Embed Size (px)
Citation preview
GDPR Explained
Jan Smets @ GDPR Event 18/05/2017
Pre-Sales Manager
DPO Certified
GDPRis enforced
for EVERY ORGANISATION
(unless household use)
18/05/2017GDPR Explained2
Step by step
GDPR EXPLAINED
18/05/2017GDPR Explained3
18/05/2017GDPR Explained4
GDPR Legislation
Translate GDPR for your specific situation
Go and read the legislation:
English
Dutch
French
NOTE: skip the first part, and start from Chapter 1, read the rest later
18/05/2017GDPR Explained5
18/05/2017GDPR Explained6
DPO
Public authority or body (except courts)
Core activities (regular / systematic / large scale)
Monitoring of data subjects
Special categories *
Criminal convictions and offences
Each country can define more rules for appointing DPO
18/05/2017GDPR Explained7
DPO: Special categories
Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic & biometric data for identifying a natural person
Health
Sex life or sexual orientation
18/05/2017GDPR Explained8
18/05/2017GDPR Explained9
Consent & Rights
Easy to give and withdraw consent
Children (-16) need parental consentCan be (-13) in some countries
Rightsto rectification
to erasure
to be forgotten
to restriction of processing
to data portability
18/05/2017GDPR Explained10
18/05/2017GDPR Explained11
Roadbook / Data Register
Never ending story …
Write down all:ResearchFindingsDecisionsActionsRisks…EVERYTHING
Obligation from 250+ employees
Necessary for GDPR compliance!
18/05/2017GDPR Explained12
18/05/2017GDPR Explained13
Data classification
Find PII (Personal Identifiable Information)
Where are they stored?
Who has access?
Who are they shared with?
Which applications process the data?
18/05/2017GDPR Explained14
Priority
18/05/2017GDPR Explained15
Top priorities
Start with data/application:
Most private data
Highest risk of data breach
Use PIA / DPIA
Legacy vs. New application
18/05/2017GDPR Explained16
18/05/2017GDPR Explained17
Procedures & policies
People are and will stay the weakest link
Use procedures / policies
NOT to annoy employees
BUT to keep them on the right track
Privacy by Design: Allow but monitor
18/05/2017GDPR Explained18
18/05/2017GDPR Explained19
Data protection
Production data
Back-ups
Historical data (full detail)Limitations apply
Historical data (analytics)
Encryption
Tokenization
Pseudonymization
Anonymization
18/05/2017GDPR Explained20
18/05/2017GDPR Explained21
Assess & document other risks
Find all other risks
Assess
Document
18/05/2017GDPR Explained22
18/05/2017GDPR Explained23
Revise and repeat
Revise outcome previous steps
Change where necessary
Find next priority
Repeat steps 4 to 6
18/05/2017GDPR Explained24
Overview
1. Legal framework / Understand GDPR
2. Create roadbook / Data register
3. Data classification
4. Start with top priorities
4a. Procedures & Policies
4b. Data protection
5. Assess & document other risks
6. Revise & repeat
18/05/2017GDPR Explained25
In short
Legal aspects
Documentation
Privacy By Design
18/05/2017GDPR Explained26
Privacy By Design – 7 principles
Proactive & Preventative
Default setting
Embedded in design
Positive-sum
End-to-end security
Visibility and transparency
User-centric
18/05/2017GDPR Explained27
Gemalto vision
GDPR EXPLAINED
18/05/2017GDPR Explained28
A new mindset
Accept the Breach
Protect What Matters,
Where It Matters
2
Secure the Breach
3
Perimeter security alone is no
longer enough.
Data is the new perimeter.
Attach security to the data and
applications. Insider threat is
greater than ever.
Gemalto Research: www.breachlevelindex.com
1
18/05/2017GDPR Explained29
Three pilars
18/05/2017GDPR Explained30
Authentication
GDPR EXPLAINED
18/05/2017GDPR Explained31
Why two-factor authentication?
Audit trail for GDPR compliancy
who accessed
at what time
which information
Reduce risk for stolen credentials
Breach prevention
18/05/2017GDPR Explained32
SafeNet Authentication Service by the Numbers
Over 4.000.000 users of Cloud Edition
30 minutes to set up
400+ fully-tested integrations
60% lower TCO than other solutions
99.999% Availability SLA
18/05/2017GDPR Explained33
SafeNet Authentication Service
Broad Choice of 2FA Methods and Tokens• OTP, OOB and pattern-based authentication with hardware, software and tokenless form factors• Over-the-air provisioning of tokens ideal for remote staff, partners and contractors
Fully Automated Management• Define policies once, and enforce them throughout your IT ecosystem• Automated user & token lifecycle administration, self-service portals • automated alerts and reporting
Standards-based Security• ISO 27001:2013, AICPA SOC-2 Recognition• FIPS 140-2 validated software tokens, DSKPP-secured provisioning• Hardware-based root of trust (token secrets and encryption keys secured in an HSM)• DSKPP secure provisioning for software tokens
Shared Services with Multi-tier Multi-tenant Architecture • Allows delegation of administration to local or remote staff• Shared services model enables accounting and inventory management per BU• Fully customizable security policies, fully brandable interface
Cloud Efficiencies• Extend current identities to the cloud with native identity federation via SAML 2.0 • Up to 60% savings in deployment and day-to-day administration costs
Broad Use Case Support• VPN, VDI, cloud, network access, portals
18/05/2017GDPR Explained34
PKI: Protecting Identities and Data
• Large enterprises
• Governments and local
municipalities
• Healthcare organizations
• Critical infrastructure
• Law enforcement
• Financial services
OUR CLIENTS
Management & Software
OUR SOLUTIONS
Middleware
Authenticators & Readers
MobilePKI
18/05/2017GDPR Explained35
Crypto / Data protection
GDPR EXPLAINED
18/05/2017GDPR Explained36
Why encryption?
Lost or stolen data in terms of GDPR
Only breach notification
No user information duty
No secrets revealed
No bad publicity
Less business impact
Breach prevention
18/05/2017GDPR Explained37
Top HSM Use Cases
Public Key Infrastructure
Transparent Data Encryption
SSL/TLS Private Key Protection
Code Signing
Data Protection for Cloud Apps
18/05/2017GDPR Explained38
TDE ProtectFile
ProtectFileProtectApp
Files, Folders, or Shares
WHERE DOES THE SENSITIVE DATA RESIDE?
File Level
Databases
Selected
Columns
Whole
Database Files
App
Level
ProtectV
App
Level
Block Level
File
System
Level
TokenizationProtectApp
Encrypt Tokenize
ProtectDB
Database
Level
The correct connector … for every use-case
18/05/2017GDPR Explained39
Tokenization
ProtectVProtectFile
ProtectApp
KeySecure Platform
Distributed Key Management
ProtectDB
• Key and crypto engine
• Authentication and authorization
• Key lifecycle management
• SNMP, NTP, SYSLOG
File Servers
& SharesWeb & Application
Servers
DatabasesApplication
ServersVirtual Machines
KeySecure Platform
18/05/2017GDPR Explained40
Data Controller / Processor
18/05/2017GDPR Explained41
SaaSSoftware-as-a-service
PaaSPlatform-as-a-service
IaaSInfrastructure-as-a-service
Data Flow
Application
Database
File / OS
Virtual Machine
Processor
Processor
Processor
Controller
Processor
Processor
Controller
Processor
Contr. / Proc. Controller
Controller
Processor
ProtectApp | Tokenization | FPE | PKCS#11 ProtectApp | Tokenization | FPE | PKCS#11 ProtectApp | Tokenization | FPE | PKCS#11
ProtectDB | TDE (Native DB Encryption) ProtectDB | TDE (Native DB Encryption) ProtectDB | TDE (Native DB Encryption)
ProtectFile | KMIP | PreBoot Enc. | Full Disk Enc. ProtectFile | KMIP | PreBoot Enc. | Full Disk Enc. ProtectFile | KMIP | PreBoot Enc. | Full Disk Enc.
ProtectV | KMIP ProtectV | KMIP ProtectV | KMIP
Key Management
GDPR EXPLAINED
18/05/2017GDPR Explained42
Why Key Management?
No direct GDPR compliancy requirement
BUT when encrypting data:
Data is no longer important
But Key Management is!
18/05/2017GDPR Explained43
Central key management
18/05/2017GDPR Explained44
A new mindset
KeySecure or
Virtual KeySecure
Luna HSM or
Cloud HSM
Crypto Command Center
SafeNet Data Encryption Solutions / Crypto Management Platform
Doc
Signing
SSL
Webserver
Gateway
Payment
Transactions
File & Disk
Encryption
Customer
KMIP Client
Backup,
Storage &
Archive
SIEM Tools
Cloud Storage
& Encryption
Gateways
ProtectApp ProtectFile ProtectDB StorageSecure ProtectV™Ethernet
Encryption
Tokenization
Manager
18/05/2017GDPR Explained45
Summary
GDPR EXPLAINED
18/05/2017GDPR Explained46
Crypto
Management
Key
Manager
HSM
Crypto
Provisioning
System
SECURE &
MANAGE KEYS
3
Applications
SaaS
Apps
Internal Users +
Administrators
Cloud Providers
Admins/Superuse
rs
Internal Users +
Administrators
Cloud Providers
Admins/Superuse
rs
Strong Authentication
CONTROL
ACCESS
Internal Users +
Administrators
Cloud Providers
Admins/Superusers
Customers +
Partners
1
Summary
File Servers
Database
s
Virtual Machines
Storage Networks Physical Data Virtual Data Data in the Cloud
ENCRYPT THE DATA
Data at Rest Encryption Data in Motion Encryption2
18/05/2017GDPR Explained47
400+Authentication
Integrations
300+HSM
Integrations
30+KeySecure
Integrations
35+Crypto
Integrations
18/05/2017GDPR Explained48
+300HSM
Integrations
400+Authentication
Integrations
300+HSM
Integrations
30+KeySecure
Integrations
35+Crypto
Integrations
18/05/2017GDPR Explained49
+300HSM
Integrations
400+Authentication
Integrations
300+HSM
Integrations
30+KeySecure
Integrations
35+Crypto
Integrations
18/05/2017GDPR Explained50
400+Authentication
Integrations
300+HSM
Integrations
30+KeySecure
Integrations
35+Crypto
Integrations
18/05/2017GDPR Explained51
Questions?
GDPR EXPLAINED
18/05/2017GDPR Explained52
Thank you
GDPR EXPLAINED
18/05/2017GDPR Explained53
![[GDPR Webinar Slides] Path to GDPR Compliance](https://img.pdfslide.us/doc/110x75/586fe3d11a28ab18428b80f7/gdpr-webinar-slides-path-to-gdpr-compliance.jpg)
