the eu data protection regulation and what it means for your organization
TRANSCRIPT
![Page 1: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/1.jpg)
11
The EU Data Regulation and what this means for you
• Michael Heering• Marketing Manager Sophos Benelux
![Page 2: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/2.jpg)
2
Agenda
• Survey results: European attitudes to data protection• Proposed EU Data Protection Regulation• How to comply with the Regulation and minimize fines in the
event of a breach• Stopping breaches in the first place• Summary
![Page 3: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/3.jpg)
33
Survey results
![Page 4: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/4.jpg)
4
Survey results
Loss of Data
Targeted attacks (Ddos, hacking)
Cybercrime
Remote access
Bring your own device
Shadow IT
Mobile Control
None of the above
Other
52%
45%
37%
19%
18%
22%
10%
5%
5%
Biggest concerns IT security
Source: Sophos research 2015 – Security in public sector BE/NL (N=600)
![Page 5: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/5.jpg)
5
Survey results
Source: Sophos research 2015 – Security in public sector BE/NL (N=600)
![Page 6: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/6.jpg)
66
EU Data Protection Regulation
![Page 7: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/7.jpg)
7
Establish a single, pan-European law to replace the current inconsistent patchwork of national laws.
Modernize the principles enshrined in the 1995 Data Protection Directive
Goal
![Page 8: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/8.jpg)
8
Benefits of the new Regulation
Benefits for businesses1. One EU market, one law2. One-stop-shop – a single supervisory authority3. Same rules for all companies
Benefits for EU citizens4. Better data security5. Putting people in control
![Page 9: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/9.jpg)
9
Data security focus
3 key Articles pertaining to data security :
1. Security of processing (Article 30)a. prevent any unauthorized access to personal datab. prevent any unauthorized disclosure, reading, copying, modification,
erasure or removal of personal data
2. Notification of a personal data breach to the supervisory authority (Article 31)
3. Communication of a personal data breach to the data subject (Article 32)
![Page 10: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/10.jpg)
10
What you need to know
• Organizations must:• implement appropriate security measures to protect personal data• have a clear data protection policy• have a named Data Protection officer (except SMEs)
• Fines for unprotected data breaches will range up to €1 million or 2% of annual turnover.
• If you suffer a breach and can show that the personal data can’t be accessed by unauthorized people (e.g. it was encrypted):• The likelihood of being fined should be very greatly reduced • You won’t need to notify affected data subjects of the breach
![Page 11: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/11.jpg)
1111
How to ensure compliance with the Regulation
![Page 12: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/12.jpg)
12
Encryption is key
The Regulation will require organizations to:
1. Implement ‘appropriate security measures’ to protect personal dataEncryption is widely agreed to be the best data security measure
available
2. Notify affected parties in the event of a personal data breachIf you can prove the data was encrypted you don’t need to notify the
individuals concerned
3. Pay fines in the event of a personal data breachIf the data was encrypted it’s highly likely that no fines will be
imposed
![Page 13: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/13.jpg)
13
Encryption is key
But What? Where? When?
![Page 14: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/14.jpg)
14
Lost or Stolen Device
Unencrypted Encrypted
• Accidental loss or Theft of a device is a common occurrence.
• Only authorized user should access devices.• How many devices have you lost?
![Page 15: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/15.jpg)
15
Copy Files to Removable Media
• These tiny devices can store large amounts of data and are easily misplaced.
• Block or protect?• Where is your first USB stick and what was on it?
![Page 16: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/16.jpg)
16
Attach Files to E-Mail
• We all email & we all make mistakes (it happens)• What’s the consequence of sending the wrong
attachment to the wrong person?• Encrypt file attachments or examine at Gateway?
![Page 17: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/17.jpg)
17
Copy Files to the Cloud
• Cloud Storage Services revolutionized the way we share data between users and devices.
• What have you stored in the Cloud and what happens if someone steals it?
• Encrypt the data before sending it to the Cloud.
![Page 18: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/18.jpg)
18
Rock solid data protection strategy
It’s all about the data
1. How does data flow into and out of your organization?
2. How do end users use the data?
3. Who has access to company data and do they need it to perform their job?
![Page 19: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/19.jpg)
1919
Preventing breaches
![Page 20: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/20.jpg)
20
5 steps to stop data getting into the wrong hands
1. Keep patches up-to-dateData-stealing malware often exploits known vulnerabilities.
2. Apply multi-layered entry-point protectionSecure against multiple vectors of attack with Web, Email and Malware protection at the gateway.
3. Select Advanced Threat ProtectionChoose a next-generation firewall that detects and blocks attacks directly on the network.
4. Use Selective SandboxingSecure against slow-moving or delayed threats.
5. Limit dissemination of sensitive data Deploy Application Control and Data Control
![Page 21: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/21.jpg)
21
SafeGuard Enterprise Encryption
• Encrypts data on multiple devices and operating systems• Doesn’t slow you down – it’s built to match your organization’s
workflow and processes • Includes central management of Microsoft’s BitLocker and
Apple’s FileVault• Provides extensive reporting to demonstrate proof of compliance
SafeGuard ensures personal data is protected if a breach occurs
![Page 22: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/22.jpg)
22
SPX Email Encryption
• Email encryption and DLP solution that protects the privacy, confidentiality, and integrity of your sensitive emails.
• Automatically detects sensitive information leaving your organization by email, and either blocks it or encrypts it
• Takes security out of the hands of your employees and looks after it for them.
• Available in Sophos UTM and the Sophos Email Appliance
![Page 23: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/23.jpg)
2323
Summary
![Page 24: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/24.jpg)
24
Summary
• This legislation WILL go ahead• It has already progressed very far, and with very high support. It will not be
allowed to fail.• Key stakeholders want to move fast
• European Commission• European Parliament• Data Protection Authorities• Individual Governments
• Media pressure is building up• PRISM, large scale data thefts (e.g. Target)• Confidence from citizens in online activities is eroding
• You need to be ready• Implement appropriate data security measures • Create and communicate your data protection policy
![Page 25: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/25.jpg)
25
Resources available to help you
• Sample Data Protection Policy• 60-Second EU Data Security Compliance Check• Whitepaper on EU Data Protection Regulation• Try the Sophos products for free
All available at www.sophos.com/public-sector-benelux
![Page 26: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/26.jpg)
2626
Questions?
![Page 27: The EU Data Protection Regulation and what it means for your organization](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d54f31a28abee158b56d3/html5/thumbnails/27.jpg)
27© Sophos Ltd. All rights reserved.