diretiva comunitária proteção de dados pessoais
TRANSCRIPT
![Page 1: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/1.jpg)
1
New EU Data Protection RegulationProposed changes and what they mean for your business
![Page 2: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/2.jpg)
2
Agenda• Proposed EU Data Protection Regulation• How to comply with the Regulation and minimize fines in the event of a breach• Stopping breaches in the first place• NextGeneration data protection.• How Sophos can help
![Page 3: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/3.jpg)
33
EU Data Protection Regulation
![Page 4: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/4.jpg)
4
Amendments from European Parliament21 November 2013(623 pages)
Q&A on EU DP reformEuropean Parliament22 October 2013Project of RegulationEuropean Commission 25 January 2012(118 pages)
Press pack from the European Commission22 October 2013Handbook on European data protection lawsCouncil of Europe December 2013
Sources
![Page 5: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/5.jpg)
5
Establish a single, pan-European law to replace the current inconsistent patchwork of national laws. Modernize the principles enshrined in the 1995 Data Protection Directive
Goal
![Page 6: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/6.jpg)
6
Benefits of the new RegulationBenefits for businesses1. One EU market, one law2. One-stop-shop – a single supervisory authority3. Same rules for all companiesBenefits for EU citizens1. Better data security2. Putting people in control
![Page 7: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/7.jpg)
7
Data security focus3 key Articles pertaining to data security :1. Security of processing (Article 30)
a. prevent any unauthorized access to personal datab. prevent any unauthorized disclosure, reading, copying, modification, erasure or removal of personal data
2. Notification of a personal data breach to the supervisory authority (Article 31)3. Communication of a personal data breach to the data subject (Article 32)
![Page 8: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/8.jpg)
8
What you need to know• Organizations must:
○ implement appropriate security measures to protect personal data○ have a clear data protection policy○ have a named Data Protection officer (except SMEs)
• Fines for unprotected data breaches will range up to €100 million or 5% of annual turnover.• If you suffer a breach and can show that the personal data can’t be accessed by unauthorized people (e.g. it was encrypted):
○ The likelihood of being fined should be very greatly reduced ○ You won’t need to notify affected data subjects of the breach
![Page 9: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/9.jpg)
9
The legislative process• 25 January 2012 – Draft legislation first presented by EU Commissioner Vivian Reding• January 2012 – October 2013 – Extensive discussion and amendment to the proposed bill• 12 March 2014 – European Parliament voted overwhelmingly in favor of the legislation (95%)• The Regulation still needs to go through further steps. However, it is widely anticipated that it will be adopted by 2015
9
![Page 10: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/10.jpg)
1010
How to ensure compliance with the Regulation
![Page 11: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/11.jpg)
11
Encryption is keyThe Regulation will require organizations to:1. Implement ‘appropriate security measures’ to protect personal dataEncryption is widely agreed to be the best data security measure available2. Notify affected parties in the event of a personal data breachIf you can prove the data was encrypted you don’t need to notify the individuals concerned3. Pay fines in the event of a personal data breachIf the data was encrypted it’s highly likely that no fines will be imposed
![Page 12: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/12.jpg)
12
Encryption is key
But What? Where? When?
![Page 13: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/13.jpg)
13
Lost or Stolen DeviceUnencrypted Encrypted
• Accidental loss or Theft of a device is a common occurrence.• Only authorized user should access devices.• How many devices have you lost?
![Page 14: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/14.jpg)
14
Copy Files to Removable Media
• These tiny devices can store large amounts of data and are easily misplaced.• Block or protect?• Where is your first USB stick and what was on it?
![Page 15: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/15.jpg)
15
Attach Files to E-Mail
• We all email & we all make mistakes (it happens)• What’s the consequence of sending the wrong attachment to the wrong person?• Encrypt file attachments or examine at Gateway?
![Page 16: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/16.jpg)
16
Copy Files to a Network Share
• Today’s Operating Systems make sharing data on the Network very simple.• Protect against Internal Threats.• Who is allowed to access company/user data?
![Page 17: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/17.jpg)
17
Copy Files to the Cloud
• Cloud Storage Services revolutionized the way we share data between users and devices.• What have you stored in the Cloud and what happens if someone steals it?• Encrypt the data before sending it to the Cloud.
![Page 18: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/18.jpg)
18
Rock solid data protection strategyIt’s all about the data1. How does data flow into and out of your organization?2. How do end users use the data?3. Who has access to company data?
![Page 19: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/19.jpg)
1919
Preventing breaches
![Page 20: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/20.jpg)
20
5 steps to stop data getting into the wrong hands1. Keep patches up-to-dateData-stealing malware often exploits known vulnerabilities. 2. Apply multi-layered entry-point protectionSecure against multiple vectors of attack with Web, Email and Malware protection at the gateway.3. Select Advanced Threat ProtectionChoose a next-generation firewall that detects and blocks attacks directly on the network.4. Use Selective SandboxingSecure against slow-moving or delayed threats. 5. Limit dissemination of sensitive dataDeploy Application Control and Data Control
![Page 21: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/21.jpg)
2121
How Sophos can help
![Page 22: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/22.jpg)
22
Our award-winning encryption solutions are appropriate security measures to protect personal data
![Page 23: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/23.jpg)
23
SafeGuard Enterprise Encryption• Encrypts data on multiple devices and operating systems• Doesn’t slow you down – it’s built to match your organization’s workflow and processes • Includes central management of Microsoft’s BitLocker and Apple’s FileVault• Provides extensive reporting to demonstrate proof of compliance SafeGuard ensures personal data is protected if a breach occurs
![Page 24: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/24.jpg)
24
SPX Email Encryption• Email encryption and DLP solution that protects the privacy,confidentiality, and integrity of your sensitive emails. • Automatically detects sensitive information leaving your organization by email, and either blocks it or encrypts it • Takes security out of the hands of your employees and looks after it for them. • Available in Sophos UTM and the Sophos Email Appliance
![Page 25: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/25.jpg)
25
We can help you create adata protection policy
![Page 26: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/26.jpg)
26
Sample data protection policyUse the Sophos sample policy as the basis for your own.Customize for your organization.
![Page 27: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/27.jpg)
27
And we can help youprevent breaches in the first place
![Page 28: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/28.jpg)
28
Protecting against hackers and accidental lossSophos Endpoint Protection
○ Patch assessment to identify and prioritize missing patches○ Application Control○ Data Control○ Advanced web protection capabilities
Sophos UTM○ Advanced Threat Protection capabilities○ Selective sandboxing○ Advanced web protection capabilities○ Optional SPX email encryption
![Page 29: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/29.jpg)
2929
El futuro de la protección de datos: Next Generation Data Protection
![Page 30: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/30.jpg)
30
Next Generation Data ProtectionDLP DLP Reactive to IntegrityReactive to Integrity Continuous CollaborationContinuous Collaboration
Simple & Unobtrusive ProtectionSimple & Unobtrusive Protection
![Page 31: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/31.jpg)
3131
Summary
![Page 32: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/32.jpg)
32
Summary• This legislation WILL go ahead
○ It has already progressed very far, and with very high support. It will not be allowed to fail.• Key stakeholders want to move fast
○ European Commission○ European Parliament○ Data Protection Authorities○ Individual Governments
• Media pressure is building up○ PRISM, large scale data thefts (e.g. Target)○ Confidence from citizens in online activities is eroding
• You need to be ready○ Implement appropriate data security measures ○ Create and communicate your data protection policy
![Page 33: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/33.jpg)
33
Resources available to help you• Sample Data Protection Policy• 60-Second EU Data Security Compliance Check• Whitepaper on EU Data Protection Regulation• Try for Free: Sophos SafeGuard Enterprise and SPX email encryptionAll available at www.sophos.com/EU
![Page 34: Diretiva Comunitária Proteção de Dados Pessoais](https://reader033.vdocuments.pub/reader033/viewer/2022051318/587bbeaf1a28abb8258b70ff/html5/thumbnails/34.jpg)
34© Sophos Ltd. All rights reserved.