Privacy and Security

together in the Digital Era

AGENDA
Introduction

Privacy Vs Security

Terminologies

Privacy Principles

Data Subject Rights

Controller Vs Processor

Compliance Areas
https://myaccount.google.com/dashboard?pli=1
 Introduction

What is What is Data Privacy

Data Data Vs. Security
Privacy ? Security ? !!
 Introduction
Privacy Vs. Security
When it comes to data privacy vs data security, we can frequently hear or read those terms
being used interchangeably. However, are these indeed synonyms, or do they denote
slightly different concepts

Think for example of a window on a building; without it being in place an intruder can
sneak in and violate both the privacy and security of the occupants.
Once the window is mounted it will perform a decent job in keeping unwanted parties
from getting into the building. It will, however, not prevent them from peeking in,
interfering thus with the occupants’ privacy. At least not without a curtain.

In this (oversimplified) example the window is a security control, while the curtain is
privacy control.
Privacy Vs. Security
There are many definitions for ‘data privacy’. The
simplest way to think about it is that people
(customers, employees, anybody!) need to know
what personal data organizations are collecting
about them and how they are using it.

Data protection is essentially

amalgamated security and privacy.
Terminologies

DATA SUBJECT
The individual to whom Personal Data relates. Data subject
Introduction

DATA CONTROLLER Data controller

Any Public Entity, natural person or private
legal person that specifies the purpose
and manner of Processing Personal Data, Data processor
whether the Data is processed
by that Controller or by the Processor.

Authority
DATA PROCESSOR
Any Public Entity, natural person or private legal person
that processes Personal Data for the benefit and on behalf of the Controller.
Controller Vs. Processor
Controllers ‘determine the purpose of the
processing's’. This means that they make A simple way to think about
decisions about what information is captured this is as follows. A retailer
and why.
creates an
Introduction e-commerce
website and decides what
information they require from
customers to create an
account. The company uses a
cloud provider to host their
website and database. In this
case, the company is the data
Controller, and the cloud
provider is the data
Processors process personal data on Processor
behalf of a controller and in line with the
given instructions. If a processor sub-
Examples of Personal Data
General Personal Data Financial Information
 Name, Surname
 Social Security Numbers
 Gender Account numbers (bank accounts, credit cards,

 Date of birth etc.)

Personal Identification Numbers (PINs)
 Home Address 
 Passwords to financial accounts
 ID Number
Income information
 Personal email address
 Biometric data (photograph / video)
Personal Identifiable Information

Health Information Sensitive Information

 Racial or ethnic origin
 Medical records
 Religious beliefs
 Physical / mental health information
 Health Information
 Health plan
 Sexual orientation
 Health history
 Political views
 Criminal convictions / Security measures
Why is Data Privacy Important

Regulatory Reputational

Operational Financial
Controller Responsibilities

when selecting the Processor, the Controller shall :

• Select one that provides the guarantees necessary to
implement the provisions of this Law and the Regulations .
Introduction

• Verify the selected Processor’s compliance with the

provisions of this Law and the Regulations, without prejudice
to its responsibilities towards the Personal Data Subject or the
Competent Authority.

17
Controller Responsibilities

• Data controllers must assess projects, products, and services

to identify data protection risks posed to individualsIntroduction
(basically
Impact Assessments).

• Data controllers must implement a Privacy notice

• Data controllers will be expected to report data breaches to
the regulatory authority as soon as they become aware of an
incident.
Security and Privacy Collaboration

Collaboration between security and privacy is essential to ensure

that an organization's data protection efforts are effective and
Introduction
aligned

Privacy and Security are Interconnected

Privacy Needs Security

Better Together: Data Security and Privacy Go Hand-in-

Hand
Collaboration

Joint Risk Assessments: security and privacy teams can collaborate on conducting risk
assessments to identify potential threats and vulnerabilities to personal data they can
ensure that the risk assessment process considers both security and privacy risks.
Introduction

Data Classification: Security and privacy teams can collaborate on developing a data
classification scheme that categorizes data based on its sensitivity and the level of
protection required. This can help ensure that appropriate security and privacy
controls are applied to different types of data.

Incident Response:
Security and privacy teams can collaborate on developing and testing incident response
plans to ensure that they are aligned and effective. This can include procedures for
detecting, containing, and reporting security and privacy incidents.
Security and Privacy Interdependences

Introduction
Thank you