloo -
Category
Government & Nonprofit
-
view
74 -
download
0
Transcript of GDPR infographic
DPO ROLES
INFORM & ADVISEorganizations on data protection
MONITORdata management and processing
ASSESSthe impact of protection and level of risk
NOTIFYdata subjects of breaches
COOPERATEwith supervisory authority
DATA PROTECTION PRINCIPLES
FULLFUNCTIONALITYProcesses and technologies serve only their pre-defined purpose and will not deviate
EMBEDDEDSecurity measurements are embedded in the design of the data handling process
VISIBILITYAll data handling activities and processes are visible and accountable
RESPECTAll acts executed during the data handling process are in respect for the data subjects’ privacy
PROACTIVEImmediate response capability and implementation of preventative tools
END-TO-ENDSecurity measurements needs to cover the entirety of the data handling process
DEFAULTDeviation from prior agreements between data subjects and other data entities is forbidden
01
02
03
0405
0607
GENERAL DATA PROTECTION REGULATION BALABIT HELPS TO COMPLY
PROTECT CONTROL UNIFY SIMPLIFY
The goals of the GDPR
the duties and responsibilities of controllers and
processors
the means ofdata collectionand processing
EU citizens’personal data
is provided to data subjects over their
processed data
PERSONAL DATA HANDLING PROCESS
1. COLLECTION
2. ENCRYPTION AND STORAGE
3. FORWARDING
4. PROCESSING
DATA SUBJECT DATA CONTROLLER DATA PROCESSOR
WITH THE GDPR'S SHIFT IN POLICY, DATA SUBJECTSWILL HAVE MORE CONTROL OVER THEIR PERSONAL DATA
THE GDPR DEFINES PERSONAL DATA AS INFORMATIONTHAT IS BOTH DIRECTLY AND INDIRECTLY RELATABLE TO A DATA SUBJECT
THE GDPR EMPHASIZES THE HANDLING OF PERSONAL DATA,AND FOCUSES ON DESIGNS THAT CENTER AROUND DATA SUBJECTS
The right to data correction
Tighter consent requisitions
The right to be forgotten
Chance for data portability
Notification on data endangerment
Privacy by default measures
THE RIGHTS OFTHE DATA SUBJECTS
Accountability for violations and breaches
Harsh sanctions for not complying
Embedded security measures
Transparency of data flow
Full functionality of data handling
Guaranteed end-to-end security
THE RESPONSIBILITIES OF THE DATACONTROLLERS AND PROCESSORS
RIGHTS & RESPONSIBILITIES
ALL TECHNOLOGY AND SECURITY REQUIREMENTS LISTED IN THE GDPR ORIGINATEFROM THE PRIVACY AND DATA PROTECTION BY DESIGN REPORT CREATED BY
THE EUROPEAN UNION AGENCY FOR NETWORK AND INFORMATION SECURITY (ENISA)
Hide
Separate
Minimize
Aggregate
Enforce
Demonstrate
Control
Inform
DATAPROTECTIONSTRATEGIES
Restrict the processed amount of personal data to the necessary minimum.
Data subjects should be provided an agency over
the processing of their personal data.
Any personal data, and their interrelationships, should be hiddenfrom plain view.
personal data should be stored in a distributed fashion with separated components.
Data should be processed at large quantities in centralized areas.
A privacy policy should be in place and
enforced.
Controllers andprocessors are able to
demonstrate complianceand security incidents.
Data subjects should be informed when personal data is processed or endangered.
YOU NEED TWO DISTINCT APPROACHES TO PROTECTTHE PERSONAL DATA OF YOUR DATA SUBJECTS
Shell Control Box
A log management system that safeguards log information during collection, transfer and storage. Capable to handling mass volumes of information and forwarding them to designated endpoints.
syslog-ng
www.balabit.com
ORGANIZATIONS MUST PROTECT DATA ACCORDING TO THE LEVEL OF RISKS,AND CANNOT ALLOW DATA PROTECTION TO BE AN AFTERTHOUGHT
IN THE INFRASTRUCTURE DESIGN
TO GUARANTEE THE INTEGRITY OF PERSONAL DATA, AND TO PREVENTANY VIOLATION OF THE GDPR OBLIGATIONS, ALL ORGANIZATIONS
MUST HAVE A DATA PROTECTION OFFICER AS A MEANS OF SUPERVISION
A privileged user monitoring tool that allows DPOs to supervise all processes executed against personal data. The ability to manage all access points and monitor activities that could violate the GDPR obligations. Providing review and reporting capability on all events.
BALABITSOLUTION
Accessmanagement
Restrict the access to personal data
Real-timemonitoring
Against policy violations and enforcing compliance
Audit trailsFor data breach
investigation and for notifying relevant parties
ReportingDemonstration capability
to authorities for reviewand forensics
Filteringand parsingKeeping visible information at a necessary minimum
Encryption andanonymizationSecured format of personal data elements
PseudonymizationSeparation of personal and processable elements of data
CentralizationCollection of data in an aggregated format
Privileged Access Monitoring Log Management
BY 2018 ALL AND ANY ORGANIZATION THAT COLLECTS OR PROCESSES PERSONAL DATA OF EU CITIZENS MUST BE COMPLIANT WITH THE REQUIREMENTS STATED IN THE GDPR.
GDPR DEADLINE
2018