European GDPR & the Internet of Things
21/12/2016 18:00 to 21/12/2016 23:00
With sandwiches & coffee.
18:30 KeynoteBy Privacy Commissie.
19:00 GDPR & IoT: Reconcile the law of the future and the technology of the future?
With the increasing availability of the Internet and the rapid evolution of digital services, the privacy of data subjects is at stake. This is at least the opinion of the European Legislator, who adopted the new General Data Protection Regulation or GDPR in May 2016 (EU ref. 2016/679/EU). These new rules will enter into force on May 25th, 2018. From that date on, companies who control or process data from data subjects will have to comply these new privacy rules.
This also applies to companies who process personal data that has been collected by means of IoT-devices. Because of the purpose of those data collections – delivering the user smart, advanced services with a minimal active user input – it is rather the exception that the data collected is anonymous. Moreover, IoT Service Provider process large amounts of data (big data) about their users, enabling them to create behavioural models, recommendation engines, targeted advertisement, transactional analysis, etc.. Possibly without the knowledge – en hence without the consent – of the data subject. This poses a high risk for the data subject.
These activities are highly regulated under the GDPR and the compliance of these activities with the GDPR will, in some cases at least, form a challenge. Topics as IoT and privacy by design/default, the legal basis for data processing within an IoT context (e.g. a valid consent), guaranteeing data subject rights, data breach notifications, etc. all imply certain legal, organisational and technical measures to be taken by IoT stakeholders. In this session, Tom Devolder will address, on basis of some case studies, some of those topics and give you an idea how to reconcile the GDPR with the use of IoT.
By Tom Devolder - Attorney @ Bright
Tom graduated in 2004 at the Law Faculty of the Ghent University and started as an attorney-at-law at the Kortrijk Bar. In 2010, Tom stood at the cradle of Bright lawyers (www.bright.legal). Somewhat peculiar as a lawyer, Tom is highly interested in IT and internet technologies and has some programming experience.
Tom specializes in the legal aspects of IT, intellectual property rights and privacy & data protection. In these expert matters, Tom focuses on advising clients, drafting legal documents and helping clients to comply to their legal obligations. With regard to the latter, Tom has been certified in 2016 as a Certification Data Protection Officer at the DP Institute www.dp-institute.eu.
Tom is a member of the BMM (Benelux Association for Trademark and Design Law), of the IAPP (International Association of Privacy Professionals) as well as Feweb, the Belgian Federation for web companies.
20;00 How to get your organisation GDPR ready?
IT Governance becomes more and more important. A cybersecurity risk assessment can provide your company a first version of an ISMS (Information Security Management System). The ISMS can help your company to become compliant with the GDPR.
During the next Months identify , protect , detect , respond and recover will be very important “verbs” for a company. ISO 27001/2/5 and NIST CSF can help you with this. What is COBIT 5? Many questions with many answers.
By Kurt Callewaert - Research Manager @ Howest
|||Kurt Callewaert , (13-08-1960 , born in Belgium) , Master of Mathematics (University of Ghent) is a lecturer and research manager Applied Computer Science at HOWEST , University of Applied Sciences in Bruges , Belgium. He is the coordinator of the division Computer & Cyber Crime Professional , a special track in Applied Computer Science. This track is unique in Belgium. Kurt is the organiser of TEDxUHowest , ISACA Academic Advocate , Member of the Steering Committee Belgian Cyber Security Coalition vzw and Member of the Steering Committee IoTbe vzw. Kurt is specialised in : Mathematics , Cryptography , Security management, Threat and risk assessment , Cobit 5 and ISO 27001/2 (cybersecurity and data protection) . Kurt is project manager of the EU project “Strengthening European Network Centres of Excellence in Cybercrime” and creation member of ECTEG aisbl “European Cybercrime Training & Education Group”.