Date post: | 16-Apr-2017 |
Category: |
Technology |
Upload: | jisc |
View: | 621 times |
Download: | 3 times |
GDPR: More reasons for information securityAndrew Cormack (@Janet_LegReg)
03/05/2023
Existing reasons
03/05/2023GDPR: More reasons for information security 2
Information Security
Reliability
Confidence
Trust
ReputationPolicy
Workload
etc
General data protection regulation (GDPR) 2016/679
03/05/2023GDPR: More reasons for information security 3
Personal data processing
May 2018» Almost certainly pre-Brexit» Services to EU people covered anyway
Becomes UK law automatically
GDPR supports proactive and reactive information security
03/05/2023GDPR: More reasons for information security 4
Breach notification
Unauthorised/accidental loss, alteration, disclosure or access to personal data
03/05/2023GDPR: More reasons for information security 5
All breaches
» Document
Risk to rights/freedoms
» Report to ICO (72 hour expectation)» Nature; number/type of records/people affected;
mitigationsHigh risk to
rights/freedoms» Also notify individuals (unless mitigated)» Can take ICO advice
Security and incident response
03/05/2023GDPR: More reasons for information security 6
Very like security good practice (paper currently with journal reviewers)
“Ensuring network and information security … CSIRTs… providers of networks and services… ” (Rec.49)A legitimate interest… (for processing personal data)
If necessary/proportionate…
Balance of interests test…
Other tools mentioned
03/05/2023GDPR: More reasons for information security 7
Encryption
» Mitigate damage from breaches
Data protection by design
Exercises » Test readiness
» Assist complianceAuthorisation
» Reduce riskPseudonyms
New incentives
03/05/2023GDPR: More reasons for information security 8
Security/incident response clearly lawful
Increased public awareness
Much bigger fines (€20M/4%)
Damages, not just for monetary loss
Opportunities to improve
03/05/2023GDPR: More reasons for information security 9
Regulator guidance
Lessons learned from breaches
Compare public notifications
NIS Directive => more sharing
Cloud security standards etc.
12 steps
03/05/2023GDPR: More reasons for information security 10
Information Commissioner’s Office, [Preparing for the GDPR, 14/3/16], licensed under the Open Government Licence
Watch these spaces
» ICO:› https://ico.org.uk/for-organisations/data-protection-reform/
» Regulation (2016/679/EU):› http://ji.sc/gdpr-text
» Me:› http://ji.sc/dataprotection-regulation
03/05/2023GDPR: More reasons for information security 11
jisc.ac.uk
One Castlepark Tower Hill Bristol BS2 0JA
T 020 3697 5800
Except where otherwise noted, this work is licensed under CC-BY-NC-ND
Thanks
Andrew CormackChief Regulatory Adviser, Jisc [email protected]
03/05/2023GDPR: More reasons for information security 12