• Aucun résultat trouvé

Assessing IT Security Standards Against the Upcoming GDPR for Cloud Systems

N/A
N/A
Protected

Academic year: 2021

Partager "Assessing IT Security Standards Against the Upcoming GDPR for Cloud Systems"

Copied!
1
0
0

Texte intégral

(1)

Major problem for an enterprise:

«How to know if I am compliant with the GDPR (and not be fined)?»

Assessing IT Security Standards Against the

Upcoming GDPR for Cloud Systems

Data protection reform is coming

General Data Protection Regulation

(2017/2018)

But which text?

?

Harmonized rights Harmonized rules Transparency Purpose limitation Data minimization Consent

Data subject rights Data portability

Right to information

Gap between existing data protection software

and procedures and the data protection reform

Be prepared or

Cesare Bartolini, Gabriela Gheorghe, Andra Giurgiu, Mehrdad Sabetzadeh, Nicolas Sannier

GDPR

Data minimization (art. 5) Data categories (art. 9)

Appropriate measures (art. 30) Risk assessment (art. 33)

Data protection officer (art. 35) Data transfer (art. 41)

ISO 27001:2013

Information security risk assessment (art. 8.2) Management responsibilities (A.7.2.1)

Classification of information (A.8.2.1) Management of access rights (A.9.2.3) Information transfer policies (A.13.2.1) Information security (A.14.1)

Are there any possible matchings? Such as…

Endorsed by the

Luxembourg Privacy Cluster

(LPC)

University of Luxembourg

This work is within the scope of a joint work at SnT

(Interdisciplinary Centre for Security, Reliability and Trust)

within the scope of the data protection reform in cloud systems

E-mail contact of the authors: { }@uni.lu

firstname.lastname

Benefits for many stakeholders

Security standards as "partial"

data protection standards

Less changes needed to

achieve compliance

Easier to define actual standards

for data protection

Faster adaptation

Less likely to incur into penalties

Documentation

Rectification and erasure Restrictions on profiling Appropriate measures Impact assessment

Authorisation

Data protection officer Privacy by design

Privacy by default

High fines (2-5% of annual turnover?)

Some principles and rules

contained in the GDPR

(any text)

(name your favourite

security standard)

Can these (partially) bridge the gap

to achieve GDPR compliance?

Références

Documents relatifs

R´ esoudre (E h ) en suivant l’algorithme du cours et pr´ eciser une base du sous-espace vectoriel P... En d´ eduire que la matrice M

The lockdown of UK schools due to COVID-19 and the subsequent push to rapidly integrate more ICT for the use of remote learning has highlighted the pivotal role of a

At the same time, new threats and vulnerabilities have emerged, which can be classified into 3 groups: threats associated with vulnerabilities of portal solutions

Finally, we implement a framework which bases upon the developed taxonomy, provides methods to automatically evaluate the data quality and filter relevant shared cyber

As standards are necessary in order to achieve uniform adoptions among different indus- tries, organizations, and their systems, similarly there is a need for security

that the expression for a 12 would involve 1024 ourenes of the number 2, most of them inside a jungle of square roots1. Suh an expression would not give us muh insight into the number

[r]

En développant f (x) , montrer que c'est la somme d'un nombre réel et d'une combinaison d'expressions contenant des cosinus hyperboliquesb. En déduire une nouvelle preuve de