fermer
fermer
Le réseau de demain
Le réseau de demain
Planifiez votre chemin vers un réseau plus rapide, plus sûr et plus résilient, conçu pour les applications et les utilisateurs que vous prenez en charge.
          Essayez Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            Un leader sur SSE. Désormais leader en matière de SASE à fournisseur unique.
            Un leader sur SSE. Désormais leader en matière de SASE à fournisseur unique.
            Netskope fait ses débuts en tant que leader dans le Magic Quadrant™ de Gartner® pour le SASE à fournisseur unique.
              Sécuriser l’IA générative pour les nuls
              Sécuriser l’IA générative pour les nuls
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                La prévention moderne des pertes de données (DLP) pour les Nuls
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Réseau SD-WAN moderne avec SASE pour les nuls
                  Modern SD-WAN for SASE Dummies
                  Cessez de rattraper votre retard en matière d'architecture de réseau
                    Identification des risques
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        Les 6 cas d'utilisation les plus convaincants pour le remplacement complet des anciens VPN
                        Les 6 cas d'utilisation les plus convaincants pour le remplacement complet des anciens VPN
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive protège sa "propriété intellectuelle" "grâce à une protection des données intelligente et adaptable
                          Colgate-Palmolive protège sa "propriété intellectuelle" "grâce à une protection des données intelligente et adaptable
                            Netskope GovCloud
                            Netskope obtient l'autorisation FedRAMP High Authorization
                            Choisissez Netskope GovCloud pour accélérer la transformation de votre agence.
                              Let's Do Great Things Together
                              La stratégie de commercialisation de Netskope privilégie ses partenaires, ce qui leur permet de maximiser leur croissance et leur rentabilité, tout en transformant la sécurité des entreprises.
                                Solutions Netskope
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Support technique de Netskope
                                  Support technique de Netskope
                                  Nos ingénieurs d'assistance qualifiés sont répartis dans le monde entier et possèdent des expériences diverses dans les domaines de la sécurité du cloud, des réseaux, de la virtualisation, de la diffusion de contenu et du développement de logiciels, afin de garantir une assistance technique rapide et de qualité
                                    Vidéo Netskope
                                    Formation Netskope
                                    Grâce à Netskope, devenez un expert de la sécurité du cloud. Nous sommes là pour vous aider à achever votre transformation digitale en toute sécurité, pour que vous puissiez profiter pleinement de vos applications cloud, Web et privées.

                                      Policies Need Enforcement to Help Compliance

                                      Mar 09 2018
                                      Tags
                                      CASB
                                      Cloud Security
                                      GDPR
                                      GDPR Compliance

                                      The EU General Data Protection Regulation (GDPR) places considerable responsibility on both controllers and processors concerning keeping documentation, providing information to data subjects and demonstrating accountability.

                                      In order to enforce compliance with the principles of GDPR, controllers need to turn their attention inwards and ensure that they have in place appropriate policies and procedures. At the same time, they need to turn their attention outwards towards the relationship that they have with processors of all shapes and sizes to ensure that adequate contractual controls are in place between the controller and each processor. Also, when looking outwards, the controller needs to have regard to the transparent information or privacy notices being directed at data subjects.

                                      The processors equally have to attend to the enforcement of compliance with GDPR by addressing their contractual terms with their clients (who will be controllers) as well as understanding that as a processor they will need to support the compliance of the controller, put in place their own record keeping procedures, information security standards, and data protection impact assessments. Furthermore, each processor that is caught by GDPR may well be a controller in its own right in relation to the data that it holds about its own employees in the EU and also its own processing of personal data that is not under the instructions of its controller clients.

                                      As we begin to develop appropriate accountability policies and procedures, so the list grows. It is not unusual now to see that list includes:

                                      • External facing website privacy notice
                                      • Internal privacy notice and data protection policy
                                      • Cookie statement
                                      • Information security policy
                                      • Bring your own device policy
                                      • Email and internet policy
                                      • Social media policy
                                      • Monitoring in the workplace policy
                                      • CCTV policy
                                      • Incident response and data breach policy
                                      • Privacy by default/design policy
                                      • Legitimate interests assessment policy
                                      • Data protection impact assessment policy
                                      • Subject access requests policy
                                      • Data Subject rights handbook – right of erasure – data portability – profiling
                                      • Supplier/processor due diligence procedure
                                      • Standard controller to processor/sub processer terms
                                      • International data transfer solutions
                                      • Data Protection Officer appointment
                                      • Record of processing activities template
                                      • Data destruction policy
                                      • Data retention policy
                                      • Compliance training policy

                                      As controllers and processors that are caught by GDPR look to provide plain and intelligible transparent information notices to individuals, they will need to consider how to encapsulate in plain and intelligible language a considerable amount of detail that is mandated by GDPR, namely:-

                                      • Name and contact details of the controller/processor/representative.
                                      • A description of the purposes of processing activities.
                                      • Where a lawful ground for processing is legitimate interests then an explanation of those legitimate interests.
                                      • A description of categories of data subjects.
                                      • A description of categories of personal data.
                                      • The categories of recipients to whom personal data have or will be disclosed, including recipients in third countries.
                                      • Details about international data transfers and appropriate safeguards that are in place.
                                      • Details of the Data Protection Officer (if required).
                                      • A general description of the technical and organisational security measures.

                                      Regarding information that needs to be made available to individuals, there will need to be innovation as to how that data is displayed particularly where access to the information is through devices and via apps. It may no longer be possible to display lengthy legalistic terms and may be better to consider the use of layered privacy notices, so that the essential information is given at the start of the relationship or journey and that the individual can then “see more” in terms of the key information statements.

                                      Where information notices are aimed at children, and where parental or guardian consent is not expressly required, then it may be necessary to consider the language or icons that could be used to ensure that the information given is also understood.

                                      Because individuals have enhanced rights under GDPR such as the right to object to certain processing or the right of erasure in relation to certain personal data, so controllers and processors will need to have in place the technical and organisational ability to track touchpoints with individuals in relation to the exercise of their rights, so that opt-ins and opt-outs for particular processing activities can be tracked and retained.

                                      In demonstrating the ability to handle the rights of data subject, controllers, in particular, will need to look at legacy personal data to see if they can demonstrate an audit trail of the lawful grounds for processing. Dependent upon the quality of previous record keeping and data management this may be a manageable task or maybe a significant task. In addition to legacy personal data, systems will need to be implemented now to ensure that going forward permissions from data subjects are appropriately managed and that the rights of data subjects can be adhered to by controllers and their processors.

                                      When information notices have been updated, record keeping is in place, and policies and procedures have been developed, then in order to enforce compliance, roll-out and monitoring of adherence to such policies and procedures and the training in respect of the same are critical. There is no point in having policies and standard operating procedures if nobody knows that they exist or that there is no evidence that has been adequately communicated to staff.

                                      author image
                                      Robert Bond
                                      Browse recent articles by Robert Bond, one of the contributors at Netskope. Discover the latest trends and updates within the cloud and network space.
                                      Browse recent articles by Robert Bond, one of the contributors at Netskope. Discover the latest trends and updates within the cloud and network space.

                                      Restez informé !

                                      Abonnez-vous pour recevoir les dernières nouvelles du blog de Netskope