N.J.V. Athens Plaza, Febr. 17th, 20171
Speaker: Stavros KARAGULOGLOUCEO @ UNITED TELECOM AE, AthensLAW FORUM ON DATA PROTECTION & PRIVACY
N.J.V. Athens Plaza, Febr. 17th, 20173 N.J.V. Athens Plaza, Febr. 17th, 20173
EU GDPR
N.J.V. Athens Plaza, Febr. 17th, 20174 N.J.V. Athens Plaza, Febr. 17th, 20174
N.J.V. Athens Plaza, Febr. 17th, 20175 N.J.V. Athens Plaza, Febr. 17th, 20175
Data protection roles, rights and obligations
N.J.V. Athens Plaza, Febr. 17th, 20176 N.J.V. Athens Plaza, Febr. 17th, 20176
GDPR - Data protection roles, rights and obligations
N.J.V. Athens Plaza, Febr. 17th, 20177 N.J.V. Athens Plaza, Febr. 17th, 20177
GDPR - Data protection roles, rights and obligations in relation to obligations in relation to CLOUD
& IoT
N.J.V. Athens Plaza, Febr. 17th, 20178 N.J.V. Athens Plaza, Febr. 17th, 20178
But do we know how many of these we have ?
GDPR - Data protection roles, rights and obligations in relation to obligations in relation to CLOUD
& IoT
N.J.V. Athens Plaza, Febr. 17th, 20179 N.J.V. Athens Plaza, Febr. 17th, 20179
N.J.V. Athens Plaza, Febr. 17th, 201710 N.J.V. Athens Plaza, Febr. 17th, 201710
Source: Netskope Cloud Report – EMEA – Sept-2016
CLOUD APPS PER INDUSTRY / Use-Case in ENTERPRISE
N.J.V. Athens Plaza, Febr. 17th, 201711 N.J.V. Athens Plaza, Febr. 17th, 201711
CLOUD APPS PER INDUSTRY / Use-Case in ENTERPRISE
Source: Netskope Cloud Report – EMEA – Sept-2016
N.J.V. Athens Plaza, Febr. 17th, 201713 N.J.V. Athens Plaza, Febr. 17th, 201713
N.J.V. Athens Plaza, Febr. 17th, 201714 N.J.V. Athens Plaza, Febr. 17th, 201714
N.J.V. Athens Plaza, Febr. 17th, 201715 N.J.V. Athens Plaza, Febr. 17th, 201715
N.J.V. Athens Plaza, Febr. 17th, 201716 N.J.V. Athens Plaza, Febr. 17th, 201716
N.J.V. Athens Plaza, Febr. 17th, 201717 N.J.V. Athens Plaza, Febr. 17th, 201717
N.J.V. Athens Plaza, Febr. 17th, 201718 N.J.V. Athens Plaza, Febr. 17th, 201718
N.J.V. Athens Plaza, Febr. 17th, 201719 N.J.V. Athens Plaza, Febr. 17th, 201719
N.J.V. Athens Plaza, Febr. 17th, 201720 N.J.V. Athens Plaza, Febr. 17th, 201720
N.J.V. Athens Plaza, Febr. 17th, 201721 N.J.V. Athens Plaza, Febr. 17th, 201721
N.J.V. Athens Plaza, Febr. 17th, 201722 N.J.V. Athens Plaza, Febr. 17th, 201722
N.J.V. Athens Plaza, Febr. 17th, 201723 N.J.V. Athens Plaza, Febr. 17th, 201723
- Protect the personal data from loss, alteration or unauthorised processing. - Assess whether the security measures meet the security requirements - Check if req. are met on the basis of a risk analysis- Check if specific sectoral, contractual or organizational req. are met- Supervise the implementation of security measures by the processor- Conducting regular audits. - Audit Sub-processors if authorized by Controller.
However, most cloud providers do not allow their clients to provide instructions relating to data security or to conduct security audits.
N.J.V. Athens Plaza, Febr. 17th, 201724 N.J.V. Athens Plaza, Febr. 17th, 201724
-- to act only on the instructions of the controller-- security measures to protect the data from loss, alteration or unauth. processing-- Sub-processor only with the prior permission of the controller-- Assist the controller in response to requests for exercising data subjects’ rights-- Assist the controller in notifying the supervisory authority and the data subjects of a data breach-- Assist the controller in conducting a ‘data protection impact assessment’ to identify the privacy and sec. risks-- Hand over all personal data after the end of the processing or the termination of the agreement
N.J.V. Athens Plaza, Febr. 17th, 201725 N.J.V. Athens Plaza, Febr. 17th, 201725
N.J.V. Athens Plaza, Febr. 17th, 201726 N.J.V. Athens Plaza, Febr. 17th, 201726
N.J.V. Athens Plaza, Febr. 17th, 201727 N.J.V. Athens Plaza, Febr. 17th, 201727
( Right to be forgotten )
N.J.V. Athens Plaza, Febr. 17th, 201728 N.J.V. Athens Plaza, Febr. 17th, 201728
N.J.V. Athens Plaza, Febr. 17th, 201729 N.J.V. Athens Plaza, Febr. 17th, 201729
N.J.V. Athens Plaza, Febr. 17th, 201730 N.J.V. Athens Plaza, Febr. 17th, 201730
Measures for managing GDPR risks
Measures that you can take:• Control your organization’s interactions with the cloud• Lighten shadow-IT• Track APP usage & control data after the upload• Bridge the security gap
For this: Deploy a CASB ( CLOUD Access Security Broker )According to Gartner, a cloud access security broker (CASB) is an on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed.
N.J.V. Athens Plaza, Febr. 17th, 201731 N.J.V. Athens Plaza, Febr. 17th, 201731
Capabilities of CASB’s
Select Services or
Packaged Services forCloud Risk Assessment
N.J.V. Athens Plaza, Febr. 17th, 201732 N.J.V. Athens Plaza, Febr. 17th, 201732
Key Takeaways
Know Your CLOUD App Usage & EU GDPR Compliance Status
Take advantage of ready & proven tools & services likeCloud Risk Assessment CRA for the EU GDPR
We are ready to assist further
N.J.V. Athens Plaza, Febr. 17th, 201733 N.J.V. Athens Plaza, Febr. 17th, 201733
Thank You
N.J.V. Athens Plaza, Febr. 17th, 201734 N.J.V. Athens Plaza, Febr. 17th, 201734
CLOUD DLP POLICY VIOLATIONS
✓ PII: Personally identifiable information✓ PHI: Protected health information✓ PCI: Payment card information✓ Specific keywords: such as for intellectual property
N.J.V. Athens Plaza, Febr. 17th, 201735 N.J.V. Athens Plaza, Febr. 17th, 201735
Capabilities of CASB’s
N.J.V. Athens Plaza, Febr. 17th, 201736 N.J.V. Athens Plaza, Febr. 17th, 201736
Capabilities of CASB’s
Discover and assign a risk score to all appsThey discover and assign a risk score to each identified app. This allows you to decide whether apps are acceptable for business use
Provide identity-based access management They enable you to tap into your directory services and secure user access to cloud apps. They allow you to easily provision and deprovision
user access. Monitor and set up alerts for users and admins
They help you understand user activity and its context (for example, who’s sharing content outside the company). They may also alert you to anomalous activities or activities that could lead to data loss or exposure. Prevent cloud data leakage
They enable you to enforce policies that prevent leakage of your sensitive company data from cloud apps. Coach users
They enable you to coach users about risky apps and guide them to less risky alternatives, as well as provide feedback to users about noncompliant activities.
Monitor for malwareThey should monitor for the presence of malware or anomalies that could indicate malware activity within cloud apps.
Thank You
N.J.V. Athens Plaza, Febr. 17th, 201738
Speaker: Stavros KARAGULOGLOUChief Executive OfficerUNITED TELECOM AE, Athens@ 4th Conference, October 10th, 2014
N.J.V. Athens Plaza, Febr. 17th, 201739
Speaker: Stavros KARAGULOGLOUChief Executive OfficerUNITED TELECOM AE, Athens@ 4th Conference, October 10th, 2014