the new european privacy and data protection regulations ... · the new legislative landscape will...
TRANSCRIPT
TheNewEuropeanPrivacyandDataProtectionRegulations–Compliance,ConsequencesandChallengesDavidGoodmanPrincipalConsultingAnalyst22September2016
(C) TechVision Research Corp. 2016 - All Rights Reserved
DataProtection&Privacy:ANewDawn
(C) TechVision Research Corp. 2016 - All Rights Reserved
Desiderata
TheEUwantstobuildasinglemarketfitforthedigitalagebytearingdownregulatorywallsandmovingawayfrom28nationalmarketstoasingleonethatsupportsthefreemovementofpersons,services,andcapital.
UpdatestotherulesrelatingtodataprotectionandprivacyinEuropearelongoverdue,andareevenmoresointherestoftheworld.
NewEuropeanlegislationwillreplacethecurrentchaosinwhicheachEUMemberStatehasitsownseparatedirectivewithabravenewworldinwhichtherewillbeonelawacrossalloftheEU,implementingstiffpenaltiesforviolations.
ThenewlegislativelandscapewillrequireanybusinessoperatinginEuropeincludingforeignmultinationalstomakeconsiderablechangestotheirdataprotectionpoliciesandstrategieswithinthenexttwoyearsinadvanceofthelegislationcomingintofullforceinMay2018.
(C) TechVision Research Corp. 2016 - All Rights Reserved
TheDataProtectionDirective(1995)
In1995,veryfewEuropeanswereusingtheInternetandtheconcernsaroundprivacyandprotectingpersonaldataapparenttodaywerenotthere.
Itwasalso‘only’adirective,notbindinglegislationbutarequirementoneachMemberStatetotransposetheprotectionofpersonaldatalocallyintolawbytheendof1998.
Theprincipleswerethatpersonaldatashouldnotbeprocessedatallunlesstheprocessesmetcertainconditionswhichfallintothreecategories:
Transparency – thedatasubjecthastherighttobeinformedwhenhispersonaldataisbeingprocessedfairlyandundercertaincircumstances
Legitimatepurpose– personaldatacanonlybeprocessedforspecifiedexplicitandlegitimatepurposesandnotfurtherinawayincompatiblewiththosepurposes
Proportionality – personaldatamaybeprocessedonlyinsofarasitisadequate,relevantandnotexcessiveinrelationtothepurposesforwhichitiscollectedand/orfurtherprocessed.
Theframeworkprovideddidnotestablishsufficienttrustbetweenauthorities,businesses,andcitizensorconsumersinhibitingtheonlineenvironmentwhichiskeytoeconomicdevelopmentandmostotheraspectsofdigitallife
(C) TechVision Research Corp. 2016 - All Rights Reserved
GeneralDataProtectionRegulation(GDPR)
Themaingoalistoestablishasinglepan-Europeanlawtoreplacetheinconsistentpatchworkofnationallawsbasedonoutdateddirectives.
Amajordifferencebetweentheearlierdirectivesandthenewregulationisintheirdefinitions– onesetprovidedguidanceandthesecondistobeenshrinedinlaw.
Thisreformaimstoenablepeopletogainbettercontrolofpersonaldata,atthesametimeallowingbusinessestomaximise theopportunitiesoftheDigitalSingleMarket,cuttingredtapeandbenefitingfromreinforcedconsumertrust
TheEUhasraisedtheprofileofcompliancetoprivacyconcerns,steppingupenforcementactivitiesregardingbreachestotheexistinglegalframework
Thenewlegislationnotonlytightensupthescopeofdataprotectioninlawandintroducesenhancedrequirements,italsohasteethtoenforcetoughsanctionsfornegligenceinprotectingcitizens’data
HighprofileactionsrecentlytakenagainstEuropeanandUSmultinationals
(C) TechVision Research Corp. 2016 - All Rights Reserved 6
Company Jurisd-iction
Problem Consequence
MicrosoftDecember2013
Ireland ANewYorkjudgeaskedMicrosofttoproduceemailsandprivateinformationhostedonaserverinDublin.
MicrosofthandedoverinformationheldintheUSbutrefusedthatstoredinIreland.
GoogleMay2014
Spain RequestbyindividualtohavecertainpersonaldetailsremovedfromGooglesearchdenied
RighttobeforgottenupheldbyEuropeanCourtofJustice.Googleremovedlinks
MicrosoftJuly2014
Europe ResponsetoGooglerulingonrighttobeforgotten
Bingallowedindividualstorequesttheremovaloflinkstocertainpages
OPMApril2015
USA 21.5millionpersonaldatarecordsand5.6millionfingerprintscompromised.
ThedirectorandinspectorgeneraloftheOPMresignedtheirpositions.
FacebookMay2015
Belgium PrivacyCommissionersaidFacebookdidnotcomplywithEurope’sprivacyrules
AcourtjudgedthatFacebookcouldnolongercollectandstoreonlineinformationfromBelgianswithnoFacebookaccount
FacebookJune-October2015
Austria Aclass-actionsuitcenteredonhowFacebookhadcollectedanduseddataonitsusers
InitiallyrejectedbyacourtinViennabutlatertheECoJ acceptedtheclaimanddismissedtheSafeHarbour agreementasinvalid
TalkTalkOctober2015
UK Cyber-attackimpactingthepersonaldataof157,000customers
Claimedlossestothecompanyof60MGBPbutatpresentnopenaltiesimposedbyUKICO
AppleJanuary-March2016
USA FBIrequestedAppletoprovideaccesstotheiPhone5ownedbyoneoftheSanBernardinomurderers.
ApplerefusedtocooperatewiththeFBI.Thereweretwomainissues:unlockingthespecificiPhoneandtheengineeringofa“back-door”.
FacebookFebruary2016
France TheDPAsaidtrackingnon-userswithcookieswithoutinformingthemdidn’tcomplywithFrenchprivacylaw.
CNILorderedFacebooktostoptrackingnon-users'webactivitywithouttheirconsentandtostoptransfersofpersonaldatatotheUS.
(C) TechVision Research Corp. 2016 - All Rights Reserved
(C) TechVision Research Corp. 2016 - All Rights Reserved 8
“Specifically,theFBIwantsustomakeanewversionoftheiPhoneoperatingsystem,circumventingseveralimportantsecurityfeatures,andinstallitonaniPhonerecoveredduringtheinvestigation.”
“ApplechosetoprotectadeadISISterrorist’sprivacyoverthesecurityoftheAmericanpeople”
“Peoplehaveentrusteduswiththeirmostpersonalinformation.Weowethemnothinglessthanthebestprotectionsthatwecanpossiblyprovidebyharnessingthetechnology atourdisposal.Wemustgetthisright.Historyhasshownusthatsacrificingourrighttoprivacycanhavedireconsequences”
“Theproblemofend-to-endencryptionisn’tjustaterrorismissue.Itisalsoadrug-trafficking,kidnappingandchildpornographyissuethatimpactseverystateoftheUnion…It’sunfortunatethatthegreatcompanyAppleisbecomingthecompanyofchoiceforterrorists,drugdealersandsexualpredatorsofallsorts.”
(C) TechVision Research Corp. 2016 - All Rights Reserved
LoftyIntentions
9
(1) The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) ofthe Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning ofthe European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.
(2) The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should,whatever their nationality or residence, respect their fundamental rights and freedoms, in particulartheir right to the protection of personal data. This Regulation is intended to contribute to theaccomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to thestrengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.
(3) Directive 95/46/EC of the European Parliament and of the Council (4) seeks to harmonise the protection of fundamental rightsand freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data betweenMember States.
(4) The processing of personal data should be designed to serve mankind. The right to theprotection of personal data is not an absolute right; it must be considered in relation to itsfunction in society and be balanced against other fundamental rights, in accordance withthe principle of proportionality. This Regulation respects all fundamental rights and observes the freedoms andprinciples recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home andcommunications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression andinformation, freedom to conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious andlinguistic diversity.
(C) TechVision Research Corp. 2016 - All Rights Reserved
DataDefinitionsPersonaldata:anyinformationrelatingtoanidentifiedoridentifiablenaturalperson(‘datasubject’);anidentifiablenaturalpersonisonewhocanbeidentified,directlyorindirectly,inparticularbyreferencetoanidentifiersuchasaname,anidentificationnumber,locationdata,anonlineidentifierortooneormorefactorsspecifictothephysical,physiological,genetic,mental,economic,culturalorsocialidentityofthatnaturalperson;
Profiling:anyformofautomatedprocessingofpersonaldataconsistingoftheuseofpersonaldatatoevaluatecertainpersonalaspectsrelatingtoanaturalperson,inparticulartoanalyse orpredictaspectsconcerningthatnaturalperson'sperformanceatwork,economicsituation,health,personalpreferences,interests,reliability,behaviour,locationormovements;
Geneticdata:personaldatarelatingtotheinheritedoracquiredgeneticcharacteristicsofanaturalpersonwhichgiveuniqueinformationaboutthephysiologyorthehealthofthatnaturalpersonandwhichresult,inparticular,fromananalysisofabiologicalsamplefromthenaturalpersoninquestion
Biometricdata: personaldataresultingfromspecifictechnicalprocessingrelatingtothephysical,physiologicalorbehavioural characteristicsofanaturalperson,whichalloworconfirmtheuniqueidentificationofthatnaturalperson,suchasfacialimagesordactyloscopic data;
10
(C) TechVision Research Corp. 2016 - All Rights Reserved
OperationalDefinitionsProcessing: Anyoperationorsetofoperationswhichisperformedonpersonaldataoronsetsofpersonaldata,whetherornotbyautomatedmeans,suchascollection,recording,organisation,structuring,storage,adaptationoralteration,retrieval,consultation,use,disclosurebytransmission,disseminationorotherwisemakingavailable,alignmentorcombination,restriction,erasureordestruction;
Controller:Thenaturalorlegalperson,publicauthority,agencyorotherbodywhich,aloneorjointlywithothers,determinesthepurposesandmeansoftheprocessingofpersonaldata;wherethepurposesandmeansofsuchprocessingaredeterminedbyUnionorMemberStatelaw,thecontrollerorthespecificcriteriaforitsnominationmaybeprovidedforbyUnionorMember Statelaw;
Consentofthedatasubject:anyfreelygiven,specific,informedandunambiguousindicationofthedatasubject'swishesbywhichheorshe,byastatementorbyaclearaffirmativeaction,signifiesagreementtotheprocessingofpersonaldatarelatingtohimorher;
Personaldatabreach:abreachofsecurityleadingtotheaccidentalorunlawfuldestruction,loss,alteration,unauthorised disclosureof,oraccessto,personaldatatransmitted,storedorotherwiseprocessed;
11
(C) TechVision Research Corp. 2016 - All Rights Reserved
GDPRNutsandBolts173recitals,26definitions,99articlesand11chapters• GeneralProvisions
• Principles
• Rightsofthedatasubject
• Controllerandprocessor
• Transfers of personal data to third countries or international organisations
• Independent supervisory authorities
• Cooperation and consistency
• Remedies¬ liability and penalties
• Provisions relating to specific processing situations
• Delegated acts and implementing acts
• Final provisions
12
(C) TechVision Research Corp. 2016 - All Rights Reserved
GDPRInANutshellOnecontinent,onelaw
Strengthenedandadditionalrights
EUrulesforEUcitizens
MorepowersfornationalDPAs
’One-stopshopping'
13
Companiesdealwithasinglesetofrulesondataprotection,validacrosstheEU,not28– removingunnecessaryadministrativerequirementsandsaving€130millionperyear.Therighttobeforgottenreinforced,citizensbetterinformediftheirdataishackedandarighttodataportabilitymakingiteasiertotransferpersonaldatabetweenserviceproviders.Whencitizensnolongerwanttheirdataprocessed,thecontrollermustshowlegitimategroundsforretainingit,ordeletethedata
Non-EUcompanieshavetoapplythesameruleswhenofferingservicesintheEUorholdingEUcitizens’data
DPAsstrengthenedtoenforcetherules,andempoweredtofineviolationswithpenaltiesofupto€10/20millionorupto2/4% ofacompany’sglobalannualturnover,whicheveristhegreater.
Onesupervisoryauthoritymakesitsimplerandcheaper,particularlySMEs,todobusiness,savingbusinessesaround€2.3billionayear.
IndividualsdealwiththeirnationalDPAandintheirownlanguage—eveniftheirpersonaldataisprocessedoutsidetheirhomecountry.
(C) TechVision Research Corp. 2016 - All Rights Reserved
ABraveNewWorld
TheintroductionoftheGDPRisgoingtorequiresignificantchangesinthewaythatmost,ifnotall,companiesapproachdataprotectiontoday- inmanycasestheeffortinvolvedmaywellbemorestrenuousthananticipated.
Generally,itwillbefarmoreexpedienttoobservethe“spirit”ofthenewdataprotectionrulesratherthanjustaimingforcompliance,butthismayexposeanorganizationtoenforcementactionsiftherelevantauthoritiesinterpretthat“spirit”differently.
AsevidencedbythegrowlingsensitivitiestodataprotectionandprivacyconcernsbyindividualsaswellastheauthoritiesonbothsidesoftheAtlantic,sittingbackanddoingnothinginthehopethatlightningwillnotstrikeisnotanoption.
ItisanindicationofboththestrengthsandweaknessesofallITsystemsthattheresponsibilityforthehandlingofpersonaldataisachievingheadlinerecognition.
(C) TechVision Research Corp. 2016 - All Rights Reserved
Challenges
ConsiderablechallengeslieaheadfortheindependentDPAs,notleastinrecruitment,awareness,andactualenforcementthroughthecourtsAlthoughGDPRisavastimprovementonwhatcamebefore,isitfutureproof?Forexample:• InternetofThingsandtheIdentityofThings• Cloudcomputing• Blockchain
(C) TechVision Research Corp. 2016 - All Rights Reserved
SoWhatShouldCompaniesDo?
Step1:Gettingstarted:understandwhatisnew
Step2:Whatdatasubjectswillexpectofdatacontrollers
Step3:Beingpreparedforwhensomethinggoeswrong
Step4:Whattodonext– theprivacyimpactassessment
Step5:Informingstakeholdersandraisingawareness
Oneofthemajorchangesistherequirementforallpublicauthoritiesandcompanieswithmorethan250employeesorprocessingmorethan5,000datasubjectstoappointaDataProtectionOfficer(DPO)within12months.
AgroupofundertakingsmayappointasingleDPOprovidedthataDPOiseasilyaccessiblefromeachestablishment.
(C) TechVision Research Corp. 2016 - All Rights Reserved
APrivacyImpactAssessment(PIA)
LedbyTheDataProtectionOfficer(orComplianceOfficer)Who’sinvolvedKeyemployees,vendors,systemintegratorsbusinesspartnersWhatisbeingassessedHardwareandsoftwareassets,applicationsandsharedsystemsKeyelementsDatabases,directories,MicrosoftOfficeapplications,AdobePDFs,socialmediadataRiskhighlightsInformationRightsManagementsolutionsordataencryptionforunstructureddata;untrackedorinvisible‘anonymous’personaldataContingencyplanningLimitorsecureanydatabreachasquicklyaspossible.CommunicateearlyandtransparentlywithimpactedpartiesandauthoritiesOngoingassessmentTobeinstigatedwheneversignificantneworriskyprocessesareundertakenorshareddatabasesareintroduced.
(C) TechVision Research Corp. 2016 - All Rights Reserved
ASpannerInTheWorks
InOctober2015theEuropeanCourtofJusticeruledinalandmarkcaseagainstFacebookthatthe15year-oldSafeHarbour agreementbetweentheEUandtheUSwasnolongervalidbecauseitdidnotoffersufficientprotectiontothefundamentalrightsofEuropeans.
Consequently,everynationaldataprotectionauthoritywasempoweredtoexamineanyUS-bounddatatransfersonacase-by-casebasis.
IntheabsenceofclarityabouttheproposedEU-USPrivacyShield,thelimbo—wherebytheoldrulesweretornupanddatamonitoringandenforcementwasinthehandsofindividualnationaldataprotectionauthorities— wasapotentialminefieldforUSmultinationalsaswellasUS-basedcloudserviceproviderswhowereseentonotbesupportingEuropeanprivacylaws.
However,despitevigorousobjectionsfromprivacyadvocatesandlobbyistsinEuropeandtheUS,thenewtreatywassignedon12July2016.
(C) TechVision Research Corp. 2016 - All Rights Reserved
TheEU-U.S.PrivacyShieldprotectsthefundamentalrightsofEuropeansandensureslegalcertaintyforbusinesses,includingEuropeancompanies,transferringpersonaldatatotheU.S.ThePrivacyShieldensureseasierredressforindividualsincaseofanycomplaints.IamthereforeconfidentthatthePrivacyShieldwillrestorethetrustofEuropeansinthewaytheirpersonaldataaretransferredacrosstheAtlanticandprocessedbycompaniesthere.IencouragecompaniestosignupandIinvitecitizenstofindoutabouttheirrightsunderthePrivacyShieldinthe'citizens'guide'wearepublishingtodayVěra Jourová,theEU'sCommissionerforJustice,ConsumersandGenderEquality
EU-U.S. Privacy ShieldThe EU-U.S. Privacy Shield imposes stronger obligations on U.S. companies to protect Europeans’ personal data. It reflects the requirements of the European Court of Justice, which ruled the previous Safe Harbour framework invalid. The Privacy Shield requires the U.S. to monitor and enforce more robustly, and cooperate more with European Data Protection Authorities.It includes, for the first time, written commitments and assurance regarding access to data by public authorities.
July 2016
Strong obligations on companies and robust enforcement: > Greater transparency.> Oversight mechanisms to ensure companies abide by
the rules.> Sanctions or exclusion of companies if they do not comply.> Tightened conditions for onward transfers.
Several redress possibilities:> Directly with the company: Companies must reply to
complaints from individuals within 45 days.> Alternative Dispute Resolution: free of charge.> With the Data Protection Authority: they will work
with U.S. Department of Commerce and Federal Trade Commission to ensure unresolved complaints by EU citizens are investigated and swiftly resolved.
> Privacy Shield Panel: As a last resort, there will be an arbitration mechanism to ensure an enforceable decision.
What will it mean in practice?
For American companies> Self-certify annually that they meet the requirements.> Display privacy policy on their website.> Reply promptly to any complaints.> (If handling human resources data) Cooperate and comply
with European Data Protection Authorities.
For European individuals> More transparency about transfers of personal data to the U.S. and stronger protection of personal data.> Easier and cheaper redress possibilities in case of complaints —directly or with the help of their local Data Protection
Authority.
Clear safeguards and transparency obligations:> For the first time, written assurance from the U.S. that
any access of public authorities to personal data will be subject to clear limitations, safeguards, and oversight mechanisms.
> U.S authorities affirm absence of indiscriminate or mass surveillance.
> Companies will be able to report approximate number of access requests.
> New redress possibility through EU-U.S. Privacy Shield Ombudsperson mechanism, independent from the intelligence community, handling and solving complaints from individuals.
Annual joint review mechanism:> Monitoring the functioning of the Privacy Shield and U.S.
commitments, including as regards access to data for law enforcement and national security purposes.
> Conducted by the European Commission and the U.S. Department of Commerce, associating national intelligence experts from the U.S. and European Data Protection Authorities.
> Annual privacy summit with NGOs and stakeholders on developments in the area of U.S. privacy law and its impact on Europeans.
> Public report by the European Commission to the European Parliament and the Council, based on the annual joint review and other relevant sources of information (e.g. transparency reports by companies).
Commercial sector U.S. Government access
Monitoring
The new arrangement will include the following elements:
Justiceand Consumers
Redress
(C) TechVision Research Corp. 2016 - All Rights Reserved
AnythingElse?Foranybusinessengagedincommercialtransactionwhetherfinancialinstitutionsornon-financialmarketplayers,thereismore:
AML4– anti-moneylaundering:o Primarilyforfinancialinstitutions,butalsoaccountants,lawyersetal.
requiredtoadheretoKYC(knowyourcustomer)lawsPSD1– paymentservicesdirective(2007):
o Providedalevelplayingfield,harmonizingconsumerprotectionandtherightsandobligationsforpaymentprovidersandusers
PSD2(2015):o Betterprotectsconsumerswhentheypayonline,promotesthe
developmentanduseofinnovativeonlineandmobilepayments,andmakescross-borderEuropeanpaymentservicessafer
o Allowsretailersto‘ask’consumersforpermissiontouseaconsumer’sbankdetails.Oncepermissionisgiven,theretailerreceivesthepaymentdirectlyfromthebankwithnointermediaries
o PassedinNovember2015withtwoyearstoincorporatethedirectiveintonationallawsandregulations
(C) TechVision Research Corp. 2016 - All Rights Reserved
TheEnterpriseStepsUp:GettingTheBalanceRight
(C) TechVision Research Corp. 2016 - All Rights Reserved
EmergingTrends
Thedisappearingperimeter• Cloud isnowtheprimarymeansofdeliveringapplicationsandservices• Wireless accessviamobiledevicesisbecomingthefirstchoice,• TheInternetofThingsisalmostanythingyoucanthinkofBlurringthelinesbetweenprivateandprofessional• BringYourOwn__ – device,identity,network• Socialmediaforwork,restandplayNotaquestionof‘if’but‘when’• Securityintrusionsanddatabreachesaregettingtobecommonplace• Thealarminglevelof‘insider’misdemeanours,particularlyamongstlonger-
serving,moreseniorstaff
(C) TechVision Research Corp. 2016 - All Rights Reserved
EmergingExpectations
Thedisappearingperimeter• Alevelingoftheplayingfieldforemployee,contractor,partner,supplier,
customer,consumeraccesstoenterpriseassets• Contextandrelationshipmanagementwillbeessentialfeaturesofthenext
generationofidentityandaccessmanagementsolutions
(C) TechVision Research Corp. 2016 - All Rights Reserved
BetweenARockAndAHardPlace
Knowyourcustomer• KYC• Marketingandsales• Consumer/customerexperienceKnowyouremployee• Lifecycleawareness• Beingacompassionateemployervspreventingtheinsiderthreat• Knowyourassets,knowyourdevices
Privacybydesign,privacybyconsent
(C) TechVision Research Corp. 2016 - All Rights Reserved 25
Datasources Description&relevance ContextapplicationsSocialmediacompanies
Adailycatalogueofthoughts,ideas,socialhabitsandsocialnetworkwhichcaneasilybeanalysedforbusinesspurposes.
Localretailers,hoteliersand travelcompaniestopromoteoffers; potentialemployersandinsurancecompanies
Creditcardcompanies(andbanks)
Profilesoftime,locationandtypeofpurchasinghabitsofbusinessesandindividuals
Factorinpartnering,hiring someoneoraworkplacedebt-relatedstressissue
Databrokers Creditchecksonindividualsandbusinesses. Enterprises regularmonitoringofemployees,partnersandsuppliers
Retailstores Transactionhistorieswithloyaltycardsrevealconsumer purchasingandpreferences
Retailers createtargetedsellingandmarketingcampaigns.
Travelcompanies
Onlinebookingsandloyaltycardprofilesforconsumertravelhabitsandpreferences
Hotels,restaurants,rentalcarcompaniesand airlinespromoteattractivedeals
Healthcareproviders
Maintainpatientmedicalrecordswhichofferconfidentialinformation.
Employmentopportunities,applicationsforfinanceor insurancepremiums etc
Mobilephoneoperators
Subscriberphonecalls, textmessages,consumed dataandlocationmovementsanytime,anywhereandonanydevice.
Employers,retailers,travelcompaniesandgovernmentagenciestoknowwherepeopleareandhavebeen.
Governmentagencies
Datasetsforpassports,identitycards,drivers’licencesandtaxreturns,aswellas,indirectaccesstomore.
Potentialtoaugmentorcompleteallenterpriseidentityprofiles
Carparks,localauthorities,garages
CCTVfornationalsecurity,law-enforcement,trafficmonitoringandprotectingpremises.Findinglostpeopleand‘things’.
Enterprises,retailers,localauthoritiesandothers
(C) TechVision Research Corp. 2016 - All Rights Reserved
GettingTheBalanceRight
(C) TechVision Research Corp. 2016 - All Rights Reserved
WhatWeDon’tWant
(C) TechVision Research Corp. 2016 - All Rights Reserved
OpportunitiesforTDL
(C) TechVision Research Corp. 2016 - All Rights Reserved
UnderstandingTheRules
Trust isattheheartofalltransactions,contractual,commercialandsocial,buttherapidpaceoftechnologydevelopmentandthecommercialavailabilityofconsumer-friendlymobiledevicesandapplicationsaredrivingdigitaltransformationanddisruptiontothetrustmodelasrarelyseenbefore.Thisisparticularlypertinentwithrespecttotheuseofpersonaldata
Understandingtherules– thehow,why,whenandwho– associatedwiththeuseofpersonaldatawouldbeimmenselybeneficialtoregulators,businessesandcitizensbothinEuropeandbeyond
(C) TechVision Research Corp. 2016 - All Rights Reserved
TechVisionResearch
(C) TechVision Research Corp. 2016 - All Rights Reserved
The image part with relationship ID rId3 was not
AboutUs
Formedin2015intheUSfromindustryandBurtonGroup/Gartnerexperiencedconsultinganalysts,TechVisionResearchintegratesresearchandconsultingfortheenterprise,primarilyintheareasofidentityandsecurity
Researchreporttitlesinclude:• TheFutureofIdentityManagement• Context-basedIdentityManagement• OpportunitiesinEuropewithElectronicIdentificationandTrust
Services• TheNewEuropeanPrivacyandDataProtectionRegulation—
ComplianceorConsequences• PrivacyBeyondCompliance• Blockchain LevelSet
• Blockchain Identity• Blockchain 2.0:SmartContracts
• TheEndofEnterpriseArchitectureandITasWeKnowIT• CrossTalk Report:IdentityandDataGovernance• EnterpriseInformationProtection• Data– TheFundamentalsareBroken
• FixingtheFundamentals—TheBusinessBlueprinto Follow-onDataArchitectureandFundamentalsReports
• InternetofThingsasaSecurityRiskAmplifierandRiskMitigationStrategieso Follow-onEnterpriseIoT Reports
• FutureofInformationSharingforCybersecurity• IdentityofThings(IDoT)• WhyLargeTechnicalProgramsFailandHowtoMitigateRisk
Thank You!