Certified Banking Data Privacy Law and Regulation - Module 6.pptx
trevor501353
11 views
20 slides
Feb 26, 2025
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
Slide Content
Data Privacy Law and Regulation Certification Dr. Kevin F. Streff Founder and Managing Partner 1
2 Testified to Congress several times on behalf of banking and cyber Author of Data Privacy textbook Conducted training and education for examiners Done cybersecurity work in almost all states in the U.S. banking system for over 20 years Published in both banking and academic magazines and journals Regular speaker at banking conferences Leading technology, cyber, and privacy educator at Dakota State University and the ASP Academy™ Dr. Kevin Streff
Dr. Streff is not an attorney and is not providing legal advice 3
Agenda 4
Module 6 GDPR and international data privacy laws 5
What is GDPR The General Data Protection Regulations (GDPR) is EU legislation that went into effect on May 25 th 2018. It very clearly sets out the ways in which the privacy rights of every EU citizen must be protected and the ways in which a person’s ‘Personal Data’ can and can’t be used. It places the onus on any person or entity involved in the processing of a person’s information (Data Controller/Data Processor) to comply with the legislation and to demonstrate compliance It carries significant penalties for non-compliance All data processing from that date is legally required to comply with GDPR.
GDPR Information Life Cycle Assess new technology, large scale processing, engagement of a new third party data processor Capture What you are allowed to capture How you may do so What you must tell the person in advance What you must get from them (their permission) Store How you must store it Where it can be stored Obligations of third parties What happens if you lose it Use What you can use it for What you can’t use it for Destroy How long you can keep it for When you must destroy information
Data Protection by Design and by Default (All relevant projects or initiatives must consider impacts on privacy from the outset) Data Protection Impact Assessment (DPIA) (Must be conducted for new technology, profiling, large scale processing, or engagement of a new third party data processor) Documentation (Decisions and rationale for decisions around Data Protection should be documented) GDPR Information Life Cycle
GDPR Information Life Cycle Data Minimisation (Only ask for what is needed) Privacy Notices (Clearly inform what, why, who and where) Data Subject Rights (state the persons rights under the legislation) Obtain Consent (consent must be freely given and explicit for the purpose or purposes)
Safe and Secure (Information must be stored appropriately e.g. locked cabinets/password protected files) Restricted Access (Only authorised persons should have access to it) Data Inventory (Information captured should be recorded) Subject Access Requests (Must be in a position to provide ALL information held) Contracts with Data Processors (Any third parties must have GDPR contracts in place) Data Breaches (Processes to detect, report and investigate Data Breaches must be in place) GDPR Information Life Cycle
Appropriate use (Must be for the purpose(s) originally stated) Consent (Must have person’s consent or a lawful basis for processing it) Manage Consent (Individuals have the right to revoke consent for part or all of the processing, this must be managed) Restricted (Profiling or automated decision making are restricted) International Transfers (Any processing that occurs outside EU must have been communicated to person at time of data capture and must have additional safeguards in place) GDPR Information Life Cycle
Retention Period (Retention periods must be documented and justified and data must be destroyed after its useful retention period has expired). Right to erasure (Must be erased upon request from person) Portability (Must be provided in standard format) Third Party Copies (All copies of information must be deleted including those held by third parties. Systems like WhatsApp can be an issue here due to the lack of control over the personal data held within it.) GDPR Information Life Cycle
Data Protection by Design and by Default Data Protection Impact Assessment (DPIA) Documentation Retention Period Right to erasure Portability Third Party copies Appropriate use Consent Manage Consent Restricted International Transfers Safe and Secure Restricted Access Data Inventory Subject Access Requests Contracts with Data Processors Data breaches Data Minimisation Privacy Notices Privacy Rights Obtain Consent Summary of GDPR Information Life Cycle
144 countries have enacted national data privacy laws 6.64 billion people or 82% of the world's population under the protection of some form of national data privacy legislation Europe still has the most data privacy laws of any continent, with all of the continent covered by some form of comprehensive data privacy legislation International Landscape 14
A sia with approximately 35 countries, or 73% 72% of countries in Africa are covered by a comprehensive data privacy law International Landscape 15
16
Global Privacy Laws American Security and Privacy, LLC 17
link Tool 18
Most countries now have a comprehensive data privacy law United States does not Financial institutions need to comply with international laws if international consumers are involved 19
Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 www.drstreff.com 20 ASP Academy ™
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 11
- Slides 20
- Age 282 days
Related Slideshows
22
FM I Chapter 3: Time Value of Money .ppt
belaywube
25 views
40
Financial Management I Chapter Three.pdf
belaywube
25 views
![Md. Sirajuddwla Vs. The State and Ors. [2016] 1LNJ(HCD)177.](https://slidepub.com/thumb/2184/284012184.jpg)
9
Md. Sirajuddwla Vs. The State and Ors. [2016] 1LNJ(HCD)177.
SMAlamgirHossain3
25 views
26
business finance-2nd quarter week 1.pptx
DianaPingol2
24 views
37
bank-reconciliation-2-240226133520-7f66bb8a.pptx
NaizeJann
24 views
25
Create_a_Portfolio_Website_Showcasing_Projects_Skills_and_Contact_Info_Presentation.pdf.pdf
AluminicompSRESCoeKo
23 views