SlideShare a Scribd company logo

GDPR: Your Journey to Compliance

Cobweb, profile picture
Cobweb

The document provides an overview and agenda for a conference on achieving compliance with the General Data Protection Regulation (GDPR). It discusses key aspects of GDPR compliance including identifying personal data, data subject rights, security requirements, international data transfers, and remedies for non-compliance. Various vendors also present on how their products can help organizations meet GDPR requirements through features such as digital consent management and customizable reporting on personal data. An example case study highlights how one company used DocuSign to address challenges around manual processes, GDPR readiness, and security of personal information.

Technology
1 of 118
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
Welcome to GDPR: Your Journey to Compliance Thursday 2 November 2017, 14:00-17:15 Microsoft UK, Paddington, London
Welcome & Introduction Michael Frisby, Cobweb MD GDPR: Your Journey to Compliance
Location Identifying existing personal data held across the business Governance Managing data subject access rights, data storage and use Security Protecting against vulnerabilities and breach Reporting For data requests, breaches, and accountability Achieving GDPR Compliance
Process track Technical track ----------Define the requirement Create the plan Helping You Achieve Compliance GDPR Webinars GDPR Workshops GDPR Healthcheck GDPR Assessments Implementation Clinics Virtual Services
GDPR: Your Journey to Compliance Agenda 13:45-14:00 REGISTRATION 14:00-14:15 Welcome & Introduction Michael Frisby, Cobweb MD 14:15-14:45 Introduction to GDPR Sean Huggett, Cybercrowd, CEO & Consultant 14:45-15:00 DocuSign and GDPR Jacqueline de Gernier, AVP Commercial Sales 15:00-15:30 Microsoft and GDPR Jonathan Burnett and Samantha Garrett, Partner Technology Strategists 15:30-15:45 TEA AND PASTRIES 15:45-16:00 TermSet and GDPR Stewart Connors, Head of Customer & Partner Success 16:00-16:15 Acronis and GDPR Ronan McCurtin, Senior Sales Director Northern Europe 16:15-16:30 Mimecast and GDPR David Tweedale, Team Leader 16:30-16:45 QGate and GDPR Rowland Dexter, Managing Director 16:45-17:15 Panel Interview Sean Huggett (Cybercrowd), Jonathan Burnett (Microsoft), Michael Olpin (Cobweb) Cobweb GDPR Support Package GDPR Health Check ‘Raffle’ Closing Thoughts
Introduction to GDPR Sean Huggett, Cybercrowd, CEO and Consultant GDPR: Your Journey to Compliance
• Came in to force on 24th May 2016 – enforceable from 25th May 2018 • EU Regulation – has direct effect – no local legislation required • Replaces the Data Protection Act 1998 - transposed into law from Data Protection Directive 1995 • Aims to support the digital single market and give data subjects control over their personal data • Wide scope & coverage • Guidance on interpretation and compliance still being developed • UK Government has confirmed applicability in UK notwithstanding Brexit Introduction to GDPR
Key Definitions Data Controller • “the natural or legal person… which … determines the purpose and means of the processing of personal data” Data Processor • “a natural or legal person… which processes personal data on behalf of the controller” Data Subject • “an identified or identifiable natural person” Personal Data • “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data….” Processing • “any operation or set of operations which is performed on personal data or on sets of personal data whether or not by automated means, such as collection, recording, organisation, structuring, storage…”
Six Data Protection Principles & Accountability • Six data protection principles – overview of your most important duties in complying with GDPR • Introduces ‘accountability principle’ – Data Controllers responsible for being able to demonstrate compliance with the six principles processed lawfully, fairly and transparently collected for specified, explicit & legitimate purposes adequate, relevant & limited to what is necessary for processing accurate and kept up to date kept only for as long as is necessary for processing processed in a manner that ensures its security 1 2 3 4 5 6 Personal Data shall be: ACCOUNTABILITY
Data Subject Rights Rights to: • Information - think about Privacy Notices • Access - think about Subject Access Requests • Object to Processing • Rectification • Erasure – ‘right to be forgotten’ • Restrict Processing • Data Portability
Obligations & International Transfers Obligations • Data Protection Officers (DPO) • Data Protection Impact Assessments (DPIA) • Data Protection by Design and by Default • Controller & Processor Records • Security of Processing • Breach Notification • Processor contracts with guarantees that processing will meet the requirements of GDPR International Transfers – Restricted & Regulated – Conditions to be Met • Basis of Adequacy • Appropriate Safeguards • Binding Corporate Rules (BCRs) • International Cooperation Mechanisms: EU-US Privacy Shield
Remedies & Liabilities Liabilities • Administrative Fines – ‘Effective, Proportionate & Dissuasive’ o Higher of 4% of global turnover or €20m for top tier infringements o Higher of 2% of global turnover or €10m for lower tier infringements • Warning of likely infringement • Reprimand for infringement • Others, including: order data breach communication, order limitations on processing, order rectification/restriction/erasure Data Subject Remedies • Right to judicial remedy where their rights have been infringed as a result of the processing of personal data • Right to compensation – data subjects who have suffered material or non-material damage • Controller & Processor joint and several liability • Collective claims / class-action type litigation possible – higher litigation risks
Some Practical Steps 1. Understand Personal Data You Hold: • Data mapping – identify Personal Data held, how it was/is collected, data flows, who has access, where it is stored etc. • Apply the 6 Principles to the Personal Data you hold. • Assess the risks to rights and freedoms of data subjects associated with your processing / the personal data you hold. • Identify transfers to 3rd countries. 2. Review 3rd Party Relationships: • Identify your 3rd party processors. • Review the contracts, bring them into compliance – including cloud service providers.
3. Document Your Processing Activities: • Put the required documentation in place – records of processing activities, records of consent etc. • Document how you comply with GDPR – demonstrate you are consistently applying best practice. 4. Apply Technical and Organisational Measures: • Implement strong information governance measures, including policies and procedures covering: o Data protection o Information security o Breach response and notification • Adopt a ‘Cyber Resilience’ approach covering People, Process & Technology in line with best practice. • Implement an ISMS / PIMS / Compliance Framework – apply best practice and certify where appropriate Some Practical Steps
Thank you Speak to a member of the Cobweb team if you’d like to know more!
DocuSign and GDPR GDPR: Your Journey to Compliance Jacqueline de Gernier, AVP Commercial Sales
Getting to Grips with the GDPR: How to Fast-Track Your Compliance
Introduction to DocuSign
14+ Years Innovation Highest level certifications 188 Countries 43 Languages 13 Offices 5 Continents 300k+ corporate customers 200 million total users #1 Analyst rated
Trust Legal & Compliance Bank-Grade Security & Encryption Platform & Scalability Capabilities & Usability Mobile Customer Success Programmes Experience The DocuSign Difference Why customers choose DocuSign Partners & Integrations Global #1 APIs Choice
Financial Services Insurance High Tech Communications /Media Pharmaceutical Real Estate Consumer Everywhere
Sales Experience Significantly improved Procurement 50x faster Contract signing “It speeds up the process and makes it more compliant” HR 10 minutes Fastest contract returned “DocuSign has revolutionised how we send out HR contracts at E.ON” Customer Success Use case Use case Use case “Steps that previously took days through post now take minutes”
GDPR - Changes to Consent
Demanding requirements for consent Under the GDPR, consent must be: • Freely given • Specific • Informed • Unambiguous "Consent should be given by a clear affirmative act … such as by a written statement, including by electronic means, or an oral statement… Silence, pre-ticked boxes or inactivity should not therefore constitute consent." (Recital 32)
Consent will often be required When collecting an individual’s personal information relating to: • Using an individuals sensitive personal information • Sending an individual e-marketing • Sharing an individual’s personal information with independent third parties
Consent must be verifiable Businesses must be able to prove that it obtained the individual's consent, requiring businesses to maintain consent records that can be checked to verify: 1. That the individual has consented; 2. What they consented to, and; 3. When they consented Individuals "shall have the right to withdraw his or her consent at any time… It shall be as easy to withdraw consent as to give consent." (Art 7(4))
Common consent challenges • Marketing / Sales – Personal information for e-marketing purposes • HR – Personal information for a job application or for the provision of employee benefits • Healthcare – Personal information for the purpose of medical studies and clinical trials • Online – Consenting to the use cookies and similar tracking technologies
Re-contracting with Suppliers Business must ensure: • Legacy vendors move to new, GDPR-compliant, data protection terms • Future vendors are also signed up to GDPR-compliant terms
How DocuSign can be part of a GDPR Consent solution
Business
Consumers Customers Partners Suppliers Employees Business
Disconnected Systems Manual Processes Fragmented Policies Consumers Customers Partners Suppliers Employees Business
Consumers Customers Partners Suppliers Employees Business Digital consent
GDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Bespoke reports for GDPR and the data can be extracted
Case Study: Filestream Company’s Top Challenges • Manual processes – contracts require manual chasing to fulfill terms and conditions • Not GDPR-ready – holding of personal data is not currently compliant with legislation • Inadequate security – Information sent over email is not as secure as it could be Reasons for Choosing DocuSign • Security standards – DocuSign meets and exceeds some of the most stringent US, EU, and global security standards • Commitment to compliance – DocuSign is actively monitoring regulator guidance and interpretations of key GDPR requirements • Digitising process – digital signatures remove need to print and scan paper documents The Key Benefits • Quicker signing process – turnaround time is now 40 times faster • Customer consent – DocuSign’s tools are being utilised to be ready for new legislation coming into force in May 2018 • Data protection – personal data is protected whenever a third-party comes in contact with it “I wouldn’t choose any other partner but DocuSign for ease and security – Paul Day, Technical Director, Filestream EXECUTIVE OVERVIEW TOP BENEFITS ACHIEVED Company: Filestream Headquarters: Berkshire, UK Founded: 2003 Industry: Software Website: www.filestreamsystems.co.uk Partners: DocuSign Use Case: Sales ABOUT 45 minutes Contract turnaround time 40 x faster Quicker signing experience GDPR-ready DocuSign tools being used for compliance
Thank you Email: Jacqueline.degernier@docusign.com GDPR Seminar – 9th Nov 5pm – 7pm ETC Venues, Fenchurch Street discover.docusign.co.uk/best-practices-for-gdpr
Microsoft and GDPR General Data Protection Regulation Jonathan Burnett, Partner Technology Strategist Samantha Garrett, Partner Technology Strategist GDPR: Your Journey to Compliance
What are the key changes to address the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Organizations will need to: • Train privacy personnel & employee • Audit and update data policies • Employ a Data Protection Officer (if required) • Create & manage compliant vendor contracts Organizations will need to: • Protect personal data using appropriate security • Notify authorities of personal data breaches • Obtain appropriate consents for processing data • Keep records detailing data processing Individuals have the right to: • Access their personal data • Correct errors in their personal data • Erase their personal data • Object to processing of their personal data • Export personal data Organizations are required to: • Provide clear notice of data collection • Outline processing purposes and use cases • Define data retention and deletion policies
How do I get started? Identify what personal data you have and where it resides Discover1 Govern how personal data is used and accessed Manage2 Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches Protect3 Keep required documentation, manage data requests and breach notifications Report4
GDPR: Your Journey to Compliance
Discover: Identify what personal data you have and where it resides In-scope: • • • • • • • • • • Inventory: • • • • • • • Microsoft Azure Microsoft Azure Data Catalog Enterprise Mobility + Security (EMS) Microsoft Cloud App Security Dynamics 365 Audit Data & User Activity Reporting & Analytics Office & Office 365 Data Loss Prevention Advanced Data Governance Office 365 eDiscovery SQL Server and Azure SQL Database SQL Query Language Windows & Windows Server Windows Search Example solutions 1
2 Example solutions Manage: Data governance: • • • • • • • • Data classification: • • • • • • • Microsoft Azure Azure Active Directory Azure Information Protection Azure Role-Based Access Control (RBAC) Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Security Concepts Office & Office 365 Advanced Data Governance Journaling (Exchange Online) Windows & Windows Server Microsoft Data Classification Toolkit
3 Example solutions Protect: Preventing data attacks: • • • • • • • • Detecting & responding to breaches: • • • • • • Microsoft Azure Azure Key Vault Azure Security Center Azure Storage Services Encryption Enterprise Mobility + Security (EMS) Azure Active Directory Premium Microsoft Intune Office & Office 365 Advanced Threat Protection Threat Intelligence SQL Server and Azure SQL Database Transparent data encryption Always Encrypted Windows & Windows Server Windows Defender Advanced Threat Protection Windows Hello Device Guard
4 Example solutions Record-keeping: • • • • • Reporting tools: • • • • • • Microsoft Trust Center Service Trust Portal Microsoft Azure Azure Auditing & Logging Azure Data Lake Azure Monitor Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Reporting & Analytics Office & Office 365 Service Assurance Office 365 Audit Logs Customer Lockbox Windows & Windows Server Windows Defender Advanced Threat Protection Report:
GDPR Resources Microsoft Whitepaper on "Beginning your GDPR Journey" Microsoft.com/GDPR servicetrust.microsoft.com aka.ms/GDPRblogpost Data Breach
Management 2. Data Encryption 3. Phishing Protection 4. 2 Factor Authentication 5. Cloud Application Security 6. Mobile Security Risk Mitigation Suggestions
GDPR: Your Journey to Compliance
15:30-15:45 Tea & Pastries GDPR: Your Journey to Compliance
TermSet and GDPR Stewart Connors, Head of Customer & Partner Success GDPR: Your Journey to Compliance
GDPR Automate the process for discovering Personal Identifiable Information (PII)
The Challenge External • GDPR will require all EU organisations to focus on discovering PII on behalf customers & former employees • “Subject Access Request” is not new and will continue • “Right to be Forgotten” is new & will force organisations to collect all the digital information they hold Internal • Organisations information is held multiple IT systems • Also non approved IT systems (shadow IT/BYOD) • Information is typically held in documents that are structured and un structured • Discovering PII is currently a manual process • This will costs organisations time and money • “Subject Access Request” Ongoing breaches & Fines • 49% of organisations had a document breach in the past 2 years* • 73% of employees are accidentally exposing information stored within documents* • 63% of organisation’s claim they are unable to locate sensitive data stored in documents* *Information taken from the Ponemon Institute Research report May 2017.
ScanR Generate Reports Discover PII in Office docs, PDF, OCR on the fly. Multiple Systems The Solution Identify and retrieve GDPR Personal Identifiable Information within documents stored in multiple systems.
Product overview ScanR
Connect to SharePoint, a File Share or other systems Documents where we wish to determine if they contain sensitive data
Choose the types of information you would like to discover • Over 100 pre-defined rules or you can make your own • Artificial Intelligence for Pattern Matching
Documents Marked in place or reports produced
Three data sources read ~19k Documents read with 79% containing PII data Breakdown of what PII data is contained where Locations of the sensitive data Which systems contain the most sensitive data Overview Dashboard
Search for information across your data sources Immediately see the records that match Understand the types of data that contain the information Query engine
11 Chapters with 99 Articles http://www.eugdpr.org/article-summaries.html ScanR will help you comply with Articles: 5, 15, 16, 17, 18, 20, 24, 30, 32, 35, 42, 44, 45. • Gain understanding of the where the PII data is located • Gain an understanding of who has access to it • Gain an understanding of how long it’s being retained • Retain personal data for a period of time directly related to the original intended purpose • Find risky files and take action • Manage a Subject Access Request • Request a port of the data • Request a correction to the data • Request deletion of the data Articles Contained in the GDPR
Summary ScanR • Automate the process for discovering PII • Quickly respond to “Subject Access Request” & “Right to be Forgotten” • Comply with over 10 of the 99 Articles Next Step • Free trial up to 1,000 documents
www.termset.com stewart@termset.com
Thank you Speak to a member of the Cobweb team if you’d like to know more!
Acronis and GDPR Ronan McCurtin, Senior Sales Director Northern Europe GDPR: Your Journey to Compliance
Where Acronis supports GDPR compliance • Key activities • Privacy impact assessment • Data access governance • Data breach notification / resolution • Secure storage of active data • Archiving and deleting Acronis Backup Acronis Storage Acronis Backup Cloud Acronis Disaster Recovery Service
Requirements for GDPR-compliant backup and storage 1 Requirement Desirable features GDPR recitals supported Control data storage location • Reporting for compliance • 101: General principles for international data transfers Encrypt data securely • Encryption on the device, in transit, and at rest • 78: Appropriate technical and organizational measures • 83: Security of processing Browse backups • Drill-down to easily find required data • 63: Right of access • 65: Right of rectification and erasure Modify personal data • Easy modification if requested by data subject • 59 Procedures for the exercise of the rights of the data subjects • 63: Right of access • 64: Identity verification • 65: Right of rectification and erasure Export data in a common format for easy data portability • ZIP archive for easy portability • 68: Right of data portability Recover data quickly • Acronis Instant Restore to deliver 15-second recover time objectives (RTOs) • 78: Appropriate technical and organizational measures
Requirements for GDPR-compliant backup and storage 2 Requirement Desirable features GDPR recitals supported Minimize compulsory data breach reporting • Proactive prevention of malware damage to files • Specific protection of the Acronis Backup agent to prevent data breach of backups 85: Notification obligation of breaches to supervisory authority 86: Notification of data subjects in the case of data breaches 87: Promptness of reporting / notification 88: Format and procedures of the notification Blockchain-based data certification • Acronis Notary validation of the authenticity and integrity of backups 78: Appropriate technical and organizational measures Backup retention, deletion • Flexible setting of retention time of data, archival rules, etc. • Ability to delete backup at any moment 66: Right to be forgotten Logs availability • Logging of operations with data 82: Record of processing activities [correct?] Role-based access • Multilayered and highly customizable data access rights 63: Right of access [correct?] Risk management control • Very flexible backup and Active Protection 84: Risk evaluation and impact assessment [correct?]
What to look for in GDPR-compliant backup and storage • Data subject control of data storage location • Individual must have final say as to where personal data is stored: on-premises or in a specific EU-based data center • Data encryption • Strong data encryption on-device, in transit and in the cloud • And entirely automated encryption process, with the data subject as the sole holder of the decryption key, meeting GDPR data security requirements
What to look for in GDPR-compliant backup and storage • Ability to search data inside backups • Ability to drill down through backups, making it easy to find required information on behalf of data subjects • Ability to modify personal data • Easy way to modify personal data if and when requested by data subjects
What to look for in GDPR-compliant backup and storage • Data export in a common format • Ability to export personal data in a common and easily usable format (e.g., ZIP archives) to meet the GDPR data portability requirements • Quick data recovery
• Flexible setting of retention time of data, archival rules, etc. • Extensive logging • Multilayered and highly customizable data access rights How Acronis helps your company achieve GDPR compliance
How Acronis helps your company achieve GDPR compliance • Active Protection against ransomware • Proactively preventing breaches is easier and more cost- effective suffering breaches and doing the mandatory incident reporting • Acronis Active Protection™ detects and blocks ransomware attacks and instantly restores any affected data • Blockchain-based data certification • Acronis Notary™ provides immutable proof of the integrity of protected data using Blockchain technology
With an economic incentive to it, new Ransomware families appeared fast… Source: F-Secure
Ransomware Big Trends Advancing into new operating systems Advancing into new platforms and devices Ransomware-as-a-Service Advanced attack techniques
Trend 4: Advanced attack techniques 2010 Detection of non-signed files 2014 Protection for Windows only 2016 Detection by checking file type/header 2016 Detection of executable files 2016 Detection in running Windows system Malware signed by stolen certificate Injects into system processes and acts on their behalf Attacks Mac OS X and Linux Only body of the file is encrypted Uses scripts and non- malicious executables Infects before Windows starts 2014 Exclude know legitimate system files 2017 Use of Backup to protect against Ransomware Attacks & Encrypts different backup files Next Generation Ransomware families targeting Backup software
Ransomware evolves…
… Data Protection evolves too Acronis CustomersAcronis Labs Infected and clean processes farms Provides processes behavior data Updated knowledge base Acronis Learning Service Acronis Cloud Brain Model training, parameters optimization You are protected even without Internet Acronis Local Knowledge Base Acronis Active Protection 2.0: Learning Infrastructure
Complete protection against modern techniques 2016 Detection by checking file type/header Only body of the file is encrypted Entropy measurement 2010 Detection of non- signed files 2014 Protection for Windows only 2016 Detection of executable files 2016 Detection in running Windows system Malware signed by stolen certificate Injects into system processes and acts on their behalf Attacks Mac OS X and Linux Uses scripts and non-malicious executables Infects before Windows starts 2014 Exclude know legitimate system files Checks for injections in system processes (with Machine Learning) Protection Windows, Mac and Linux Both executable and scripts detection Pre-Boot anti- ransomware protection Compromised signatures check Acronis Active ProtectionTM 2017 Use of Backup to protect against Ransomware Attacks & Encrypts different backup files
Acronis Notary powered by Blockchain Ensuring that data is authentic and unchanged “Acronis Notary assures that files are unchanged since they were backed up.” Have confidence of data authenticity •A public, secure Blockchain ledger verifies the authenticity of files •Backup enables the recovery of the original document •Acronis Notary provides mathematical assurance that the contents of a file perfectly match the original contents that were backed up
Thank you Speak to a member of the Cobweb team if you’d like to know more!
Mimecast and GDPR Data Protection and Data Management David Tweedale – Team Leader GDPR: Your Journey to Compliance
© 2017 Mimecast.com All rights reserved.84 Data Protection Securing personal and sensitive information Data ManagementData Protection Anti Malware Data Leak Prevention Encryption Breach Notifications
© 2017 Mimecast.com All rights reserved.85 Spear-phishing credentials to exploit point-of-sale systems Used as stepping stone onto victims network Compromised point of sale systems Customer data stolen, including credit card details Large GDPR Fine and costs to investigate and remediate Access gained via spear-phishing attack on a sub-contractor
© 2017 Mimecast.com All rights reserved.86 Type of attacks: • Weaponised attachments • Malicious URLs • Malware-less attacks • Ransomware • Phishing • Insiders Key Strategies • Multi Layered Approach • User Awareness • Advanced Threat Protection • Logging and monitoring of internal user activities • Protected, plan B email route and access Malware can have a devastating impact on organizations contributing to significant GDPR fines related to data lossAnti Malware Technology capabilities: Data protection
© 2017 Mimecast.com All rights reserved.87 Data leaked by disgruntled employee Employee emails copy of client database to personal mail account Data collected by the company is now compromised. Customer sensitive data leaked. GDPR fine imposed. Disgruntled employee wants to leave and cause damage to the business
© 2017 Mimecast.com All rights reserved.88 Data Leak Prevention (DLP) Technology capabilities: Data protection How is data leaving the organization? • Internal department leakage • Email attachments • Shadow IT Key Strategies • Internal communications DLP • Outbound mail inspection • Corporate data sharing • Secure messaging channel Data Loss Protection (DLP) tools prevent inadvertent data breaches by blocking emails containing personal data
© 2017 Mimecast.com All rights reserved.89 Encryption Technology capabilities: Data protection Where is data encrypted? • Data stored in applications • Laptops/Mobile Devices? • Email archives Key Strategies • Secure storage of data • Secure transfer of data • Secure data in transit • Limit data on portable devices Encryption of data in systems and applications reduces the potential impacts of a data breach
© 2017 Mimecast.com All rights reserved.90 Breach Notifications Technology capabilities: Data protection Key Information required? • Analysis of breach • Mitigate negative consequences • Alert data protection officer Key Strategies • Gather data from Security Incident and Event Monitoring (SIEM) system • Identify location of data breach • Identify if personal data was leaked • Mitigate negative effects Organizations have 72 hours to notify relevant authorities once a data breach is discovered
© 2017 Mimecast.com All rights reserved.91 Data Management Supporting access rights of individuals Data ManagementData Protection Anti Malware Data Leak Prevention Encryption Breach Notifications Search and Discovery Secure Repository Chain of Custody Access Control
© 2017 Mimecast.com All rights reserved.92 GDPR – Subject Access Request and Data Portability IT Administrator searches across data repositories Results validated/reviewed Secure transmission of data to data subject Data Subject requests access to data stored on them
© 2017 Mimecast.com All rights reserved.93 Subject Access Requests (SAR) Technology capabilities: Data management What is the impact? • Requests need to be handled quickly • Accurate personal data and additional information • Availability in electronic format Key Strategies • Locate requested personal information quickly • Prepared response templates • Employee training to handle SARs • Self-service portal for SARs Individuals have the right to obtain confirmation that their personal data is being processed
© 2017 Mimecast.com All rights reserved.94 Data Portability Technology capabilities: Data management What is the impact? • Exports need to be timely • Useable format • Safe delivery of that export? Key Strategies • Data must be structured, searchable • Exports to common formats • Ensure the safe delivery of exported data • Subject review and confirm data required Individuals have the right to request an export of their data a format that can be given to another vendor or service
© 2017 Mimecast.com All rights reserved.95 GDPR – Right To Be Forgotten IT Administrator searches across data repositories Time consuming Confirmation given that data is erased Data Subject requests all personal data to be erased
© 2017 Mimecast.com All rights reserved.96 Right To Be Forgotten Technology capabilities: Data management What is the impact? • Complete erasure • Across all systems • Unless overriding policy is in place Key Strategies • Data must be structured, searchable • Dynamic data adjustments • Retention management • Auditable deletion • Ability to review prior to deletion Individuals have the right to request erasure of their personal data held by a data controller (subject to conditions)
© 2017 Mimecast.com All rights reserved.97 Mimecast Solution Simplifying GDPR Compliance for Email Data Management Search and Discovery Secure Repository Chain of Custody Access Control Secure Messaging Advanced Threat Security Mimecast Cloud Archive DLP & Content Security API RBAC & Data Guardian Large File Send Mailbox Continuity Archive Power ToolsSearch and Review Data Protection Anti Malware Data Leak Prevention Encryption Incident Management Mime | OS
© 2017 Mimecast.com All rights reserved.98 You need technology that provides the best possible multi- layered protection PREVENT You need to control, protect, find and access data effectively MANAGE You need to sustain compliance support at all times MAINTAIN Email Cyber Resiliencefor GDPR
Thank you Speak to a member of the Cobweb team if you’d like to know more!
QGate and GDPR Paribus Discovery - One Small Step… Rowland Dexter, Managing Director GDPR: Your Journey to Compliance
Who are QGate • A Dynamics 365 implementation partner (UK HQ), est. 1997 • Working with Dynamics CRM since V4 (2007) • ISV solutions are a key part of our company strategy • Partner friendly established reseller program
The Problem Duplicate Data • A primary element of poor data quality • However, in regards to GDPR specifically • How do you manage personal data when you have multiple instances of the same person • Rob Dixon • Bob Dickson • Robert Dicksen • Dixon R A recent QGate audit showed an average of 7.2 % duplication in CRM
The Solution Paribus Discovery A batch tool which IDENTIFIES duplicate data within any SQL based data source
The Paribus Match Engine Phonetic Data Matching • Foto Centre, Photo Center • Kris Dixon, Chris Dickson, Criss Dicksen • Cheryl Wiatt, Sheryl Wyiatt, Sherril Wyatt Synonyms & Abbreviations & Acronym Matching • Robert, Bob, Bobbie, Rob, Robbie, Roberto • William, Will, Willy, Bill, Billy • Richard, Rich, Ric, Dick, Ricky • International Business Machines, IBM, I.B.M Data Sequence Variation • Florida University, University of Florida • Arizona 1st National Bank, First National Bank of Arizona • 123 (Flat A) Acacia Avenue, Flat A – 123 Acacia Avenue Data Segmentation • QGate Software, Q Gate Software Q-Gate Software • GuideMark, Guide Mark, Guide-Mark • 3Com, 3 Com, 3-Com Gender Analysis • Paul v Paula • Daniel v Danielle • Jo v Joe • Andy v Andie
The Paribus Match Engine  Bill Dixon  Marketing Manager  1st National Bank of Arizona  123 Flat A Acacia Avenue Phoenix Arizona CRM Contact  William Dickson  Manager of Marketing  First Bank of Arizona  (Flat A) 123 Acacia Avenue Phoenix AZ CRM Contact  Billy Dicksen  Marketing Director  1st Bank of National Arizona  123 Acacia Avenue (Flat A) Phoenix Arizona CRM Contact
Paribus Discovery - Identify A business user can then: • Review & confirm the matches • Review & confirm the primary/master record
Paribus Discovery - Resolve The CRM admin user then: • Uses the plugin to execute the merge/purge process Dedicated Paribus for Microsoft Dynamics CRM plugin responsible for the data cleansing (data merging, purging and consolidation) of CRM data. Paribus CRM Plugin
GDPR: Your Journey to Compliance
Paribus Interactive The user does what they do today, just enter data As they do, Paribus Interactive searches for potential duplicates and highlights the possibility The more information entered the search is refined
Paribus Interactive Note the results are from multiple entities To see the results click here Can navigate direct to the record
Summary Paribus Discovery INDENTIFIES Duplicate data Within Dynamics 365 able to REMOVE (merge/purge) Open API to build your own removal process Plugin Export results to feed into an external process Paribus Interactive for Dynamics 365 Ahosted SaaS based service providing fuzzy SEARCH and LOOKUP function. www.paribuscloud.com info@paribuscloud.com Rowland.dexter@qgate.co.uk
Thank you Speak to a member of the Cobweb team if you’d like to know more!
Panel Interview Host – Caroline Wigley (Cobweb), Sean Huggett (Cybercrowd), Jonathan Burnett (Microsoft), Michael Olpin (Cobweb Finance Director) GDPR: Your Journey to Compliance
Closing Thoughts GDPR: Your Journey to Compliance
Process track Technical track ----------Define the requirement Create the plan Helping You Achieve Compliance GDPR Webinars GDPR Workshops GDPR Healthcheck GDPR Assessments Implementation Clinics Virtual Services
1-day free GDPR health check (worth £1,200) … GDPR: Your Journey to Compliance …the result
Thank you to our presenters GDPR: Your Journey to Compliance
Thank you for attending GDPR: Your Journey to Compliance Speak to a member of the Cobweb team if you’d like to know more about GDPR!

More Related Content

PPTX
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
PPTX
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
IDERA Software
 
PDF
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
PDF
Getting Started with GDPR Compliance
DATAVERSITY
 
PPTX
Vuzion Love Cloud GDPR Event
Vuzion
 
PPTX
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
PPTX
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
PPTX
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
IDERA Software
 
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
Getting Started with GDPR Compliance
DATAVERSITY
 
Vuzion Love Cloud GDPR Event
Vuzion
 
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 

What's hot (19)

PPTX
GDPR Presentation slides
Naomi Holmes
 
PPTX
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
PDF
DAMA Ireland - GDPR
DAMA Ireland
 
PDF
VMTN6642E - GDPR Slide Deck
Kyle Davies
 
PDF
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
PPTX
Gdpr action plan - ISSA
Ulf Mattsson
 
PDF
GDPR changes affect direct marketing
Spotler
 
PPTX
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
PPTX
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
PDF
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
PDF
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
DATUM LLC
 
PDF
GDPR for Dummies
Caroline Boscher
 
PPTX
12 steps to gdpr compliance unleashed
Chris Gilmour
 
PPTX
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
PPTX
Teradata's approach to addressing GDPR
Paul O'Carroll
 
PPTX
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
CIO Edge
 
PPT
Building a register of data processing
Tim Gough
 
PDF
GDPR and Irish SMEs May 2017
Amarach Research
 
PDF
A practical guide to GDPR preparation
Promapp Solutions
 
GDPR Presentation slides
Naomi Holmes
 
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
DAMA Ireland - GDPR
DAMA Ireland
 
VMTN6642E - GDPR Slide Deck
Kyle Davies
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
Gdpr action plan - ISSA
Ulf Mattsson
 
GDPR changes affect direct marketing
Spotler
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
DATUM LLC
 
GDPR for Dummies
Caroline Boscher
 
12 steps to gdpr compliance unleashed
Chris Gilmour
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
Teradata's approach to addressing GDPR
Paul O'Carroll
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
CIO Edge
 
Building a register of data processing
Tim Gough
 
GDPR and Irish SMEs May 2017
Amarach Research
 
A practical guide to GDPR preparation
Promapp Solutions
 
Ad

Similar to GDPR: Your Journey to Compliance (20)

PDF
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
PDF
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
PPTX
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
Harrison Clark Rickerbys
 
PPTX
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
PDF
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
PPTX
GDPR Privacy Introduction
NiclasGranqvist
 
PPTX
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
BrightPay Payroll and Auto Enrolment Software
 
PDF
Gdpr for business full
Fionnuala Hendrick
 
PPTX
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 
PDF
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
PPTX
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
PPTX
Prepare Your Firm for GDPR
MyComplianceOffice
 
PPTX
GDPR in the Healthcare Industry
EMMAIntl
 
PDF
What's Next - General Data Protection Regulation (GDPR) Changes
Ogilvy Consulting
 
PPTX
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
PPTX
My presentation- Ala about privacy and GDPR
zayadeen2003
 
PPTX
3A – DATA PROTECTION: ADVICE
CFG
 
PPTX
What does GDPR mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
PPTX
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
PPTX
Scott Appleton: GDPR - Big Bang or Data Evolution?
Emily Jones
 
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
Harrison Clark Rickerbys
 
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
GDPR Privacy Introduction
NiclasGranqvist
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
BrightPay Payroll and Auto Enrolment Software
 
Gdpr for business full
Fionnuala Hendrick
 
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
Prepare Your Firm for GDPR
MyComplianceOffice
 
GDPR in the Healthcare Industry
EMMAIntl
 
What's Next - General Data Protection Regulation (GDPR) Changes
Ogilvy Consulting
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
My presentation- Ala about privacy and GDPR
zayadeen2003
 
3A – DATA PROTECTION: ADVICE
CFG
 
What does GDPR mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
Scott Appleton: GDPR - Big Bang or Data Evolution?
Emily Jones
 
Ad

More from Cobweb (8)

PDF
Data for everyone! - Microsoft Power BI
Cobweb
 
PPTX
Inspirational Keynote Quotes - Microsoft Future Decoded 2015 "Technical Day"
Cobweb
 
PPTX
Unlock the power of the cloud
Cobweb
 
PPTX
Tim Holman, Director, 2-Sec - Cyber security, putting liberated technology ba...
Cobweb
 
PPTX
Paul Hannam, CEO, Cobweb - Welcome to the new Cobweb
Cobweb
 
PPTX
James Woudhuysen, Futurologist - The cloud - boosters, critics, winners and l...
Cobweb
 
PPT
Eric Benz, VP Global Payments, Bitreserve - Cloud banking for social empowerment
Cobweb
 
PPTX
Andy Cotgreave, Technology Evangelist, Tableau - Data = Art: What links the a...
Cobweb
 
Data for everyone! - Microsoft Power BI
Cobweb
 
Inspirational Keynote Quotes - Microsoft Future Decoded 2015 "Technical Day"
Cobweb
 
Unlock the power of the cloud
Cobweb
 
Tim Holman, Director, 2-Sec - Cyber security, putting liberated technology ba...
Cobweb
 
Paul Hannam, CEO, Cobweb - Welcome to the new Cobweb
Cobweb
 
James Woudhuysen, Futurologist - The cloud - boosters, critics, winners and l...
Cobweb
 
Eric Benz, VP Global Payments, Bitreserve - Cloud banking for social empowerment
Cobweb
 
Andy Cotgreave, Technology Evangelist, Tableau - Data = Art: What links the a...
Cobweb
 

Recently uploaded (20)

PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
 
PDF
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
PDF
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
 
PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
The Future of AI & Machine Learning.pptx
pritsen4700
 
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 

GDPR: Your Journey to Compliance

  • 1. Welcome to GDPR: Your Journey to Compliance Thursday 2 November 2017, 14:00-17:15 Microsoft UK, Paddington, London
  • 2. Welcome & Introduction Michael Frisby, Cobweb MD GDPR: Your Journey to Compliance
  • 3. Location Identifying existing personal data held across the business Governance Managing data subject access rights, data storage and use Security Protecting against vulnerabilities and breach Reporting For data requests, breaches, and accountability Achieving GDPR Compliance
  • 4. Process track Technical track ----------Define the requirement Create the plan Helping You Achieve Compliance GDPR Webinars GDPR Workshops GDPR Healthcheck GDPR Assessments Implementation Clinics Virtual Services
  • 5. GDPR: Your Journey to Compliance Agenda 13:45-14:00 REGISTRATION 14:00-14:15 Welcome & Introduction Michael Frisby, Cobweb MD 14:15-14:45 Introduction to GDPR Sean Huggett, Cybercrowd, CEO & Consultant 14:45-15:00 DocuSign and GDPR Jacqueline de Gernier, AVP Commercial Sales 15:00-15:30 Microsoft and GDPR Jonathan Burnett and Samantha Garrett, Partner Technology Strategists 15:30-15:45 TEA AND PASTRIES 15:45-16:00 TermSet and GDPR Stewart Connors, Head of Customer & Partner Success 16:00-16:15 Acronis and GDPR Ronan McCurtin, Senior Sales Director Northern Europe 16:15-16:30 Mimecast and GDPR David Tweedale, Team Leader 16:30-16:45 QGate and GDPR Rowland Dexter, Managing Director 16:45-17:15 Panel Interview Sean Huggett (Cybercrowd), Jonathan Burnett (Microsoft), Michael Olpin (Cobweb) Cobweb GDPR Support Package GDPR Health Check ‘Raffle’ Closing Thoughts
  • 6. Introduction to GDPR Sean Huggett, Cybercrowd, CEO and Consultant GDPR: Your Journey to Compliance
  • 7. • Came in to force on 24th May 2016 – enforceable from 25th May 2018 • EU Regulation – has direct effect – no local legislation required • Replaces the Data Protection Act 1998 - transposed into law from Data Protection Directive 1995 • Aims to support the digital single market and give data subjects control over their personal data • Wide scope & coverage • Guidance on interpretation and compliance still being developed • UK Government has confirmed applicability in UK notwithstanding Brexit Introduction to GDPR
  • 8. Key Definitions Data Controller • “the natural or legal person… which … determines the purpose and means of the processing of personal data” Data Processor • “a natural or legal person… which processes personal data on behalf of the controller” Data Subject • “an identified or identifiable natural person” Personal Data • “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data….” Processing • “any operation or set of operations which is performed on personal data or on sets of personal data whether or not by automated means, such as collection, recording, organisation, structuring, storage…”
  • 9. Six Data Protection Principles & Accountability • Six data protection principles – overview of your most important duties in complying with GDPR • Introduces ‘accountability principle’ – Data Controllers responsible for being able to demonstrate compliance with the six principles processed lawfully, fairly and transparently collected for specified, explicit & legitimate purposes adequate, relevant & limited to what is necessary for processing accurate and kept up to date kept only for as long as is necessary for processing processed in a manner that ensures its security 1 2 3 4 5 6 Personal Data shall be: ACCOUNTABILITY
  • 10. Data Subject Rights Rights to: • Information - think about Privacy Notices • Access - think about Subject Access Requests • Object to Processing • Rectification • Erasure – ‘right to be forgotten’ • Restrict Processing • Data Portability
  • 11. Obligations & International Transfers Obligations • Data Protection Officers (DPO) • Data Protection Impact Assessments (DPIA) • Data Protection by Design and by Default • Controller & Processor Records • Security of Processing • Breach Notification • Processor contracts with guarantees that processing will meet the requirements of GDPR International Transfers – Restricted & Regulated – Conditions to be Met • Basis of Adequacy • Appropriate Safeguards • Binding Corporate Rules (BCRs) • International Cooperation Mechanisms: EU-US Privacy Shield
  • 12. Remedies & Liabilities Liabilities • Administrative Fines – ‘Effective, Proportionate & Dissuasive’ o Higher of 4% of global turnover or €20m for top tier infringements o Higher of 2% of global turnover or €10m for lower tier infringements • Warning of likely infringement • Reprimand for infringement • Others, including: order data breach communication, order limitations on processing, order rectification/restriction/erasure Data Subject Remedies • Right to judicial remedy where their rights have been infringed as a result of the processing of personal data • Right to compensation – data subjects who have suffered material or non-material damage • Controller & Processor joint and several liability • Collective claims / class-action type litigation possible – higher litigation risks
  • 13. Some Practical Steps 1. Understand Personal Data You Hold: • Data mapping – identify Personal Data held, how it was/is collected, data flows, who has access, where it is stored etc. • Apply the 6 Principles to the Personal Data you hold. • Assess the risks to rights and freedoms of data subjects associated with your processing / the personal data you hold. • Identify transfers to 3rd countries. 2. Review 3rd Party Relationships: • Identify your 3rd party processors. • Review the contracts, bring them into compliance – including cloud service providers.
  • 14. 3. Document Your Processing Activities: • Put the required documentation in place – records of processing activities, records of consent etc. • Document how you comply with GDPR – demonstrate you are consistently applying best practice. 4. Apply Technical and Organisational Measures: • Implement strong information governance measures, including policies and procedures covering: o Data protection o Information security o Breach response and notification • Adopt a ‘Cyber Resilience’ approach covering People, Process & Technology in line with best practice. • Implement an ISMS / PIMS / Compliance Framework – apply best practice and certify where appropriate Some Practical Steps
  • 15. Thank you Speak to a member of the Cobweb team if you’d like to know more!
  • 16. DocuSign and GDPR GDPR: Your Journey to Compliance Jacqueline de Gernier, AVP Commercial Sales
  • 17. Getting to Grips with the GDPR: How to Fast-Track Your Compliance
  • 19. 14+ Years Innovation Highest level certifications 188 Countries 43 Languages 13 Offices 5 Continents 300k+ corporate customers 200 million total users #1 Analyst rated
  • 20. Trust Legal & Compliance Bank-Grade Security & Encryption Platform & Scalability Capabilities & Usability Mobile Customer Success Programmes Experience The DocuSign Difference Why customers choose DocuSign Partners & Integrations Global #1 APIs Choice
  • 21. Financial Services Insurance High Tech Communications /Media Pharmaceutical Real Estate Consumer Everywhere
  • 22. Sales Experience Significantly improved Procurement 50x faster Contract signing “It speeds up the process and makes it more compliant” HR 10 minutes Fastest contract returned “DocuSign has revolutionised how we send out HR contracts at E.ON” Customer Success Use case Use case Use case “Steps that previously took days through post now take minutes”
  • 23. GDPR - Changes to Consent
  • 24. Demanding requirements for consent Under the GDPR, consent must be: • Freely given • Specific • Informed • Unambiguous "Consent should be given by a clear affirmative act … such as by a written statement, including by electronic means, or an oral statement… Silence, pre-ticked boxes or inactivity should not therefore constitute consent." (Recital 32)
  • 25. Consent will often be required When collecting an individual’s personal information relating to: • Using an individuals sensitive personal information • Sending an individual e-marketing • Sharing an individual’s personal information with independent third parties
  • 26. Consent must be verifiable Businesses must be able to prove that it obtained the individual's consent, requiring businesses to maintain consent records that can be checked to verify: 1. That the individual has consented; 2. What they consented to, and; 3. When they consented Individuals "shall have the right to withdraw his or her consent at any time… It shall be as easy to withdraw consent as to give consent." (Art 7(4))
  • 27. Common consent challenges • Marketing / Sales – Personal information for e-marketing purposes • HR – Personal information for a job application or for the provision of employee benefits • Healthcare – Personal information for the purpose of medical studies and clinical trials • Online – Consenting to the use cookies and similar tracking technologies
  • 28. Re-contracting with Suppliers Business must ensure: • Legacy vendors move to new, GDPR-compliant, data protection terms • Future vendors are also signed up to GDPR-compliant terms
  • 29. How DocuSign can be part of a GDPR Consent solution
  • 37. Bespoke reports for GDPR and the data can be extracted
  • 38. Case Study: Filestream Company’s Top Challenges • Manual processes – contracts require manual chasing to fulfill terms and conditions • Not GDPR-ready – holding of personal data is not currently compliant with legislation • Inadequate security – Information sent over email is not as secure as it could be Reasons for Choosing DocuSign • Security standards – DocuSign meets and exceeds some of the most stringent US, EU, and global security standards • Commitment to compliance – DocuSign is actively monitoring regulator guidance and interpretations of key GDPR requirements • Digitising process – digital signatures remove need to print and scan paper documents The Key Benefits • Quicker signing process – turnaround time is now 40 times faster • Customer consent – DocuSign’s tools are being utilised to be ready for new legislation coming into force in May 2018 • Data protection – personal data is protected whenever a third-party comes in contact with it “I wouldn’t choose any other partner but DocuSign for ease and security – Paul Day, Technical Director, Filestream EXECUTIVE OVERVIEW TOP BENEFITS ACHIEVED Company: Filestream Headquarters: Berkshire, UK Founded: 2003 Industry: Software Website: www.filestreamsystems.co.uk Partners: DocuSign Use Case: Sales ABOUT 45 minutes Contract turnaround time 40 x faster Quicker signing experience GDPR-ready DocuSign tools being used for compliance
  • 39. Thank you Email: [email protected] GDPR Seminar – 9th Nov 5pm – 7pm ETC Venues, Fenchurch Street discover.docusign.co.uk/best-practices-for-gdpr
  • 40. Microsoft and GDPR General Data Protection Regulation Jonathan Burnett, Partner Technology Strategist Samantha Garrett, Partner Technology Strategist GDPR: Your Journey to Compliance
  • 41. What are the key changes to address the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Organizations will need to: • Train privacy personnel & employee • Audit and update data policies • Employ a Data Protection Officer (if required) • Create & manage compliant vendor contracts Organizations will need to: • Protect personal data using appropriate security • Notify authorities of personal data breaches • Obtain appropriate consents for processing data • Keep records detailing data processing Individuals have the right to: • Access their personal data • Correct errors in their personal data • Erase their personal data • Object to processing of their personal data • Export personal data Organizations are required to: • Provide clear notice of data collection • Outline processing purposes and use cases • Define data retention and deletion policies
  • 42. How do I get started? Identify what personal data you have and where it resides Discover1 Govern how personal data is used and accessed Manage2 Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches Protect3 Keep required documentation, manage data requests and breach notifications Report4
  • 44. Discover: Identify what personal data you have and where it resides In-scope: • • • • • • • • • • Inventory: • • • • • • • Microsoft Azure Microsoft Azure Data Catalog Enterprise Mobility + Security (EMS) Microsoft Cloud App Security Dynamics 365 Audit Data & User Activity Reporting & Analytics Office & Office 365 Data Loss Prevention Advanced Data Governance Office 365 eDiscovery SQL Server and Azure SQL Database SQL Query Language Windows & Windows Server Windows Search Example solutions 1
  • 45. 2 Example solutions Manage: Data governance: • • • • • • • • Data classification: • • • • • • • Microsoft Azure Azure Active Directory Azure Information Protection Azure Role-Based Access Control (RBAC) Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Security Concepts Office & Office 365 Advanced Data Governance Journaling (Exchange Online) Windows & Windows Server Microsoft Data Classification Toolkit
  • 46. 3 Example solutions Protect: Preventing data attacks: • • • • • • • • Detecting & responding to breaches: • • • • • • Microsoft Azure Azure Key Vault Azure Security Center Azure Storage Services Encryption Enterprise Mobility + Security (EMS) Azure Active Directory Premium Microsoft Intune Office & Office 365 Advanced Threat Protection Threat Intelligence SQL Server and Azure SQL Database Transparent data encryption Always Encrypted Windows & Windows Server Windows Defender Advanced Threat Protection Windows Hello Device Guard
  • 47. 4 Example solutions Record-keeping: • • • • • Reporting tools: • • • • • • Microsoft Trust Center Service Trust Portal Microsoft Azure Azure Auditing & Logging Azure Data Lake Azure Monitor Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Reporting & Analytics Office & Office 365 Service Assurance Office 365 Audit Logs Customer Lockbox Windows & Windows Server Windows Defender Advanced Threat Protection Report:
  • 48. GDPR Resources Microsoft Whitepaper on "Beginning your GDPR Journey" Microsoft.com/GDPR servicetrust.microsoft.com aka.ms/GDPRblogpost Data Breach
  • 49. Management 2. Data Encryption 3. Phishing Protection 4. 2 Factor Authentication 5. Cloud Application Security 6. Mobile Security Risk Mitigation Suggestions
  • 51. 15:30-15:45 Tea & Pastries GDPR: Your Journey to Compliance
  • 52. TermSet and GDPR Stewart Connors, Head of Customer & Partner Success GDPR: Your Journey to Compliance
  • 53. GDPR Automate the process for discovering Personal Identifiable Information (PII)
  • 54. The Challenge External • GDPR will require all EU organisations to focus on discovering PII on behalf customers & former employees • “Subject Access Request” is not new and will continue • “Right to be Forgotten” is new & will force organisations to collect all the digital information they hold Internal • Organisations information is held multiple IT systems • Also non approved IT systems (shadow IT/BYOD) • Information is typically held in documents that are structured and un structured • Discovering PII is currently a manual process • This will costs organisations time and money • “Subject Access Request” Ongoing breaches & Fines • 49% of organisations had a document breach in the past 2 years* • 73% of employees are accidentally exposing information stored within documents* • 63% of organisation’s claim they are unable to locate sensitive data stored in documents* *Information taken from the Ponemon Institute Research report May 2017.
  • 55. ScanR Generate Reports Discover PII in Office docs, PDF, OCR on the fly. Multiple Systems The Solution Identify and retrieve GDPR Personal Identifiable Information within documents stored in multiple systems.
  • 57. Connect to SharePoint, a File Share or other systems Documents where we wish to determine if they contain sensitive data
  • 58. Choose the types of information you would like to discover • Over 100 pre-defined rules or you can make your own • Artificial Intelligence for Pattern Matching
  • 59. Documents Marked in place or reports produced
  • 60. Three data sources read ~19k Documents read with 79% containing PII data Breakdown of what PII data is contained where Locations of the sensitive data Which systems contain the most sensitive data Overview Dashboard
  • 61. Search for information across your data sources Immediately see the records that match Understand the types of data that contain the information Query engine
  • 62. 11 Chapters with 99 Articles http://www.eugdpr.org/article-summaries.html ScanR will help you comply with Articles: 5, 15, 16, 17, 18, 20, 24, 30, 32, 35, 42, 44, 45. • Gain understanding of the where the PII data is located • Gain an understanding of who has access to it • Gain an understanding of how long it’s being retained • Retain personal data for a period of time directly related to the original intended purpose • Find risky files and take action • Manage a Subject Access Request • Request a port of the data • Request a correction to the data • Request deletion of the data Articles Contained in the GDPR
  • 63. Summary ScanR • Automate the process for discovering PII • Quickly respond to “Subject Access Request” & “Right to be Forgotten” • Comply with over 10 of the 99 Articles Next Step • Free trial up to 1,000 documents
  • 65. Thank you Speak to a member of the Cobweb team if you’d like to know more!
  • 66. Acronis and GDPR Ronan McCurtin, Senior Sales Director Northern Europe GDPR: Your Journey to Compliance
  • 67. Where Acronis supports GDPR compliance • Key activities • Privacy impact assessment • Data access governance • Data breach notification / resolution • Secure storage of active data • Archiving and deleting Acronis Backup Acronis Storage Acronis Backup Cloud Acronis Disaster Recovery Service
  • 68. Requirements for GDPR-compliant backup and storage 1 Requirement Desirable features GDPR recitals supported Control data storage location • Reporting for compliance • 101: General principles for international data transfers Encrypt data securely • Encryption on the device, in transit, and at rest • 78: Appropriate technical and organizational measures • 83: Security of processing Browse backups • Drill-down to easily find required data • 63: Right of access • 65: Right of rectification and erasure Modify personal data • Easy modification if requested by data subject • 59 Procedures for the exercise of the rights of the data subjects • 63: Right of access • 64: Identity verification • 65: Right of rectification and erasure Export data in a common format for easy data portability • ZIP archive for easy portability • 68: Right of data portability Recover data quickly • Acronis Instant Restore to deliver 15-second recover time objectives (RTOs) • 78: Appropriate technical and organizational measures
  • 69. Requirements for GDPR-compliant backup and storage 2 Requirement Desirable features GDPR recitals supported Minimize compulsory data breach reporting • Proactive prevention of malware damage to files • Specific protection of the Acronis Backup agent to prevent data breach of backups 85: Notification obligation of breaches to supervisory authority 86: Notification of data subjects in the case of data breaches 87: Promptness of reporting / notification 88: Format and procedures of the notification Blockchain-based data certification • Acronis Notary validation of the authenticity and integrity of backups 78: Appropriate technical and organizational measures Backup retention, deletion • Flexible setting of retention time of data, archival rules, etc. • Ability to delete backup at any moment 66: Right to be forgotten Logs availability • Logging of operations with data 82: Record of processing activities [correct?] Role-based access • Multilayered and highly customizable data access rights 63: Right of access [correct?] Risk management control • Very flexible backup and Active Protection 84: Risk evaluation and impact assessment [correct?]
  • 70. What to look for in GDPR-compliant backup and storage • Data subject control of data storage location • Individual must have final say as to where personal data is stored: on-premises or in a specific EU-based data center • Data encryption • Strong data encryption on-device, in transit and in the cloud • And entirely automated encryption process, with the data subject as the sole holder of the decryption key, meeting GDPR data security requirements
  • 71. What to look for in GDPR-compliant backup and storage • Ability to search data inside backups • Ability to drill down through backups, making it easy to find required information on behalf of data subjects • Ability to modify personal data • Easy way to modify personal data if and when requested by data subjects
  • 72. What to look for in GDPR-compliant backup and storage • Data export in a common format • Ability to export personal data in a common and easily usable format (e.g., ZIP archives) to meet the GDPR data portability requirements • Quick data recovery
  • 73. • Flexible setting of retention time of data, archival rules, etc. • Extensive logging • Multilayered and highly customizable data access rights How Acronis helps your company achieve GDPR compliance
  • 74. How Acronis helps your company achieve GDPR compliance • Active Protection against ransomware • Proactively preventing breaches is easier and more cost- effective suffering breaches and doing the mandatory incident reporting • Acronis Active Protection™ detects and blocks ransomware attacks and instantly restores any affected data • Blockchain-based data certification • Acronis Notary™ provides immutable proof of the integrity of protected data using Blockchain technology
  • 75. With an economic incentive to it, new Ransomware families appeared fast… Source: F-Secure
  • 76. Ransomware Big Trends Advancing into new operating systems Advancing into new platforms and devices Ransomware-as-a-Service Advanced attack techniques
  • 77. Trend 4: Advanced attack techniques 2010 Detection of non-signed files 2014 Protection for Windows only 2016 Detection by checking file type/header 2016 Detection of executable files 2016 Detection in running Windows system Malware signed by stolen certificate Injects into system processes and acts on their behalf Attacks Mac OS X and Linux Only body of the file is encrypted Uses scripts and non- malicious executables Infects before Windows starts 2014 Exclude know legitimate system files 2017 Use of Backup to protect against Ransomware Attacks & Encrypts different backup files Next Generation Ransomware families targeting Backup software
  • 79. … Data Protection evolves too Acronis CustomersAcronis Labs Infected and clean processes farms Provides processes behavior data Updated knowledge base Acronis Learning Service Acronis Cloud Brain Model training, parameters optimization You are protected even without Internet Acronis Local Knowledge Base Acronis Active Protection 2.0: Learning Infrastructure
  • 80. Complete protection against modern techniques 2016 Detection by checking file type/header Only body of the file is encrypted Entropy measurement 2010 Detection of non- signed files 2014 Protection for Windows only 2016 Detection of executable files 2016 Detection in running Windows system Malware signed by stolen certificate Injects into system processes and acts on their behalf Attacks Mac OS X and Linux Uses scripts and non-malicious executables Infects before Windows starts 2014 Exclude know legitimate system files Checks for injections in system processes (with Machine Learning) Protection Windows, Mac and Linux Both executable and scripts detection Pre-Boot anti- ransomware protection Compromised signatures check Acronis Active ProtectionTM 2017 Use of Backup to protect against Ransomware Attacks & Encrypts different backup files
  • 81. Acronis Notary powered by Blockchain Ensuring that data is authentic and unchanged “Acronis Notary assures that files are unchanged since they were backed up.” Have confidence of data authenticity •A public, secure Blockchain ledger verifies the authenticity of files •Backup enables the recovery of the original document •Acronis Notary provides mathematical assurance that the contents of a file perfectly match the original contents that were backed up
  • 82. Thank you Speak to a member of the Cobweb team if you’d like to know more!
  • 83. Mimecast and GDPR Data Protection and Data Management David Tweedale – Team Leader GDPR: Your Journey to Compliance
  • 84. © 2017 Mimecast.com All rights reserved.84 Data Protection Securing personal and sensitive information Data ManagementData Protection Anti Malware Data Leak Prevention Encryption Breach Notifications
  • 85. © 2017 Mimecast.com All rights reserved.85 Spear-phishing credentials to exploit point-of-sale systems Used as stepping stone onto victims network Compromised point of sale systems Customer data stolen, including credit card details Large GDPR Fine and costs to investigate and remediate Access gained via spear-phishing attack on a sub-contractor
  • 86. © 2017 Mimecast.com All rights reserved.86 Type of attacks: • Weaponised attachments • Malicious URLs • Malware-less attacks • Ransomware • Phishing • Insiders Key Strategies • Multi Layered Approach • User Awareness • Advanced Threat Protection • Logging and monitoring of internal user activities • Protected, plan B email route and access Malware can have a devastating impact on organizations contributing to significant GDPR fines related to data lossAnti Malware Technology capabilities: Data protection
  • 87. © 2017 Mimecast.com All rights reserved.87 Data leaked by disgruntled employee Employee emails copy of client database to personal mail account Data collected by the company is now compromised. Customer sensitive data leaked. GDPR fine imposed. Disgruntled employee wants to leave and cause damage to the business
  • 88. © 2017 Mimecast.com All rights reserved.88 Data Leak Prevention (DLP) Technology capabilities: Data protection How is data leaving the organization? • Internal department leakage • Email attachments • Shadow IT Key Strategies • Internal communications DLP • Outbound mail inspection • Corporate data sharing • Secure messaging channel Data Loss Protection (DLP) tools prevent inadvertent data breaches by blocking emails containing personal data
  • 89. © 2017 Mimecast.com All rights reserved.89 Encryption Technology capabilities: Data protection Where is data encrypted? • Data stored in applications • Laptops/Mobile Devices? • Email archives Key Strategies • Secure storage of data • Secure transfer of data • Secure data in transit • Limit data on portable devices Encryption of data in systems and applications reduces the potential impacts of a data breach
  • 90. © 2017 Mimecast.com All rights reserved.90 Breach Notifications Technology capabilities: Data protection Key Information required? • Analysis of breach • Mitigate negative consequences • Alert data protection officer Key Strategies • Gather data from Security Incident and Event Monitoring (SIEM) system • Identify location of data breach • Identify if personal data was leaked • Mitigate negative effects Organizations have 72 hours to notify relevant authorities once a data breach is discovered
  • 91. © 2017 Mimecast.com All rights reserved.91 Data Management Supporting access rights of individuals Data ManagementData Protection Anti Malware Data Leak Prevention Encryption Breach Notifications Search and Discovery Secure Repository Chain of Custody Access Control
  • 92. © 2017 Mimecast.com All rights reserved.92 GDPR – Subject Access Request and Data Portability IT Administrator searches across data repositories Results validated/reviewed Secure transmission of data to data subject Data Subject requests access to data stored on them
  • 93. © 2017 Mimecast.com All rights reserved.93 Subject Access Requests (SAR) Technology capabilities: Data management What is the impact? • Requests need to be handled quickly • Accurate personal data and additional information • Availability in electronic format Key Strategies • Locate requested personal information quickly • Prepared response templates • Employee training to handle SARs • Self-service portal for SARs Individuals have the right to obtain confirmation that their personal data is being processed
  • 94. © 2017 Mimecast.com All rights reserved.94 Data Portability Technology capabilities: Data management What is the impact? • Exports need to be timely • Useable format • Safe delivery of that export? Key Strategies • Data must be structured, searchable • Exports to common formats • Ensure the safe delivery of exported data • Subject review and confirm data required Individuals have the right to request an export of their data a format that can be given to another vendor or service
  • 95. © 2017 Mimecast.com All rights reserved.95 GDPR – Right To Be Forgotten IT Administrator searches across data repositories Time consuming Confirmation given that data is erased Data Subject requests all personal data to be erased
  • 96. © 2017 Mimecast.com All rights reserved.96 Right To Be Forgotten Technology capabilities: Data management What is the impact? • Complete erasure • Across all systems • Unless overriding policy is in place Key Strategies • Data must be structured, searchable • Dynamic data adjustments • Retention management • Auditable deletion • Ability to review prior to deletion Individuals have the right to request erasure of their personal data held by a data controller (subject to conditions)
  • 97. © 2017 Mimecast.com All rights reserved.97 Mimecast Solution Simplifying GDPR Compliance for Email Data Management Search and Discovery Secure Repository Chain of Custody Access Control Secure Messaging Advanced Threat Security Mimecast Cloud Archive DLP & Content Security API RBAC & Data Guardian Large File Send Mailbox Continuity Archive Power ToolsSearch and Review Data Protection Anti Malware Data Leak Prevention Encryption Incident Management Mime | OS
  • 98. © 2017 Mimecast.com All rights reserved.98 You need technology that provides the best possible multi- layered protection PREVENT You need to control, protect, find and access data effectively MANAGE You need to sustain compliance support at all times MAINTAIN Email Cyber Resiliencefor GDPR
  • 99. Thank you Speak to a member of the Cobweb team if you’d like to know more!
  • 100. QGate and GDPR Paribus Discovery - One Small Step… Rowland Dexter, Managing Director GDPR: Your Journey to Compliance
  • 101. Who are QGate • A Dynamics 365 implementation partner (UK HQ), est. 1997 • Working with Dynamics CRM since V4 (2007) • ISV solutions are a key part of our company strategy • Partner friendly established reseller program
  • 102. The Problem Duplicate Data • A primary element of poor data quality • However, in regards to GDPR specifically • How do you manage personal data when you have multiple instances of the same person • Rob Dixon • Bob Dickson • Robert Dicksen • Dixon R A recent QGate audit showed an average of 7.2 % duplication in CRM
  • 103. The Solution Paribus Discovery A batch tool which IDENTIFIES duplicate data within any SQL based data source
  • 104. The Paribus Match Engine Phonetic Data Matching • Foto Centre, Photo Center • Kris Dixon, Chris Dickson, Criss Dicksen • Cheryl Wiatt, Sheryl Wyiatt, Sherril Wyatt Synonyms & Abbreviations & Acronym Matching • Robert, Bob, Bobbie, Rob, Robbie, Roberto • William, Will, Willy, Bill, Billy • Richard, Rich, Ric, Dick, Ricky • International Business Machines, IBM, I.B.M Data Sequence Variation • Florida University, University of Florida • Arizona 1st National Bank, First National Bank of Arizona • 123 (Flat A) Acacia Avenue, Flat A – 123 Acacia Avenue Data Segmentation • QGate Software, Q Gate Software Q-Gate Software • GuideMark, Guide Mark, Guide-Mark • 3Com, 3 Com, 3-Com Gender Analysis • Paul v Paula • Daniel v Danielle • Jo v Joe • Andy v Andie
  • 105. The Paribus Match Engine  Bill Dixon  Marketing Manager  1st National Bank of Arizona  123 Flat A Acacia Avenue Phoenix Arizona CRM Contact  William Dickson  Manager of Marketing  First Bank of Arizona  (Flat A) 123 Acacia Avenue Phoenix AZ CRM Contact  Billy Dicksen  Marketing Director  1st Bank of National Arizona  123 Acacia Avenue (Flat A) Phoenix Arizona CRM Contact
  • 106. Paribus Discovery - Identify A business user can then: • Review & confirm the matches • Review & confirm the primary/master record
  • 107. Paribus Discovery - Resolve The CRM admin user then: • Uses the plugin to execute the merge/purge process Dedicated Paribus for Microsoft Dynamics CRM plugin responsible for the data cleansing (data merging, purging and consolidation) of CRM data. Paribus CRM Plugin
  • 109. Paribus Interactive The user does what they do today, just enter data As they do, Paribus Interactive searches for potential duplicates and highlights the possibility The more information entered the search is refined
  • 110. Paribus Interactive Note the results are from multiple entities To see the results click here Can navigate direct to the record
  • 111. Summary Paribus Discovery INDENTIFIES Duplicate data Within Dynamics 365 able to REMOVE (merge/purge) Open API to build your own removal process Plugin Export results to feed into an external process Paribus Interactive for Dynamics 365 Ahosted SaaS based service providing fuzzy SEARCH and LOOKUP function. www.paribuscloud.com [email protected] [email protected]
  • 112. Thank you Speak to a member of the Cobweb team if you’d like to know more!
  • 113. Panel Interview Host – Caroline Wigley (Cobweb), Sean Huggett (Cybercrowd), Jonathan Burnett (Microsoft), Michael Olpin (Cobweb Finance Director) GDPR: Your Journey to Compliance
  • 114. Closing Thoughts GDPR: Your Journey to Compliance
  • 115. Process track Technical track ----------Define the requirement Create the plan Helping You Achieve Compliance GDPR Webinars GDPR Workshops GDPR Healthcheck GDPR Assessments Implementation Clinics Virtual Services
  • 116. 1-day free GDPR health check (worth £1,200) … GDPR: Your Journey to Compliance …the result
  • 117. Thank you to our presenters GDPR: Your Journey to Compliance
  • 118. Thank you for attending GDPR: Your Journey to Compliance Speak to a member of the Cobweb team if you’d like to know more about GDPR!