Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
GDPR
Seminar
26 April 2018 – Hogeschool Leiden
Agenda
• INTRODUCTION
• GDPR WORKFLOW
• CASE STUDY
• HOW WE CAN HELP
1
PIETER SCHERPENHUIJSENINDICA Founder, Technical Director & Lead Developer
2
STEPHAN IDEMAManager Forensic Technology at KPMG
GDPR Workflow
3
(Procedures) (Data)
PIA Questionnaire
Data Landscape
Assess Privacy Risks
Mitigation
Scan,
Tag
& Report
H company is a multinational company based in the Netherlands
H Company has 5000+ employees and 200+ business
partners worldwide
H Company has been gathering and maintaining
employee data for 25+ years
H Company is in possession of both
current & previous employee data
H Company is also in possession of
clients’ (B2B & B2C) data
Case Study- H Company
4
GDPR Workflow
5
(Procedures) (Data)
PIA Questionnaire
Data Landscape
Assess Privacy Risks
Mitigation
Scan,
Tag
& Report
Data Protect Impact Assessment (PIA)
6
Data Protect Impact Assessment (PIA) is necessary prior to the implementation of
data processing systems or activities that comply with the General Data
Protection Regulation (GDPR)
Describe the nature, scope, context and purposes of the processing01
Assess necessity, proportionality and
compliance measures02
Identify and assess risks to individuals03
Identify any additional measures to
mitigate those risks04
What about my data?
7
Structured Data
Unstructured Data
What about my data?
8
GDPR Workflow
9
(Procedures) (Data)
PIA Questionnaire
Data Landscape
Assess Privacy Risks
Mitigation
Scan,
Tag
& Report
10
CRM
File shares
Databases
DMS
Data Landscape
Structured data is easy, but how to handle the unstructured data?
GDPR Workflow
11
(Procedures) (Data)
PIA Questionnaire
Data Landscape
Assess Privacy Risks
Mitigation
Scan,
Tag
& Report
Initial Report - Overview
12
The Overview page provides the real - time information about the personal data
stored in your company and shows your progress in resolving GDPR issues
Initial Report - Landscape
13
The Landscape page provides you with privacy risk map and illustrates the
personal data distribution across your company’s infrastructure
Initial Report - Issues
14
The Issues page contains a full list of privacy issues and the graphs on the right
side represents your total progress
GDPR Workflow
15
(Procedures) (Data)
PIA Questionnaire
Data Landscape
Assess Privacy Risks
Mitigation
Scan,
Tag
& Report
Assess Privacy Risks
Unlawful processing of
personal dataAuthorization risks Data Retention Risks
• Processing of personal data for
which there is no legal ground
• Processing of personal data
that does not align with the
original purpose of processing
• Processing sensitive personal
data where no consent is given
• Access to unstructured data is
not managed
• Unauthorized access to
personal data
• Access to personal data is
inconsistent with corporate
policy
• Personal data is stored after
the retention guidelines
• Processing of personal data
for which there is no legal
ground
16
GDPR Workflow
17
(Procedures) (Data)
PIA Questionnaire
Data Landscape
Assess Privacy Risks
Mitigation
Scan,
Tag
& Report
Mitigation
18
Unlawful processing of
personal dataAuthorization risks Data Retention Risks
Policies and Procedures with
regards to data processing
Awareness & Training of
Personnel
Data Monitoring &
Dashboarding
IAM Processes & ProceduresSetting up data retention
schemes
Implementing data
retention IT controls
REPEAT
19
(Procedures) (Data)
PIA Questionnaire
Data Landscape
Assess Privacy Risks
Mitigation
Scan,
Tag
& Report
Thank you!
INDICA Team
www.indica.nl
T. +31 30 227 0160E. [email protected]
INDICA NL B.V.Groest 106, 1211 EE HILVERSUM, The Netherlands