Forthcoming EU Data Protection Law

Transcription

1

2 Forthcoming EU Data Protection Law How Oracle can Help Patrick McLaughlin Security Architect & Oracle Fellow EMEA Technology Solutions 22 October 2015, Riga Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

3 Agenda What is it? What does it contain? How Oracle can Help? Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

4 Agenda What is it? What does it contain? How Oracle can Help? Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

5 Currently... Single EU Directive (Directive 95/46/EC) has not prevented fragmentation in the way Data Protection is implemented Outdated: Not prepared for the Cloud, Big Data & Social Tough to be competitive in a market where compliance is not streamlined Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal 5

6 EU Global Data Protection Regulation Aims Enhance data protection rights of individuals Improve business opportunities by facilitating the free flow of personal data in the digital single market Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential Internal 6

7 EU Global Data Protection Regulation Regulation not a Directive Unify Data Protection within the EU with a single law Immediate effect on 28 EU members after 2 year transition period Does not require any enabling legislation to be passed by governments Extends the scope to all foreign companies processing data of EU residents Copyright 2014 Oracle and/or its affiliates. All rights reserved.

8 Relevant Timeline Copyright 2014 Oracle and/or its affiliates. All rights reserved.

9 Who should care? Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

10 Why should you care? Administrative Sanctions 250,000 or 0.5% 1 - Lack of response to a data subject In a timely fashion 1,000,000,000 or 5% 1 - Fails to comply or processes data within legal basis. - Doesn t notify of a breach 500,000 or 1% 1 - Doesn t provide requested information to a data subject or fails to rectify or erase 1 Total Worldwide Annual Turnover Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

11 Agenda Why is EU DP important for you now? What does it contain? How Oracle can Help? Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

12 Summary of Key Points Extending Security Controls Data Breach Notification Data Protection by Design and Default Data Protection Office Right to be Forgotten Copyright 2014 Oracle and/or its affiliates. All rights reserved.

13 Benefits for Citizens Right to be forgotten Decide how your data is used Easier access to your own data Right to know you have been hacked Data Protection First Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

14 Benefits for Businesses Strong enforcement powers Level playing field One-stop shop One continent, one law Copyright 2014 Oracle and/or its affiliates. All rights reserved.

15 Agenda Why is EU DP important for you now? What does it contain? How Oracle can Help? Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

16 Where Oracle Can Help Technology Solutions DB Security Options: Enforce fine grained access control Enable accountability and segregation of duties Protect data Analyze and prevent internal / external attacks And more... efficiently Identity and Access Management: Automate user management Prevent illicit access and frauds Report, audit and demonstrate compliance Protect devices, applications and SOA Control privileged accounts And more... efficiently Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

17 Evaluate Security Risks Discover Sensitive Data Role & Privilege Analysis Scan Security Configuration Copyright 2015, Oracle and/or its affiliates. All rights reserved. 17

18 Prevent Attacks from Succeeding Users Data Redaction ssn:xxx-xx-4321 dob:xx/xx/xxxx Applications DB Controls Dev/Test Partners, BI Privileged Users Access denied Insufficient Privilege Key Vault Data Encryption Data Subsetting Region, Year Size-based Data Masking ssn: dob: 12/01/1987 Copyright 2015, Oracle and/or its affiliates. All rights reserved. 18

19 Detect Breaches Quickly Users Database Firewall! SYBA SE Applications Network Events Alerts! Audit Data Reports Policies Audit Vault Audit Data, Event Logs Copyright 2015, Oracle and/or its affiliates. All rights reserved. 19

20 Defense-in-Depth Security Controls EVALUATE PREVENT DETECT Security Configuration Encryption & Redaction Auditing Sensitive Data Discovery Masking & Subsetting Activity Monitoring Least Privilege Use DBA & Operational Controls Alerting & Reporting Copyright 2015, Oracle and/or its affiliates. All rights reserved. 20

21 Where Oracle Can Help Consulting Services A team of dedicated security professionals with unrivalled experience in helping our customers to secure their Oracle infrastructure to meet the legislative and regulatory requirements of their industries. Architecture Services Understand an Organisation s current security position and define a roadmap to implement appropriate data controls Implementation Services Leverage solution best practices and technical expertise to maximise the return on investment Rapid Starts Accelerate deployment of key technologies Copyright 2014 Oracle and/or its affiliates. All rights reserved. V1.1 21

22 Follow developments across EU Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

23 Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Confidential

24