Welcome to Enobyte Munich! Data Protection Enobyte Introduction - PowerPoint PPT Presentation

Welcome to Enobyte Munich! Data Protection

Enobyte Introduction Company overview 2

Enobyte overview GDPR Over Data Protection compliance staff training 20 years support tools tools experience in IT infrastructure & security All ISO 27001 servers located Certified Data Centres in Secure EU encrypted communication tools

Memberships & Certificates § German-Japanese Business Association Member § Security Network Munich Founding Member § TÜV Certified Data Protection Officer § TÜV Certified Data Protection Auditor § International Association of Privacy Professionals (iapp) Certified Data Protection Officer, Information Privacy Manager § ISO27001 Certified Data Centres

Press/Conferences/Collaborations Highlights § Speaker: Japan Kokkai, 1 st German-Japanese Cyber Security Forum § Collaborative partner: Japan PPC, GDPR seminar § Collaborative partner: Invest in Bavaria, GDPR seminar § Co-Author: GDPR Guidebook (Amazon Best seller – Law category) § Featured in : WIRED jp, The Asahi Shimbun Globe+, DPO Insights

Reasons why GDPR was established The GDPR is largely based on the Universal Declaration of Human Rights updated to protect against current dangers and injustices: Mass surveillance, industrial espionage, social engineering Discrimination and psychological manipulation Highly automised malware and cyber attacks

Benefits of compliance Business benefits of GDPR Source: Cisco 2019 Data Privacy Benchmark Study

Benefits of compliance Summary of benefits: Business benefits of GDPR § Less likely to experience a breach § Fewer data records impacted when breach occurs § Shorter system downtimes § Better documentation = higher efficiency § Competitive advantage over customers and investors § Overall lower costs associated with breaches Source: Cisco 2019 Data Privacy Benchmark Study

Benefits of compliance Cost of a data breach includes post data breach response and consequences e.g.: - Help desk activities / Inbound communications - Credit report monitoring and identity protection services - Issuing new accounts or credit cards- Legal expenditures - Product discounts - Regulatory interventions (fines) - Cost of business disruption and revenue losses from system downtime - Cost of lost customers/parters and acquiring new ones (turnover) - Reputation losses and diminished goodwill Source: IBM 2019 Cost of a Data Breach Report by Ponemon Institute

Benefits of compliance The top factors that reduce the cost of a data breach are: - Formation of a competent Incident Response team (IR) which include DPOs and DPCs - Extensive use of Encryption - Active engagement of the Incident Response team (IR) which include DPOs and DPCs - Employee training Source: IBM 2019 Cost of a Data Breach Report by Ponemon Institute

Aspects of GDPR Business Legal Technical

Enobyte Approach § GDPR must enable business, not hinder business. § Your data will be better protected and less vulnerable to cyber attacks. § As the GDPR is enforced in all EU and EEA member states, a top down approach will be very efficient. § Advantages of an external DPO organisation

Product Overview 13

GDPR Full Assessment § Secure and online § Dynamic A.I. presents only questions relevant to answers given § A.I. allows for faster and easier completion of the assessment compared to filling an Excel sheet § Interchangable languages in English, Japanese, German.

GDPR Full Assessment § Different sections can be answered by relevant persons/departments

GDPR Full Assessment § Concise gap analysis § Identifies risk levels of each gap for priority planning § Gives practical advice on industry standards § IT expert recommendations for implementation

DPO Ticket System

Create New Ticket Reporter at subsidiary reports an issue concerning data privacy by creating a new ticket addressed to the DPO.

DPO communication DPO receives request and writes a reply.

Secure Document Upload using state-of-the-art TLS encryption

All communication is documented and can be reviewed later. The Ticket System includes Report Profiles and Time Accounting

Manage Tickets

Service Level Agreements according to GDPR Art. 33

Multi-Lingual Interface

Benefits • Centralised Tool for DPO Communication • Tickets can be created via Web, E-Mail, Phone custom on-line input forms or API • Monitoring and Documentation of all requests • SLA Management, Out of Office Replacements • Hosted in Germany, ISO 27.001 compliance

Data Protection Staff Training 17

What is referenced in the GDPR Art.25 (1): Data protection by design and by default “…the controller shall, implement appropriate technical and organisational measures…in an effective manner and to integrate the necessary safeguards into the processing” Recital 78: Appropriate Technical and Organisational Measures “ the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.” Art.39 (1b): Tasks of the data protection officer “The data protection officer shall … monitor compliance with this Regulation … [through] awareness-raising and training of staff involved in processing operations”

Training possibilities Ease of Ease of Cost Effectiveness localisation documentation PDF Low In-Person High EN/DE Webinar Mid EN/DE Online Academy Low-Mid EN/JP

Online Academy Summary of features: § Videos in English & Japanese § Online Quiz in English & Japanese § Scale-able § Proof of participation as TOM documentation

Online Academy § Automatic participation lists § Provides documentation for implementing an Organisational Measure for data protection Admin Student Student

e-Learning Expertise § Global Advisory Board Member and speaker of OEB – International conference for learning conference § GDPR and education talks covered on learning news publications