Data protection and leakage
31 March 2016 – Cyber Security Coalition
It looks like privacy and data leakage will be ‘blood, sweat, toil and tears’-topics for the next two years. Hail the new European ‘General Data Protection Regulation’!
With a compromise text agreed upon in December 2015, the new European ‘General Data Protection Regulation’ (GDPR) is on track to be published in April 2016 (or the following month at the latest). As a result, as of early 2018, all European companies and organisations (as well as foreign companies offering products or services in Europe) will have to abide by the new privacy rules.
‘Heavy duty’ GDPR
On the first Experience Sharing Day of the Cyber Security Coalition in 2016, the daunting size of the effort to ensure compliance became crystal clear: it’s huge!
Caroline Vande Vorst (Law Square) listed the many points of the GDPR resulting in stricter rules: broader definition of personal data, solutions with privacy by design and by default (with appropriate security provisions), controller and processor held responsible, the need to prove best efforts, clear consent procedures, notification obligation, stiff fines…
Willem Debeuckelaere, President of the Belgian Privacy Commission strongly advises all companies and organisations (as well as the government and parliament) to buckle down immediately in preparation of the GDPR. Start with analysing the data streams in all processes, study privacy impact assessments and start looking for a ‘data protection officer’, and get on immediately with the dozens of necessary legislative initiatives. Collaboration between all stakeholders will be a must, but that’s exactly what the Cyber Security Coalition is all about.
Conferences and trainings on the GDPR were jointly announced by the privacy commissions, CRIDS, ICRI & VUB:
- On April 29th, 2016 organized by the CRIDS in Namur
- The Privacy Summer school ( VUB/LSTS/Privacy HUB) – first week of July 2016
- On November 18th ICRI in Leuven
More info will be available shortly on the news events of the cyber security coalition website
Data protection: sharing experience
And about sharing experience, members provided insights how third parties, as the French Privacy Authority (ANNSI) support security and privacy. The MIVB-STIB explained how it handles the privacy requirements related to the electronic tram/coach ticket (Mobib) by strict monitoring of the use of the data, while BNP Paribas discussed its defence against data leakage (e.g. treat it like a business project, not an IT project). The federal service Fedict expounded on the law pertaining to the proper use of ‘authentic sources’. All of them also participated in a lively discussion on the topics of privacy and data leakage.
As an association, the Cyber Security Coalition also communicates about the activities of its working groups : awareness, inter-csirt, policy recommendations . The ‘policy’ working group has finished the translation of the Incident Management Guide into Dutch and French which is now available for download on out website. In 2016 a Cyber security governance best practices document will be issue by the coalition on the web site.
The awareness work group has also presented the 2016 projects: a national “clean your device” campaign, internal cyber security awareness packages, a standard presentation on the Incident handling guide and a BISC conference.
The next Experience Sharing Day will be on April 28th, in Bruges and the coalition members will discuss on Security of applications with a lot of interactions with Howest students . the day will be closed by a challenge between members of the coalition and the students.