the new european privacy and data protection regulations ... · the new legislative landscape will...

TheNewEuropeanPrivacyandDataProtectionRegulations–Compliance,ConsequencesandChallengesDavidGoodmanPrincipalConsultingAnalyst22September2016

(C) TechVision Research Corp. 2016 - All Rights Reserved

DataProtection&Privacy:ANewDawn


Desiderata

TheEUwantstobuildasinglemarketfitforthedigitalagebytearingdownregulatorywallsandmovingawayfrom28nationalmarketstoasingleonethatsupportsthefreemovementofpersons,services,andcapital.

UpdatestotherulesrelatingtodataprotectionandprivacyinEuropearelongoverdue,andareevenmoresointherestoftheworld.

NewEuropeanlegislationwillreplacethecurrentchaosinwhicheachEUMemberStatehasitsownseparatedirectivewithabravenewworldinwhichtherewillbeonelawacrossalloftheEU,implementingstiffpenaltiesforviolations.

ThenewlegislativelandscapewillrequireanybusinessoperatinginEuropeincludingforeignmultinationalstomakeconsiderablechangestotheirdataprotectionpoliciesandstrategieswithinthenexttwoyearsinadvanceofthelegislationcomingintofullforceinMay2018.


TheDataProtectionDirective(1995)

In1995,veryfewEuropeanswereusingtheInternetandtheconcernsaroundprivacyandprotectingpersonaldataapparenttodaywerenotthere.

Itwasalso‘only’adirective,notbindinglegislationbutarequirementoneachMemberStatetotransposetheprotectionofpersonaldatalocallyintolawbytheendof1998.

Theprincipleswerethatpersonaldatashouldnotbeprocessedatallunlesstheprocessesmetcertainconditionswhichfallintothreecategories:

Transparency – thedatasubjecthastherighttobeinformedwhenhispersonaldataisbeingprocessedfairlyandundercertaincircumstances

Legitimatepurpose– personaldatacanonlybeprocessedforspecifiedexplicitandlegitimatepurposesandnotfurtherinawayincompatiblewiththosepurposes

Proportionality – personaldatamaybeprocessedonlyinsofarasitisadequate,relevantandnotexcessiveinrelationtothepurposesforwhichitiscollectedand/orfurtherprocessed.

Theframeworkprovideddidnotestablishsufficienttrustbetweenauthorities,businesses,andcitizensorconsumersinhibitingtheonlineenvironmentwhichiskeytoeconomicdevelopmentandmostotheraspectsofdigitallife


GeneralDataProtectionRegulation(GDPR)

Themaingoalistoestablishasinglepan-Europeanlawtoreplacetheinconsistentpatchworkofnationallawsbasedonoutdateddirectives.

Amajordifferencebetweentheearlierdirectivesandthenewregulationisintheirdefinitions– onesetprovidedguidanceandthesecondistobeenshrinedinlaw.

Thisreformaimstoenablepeopletogainbettercontrolofpersonaldata,atthesametimeallowingbusinessestomaximise theopportunitiesoftheDigitalSingleMarket,cuttingredtapeandbenefitingfromreinforcedconsumertrust

TheEUhasraisedtheprofileofcompliancetoprivacyconcerns,steppingupenforcementactivitiesregardingbreachestotheexistinglegalframework

Thenewlegislationnotonlytightensupthescopeofdataprotectioninlawandintroducesenhancedrequirements,italsohasteethtoenforcetoughsanctionsfornegligenceinprotectingcitizens’data

HighprofileactionsrecentlytakenagainstEuropeanandUSmultinationals

(C) TechVision Research Corp. 2016 - All Rights Reserved 6

Company Jurisd-iction

Problem Consequence

MicrosoftDecember2013

Ireland ANewYorkjudgeaskedMicrosofttoproduceemailsandprivateinformationhostedonaserverinDublin.

MicrosofthandedoverinformationheldintheUSbutrefusedthatstoredinIreland.

GoogleMay2014

Spain RequestbyindividualtohavecertainpersonaldetailsremovedfromGooglesearchdenied

RighttobeforgottenupheldbyEuropeanCourtofJustice.Googleremovedlinks

MicrosoftJuly2014

Europe ResponsetoGooglerulingonrighttobeforgotten

Bingallowedindividualstorequesttheremovaloflinkstocertainpages

OPMApril2015

USA 21.5millionpersonaldatarecordsand5.6millionfingerprintscompromised.

ThedirectorandinspectorgeneraloftheOPMresignedtheirpositions.

FacebookMay2015

Belgium PrivacyCommissionersaidFacebookdidnotcomplywithEurope’sprivacyrules

AcourtjudgedthatFacebookcouldnolongercollectandstoreonlineinformationfromBelgianswithnoFacebookaccount

FacebookJune-October2015

Austria Aclass-actionsuitcenteredonhowFacebookhadcollectedanduseddataonitsusers

InitiallyrejectedbyacourtinViennabutlatertheECoJ acceptedtheclaimanddismissedtheSafeHarbour agreementasinvalid

TalkTalkOctober2015

UK Cyber-attackimpactingthepersonaldataof157,000customers

Claimedlossestothecompanyof60MGBPbutatpresentnopenaltiesimposedbyUKICO

AppleJanuary-March2016

USA FBIrequestedAppletoprovideaccesstotheiPhone5ownedbyoneoftheSanBernardinomurderers.

ApplerefusedtocooperatewiththeFBI.Thereweretwomainissues:unlockingthespecificiPhoneandtheengineeringofa“back-door”.

FacebookFebruary2016

France TheDPAsaidtrackingnon-userswithcookieswithoutinformingthemdidn’tcomplywithFrenchprivacylaw.

CNILorderedFacebooktostoptrackingnon-users'webactivitywithouttheirconsentandtostoptransfersofpersonaldatatotheUS.


“Specifically,theFBIwantsustomakeanewversionoftheiPhoneoperatingsystem,circumventingseveralimportantsecurityfeatures,andinstallitonaniPhonerecoveredduringtheinvestigation.”

“ApplechosetoprotectadeadISISterrorist’sprivacyoverthesecurityoftheAmericanpeople”

“Peoplehaveentrusteduswiththeirmostpersonalinformation.Weowethemnothinglessthanthebestprotectionsthatwecanpossiblyprovidebyharnessingthetechnology atourdisposal.Wemustgetthisright.Historyhasshownusthatsacrificingourrighttoprivacycanhavedireconsequences”

“Theproblemofend-to-endencryptionisn’tjustaterrorismissue.Itisalsoadrug-trafficking,kidnappingandchildpornographyissuethatimpactseverystateoftheUnion…It’sunfortunatethatthegreatcompanyAppleisbecomingthecompanyofchoiceforterrorists,drugdealersandsexualpredatorsofallsorts.”


LoftyIntentions

9

(1) The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) ofthe Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning ofthe European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.

(2) The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should,whatever their nationality or residence, respect their fundamental rights and freedoms, in particulartheir right to the protection of personal data. This Regulation is intended to contribute to theaccomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to thestrengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.

(3) Directive 95/46/EC of the European Parliament and of the Council (4) seeks to harmonise the protection of fundamental rightsand freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data betweenMember States.

(4) The processing of personal data should be designed to serve mankind. The right to theprotection of personal data is not an absolute right; it must be considered in relation to itsfunction in society and be balanced against other fundamental rights, in accordance withthe principle of proportionality. This Regulation respects all fundamental rights and observes the freedoms andprinciples recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home andcommunications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression andinformation, freedom to conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious andlinguistic diversity.


DataDefinitionsPersonaldata:anyinformationrelatingtoanidentifiedoridentifiablenaturalperson(‘datasubject’);anidentifiablenaturalpersonisonewhocanbeidentified,directlyorindirectly,inparticularbyreferencetoanidentifiersuchasaname,anidentificationnumber,locationdata,anonlineidentifierortooneormorefactorsspecifictothephysical,physiological,genetic,mental,economic,culturalorsocialidentityofthatnaturalperson;

Profiling:anyformofautomatedprocessingofpersonaldataconsistingoftheuseofpersonaldatatoevaluatecertainpersonalaspectsrelatingtoanaturalperson,inparticulartoanalyse orpredictaspectsconcerningthatnaturalperson'sperformanceatwork,economicsituation,health,personalpreferences,interests,reliability,behaviour,locationormovements;

Geneticdata:personaldatarelatingtotheinheritedoracquiredgeneticcharacteristicsofanaturalpersonwhichgiveuniqueinformationaboutthephysiologyorthehealthofthatnaturalpersonandwhichresult,inparticular,fromananalysisofabiologicalsamplefromthenaturalpersoninquestion

Biometricdata: personaldataresultingfromspecifictechnicalprocessingrelatingtothephysical,physiologicalorbehavioural characteristicsofanaturalperson,whichalloworconfirmtheuniqueidentificationofthatnaturalperson,suchasfacialimagesordactyloscopic data;

10


OperationalDefinitionsProcessing: Anyoperationorsetofoperationswhichisperformedonpersonaldataoronsetsofpersonaldata,whetherornotbyautomatedmeans,suchascollection,recording,organisation,structuring,storage,adaptationoralteration,retrieval,consultation,use,disclosurebytransmission,disseminationorotherwisemakingavailable,alignmentorcombination,restriction,erasureordestruction;

Controller:Thenaturalorlegalperson,publicauthority,agencyorotherbodywhich,aloneorjointlywithothers,determinesthepurposesandmeansoftheprocessingofpersonaldata;wherethepurposesandmeansofsuchprocessingaredeterminedbyUnionorMemberStatelaw,thecontrollerorthespecificcriteriaforitsnominationmaybeprovidedforbyUnionorMember Statelaw;

Consentofthedatasubject:anyfreelygiven,specific,informedandunambiguousindicationofthedatasubject'swishesbywhichheorshe,byastatementorbyaclearaffirmativeaction,signifiesagreementtotheprocessingofpersonaldatarelatingtohimorher;

Personaldatabreach:abreachofsecurityleadingtotheaccidentalorunlawfuldestruction,loss,alteration,unauthorised disclosureof,oraccessto,personaldatatransmitted,storedorotherwiseprocessed;

11


GDPRNutsandBolts173recitals,26definitions,99articlesand11chapters• GeneralProvisions

• Principles

• Rightsofthedatasubject

• Controllerandprocessor

• Transfers of personal data to third countries or international organisations

• Independent supervisory authorities

• Cooperation and consistency

• Remedies¬ liability and penalties

• Provisions relating to specific processing situations

• Delegated acts and implementing acts

• Final provisions

12


GDPRInANutshellOnecontinent,onelaw

Strengthenedandadditionalrights

EUrulesforEUcitizens

MorepowersfornationalDPAs

’One-stopshopping'

13

Companiesdealwithasinglesetofrulesondataprotection,validacrosstheEU,not28– removingunnecessaryadministrativerequirementsandsaving€130millionperyear.Therighttobeforgottenreinforced,citizensbetterinformediftheirdataishackedandarighttodataportabilitymakingiteasiertotransferpersonaldatabetweenserviceproviders.Whencitizensnolongerwanttheirdataprocessed,thecontrollermustshowlegitimategroundsforretainingit,ordeletethedata

Non-EUcompanieshavetoapplythesameruleswhenofferingservicesintheEUorholdingEUcitizens’data

DPAsstrengthenedtoenforcetherules,andempoweredtofineviolationswithpenaltiesofupto€10/20millionorupto2/4% ofacompany’sglobalannualturnover,whicheveristhegreater.

Onesupervisoryauthoritymakesitsimplerandcheaper,particularlySMEs,todobusiness,savingbusinessesaround€2.3billionayear.

IndividualsdealwiththeirnationalDPAandintheirownlanguage—eveniftheirpersonaldataisprocessedoutsidetheirhomecountry.


ABraveNewWorld

TheintroductionoftheGDPRisgoingtorequiresignificantchangesinthewaythatmost,ifnotall,companiesapproachdataprotectiontoday- inmanycasestheeffortinvolvedmaywellbemorestrenuousthananticipated.

Generally,itwillbefarmoreexpedienttoobservethe“spirit”ofthenewdataprotectionrulesratherthanjustaimingforcompliance,butthismayexposeanorganizationtoenforcementactionsiftherelevantauthoritiesinterpretthat“spirit”differently.

AsevidencedbythegrowlingsensitivitiestodataprotectionandprivacyconcernsbyindividualsaswellastheauthoritiesonbothsidesoftheAtlantic,sittingbackanddoingnothinginthehopethatlightningwillnotstrikeisnotanoption.

ItisanindicationofboththestrengthsandweaknessesofallITsystemsthattheresponsibilityforthehandlingofpersonaldataisachievingheadlinerecognition.


Challenges

ConsiderablechallengeslieaheadfortheindependentDPAs,notleastinrecruitment,awareness,andactualenforcementthroughthecourtsAlthoughGDPRisavastimprovementonwhatcamebefore,isitfutureproof?Forexample:• InternetofThingsandtheIdentityofThings• Cloudcomputing• Blockchain


SoWhatShouldCompaniesDo?

Step1:Gettingstarted:understandwhatisnew

Step2:Whatdatasubjectswillexpectofdatacontrollers

Step3:Beingpreparedforwhensomethinggoeswrong

Step4:Whattodonext– theprivacyimpactassessment

Step5:Informingstakeholdersandraisingawareness

Oneofthemajorchangesistherequirementforallpublicauthoritiesandcompanieswithmorethan250employeesorprocessingmorethan5,000datasubjectstoappointaDataProtectionOfficer(DPO)within12months.

AgroupofundertakingsmayappointasingleDPOprovidedthataDPOiseasilyaccessiblefromeachestablishment.


APrivacyImpactAssessment(PIA)

LedbyTheDataProtectionOfficer(orComplianceOfficer)Who’sinvolvedKeyemployees,vendors,systemintegratorsbusinesspartnersWhatisbeingassessedHardwareandsoftwareassets,applicationsandsharedsystemsKeyelementsDatabases,directories,MicrosoftOfficeapplications,AdobePDFs,socialmediadataRiskhighlightsInformationRightsManagementsolutionsordataencryptionforunstructureddata;untrackedorinvisible‘anonymous’personaldataContingencyplanningLimitorsecureanydatabreachasquicklyaspossible.CommunicateearlyandtransparentlywithimpactedpartiesandauthoritiesOngoingassessmentTobeinstigatedwheneversignificantneworriskyprocessesareundertakenorshareddatabasesareintroduced.


ASpannerInTheWorks

InOctober2015theEuropeanCourtofJusticeruledinalandmarkcaseagainstFacebookthatthe15year-oldSafeHarbour agreementbetweentheEUandtheUSwasnolongervalidbecauseitdidnotoffersufficientprotectiontothefundamentalrightsofEuropeans.

Consequently,everynationaldataprotectionauthoritywasempoweredtoexamineanyUS-bounddatatransfersonacase-by-casebasis.

IntheabsenceofclarityabouttheproposedEU-USPrivacyShield,thelimbo—wherebytheoldrulesweretornupanddatamonitoringandenforcementwasinthehandsofindividualnationaldataprotectionauthorities— wasapotentialminefieldforUSmultinationalsaswellasUS-basedcloudserviceproviderswhowereseentonotbesupportingEuropeanprivacylaws.

However,despitevigorousobjectionsfromprivacyadvocatesandlobbyistsinEuropeandtheUS,thenewtreatywassignedon12July2016.


TheEU-U.S.PrivacyShieldprotectsthefundamentalrightsofEuropeansandensureslegalcertaintyforbusinesses,includingEuropeancompanies,transferringpersonaldatatotheU.S.ThePrivacyShieldensureseasierredressforindividualsincaseofanycomplaints.IamthereforeconfidentthatthePrivacyShieldwillrestorethetrustofEuropeansinthewaytheirpersonaldataaretransferredacrosstheAtlanticandprocessedbycompaniesthere.IencouragecompaniestosignupandIinvitecitizenstofindoutabouttheirrightsunderthePrivacyShieldinthe'citizens'guide'wearepublishingtodayVěra Jourová,theEU'sCommissionerforJustice,ConsumersandGenderEquality

EU-U.S. Privacy ShieldThe EU-U.S. Privacy Shield imposes stronger obligations on U.S. companies to protect Europeans’ personal data. It reflects the requirements of the European Court of Justice, which ruled the previous Safe Harbour framework invalid. The Privacy Shield requires the U.S. to monitor and enforce more robustly, and cooperate more with European Data Protection Authorities.It includes, for the first time, written commitments and assurance regarding access to data by public authorities.

July 2016

Strong obligations on companies and robust enforcement: > Greater transparency.> Oversight mechanisms to ensure companies abide by

the rules.> Sanctions or exclusion of companies if they do not comply.> Tightened conditions for onward transfers.

Several redress possibilities:> Directly with the company: Companies must reply to

complaints from individuals within 45 days.> Alternative Dispute Resolution: free of charge.> With the Data Protection Authority: they will work

with U.S. Department of Commerce and Federal Trade Commission to ensure unresolved complaints by EU citizens are investigated and swiftly resolved.

> Privacy Shield Panel: As a last resort, there will be an arbitration mechanism to ensure an enforceable decision.

What will it mean in practice?

For American companies> Self-certify annually that they meet the requirements.> Display privacy policy on their website.> Reply promptly to any complaints.> (If handling human resources data) Cooperate and comply

with European Data Protection Authorities.

For European individuals> More transparency about transfers of personal data to the U.S. and stronger protection of personal data.> Easier and cheaper redress possibilities in case of complaints —directly or with the help of their local Data Protection

Authority.

Clear safeguards and transparency obligations:> For the first time, written assurance from the U.S. that

any access of public authorities to personal data will be subject to clear limitations, safeguards, and oversight mechanisms.

> U.S authorities affirm absence of indiscriminate or mass surveillance.

> Companies will be able to report approximate number of access requests.

> New redress possibility through EU-U.S. Privacy Shield Ombudsperson mechanism, independent from the intelligence community, handling and solving complaints from individuals.

Annual joint review mechanism:> Monitoring the functioning of the Privacy Shield and U.S.

commitments, including as regards access to data for law enforcement and national security purposes.

> Conducted by the European Commission and the U.S. Department of Commerce, associating national intelligence experts from the U.S. and European Data Protection Authorities.

> Annual privacy summit with NGOs and stakeholders on developments in the area of U.S. privacy law and its impact on Europeans.

> Public report by the European Commission to the European Parliament and the Council, based on the annual joint review and other relevant sources of information (e.g. transparency reports by companies).

Commercial sector U.S. Government access

Monitoring

The new arrangement will include the following elements:

Justiceand Consumers

Redress


AnythingElse?Foranybusinessengagedincommercialtransactionwhetherfinancialinstitutionsornon-financialmarketplayers,thereismore:

AML4– anti-moneylaundering:o Primarilyforfinancialinstitutions,butalsoaccountants,lawyersetal.

requiredtoadheretoKYC(knowyourcustomer)lawsPSD1– paymentservicesdirective(2007):

o Providedalevelplayingfield,harmonizingconsumerprotectionandtherightsandobligationsforpaymentprovidersandusers

PSD2(2015):o Betterprotectsconsumerswhentheypayonline,promotesthe

developmentanduseofinnovativeonlineandmobilepayments,andmakescross-borderEuropeanpaymentservicessafer

o Allowsretailersto‘ask’consumersforpermissiontouseaconsumer’sbankdetails.Oncepermissionisgiven,theretailerreceivesthepaymentdirectlyfromthebankwithnointermediaries

o PassedinNovember2015withtwoyearstoincorporatethedirectiveintonationallawsandregulations


TheEnterpriseStepsUp:GettingTheBalanceRight


EmergingTrends

Thedisappearingperimeter• Cloud isnowtheprimarymeansofdeliveringapplicationsandservices• Wireless accessviamobiledevicesisbecomingthefirstchoice,• TheInternetofThingsisalmostanythingyoucanthinkofBlurringthelinesbetweenprivateandprofessional• BringYourOwn__ – device,identity,network• Socialmediaforwork,restandplayNotaquestionof‘if’but‘when’• Securityintrusionsanddatabreachesaregettingtobecommonplace• Thealarminglevelof‘insider’misdemeanours,particularlyamongstlonger-

serving,moreseniorstaff


EmergingExpectations

Thedisappearingperimeter• Alevelingoftheplayingfieldforemployee,contractor,partner,supplier,

customer,consumeraccesstoenterpriseassets• Contextandrelationshipmanagementwillbeessentialfeaturesofthenext

generationofidentityandaccessmanagementsolutions


BetweenARockAndAHardPlace

Knowyourcustomer• KYC• Marketingandsales• Consumer/customerexperienceKnowyouremployee• Lifecycleawareness• Beingacompassionateemployervspreventingtheinsiderthreat• Knowyourassets,knowyourdevices

Privacybydesign,privacybyconsent


Datasources Description&relevance ContextapplicationsSocialmediacompanies

Adailycatalogueofthoughts,ideas,socialhabitsandsocialnetworkwhichcaneasilybeanalysedforbusinesspurposes.

Localretailers,hoteliersand travelcompaniestopromoteoffers; potentialemployersandinsurancecompanies

Creditcardcompanies(andbanks)

Profilesoftime,locationandtypeofpurchasinghabitsofbusinessesandindividuals

Factorinpartnering,hiring someoneoraworkplacedebt-relatedstressissue

Databrokers Creditchecksonindividualsandbusinesses. Enterprises regularmonitoringofemployees,partnersandsuppliers

Retailstores Transactionhistorieswithloyaltycardsrevealconsumer purchasingandpreferences

Retailers createtargetedsellingandmarketingcampaigns.

Travelcompanies

Onlinebookingsandloyaltycardprofilesforconsumertravelhabitsandpreferences

Hotels,restaurants,rentalcarcompaniesand airlinespromoteattractivedeals

Healthcareproviders

Maintainpatientmedicalrecordswhichofferconfidentialinformation.

Employmentopportunities,applicationsforfinanceor insurancepremiums etc

Mobilephoneoperators

Subscriberphonecalls, textmessages,consumed dataandlocationmovementsanytime,anywhereandonanydevice.

Employers,retailers,travelcompaniesandgovernmentagenciestoknowwherepeopleareandhavebeen.

Governmentagencies

Datasetsforpassports,identitycards,drivers’licencesandtaxreturns,aswellas,indirectaccesstomore.

Potentialtoaugmentorcompleteallenterpriseidentityprofiles

Carparks,localauthorities,garages

CCTVfornationalsecurity,law-enforcement,trafficmonitoringandprotectingpremises.Findinglostpeopleand‘things’.

Enterprises,retailers,localauthoritiesandothers


GettingTheBalanceRight


WhatWeDon’tWant


OpportunitiesforTDL


UnderstandingTheRules

Trust isattheheartofalltransactions,contractual,commercialandsocial,buttherapidpaceoftechnologydevelopmentandthecommercialavailabilityofconsumer-friendlymobiledevicesandapplicationsaredrivingdigitaltransformationanddisruptiontothetrustmodelasrarelyseenbefore.Thisisparticularlypertinentwithrespecttotheuseofpersonaldata

Understandingtherules– thehow,why,whenandwho– associatedwiththeuseofpersonaldatawouldbeimmenselybeneficialtoregulators,businessesandcitizensbothinEuropeandbeyond


TechVisionResearch


The image part with relationship ID rId3 was not

AboutUs

Formedin2015intheUSfromindustryandBurtonGroup/Gartnerexperiencedconsultinganalysts,TechVisionResearchintegratesresearchandconsultingfortheenterprise,primarilyintheareasofidentityandsecurity

Researchreporttitlesinclude:• TheFutureofIdentityManagement• Context-basedIdentityManagement• OpportunitiesinEuropewithElectronicIdentificationandTrust

Services• TheNewEuropeanPrivacyandDataProtectionRegulation—

ComplianceorConsequences• PrivacyBeyondCompliance• Blockchain LevelSet

• Blockchain Identity• Blockchain 2.0:SmartContracts

• TheEndofEnterpriseArchitectureandITasWeKnowIT• CrossTalk Report:IdentityandDataGovernance• EnterpriseInformationProtection• Data– TheFundamentalsareBroken

• FixingtheFundamentals—TheBusinessBlueprinto Follow-onDataArchitectureandFundamentalsReports

• InternetofThingsasaSecurityRiskAmplifierandRiskMitigationStrategieso Follow-onEnterpriseIoT Reports

• FutureofInformationSharingforCybersecurity• IdentityofThings(IDoT)• WhyLargeTechnicalProgramsFailandHowtoMitigateRisk

Thank You!

[email protected]

the new european privacy and data protection regulations ... · the new legislative landscape will...

Documents