Post on 13-Jun-2020
Solving The Top 5 GDPR ChallengesAccelerating your GDPR Program
About Bill Bradley
Leads Product Marketing for Data Loss Prevention
~20 years of marketing & sales experience• Field Sales, Competitive Analysis,
Product Marketing & Management
Previously at Rapid7 and General Electric
2
Bill BradleyDirector, Product Marketing
About Martin Sugden
CEO of Boldon James
Oversees commercial strategy and product development across Boldon James’ diverse range of software security products.
20+ years experience in the Security Industry and led the Management Buyout (MBO) of Boldon James and the subsequent sale to QinetiQ Plc in 2007.
3
Martin SugdenCEO
4
5
Process
Technology People
6
Process
Technology People
Agenda
7
1. Introduction
2. GDPR in 30 Seconds
3. Top 5 Challenges
4. Challenges, Solutions,
Benefits
5. About Digital Guardian &
Boldon James
6. Questions
GDPR in 30 Seconds
8
Effective: May, 2018
Personal data protection
for, or about, EU citizens
Global reach
Data protection law
harmonization
Breach response protocol
New penalties for breach
GDPR in 30 Seconds
9
Effective: May, 2018
Personal data protection
for, or about, EU citizens
Global reach
Data protection law
harmonization
Breach response protocol
New penalties for breach
Top 5 Challenges
10
1. EU Citizen: The
New Data Owner
2. Confidentiality &
Sensitive Data Protection
3. Notification
Requirement
4. Privacy by Design &
Default
5. Data Protection
Officer
EU Citizen: The New Data Owner
11
“…controller shall take appropriate measures to
provide any information…and any
communication…relating to processing to the
data subject in a concise, transparent, intelligible
and easily accessible form, using clear and plain
language…without undue delay ”
1
CHALLENGE
EU Citizen: The New Data Owner
Opt-in vs opt-out consent
Layers of consent
Consent terminology
Right to access Data portabilityRight to be forgotten
12
Challenges Under New
Management1
CHALLENGE
EU Citizen: The New Data Owner
People
• Changing behaviors around data collection, use
• Consent
Process
• Means to address inquires
• Limits on what is collected
• Data lifecycle management
Technology
• Find GDPR data
• Classify GDPR data
• Track GDPR data
• Confirm where GDPR data isn’t
13
Steps to Resolve1
CHALLENGE
Under New
Management
Confidentiality & Sensitive Data Protection
14
“processed in a manner that ensures
appropriate security of the personal data,
including protection against unauthorised or
unlawful processing and against accidental
loss, destruction or damage, using appropriate
technical or organisational measures
(‘integrity and confidentiality’).”
2
CHALLENGE
Confidentiality & Sensitive Data Protection
Specificity Transparency Accuracy
Expiration DateConfidentiality &
integrityDocumented
15
Challenges2
CHALLENGE
Confidentiality & Sensitive Data Protection
People
• Education & awareness
• Asking the right questions
• DPO accountability
Process
• Rules around processing, disseminating
• Minimizing data
• DPO empowerment
Technology
• Visibility
• Analytics
• Controls
• Encryption
• Pseudonymization
16
Steps to Resolve2
CHALLENGE
Notification Requirement
17
“In the case of a personal data breach, the controller
shall without undue delay and, where feasible, not later
than 72 hours after having become aware of it, notify
the personal data breach to the supervisory authority…”
3
CHALLENGE
Notification Requirement
Quick turnScope
unknownContainment
unknown
Eradication of threat
unknown
Solutions unknown
18
Challenges3
CHALLENGE
Notification Requirement
People
• Technical
• Non-technical
Process
• Incident response plan
• Data minimization
• Data lifecycle management
Technology
• Detection
• Containment
• Neutralization
• Forensics
19
Steps to Resolve3
CHALLENGE
Privacy by Design & Default
20
“When developing, designing, selecting and using
applications, services and products…take into account
the right to data protection…with due regard to the state
of the art, to make sure that controllers and processors
are able to fulfil their data protection obligations. ”
4
CHALLENGE
Privacy by Design & Default
The final hurdle vs the 1st stop
Limit to current need
Limit access
Proof of secure design and default
21
Challenges4
CHALLENGE
Privacy by Design & Default
People
• Changing behavior
• The right questions
Process
• Incorporate into existing
• Over communicate initially
Technology
• Flag GDPR data upon creation
• Automated controls
22
Steps to Resolve4
CHALLENGE
Data Protection Officer
23
“The controller and the processor shall
designate a data protection officer…”
5
CHALLENGE
Data Protection Officer
Staffing shortage
Immediate need
Organizational change
Power shiftPosition role for success
24
Challenges
“75,000 Data Protection
Officers Needed By 2018
To Handle EU Law.”
- DARKReading5
CHALLENGE
Data Protection Officer
People
• Acting DPO today
Process
• Define the role
• Define the hierarchy
Technology
• Visibility
• Analytics
• Controls
25
Steps to Resolve5
CHALLENGE
“75,000 Data Protection
Officers Needed By 2018
To Handle EU Law.”
- DARKReading
Digital Guardian for Your 5 Challenges
EU Citizen: The New Data Owner
• Find the data
• Understand the data
• Protect the data
Confidentiality & Sensitive Data
Protection
• Visibility into extended enterprise
• Highlight risks to the most sensitive data
• Stop data loss before compliance violations
Notification Requirement
• Threat aware data protection
• Incident response program
26
Digital Guardian for Your 5 Challenges
Privacy by Design
• Immediate visibility
• Data aware security
• Automated responses
Data Protection Officer
• Support compliance and security
• Document compliance posture
• Track improvement
27
28
Founded 2002 to protect all data against theft
Began with protecting IP on the endpoint - the most challenging use case
Simplified compliance and cloud data protection with DG appliance
Launched industry’s first Managed Security Program for DLP
Only security company 100% focused on protecting sensitive data from loss or theft
#1 IP Protection
Digital Guardian’s choice for comprehensive user classification capabilities
Boldon James:• Proven technology platform and integrations – over
35 best-of-breed technology partners, including Digital Guardian
• Owned by QinetiQ Plc - $2bn defence & security technology business
• Global presence, local support across US, South America, EMEA and APAC
• A Data Classification Market leader – wide range of data classification products supporting Windows, Mac & Citrix
29
Threat Aware Data Protection
Confidential30
Deepest Visibility Real-Time Analytics Flexible Controls
Automatically protects sensitive data
Don’t impede business
Enforceable on all OS’s
Across network, storage, cloud and endpoints
Network
Endpoint
Cloud
Databases/Shares
Structured and Unstructured Data
Filters out the noise
Accelerates Compliance & Security Initiative
Documents Compliance Posture to Auditors and Management Team
Threat Aware Data Protection
Confidential31
Deepest Visibility Real-Time Analytics Flexible Controls
Automatically protects sensitive data
Don’t impede business
Enforceable on all OS’s
Across network, storage, cloud and endpoints
Filters out the noise
Accelerates Compliance & Security Initiative
Documents Compliance Posture to Auditors and Management Team
Network
Endpoint
Cloud
Databases/Shares
Structured and Unstructured Data
Summary
GDPR Go Live Date May 2018
Blend of People, Process, and Technology to Succeed
Digital Guardian Visibility, Analytics, and Controls • Demonstrate GDPR Compliance
• Support Data Security
32
How Prepared Are You? Contact Digital Guardian to see if you
qualify for a complementary GDPR Data Risk Assessment.
Provides custom reporting and analysis for your organization so you better understand:• Where Personal Data Resides• How Personal Data Flows• Who Processes Personal Data• And more…
Click Here To Inquire About Our GDPR Data Risk Assessment
33
Thank YouAny questions?
Digital Guardian’s Next Webinar
“Understanding and Implementing Data Security in Office 365”
April 19 @ 2:00 PM ET• Patrick Hevesi – Research Director - Gartner• Bill Bradley – Director Product Marketing - Digital Guardian
Watch this webcast to learn:• Can I trust Microsoft and Office 365?• How can I secure my enterprise data in Office 365?• Is DLP in Office 365 good enough?• What 3rd party solutions can help secure Office 365?
35