市場調查報告書

GDPR (EU一般資料保護規則)、e隱私規則:MNO的風險的縮小

GDPR AND E-PRIVACY - MITIGATING THE RISKS FOR MNOS

出版商 Mobile Market Development Ltd 商品編碼 632592
出版日期 內容資訊 英文 34 Pages
商品交期: 最快1-2個工作天內
價格
GDPR (EU一般資料保護規則)、e隱私規則:MNO的風險的縮小 GDPR AND E-PRIVACY - MITIGATING THE RISKS FOR MNOS
出版日期: 2018年05月02日內容資訊: 英文 34 Pages
簡介

與由於本報告提供EU的GDPR (一般資料保護規則)及e隱私規則的實施調查MNO的影響,GDPR及e隱私規則的合理性,必要條件,各國當局的方法,業者的體驗出色的支援案例分析等彙整資料。

第1章 概要

第2章 簡介

第3章 對GDPR、e隱私規則:MNO來說的意義

  • 簡介
  • GDPR & e隱私規則的合理性、原理
  • GDPR & e隱私規則的必要條件
    • GDPR
    • GDPR的國際展望
    • e隱私規則

第4章 當局的方法

  • 簡介
  • 一般準則
  • CNIL (法國)
  • BfDI (德國)
  • CDPO (捷克)
  • GPDP (義大利)
  • AP (荷蘭)
  • ICO (英國)

第5章 業者的體驗和良好實踐

  • 概要
  • 資料侵害、修復:TalkTalk的體驗
    • 背景
    • 安全侵害
    • 懲罰
    • 商務的影響
    • IT修復: Remedial Action and Preparation for GDPR
  • 遵守的達成:EU業者的方法
    • 政策
    • 客戶
    • IT和安全性
    • 第三方
    • 獎勵與檢測
  • 對客戶的良好實踐:Orange Belgium
  • Telenor Group
  • Telia

第6章 主要調查結果、總論

  • 摘要
  • MNO的影響
  • NDPA的方法
  • 總論

第7章 建議

附錄

目錄

The introduction of GDPR and the EU e-privacy regulations on May 25 places much more stringent requirements on organisations to ensure that an EU customer's data is only used for purposes agreed to by that customer and is held securely. This applies to both the organisation providing goods or services to a customer and any others, whether located in the EU or not, that it has contracted to handle that data. The penalties for failing to meet these requirements can be very severe.

Most mobile operators have many millions of customers and hold extensive data on them, including personal and financial information, their contacts and patterns of behaviour, meaning that any breach could affect very large numbers of people. The nature of their operations means that this data is frequently held on a number of different databases, which often include a variety of systems, increasing the risks of a breach and also making them vulnerable to attack by criminal elements.

It is important that MNOs ensure full compliance with the spirit as well as the letter of the GDPR in order to minimise the risk of default and consequent penalties. They also need be sure that they have taken all feasible actions to mitigate the risks involved.

  • Even operators with no footprint within the EU will almost certainly possess data concerning EU residents, as they roam to other markets for example. Arguably, these operators could come within the remit of the GDPR.

This report looks at the experiences of operators that have suffered a major breach and examples of preparation for GDPR and assesses the likely readiness of the industry. It reviews the approaches being taken by a number of national data protection authorities in order to understand the likelihood of severe penalties being imposed in the early days of the regulations and the types of actions that will mitigate risk and the size of penalties.

Companies : TalkTalk, Orange (Belgium), Telenor, Telia, A1, Wind Tre, CNIL, BfDI, ICO, CPDO, GPDP, AP,

Countries : Global, EU, Austria Belgium, Czech Republic, France, Germany, Ireland, Italy, Netherlands, US, UK, Denmark, Estonia, Hungary,, Malta, Lithuania, Luxembourg, Latvia, Poland, Sweden, Slovenia,

Table of Contents

1 Overview

2 Introduction

  • 2.1 Background to the Report
  • 2.2 Report Content
  • 2.3 Currency and Conversions
  • 2.4 Further Questions and Feedback

3 What GDPR & E-Privacy Means for MNOs

  • 3.1 Introduction
  • 3.2 Rationale & Principles Underlying GDPR & E-privacy.
  • 3.3 The requirements of GDPR & E-privacy
    • 3.3.1 GDPR
    • 3.3.2 International Scope of GDPR
    • 3.3.3 E-privacy

4 Regulators' Approach

  • 4.1 Introduction
  • 4.2 General Guidance
  • 4.3 France, CNIL
  • 4.4 Germany, BfDI
  • 4.5 Czech Republic, CDPO
  • 4.6 Italy - GPDP
  • 4.7 Netherlands - AP
  • 4.8 UK - ICO

5 Operator Experience and Good Practice

  • 5.1 Overview
  • 5.2 Data Breach and Recovery - TalkTalk's Experience
    • 5.2.1 Background
    • 5.2.2 The Security Breaches
    • 5.2.3 The Penalties
    • 5.2.4 Impact on Business
    • 5.2.5 The IT Recovery - Remedial Action and Preparation for GDPR
  • 5.3 Achieving Compliance - An EU Operator's Approach
    • 5.3.1 Policies
    • 5.3.2 The Customer
    • 5.3.3 IT and Security
    • 5.3.4 Third Parties
    • 5.3.5 Incentives and Measurement - Departmental Status
  • 5.4 Good Practice for Customers - Orange Belgium
  • 5.5 Telenor Group
  • 5.6 Telia

6 Findings and Conclusions

  • 6.1 Summary
  • 6.2 Implications for MNOs
  • 6.3 Approach of NDPAs
  • 6.4 Conclusions

7 Recommendations

Appendix - Feedback Questions