GDPR one year in: Observations

50 %
50 %
Information about GDPR one year in: Observations

Published on June 13, 2019

Author: janguldentops


1. Vlaamse Toezichtcommissie GDPR one year in Observations Jan Guldentops Vlaamse Toezichtcommissie Cyber Security Summit 12th of june 2019

2. • ° 2008: Monitor the transfer of personal data by flemish government entities • ° 2018 : Supervising data protection authority (DPA) for the Flemish public sector o (local) Government, • Our task are described in art. 57 and 58 of the GDPR o Advice, monitor, complaints, standardisation, promote awareness, report data leaks, etc. • Belgian situation o Flemish VTC & Federal DPA • More info : o Vlaamse Toezichtcommissie QUID VTC ?

3. Who am I ? • Jan Guldentops (°1973) o I am building server, network and other ICT infrastructure o for > 25 years o Founder of Better Access (°1996) and BA (°2003) o Open Source Fundamentalist (after hours) o Strong practical background in the field of security and privacy • Security “expert” by accident o Documented the security problems of the first Belgian Internet bank. ( Beroepskrediet / Belgium Online ) o Right hand of big brother o “Certified” Data Protection Officer o Do a lot of R&D and testing (security, infrastructure, performance) o Backup member of the VTC board Vlaamse Toezichtcommissie

4. GDPR – one year • The runup to may 2018 almost felt like it was 1999 (Y2K) all over again. • That mix of real concern, panic, smooth sales, apocalyptic thinking, not understanding … • Lots of products, consultancy, privacy-washing, etc. • We didn’t explain the why enough o Why is the protection of personal data so important The situation has relaxed, companies and organizations. Vlaamse Toezichtcommissie

5. Howto GDPR ? • A combination of hard work, Common Sense, following policies and not reinventing the wheel • We see a lot of shortcuts and easy way’s out Vlaamse Toezichtcommissie

6. IT’s a continuous proces Vlaamse Toezichtcommissie

7. Paper tigers Vlaamse Toezichtcommissie

8. Realism : Vlaamse Toezichtcommissie • There is no such thing as absolute security ! • infallibility

9. Smart use of technology: encryption Vlaamse Toezichtcommissie

10. Is personal data more secure now? • Did the extra attention on documentation, procedures and inventories diminish the real work on security . • Did it mean we put less time in the real security work ? o Security plan ? o Real technical audits ? o Etc. • There is more than personal data to consider : o PCI DSS o Other regulatory rules Vlaamse Toezichtcommissie

11. A couple of examples Vlaamse Toezichtcommissie

12. Dataleaks reported to VTC • gegevenslekken-reeds-gemeld-aan-de- vlaamse-toezichtcommissie Vlaamse Toezichtcommissie

13. Standstill ? • Are we at a standstill ? • Belgian DPA’s took some time to get organized. • Commercial companies complain that they are not doing a lot of business • Not a lot of complaints / right enforced by citizens Vlaamse Toezichtcommissie

14. Important mission • Teach our citizens to enforce their rights o The right to be informed o The right of access o The right to rectification o The right to erasure o The right to restrict processing o The right to data portability o The right to object o Rights in relation to automated decision making and profiling. Vlaamse Toezichtcommissie

Add a comment