IBM Security Guardium

 View Only

  • 1.  THINK 2019 Presentation about our Guardium Project: GDPR Reflections — Where Are We Now?

    IBM Champion
    Posted Thu March 07, 2019 12:43 PM
    Edited by Sergio Insalaco Fri March 08, 2019 06:18 AM
      |   view attached
    ​Hi fellow Guardium Community members,

    Check out the presentation I gave with IBM at THINK 2019, "GDPR Reflections: Where Are We Now?" about our Guardium Project.


    best

    ------------------------------
    Sergio Insalaco
    ------------------------------

    Attachment(s)

    pdf
    5948-GDPR Reflections Compert-Insalaco.pdf   59.21 MB 1 version


  • 2.  RE: THINK 2019 Presentation about our Guardium Project: GDPR Reflections - Where Are We Now?

    Posted Fri March 08, 2019 06:16 AM
    Sergio, thank you very much for sharing! I'm sure other Guardium users will find it very valuable to learn from your experiences.

    ------------------------------
    Jennifer Tullman-Botzer
    Digital Strategist
    IBM
    Tel Aviv
    ------------------------------

    Original Message


  • 3.  RE: THINK 2019 Presentation about our Guardium Project: GDPR Reflections - Where Are We Now?

    Posted Mon March 11, 2019 02:28 PM

    Hi Sergio

    Thanks for posting. This is great. I have a few questions:

    - Are you seeing an upward trend in strictness by EU officials around GDPR compliance?
    - What kind of action [ lawsuits, complaints, fines ] will it take to motivate organizations to be GDPR compliant if it hasn't happened already?
    - Are there countries / parts of the world you see as being unwilling to comply with GDPR even with European customers, employees?



    ------------------------------
    Calvin Bench
    Offering Manager
    Austin TX
    ------------------------------

    Original Message


  • 4.  RE: THINK 2019 Presentation about our Guardium Project: GDPR Reflections - Where Are We Now?

    IBM Champion
    Posted Tue March 12, 2019 06:15 AM
    ​Hi Calvin,
    the GDPR fines are up to 10 million euros or, if higher, 2% of worldwide turnover in the cases of, by way of example:
    -violation of the conditions applicable to the consent of minors in relation to information society services;
    -unlawful processing of personal data that does not require the identification of the person concerned;
    -failure or incorrect notification and / or communication of a data breach to the competent national authority;
    -violation of the obligation to appoint the DPO;
    -failure to apply technical and organizational measures to ensure data protection.

    The amount of administrative pecuniary sanctions can increase up to 20 million euros, or alternatively, up to 4% of worldwide turnover in the cases of, by way of example:
    -failure to comply with an order, provisional or definitive limitation concerning a treatment, imposed by a competent national authority;
    -cross-border illegal transfer of personal data to a recipient in a third country.

    Until now,  European Privacy Authorities gave these fines:

    - Germany: fine of 20.000 Euros to Social Network Knuddels.de  for article 32 violation after a data leak of 2 million username/passwords and 800k emails. The fine was light for the high collaborative behavior of Knuddels.de.

    -Portugal : fine of 400.000 Euros to Hospital Barreiro Montijo for large and not motivated access of 600 hospital employees to patients personal and sensitive data

    -Austria: fine of 4.800 Euros to an Entrepreneur for camera installation outside his shop

    -France: fine of 50 million Euros to Google LLC for commercial ads lacking of transparence, information and customer consensus

    I believe that in the near future the controls and the fines will rise up.

    Bye
    Sergio

    ------------------------------
    Sergio Insalaco
    ------------------------------

    Original Message


  • 5.  RE: THINK 2019 Presentation about our Guardium Project: GDPR Reflections - Where Are We Now?

    Posted Thu March 21, 2019 01:49 PM

    Hi Sergio 

    Thanks for the detailed state of things. I'm surprised there haven't been more large-scale fines. Seems GDPR hasn't taken precedence, like in the case of Facebook being fined for the Cambridge Analytica scandal: Facebook fined £500,000 for data scandal

    It'll be interesting to see where this goes. Especially with California's privacy law (CCPA, modeled after GDPR) coming into effect Jan 1st, 2020 



    ------------------------------
    Calvin Bench
    Offering Manager
    Austin TX
    ------------------------------

    Original Message


  • 6.  RE: THINK 2019 Presentation about our Guardium Project: GDPR Reflections - Where Are We Now?

    IBM Champion
    Posted Thu May 23, 2019 04:08 AM
    Hi Calvin,
    here are some news about GDPR fines.

    Large GDPR Fines Are Imminent, EU Privacy Regulators Say. The "grace period" is ended.
    A year has passed since regulation went into effect, giving authorities time to build cases, Company's and Public Body's should take a health check into their origination.

    The GDPR imposes stiff fines on data controllers and processors for non-complain.
    • Nature of infringement: number of people affected, damaged they suffered, duration of infringement, and purpose of processing
    • Intention: whether the infringement is intentional or negligent
    • Mitigation: actions taken to mitigate damage to data subjects
    • Preventative measures: how much technical and organizational preparation the firm had previously implemented to prevent non-compliance.

    How to avoid GDPR fines is obviously making sure that you are as GDPR compliant as possible, can demonstrate you have done all you could in a prioritized way, taking all aspects of GDPR, risks from the data subject.

    Bye
    Sergio

    ------------------------------
    Sergio Insalaco
    ------------------------------

    Original Message


  • 7.  RE: THINK 2019 Presentation about our Guardium Project: GDPR Reflections - Where Are We Now?

    Posted Thu June 06, 2019 02:40 PM
    Hi Sergio

    This is great. Thanks a bunch for the update.

    For me this is one of those things where I'll believe it when I see it. I would of course like to see EU cracking down on violations of GDPR. It has yet to happen in a pervasive way. As a result some irresponsible organizations would rather pay the fines than go through the process of becoming compliant. It will be interesting to see how this mentality shifts as more organizations get bit by EU for GDPR non-compliance

    Much appreciate your response here

    Calvin

    ------------------------------
    Calvin Bench
    Offering Manager
    Austin TX
    ------------------------------

    Original Message