Senior Director - Security Architecture, WSO2

General Data Protection Regulation (GDPR) for Identity Architects

Prabath Siriwardena

GDPR OVERVIEW

14

15

DATA PROTECTION IMPACT ASSESSMENT (DPIA)

● Following activities are required to have a DPIA○ Processing of special categories of personal data at large scale.○ Core business activities consist of systematic monitoring of the data subject at

large scale.○ Monitoring of publicly accessible areas at a large scale

16

17

18

19

DATA PROCESSING RECORD (CONTROLLER)

● Name and contact details of controllers, the representatives, and data protection officer.

● Purposes of processing● Description of the categories of data subjects and categories of personal data.● The categories of recipients to whom the personal data have need or will be

disclosed.● Transfers of personal data to a third country/international organization.● Time limits for the erasure of the different data categories.● General description of the technical and organizational security measures.

20

21

DATA PROCESSING RECORD (PROCESSOR)

● Name and contact details of controllers, the representatives, and data protection officer.

● Categories of processing● Transfers of personal data to a third country/international organization.● General description of the technical and organizational security measures.

22

23

24

25

26

27

28

29

DATA SUBJECT’S RIGHTS

31

32

33

34

35

36

37

IAM DESIGN PRINCIPLES AND

BEST PRACTICES

39

40

41

42

FACEBOOK COOKIE POLICYhttps://www.facebook.com/policies/cookies/

43

GOOGLE COOKIE POLICYhttps://www.google.com/policies/technologies/cookies/

44

45

FACEBOOK DATA USE POLICYhttps://www.facebook.com/full_data_use_policy

46

47

48

49

50

51

wso2.com

52