GDPR and DPO AppSec implications
GDPR (General Data Protection Regulation) is a major EU Regulation which will affect every company that does business with the EU, which is just about every major company worldwide.
This Working Session will discuss some aspects of GDPR, including the role of the DPO (Data Protection Officer), the wider definition of PII data (like IP Addresses), and the need to report breaches and incidents within a short time period.
- AppSec professionals
- DPOs (and DPOs Service providers)
- Heads of InfoSec
- Generate the list of 10 questions for the ICO to clarify the implications for AppSec specifically
- Generate the list of questions for the ICO regarding general implications
Synopsis ad Takeaways
Letter in final draft stage.
We need to be much more focused on the questions to ask and provide as much information about the answers that we are able to figure out.
List of questions (AppSec implications)
- What are the AppSec implications of this regulation?
- What is the accepted format/notation for data flows and data at rest documentation requirements?
- How to include the DPO as part of the software security governance?
- What constitutes personal data and what about edge cases? (Post code, First Name + Last Name, IP Address etc.)
List of questions (General implications)
- Can it be used to improve existing Application Security practices and activities?
- What are the real requirements for the DPO and what should he/she focus on?
- How to become an DPO (and how to hire one)
- The role of SOC in detecting and reporting security incidents
List of companies that will sign the first version
Back to list of all Working Sessions and Tracks
Edit this page here