GDPR News Center News for 10-15-2018

GDPR Compliance: Requirements, Guidelines, Penalties and Resources

The new GDPR regulations protect both categories of private data. The new regulations will replace the previous legislation, including the Data Protection Act of 1998 and the 1995 Data Protection Regulation, helping to address current issues in personal data protection. The new GDPR legislation will hold organizations handling personal data more accountable through security regulations and strict standards of internal policy. Companies or organizations that offer services controlling or processing personal data of all individuals in the European Union must follow GDPR compliance. The Information Commissioner’s Office stated that if your organization is currently under the Data Protection Act, it will most likely have to follow GDPR policies. 

Within data-service organizations, the internal groups of data processors and data controllers must appoint a Data Protection Officer to oversee GDPR compliance. The DPO will oversee the data security strategies that process and control EU citizen data in a responsible and transparent way, such as storage of personal data, and will define how personal data will be responsibly processed. It’s best to prepare early, so find out the Do’s and Don’ts of GDPR Data Security. Under GDPR regulation, subjects will have more control over their personal data and companies will have to be transparent on how they use sensitive information. GDPR enforcement is much stricter than the former Data Protection Act, including costly fines up to €20 million or 4 percent of global annual turnover for non-compliance. 

Phase 1: Know your data Information – Identify types of information in scope of GDPR handled by the organization. The Information Commissioner’s Office provides this GDPR Checklist for data controllers and processors. 

Keywords: [“Data”,”GDPR”,”organization”]
Source: https://www.secureworks.com/blog/2018-gdpr-compliance-overview

GDPR Compliance: Requirements, Guidelines, Penalties and Resources

The new GDPR regulations protect both categories of private data. The new regulations will replace the previous legislation, including the Data Protection Act of 1998 and the 1995 Data Protection Regulation, helping to address current issues in personal data protection. The new GDPR legislation will hold organizations handling personal data more accountable through security regulations and strict standards of internal policy. Companies or organizations that offer services controlling or processing personal data of all individuals in the European Union must follow GDPR compliance. The Information Commissioner’s Office stated that if your organization is currently under the Data Protection Act, it will most likely have to follow GDPR policies. 

Within data-service organizations, the internal groups of data processors and data controllers must appoint a Data Protection Officer to oversee GDPR compliance. The DPO will oversee the data security strategies that process and control EU citizen data in a responsible and transparent way, such as storage of personal data, and will define how personal data will be responsibly processed. It’s best to prepare early, so find out the Do’s and Don’ts of GDPR Data Security. Under GDPR regulation, subjects will have more control over their personal data and companies will have to be transparent on how they use sensitive information. GDPR enforcement is much stricter than the former Data Protection Act, including costly fines up to €20 million or 4 percent of global annual turnover for non-compliance. 

Phase 1: Know your data Information – Identify types of information in scope of GDPR handled by the organization. The Information Commissioner’s Office provides this GDPR Checklist for data controllers and processors. 

Keywords: [“Data”,”GDPR”,”organization”]
Source: https://www.secureworks.com/blog/2018-gdpr-compliance-overview

Braintree Support Articles

The General Data Protection Regulation standardizes the handling of personal data across the EU and EEA. This new regulation goes into effect on May 25, 2018 and is intended to give individuals more control over their data and protect their right to privacy. GDPR is a fundamental shift in personal data regulation, so it’s important to understand how it will impact your business. Here are some important concepts as defined by GDPR:. Personal data: Any information relating to an individual. 

Data processing: Any operation or set of operations that is performed with personal data. Data controller: The party that determines why and how personal data will be processed. Data processor: The party that is responsible for handling personal data based on the controller’s determination. Braintree functions as a data controller for our merchants’ individual representatives. We may use merchant personal data to share messaging with the employees and contractors of our merchants, or in other situations of which the individual has been informed in advance and the actions taken are compliant with Data Protection Laws. 

When processing transactions with merchants as part of our Payment Services Agreement, our merchants are the controller and we function as the data processor on behalf our merchants. In this case, our merchants will be solely responsible for determining the purposes and means for processing personal data. As a data processor, Braintree will only process customer data in accordance with our merchants’ Privacy Policies. This new policy details the personal data we collect as a data controller, when we collect the personal data of our merchants’ individual representatives, and how we use this data across our services. 

Keywords: [“Data”,”merchant”,”personal”]
Source: https://articles.braintreepayments.com/risk-and-security/compliance/gdpr-readiness

Braintree Support Articles

The General Data Protection Regulation standardizes the handling of personal data across the EU and EEA. This new regulation goes into effect on May 25, 2018 and is intended to give individuals more control over their data and protect their right to privacy. GDPR is a fundamental shift in personal data regulation, so it’s important to understand how it will impact your business. Here are some important concepts as defined by GDPR:. Personal data: Any information relating to an individual. 

Data processing: Any operation or set of operations that is performed with personal data. Data controller: The party that determines why and how personal data will be processed. Data processor: The party that is responsible for handling personal data based on the controller’s determination. Braintree functions as a data controller for our merchants’ individual representatives. We may use merchant personal data to share messaging with the employees and contractors of our merchants, or in other situations of which the individual has been informed in advance and the actions taken are compliant with Data Protection Laws. 

When processing transactions with merchants as part of our Payment Services Agreement, our merchants are the controller and we function as the data processor on behalf our merchants. In this case, our merchants will be solely responsible for determining the purposes and means for processing personal data. As a data processor, Braintree will only process customer data in accordance with our merchants’ Privacy Policies. This new policy details the personal data we collect as a data controller, when we collect the personal data of our merchants’ individual representatives, and how we use this data across our services. 

Keywords: [“Data”,”merchant”,”personal”]
Source: https://articles.braintreepayments.com/risk-and-security/compliance/gdpr-readiness

GDPR News Center News for 10-14-2018

No one’s ready for GDPR

The General Data Protection Regulation will go into effect on May 25th, and no one is ready – not the companies and not even the regulators. In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. When broken down by industry, 60 percent of tech companies said they weren’t ready. GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches to transparency for users about what data is being collected and why. Perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. 

A year ago, 61 percent of companies had not even started GDPR implementation. It’s not a pleasant position to be in, because GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. Because much of GDPR is ambiguous, how it will work in practice is up to what regulators do with it. Another GDPR provision that might strain regulatory resources is the data breach notification requirement. 

Regulators may not be ready to audit a company’s security or figure out exactly what to do to protect EU residents affected by the breach. GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. 

Keywords: [“company”,”GDPR”,”Data”]
Source: https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu

No one’s ready for GDPR

The General Data Protection Regulation will go into effect on May 25th, and no one is ready – not the companies and not even the regulators. In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. When broken down by industry, 60 percent of tech companies said they weren’t ready. GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches to transparency for users about what data is being collected and why. Perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. 

A year ago, 61 percent of companies had not even started GDPR implementation. It’s not a pleasant position to be in, because GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. Because much of GDPR is ambiguous, how it will work in practice is up to what regulators do with it. Another GDPR provision that might strain regulatory resources is the data breach notification requirement. 

Regulators may not be ready to audit a company’s security or figure out exactly what to do to protect EU residents affected by the breach. GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. 

Keywords: [“company”,”GDPR”,”Data”]
Source: https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu

How marketers are navigating GDPR compliance creatively

With GDPR finally enforced, marketers are now legally bound to handle, process and store personal data much more securely and transparently. Interestingly, GDPR has led to a cultural split in businesses. Marketo published a report revealing that GDPR has produced two ‘tribes’. On the other hand, there’s legal-first, which is the group of senders who have focused almost exclusively on the process and compliance aspects of GDPR, without considering the opportunity it presents. For marketing-first senders GDPR provided an opportunity to refresh consent using a variety of engaging approaches, capturing consumer attention and imagination, while also achieving/maintaining compliance with the new requirements. 

Teaching customers GDPR. Another way marketers have engaged with consumers is by presenting GDPR as a customer service benefit. By providing this compliance information in a clear and concise way, marketers have created interest in GDPR by presenting the new laws through a positive lens. Lloyds Bank took this opportunity to educate its email subscribers, setting out the parameters and requirements of the GDPR in layman’s terms that were easy for the audience to understand. As previously mentioned, GDPR is also challenging data controllers to be clear and concise. 

Although GDPR is a serious topic, it doesn’t mean senders suddenly need to adopt a stoic tone – the messages can still be conveyed in a way their subscribers know – and even expect – of their brand, and this will have an impact on success. GDPR is clear that consent must be freely given, and data controllers should avoid making consent a precondition of a service. Take a look at all Econsultancy’s GDPR resources, including a guide for marketers and online and face-to-face training courses. 

Keywords: [“GDPR”,”customer”,”data”]
Source: https://econsultancy.com/how-marketers-are-navigating-gdpr-compliance-creatively/

GDPR News Center News for 10-13-2018

GDPR Compliance for 2018: It’s easier than you think

It’s the date that the European General Data Protection Regulation is set to go into effect. The new legislation is intended to offer consumers more protection for how businesses handle their personal data. Personal data also applies to any data that, when processed along with additional data or alone, could identify a specific individual. Who is a Data ControllerA natural or legal person or entity, who alone or with others, determines how personal data is, or will be, processed. Who is a Data ProcessorA natural or legal person or entity charged with the processing of personal data on behalf of a data controller. 

For the purposes of data you collected using ShortStack, you would be considered the data controller and ShortStack is the data processor. There may be other cases when you are working with individuals’ personal data in which case you would be the data processor. Individuals or businesses not located within the EU, but who are considered processors or controllers of the personal data of individuals located in the EU;. Individuals and businesses located in countries whose data protection laws are set to change alongside the GDPR – examples include the United Kingdom’s proposed Data Protection Bill, Switzerland’s updates to the Swiss Data Protection Act, and Norway’s new Personal Data Act;. You must provide individuals with information regarding how their data will be used. 

Under the GDPR, you are considered a Data Controller, while ShortStack is the Data Processor. For the most part, the GDPR only affects folks located within Europe or those processing the personal data of individuals located within Europe. While staying compliant with the GDPR is important if you are located within the EU or processing the personal data of individuals located in the EU, when you use ShortStack, it isn’t difficult to comply with the requirements. 

Keywords: [“Data”,”email”,”individual”]
Source: https://www.shortstack.com/blog/gdpr-compliance-its-easier-than-you-think/

How Raygun Is Handling GDPR Compliance

Overview The General Data Protection Regulation is a new set of rules designed to give EU citizens more control over their personal data. Raygun is committed to GDPR compliance across all products and services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts. Protecting your data As a Raygun customer, your data will be treated in accordance with the GDPR legislation. Security of our customers’ data is our number one priority, and Raygun has already obtained approval from EU data protection authorities, to enable transfer of data outside Europe, including to the U.S. 

Raygun customers can continue to run their global operations using Raygun in full compliance with EU law. The Raygun Data Processing Addendum is available to all Raygun customers that are processing personal data whether they are established in Europe or a global company operating in the European Economic Area. Raygun has appointed a Data Protection Officer where such appointment is required by Data Protection Laws and Regulations. Compliance Raygun will be implementing tools for administrators in your account settings to ensure they comply with GDPR and EU law before the legislation comes into effect on 25 May 2018. Raygun account owners will have the functionality to agree and sign the Data Processing Addendum between Raygun and your organization from within your account settings. 

All Raygun providers offer the ability to exclude specific and sensitive information before being sent for us to process. Some Raygun features allow you to send IP address information, email addresses, usernames and other custom data to assist with issue diagnosis. Raygun does not collect this information by default. 

Keywords: [“Data”,”Raygun”,”GDPR”]
Source: https://raygun.com/gdpr

How Raygun Is Handling GDPR Compliance

Overview The General Data Protection Regulation is a new set of rules designed to give EU citizens more control over their personal data. Raygun is committed to GDPR compliance across all products and services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts. Protecting your data As a Raygun customer, your data will be treated in accordance with the GDPR legislation. Security of our customers’ data is our number one priority, and Raygun has already obtained approval from EU data protection authorities, to enable transfer of data outside Europe, including to the U.S. 

Raygun customers can continue to run their global operations using Raygun in full compliance with EU law. The Raygun Data Processing Addendum is available to all Raygun customers that are processing personal data whether they are established in Europe or a global company operating in the European Economic Area. Raygun has appointed a Data Protection Officer where such appointment is required by Data Protection Laws and Regulations. Compliance Raygun will be implementing tools for administrators in your account settings to ensure they comply with GDPR and EU law before the legislation comes into effect on 25 May 2018. Raygun account owners will have the functionality to agree and sign the Data Processing Addendum between Raygun and your organization from within your account settings. 

All Raygun providers offer the ability to exclude specific and sensitive information before being sent for us to process. Some Raygun features allow you to send IP address information, email addresses, usernames and other custom data to assist with issue diagnosis. Raygun does not collect this information by default. 

Keywords: [“Data”,”Raygun”,”GDPR”]
Source: https://raygun.com/gdpr

GDPR News Center News for 10-12-2018

GDPR compliant? Here’s a handy five-step preparation checklist

There is no lack of content and information about General Data Protection Regulation out there, but most marketing professionals I spoke with about the regulation were confused about what GDPR is or how they should prepare their marketing programs, website, and data collection process before the enforcement date, May 25, 2018. Marketing departments are also often responsible for communicating with stakeholders after a data breach. Create a custom GDPR preparation checklist taking appropriate recommendations from the list below. The primary marketing data lead should work closely as part of a data governance team with the DPO to review and approve marketing campaigns with European contacts before execution. Document all the data collection channels and steps: Document all the channels from which the marketing department receives contact data such as events, website registrations, partners, sales, list purchases, etc. 

Create an age-verification process: GDPR requires parental consent to collect or process the personal data of children under the age of 16. If collecting personal data in person, such as at an event, for a testimonial video or at an in-store sign-up, ask for consent and include a check box or other field for the person to check or initial when the individual has agreed to be emailed. Then the IP address is covered under GDPR personal data. Constellation reminds marketers that the predecessor to GDPR, the EU Data Protection Directive, is still active and, under the threat of fines, it prohibits emailing individuals who previously unsubscribed. GDPR requires organizations to report data breaches no later than 72 hours after the organization becomes aware of the breach. 

Constellation advises CMOs to be proactive and design a data breach action plan as a precaution. The following are recommended best practices for marketers responding to a data breach. 

Keywords: [“data”,”GDPR”,”marketing”]
Source: https://www.zdnet.com/article/the-five-step-gdpr-preparation-checklist-for-marketing-organizations/

GDPR compliant? Here’s a handy five-step preparation checklist

There is no lack of content and information about General Data Protection Regulation out there, but most marketing professionals I spoke with about the regulation were confused about what GDPR is or how they should prepare their marketing programs, website, and data collection process before the enforcement date, May 25, 2018. Marketing departments are also often responsible for communicating with stakeholders after a data breach. Create a custom GDPR preparation checklist taking appropriate recommendations from the list below. The primary marketing data lead should work closely as part of a data governance team with the DPO to review and approve marketing campaigns with European contacts before execution. Document all the data collection channels and steps: Document all the channels from which the marketing department receives contact data such as events, website registrations, partners, sales, list purchases, etc. 

Create an age-verification process: GDPR requires parental consent to collect or process the personal data of children under the age of 16. If collecting personal data in person, such as at an event, for a testimonial video or at an in-store sign-up, ask for consent and include a check box or other field for the person to check or initial when the individual has agreed to be emailed. Then the IP address is covered under GDPR personal data. Constellation reminds marketers that the predecessor to GDPR, the EU Data Protection Directive, is still active and, under the threat of fines, it prohibits emailing individuals who previously unsubscribed. GDPR requires organizations to report data breaches no later than 72 hours after the organization becomes aware of the breach. 

Constellation advises CMOs to be proactive and design a data breach action plan as a precaution. The following are recommended best practices for marketers responding to a data breach. 

Keywords: [“data”,”GDPR”,”marketing”]
Source: https://www.zdnet.com/article/the-five-step-gdpr-preparation-checklist-for-marketing-organizations/

GDPR Compliance for 2018: It’s easier than you think

It’s the date that the European General Data Protection Regulation is set to go into effect. The new legislation is intended to offer consumers more protection for how businesses handle their personal data. Personal data also applies to any data that, when processed along with additional data or alone, could identify a specific individual. Who is a Data ControllerA natural or legal person or entity, who alone or with others, determines how personal data is, or will be, processed. Who is a Data ProcessorA natural or legal person or entity charged with the processing of personal data on behalf of a data controller. 

For the purposes of data you collected using ShortStack, you would be considered the data controller and ShortStack is the data processor. There may be other cases when you are working with individuals’ personal data in which case you would be the data processor. Individuals or businesses not located within the EU, but who are considered processors or controllers of the personal data of individuals located in the EU;. Individuals and businesses located in countries whose data protection laws are set to change alongside the GDPR – examples include the United Kingdom’s proposed Data Protection Bill, Switzerland’s updates to the Swiss Data Protection Act, and Norway’s new Personal Data Act;. You must provide individuals with information regarding how their data will be used. 

Under the GDPR, you are considered a Data Controller, while ShortStack is the Data Processor. For the most part, the GDPR only affects folks located within Europe or those processing the personal data of individuals located within Europe. While staying compliant with the GDPR is important if you are located within the EU or processing the personal data of individuals located in the EU, when you use ShortStack, it isn’t difficult to comply with the requirements. 

Keywords: [“Data”,”email”,”individual”]
Source: https://www.shortstack.com/blog/gdpr-compliance-its-easier-than-you-think/

GDPR News Center News for 10-11-2018

How to ensure GDPR compliance

We’re two months away from the huge new data regulation roll out. Coming into place on the 25th of May, 2018, it is the European Union’s revised regulation on personal data that will ensure that the privacy of EU citizens is protected in this ever advancing digital economy. GDPR compliance doesn’t just apply to EU businesses, it applies to any business that deals with personal data of EU citizens. Replacing the outdated Data Protection Directive, which has been in place since December 1995, the GDPR assures to protect citizens from the misuse of their personal information. The process of how to notice a loss or breach of data, and the steps to take to report it. 

Company-wide compliance is a team effort, so it is imperative for all staff members to fully understand the details of the GDPR, regardless whether or not they work directly with data. Data minimization is one of the specifications of the GDPR. It is to ensure that your business only holds and processes information that is absolutely necessary for duties to be carried out. Ensure your data controllers and processors are aware of the different laws in different member states. GDPR compliance involves adopting a privacy by design approach which includes undergoing a data protection impact assessment. 

Invest in a DPO. DPO stands for Data Protection Officer and it refers to individuals who are formally placed in a business to oversee protection strategies and to ensure compliance with the new requirements is in full swing. New regulation states that hiring a DPO is mandatory for businesses whose main activities involve monitoring of data subjects on a large scale, of special categories of data, or work with data relating to criminal convictions and offences. The purpose of the GDPR is to protect the privacy of EU citizens, and to create a harmonized data protection regulation throughout the continent. 

Keywords: [“data”,”GDPR”,”ensure”]
Source: https://zenkit.com/en/blog/how-to-ensure-gdpr-compliance/

Totara Learn 11 supports GDPR compliance

Totara Learning is pleased to announce the release of Totara Learn 11, a special interim release designed to help customers ensure their learning management platform supports their compliance with the EU General Data Protection Regulation before it becomes effective on 25th May 2018. Totara Learn 11 makes it easy for end users to understand what their data will be used for, who will have access to it, and provide consent to site policies regarding the usage of their personal data. With Totara Learn 11, administrators can create, publish and update multiple consent policies and track when end users have agreed to a particular version of a given policy. This makes it easier for administrators to monitor active policies and identify who may need to agree to a new policy version if circumstances change. This will also ensure that data handling and processing is transparent enough to abide by the new regulations, protecting organisations and end users alike. 

The new regulations give end users more control over the data they provide to organisations. All businesses inside and outside the EU that handle EU citizens’ personal data will need to comply with the new rules or risk legal action. Totara Learning has decided to release Totara Learn 11, which makes it easy to comply with the GDPR, earlier than its usual autumn release date. Other updates users can expect to see in Totara Learn 11 include many smaller theme improvements and bug fixes. Totara Learn 12 is scheduled for release in September, as per Totara Learn’s standard release schedule for major new versions of the software. 

To find out more about Totara Learn 11 and GDPR, take a look at the release notes and documentation here. There is also a new info sheet available here, and Wesley Holden will be presenting two webinars covering everything you need to know about Totara Learn 11, and partners can register for these here. 

Keywords: [“Totara”,”Learn”,”Data”]
Source: https://www.totaralms.com/about-us/news-events/totara-learn-11-supports-gdpr-compliance

Totara Learn 11 supports GDPR compliance

Totara Learning is pleased to announce the release of Totara Learn 11, a special interim release designed to help customers ensure their learning management platform supports their compliance with the EU General Data Protection Regulation before it becomes effective on 25th May 2018. Totara Learn 11 makes it easy for end users to understand what their data will be used for, who will have access to it, and provide consent to site policies regarding the usage of their personal data. With Totara Learn 11, administrators can create, publish and update multiple consent policies and track when end users have agreed to a particular version of a given policy. This makes it easier for administrators to monitor active policies and identify who may need to agree to a new policy version if circumstances change. This will also ensure that data handling and processing is transparent enough to abide by the new regulations, protecting organisations and end users alike. 

The new regulations give end users more control over the data they provide to organisations. All businesses inside and outside the EU that handle EU citizens’ personal data will need to comply with the new rules or risk legal action. Totara Learning has decided to release Totara Learn 11, which makes it easy to comply with the GDPR, earlier than its usual autumn release date. Other updates users can expect to see in Totara Learn 11 include many smaller theme improvements and bug fixes. Totara Learn 12 is scheduled for release in September, as per Totara Learn’s standard release schedule for major new versions of the software. 

To find out more about Totara Learn 11 and GDPR, take a look at the release notes and documentation here. There is also a new info sheet available here, and Wesley Holden will be presenting two webinars covering everything you need to know about Totara Learn 11, and partners can register for these here. 

Keywords: [“Totara”,”Learn”,”Data”]
Source: https://www.totaralms.com/about-us/news-events/totara-learn-11-supports-gdpr-compliance

GDPR News Center News for 10-10-2018

Mixpanel Help Center

Mixpanel strongly believes that customers should be able to control their data and trust that information is protected when stored in its servers. To support this, Mixpanel holds itself to strict data security and privacy standards, including compliance with the General Data Protection Regulation. Any Mixpanel account holder will be able to request an export of one’s own personal data, as well as the personal data of their own end-users. Our customers control what data is sent to Mixpanel, and may decide to halt the sending of personal data at any time. To the collection of one’s personal data, Mixpanel also has built dedicated methods for our client-side SDKs that can be used to opt end users out of tracking. 

Mixpanel collects information about how customers use the product, and uses this data to identify product gaps and improve existing products. See the information below for more details about the safeguards that Mixpanel puts in place to protect customer data. As processors of its customers’ data and to protect the privacy of information it stores, Mixpanel holds data no longer than is needed to provide its services. To further support this, Mixpanel is implementing a data retention policy starting May 25th:. Events received over 5 years ago are automatically deleted on an ongoing basis from all projects. 

Deleting a project through the Project Settings triggers a soft deletion, and the data in the deleted or reset project will remain stored in Mixpanel according to event and people data retention policies. Custom data retention windows can be set for people data by sending regular deletion requests to the Engage API. For more questions about setting custom data retention windows, contact our support team. Mixpanel has a dedicated Data Protection Officer, along with a team of privacy and security professionals dedicated to our compliance and to helping you maintain your compliance when using Mixpanel. 

Keywords: [“data”,”Mixpanel”,”customer”]
Source: https://help.mixpanel.com/hc/en-us/articles/360000345423-GDPR-Compliance

SiteGround is now GDPR Compliant

Over a year ago, SiteGround began the important task of preparing for the General Data Protection Regulation – a new law designed to protect the personal data and privacy of EU residents. The regulation aims to make personal data processing more transparent and to give people more control over their data. Our Data Processing Agreement, which regulates our responsibilities as a host, thus allowing our clients to have GDPR compliant sites themselves, if they need to. The first thing you need to know is that we collect the minimum data needed to provide our stellar service. To provide all services around your hosting account we share some of your data with external providers like domain registrars, SSL providers, and content delivery network providers. 

As a hosting provider we also have responsibilities as a data processor. This means that when our customers use our services to store any personal data on SiteGround servers, we are required by the GDPR to meet some criteria for handling this data too. The DPA puts in writing our obligation to access any data that our customers store on our servers only to the extent needed to provide our services and to make sure only employees that are directly involved with the provision of the service have access to it.3. Sometimes our partnering companies need access to the data uploaded on our servers so that we can provide our service. We provide access only to partners that have same or higher level of data protection as the one we guarantee you through our DPA.4. 

Our DPA responsibilities include timely disclosure by SiteGround, if a personal data breach is detected by us to have happened on the servers used by our clients. Also if SiteGround receives a request by an individual, using a website hosted on our servers, to exercise one of the personal data rights outlined in the GDPR, we’ll redirect them to the site owner. 

Keywords: [“Data”,”provide”,”GDPR”]
Source: https://www.siteground.com/blog/siteground-is-gdpr-compliant/

SiteGround is now GDPR Compliant

Over a year ago, SiteGround began the important task of preparing for the General Data Protection Regulation – a new law designed to protect the personal data and privacy of EU residents. The regulation aims to make personal data processing more transparent and to give people more control over their data. Our Data Processing Agreement, which regulates our responsibilities as a host, thus allowing our clients to have GDPR compliant sites themselves, if they need to. The first thing you need to know is that we collect the minimum data needed to provide our stellar service. To provide all services around your hosting account we share some of your data with external providers like domain registrars, SSL providers, and content delivery network providers. 

As a hosting provider we also have responsibilities as a data processor. This means that when our customers use our services to store any personal data on SiteGround servers, we are required by the GDPR to meet some criteria for handling this data too. The DPA puts in writing our obligation to access any data that our customers store on our servers only to the extent needed to provide our services and to make sure only employees that are directly involved with the provision of the service have access to it.3. Sometimes our partnering companies need access to the data uploaded on our servers so that we can provide our service. We provide access only to partners that have same or higher level of data protection as the one we guarantee you through our DPA.4. 

Our DPA responsibilities include timely disclosure by SiteGround, if a personal data breach is detected by us to have happened on the servers used by our clients. Also if SiteGround receives a request by an individual, using a website hosted on our servers, to exercise one of the personal data rights outlined in the GDPR, we’ll redirect them to the site owner. 

Keywords: [“Data”,”provide”,”GDPR”]
Source: https://www.siteground.com/blog/siteground-is-gdpr-compliant/

GDPR News Center News for 10-09-2018

GDPR, The Checklist For Compliance

With the General Data Protection Regulation arriving within weeks, businesses are now in the final sprint to achieve compliance before the May 25 deadline. As most people know by now, GDPR is a global data protection law passed by the European Union that shifts the ownership of customer data from the organizations that use it to the individual customer. This new regulation not only applies to European businesses that work with the customer data of EU citizens – it applies to any entities that work with said businesses as well, thus making GDPR a global data protection law. With Facebook’s recent misuse of its customer data, all eyes are on the proper protection of customers’ private information. Your data protection officer is your point person to ensure GDPR compliance. 

If your company stores personal data in permanent storage, you’ll need to perform a data protection impact assessment before each project that involves such personal data. Despite all of your preparations, data breaches will remain a substantial risk to not only your business and your compliance to GDPR but to the privacy and trust of your customers. In the event of a data breach, GDPR requires businesses to notify local data protection authorities of the breach within 72 hours of discovery. GDPR supports the data minimalization principle, requiring companies to only use and keep the personal data that is needed at any given time for any given purpose. Companies must then remove all traces of the customer data from its repositories, as well as any other repositories downstream where the data may have been shared and stored. 

While it will take more time than a few weeks to achieve full GDPR compliance, there is still time for companies to get started on the right foot with protecting their customer data for the long run. Now more than ever, the protection of customer data and privacy has global attention, and the world with GDPR will be a proving ground for companies to regain and maintain the trust of their customers. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.forbes.com/sites/forbestechcouncil/2018/06/04/gdpr-the-checklist-for-compliance/

Our GDPR Compliance Plan

All our customers need to agree to revised data protection terms to reflect the change from the Data Protection Act to General Data Protection Regulation. Where customers are processing personal data with GBG, as this is against third party data sources, we are asking our customers to advise us on the lawful processing condition for using our products/services. Consent is changing to be more explicit/transparent so at the point of data collection, the individual will need to be informed exactly how their data will be used and who it will be shared with. Consent can be selected by our customer who is asking us to process data on their behalf, as they will hold the first party consent and will have advised their consumer as to how their data will be processed in their privacy notice. Kate leads the Privacy and Data Compliance Team, where each Compliance Manager has a core focus on the products GBG deliver, helping embed data privacy into operations whilst also monitoring activity on an ongoing basis. 

We know what data we have, where it’s held, how we access it, the classification of the data, records for transfer and flow charts to show how it moves between systems, processes and countries. Due diligence prior to working with a third party is key to ensure data has been gathered lawfully, and to ensure any data we share will be secure. We have over 200 data partners globally, who need to comply with applicable data protection regulations. Depending on where the data partners is in the world, and what data they process, GDPR compliance may not be relevant. 33 states as data processor, GBG’s obligation is to notify data controllers without undue delay after becoming aware of it. We’re regularly audited by external third parties – our customers, our data partners and external bodies, such as IESB when reviewing our ISO27001 status or PCI:DSS compliance. 

We attend many conferences, webinars and are part of a compliance think tank with a number of businesses in the data industry. 

Keywords: [“data”,”customer”,”GBG”]
Source: https://www.gbgplc.com/our-gdpr-compliance-plan

Mixpanel Help Center

Mixpanel strongly believes that customers should be able to control their data and trust that information is protected when stored in its servers. To support this, Mixpanel holds itself to strict data security and privacy standards, including compliance with the General Data Protection Regulation. Any Mixpanel account holder will be able to request an export of one’s own personal data, as well as the personal data of their own end-users. Our customers control what data is sent to Mixpanel, and may decide to halt the sending of personal data at any time. To the collection of one’s personal data, Mixpanel also has built dedicated methods for our client-side SDKs that can be used to opt end users out of tracking. 

Mixpanel collects information about how customers use the product, and uses this data to identify product gaps and improve existing products. See the information below for more details about the safeguards that Mixpanel puts in place to protect customer data. As processors of its customers’ data and to protect the privacy of information it stores, Mixpanel holds data no longer than is needed to provide its services. To further support this, Mixpanel is implementing a data retention policy starting May 25th:. Events received over 5 years ago are automatically deleted on an ongoing basis from all projects. 

Deleting a project through the Project Settings triggers a soft deletion, and the data in the deleted or reset project will remain stored in Mixpanel according to event and people data retention policies. Custom data retention windows can be set for people data by sending regular deletion requests to the Engage API. For more questions about setting custom data retention windows, contact our support team. Mixpanel has a dedicated Data Protection Officer, along with a team of privacy and security professionals dedicated to our compliance and to helping you maintain your compliance when using Mixpanel. 

Keywords: [“data”,”Mixpanel”,”customer”]
Source: https://help.mixpanel.com/hc/en-us/articles/360000345423-GDPR-Compliance

GDPR News Center News for 10-08-2018

WP Engine & GDPR Compliance

WP Engine continually monitors developments in data security, privacy, and compliance around the globe, and we have invested considerable resources in preparing for EU Regulation 2016/679. We have always upheld the core privacy principles behind GDPR, as evidenced by our early adoption of the EU-US and Swiss-US Privacy Shield programs, and take very seriously the trust our customers place in us when they choose to store personal data on our platform. WP Engine will comply with GDPR’s requirements, both as a controller of our customers’ account data and a processor of the end-user personal data our customers store on our platform. In support of our customers’ compliance efforts, we have updated our terms to reflect the obligations we have as a processor under GDPR. These changes became effective May 10, 2018, and our DPA already applies to you by reference in your existing agreement. 

We encourage you to view this changelog and familiarize yourself with our terms to better understand how we support you and protect the security and privacy of your data. We also encourage our customers to begin assessing their own internal readiness if they haven’t already done so. The DPA applies to everyone, automatically, without the need to sign anything. If you are a WP Engine customer, you can log into the User Portal and access a pre-signed version of our DPA, which includes instructions for countersigning and returning the fully executed form to us. A: If you are a WP Engine customer, you can log into the User Portal and access our sub-processor list here. 

Note that not all vendors are applicable for every customer; whether a particular vendor applies to you depends on the services and features that you elect to use on our platform and the means by which you choose to communicate with us. If you have any specific questions about your service, please contact our Support team. We may update this list from time to time, as our business or our services evolve, so please check back regularly for updates. 

Keywords: [“customer”,”DPA”,”data”]
Source: https://wpengine.com/support/gdpr-compliance/

WP Engine & GDPR Compliance

WP Engine continually monitors developments in data security, privacy, and compliance around the globe, and we have invested considerable resources in preparing for EU Regulation 2016/679. We have always upheld the core privacy principles behind GDPR, as evidenced by our early adoption of the EU-US and Swiss-US Privacy Shield programs, and take very seriously the trust our customers place in us when they choose to store personal data on our platform. WP Engine will comply with GDPR’s requirements, both as a controller of our customers’ account data and a processor of the end-user personal data our customers store on our platform. In support of our customers’ compliance efforts, we have updated our terms to reflect the obligations we have as a processor under GDPR. These changes became effective May 10, 2018, and our DPA already applies to you by reference in your existing agreement. 

We encourage you to view this changelog and familiarize yourself with our terms to better understand how we support you and protect the security and privacy of your data. We also encourage our customers to begin assessing their own internal readiness if they haven’t already done so. The DPA applies to everyone, automatically, without the need to sign anything. If you are a WP Engine customer, you can log into the User Portal and access a pre-signed version of our DPA, which includes instructions for countersigning and returning the fully executed form to us. A: If you are a WP Engine customer, you can log into the User Portal and access our sub-processor list here. 

Note that not all vendors are applicable for every customer; whether a particular vendor applies to you depends on the services and features that you elect to use on our platform and the means by which you choose to communicate with us. If you have any specific questions about your service, please contact our Support team. We may update this list from time to time, as our business or our services evolve, so please check back regularly for updates. 

Keywords: [“customer”,”DPA”,”data”]
Source: https://wpengine.com/support/gdpr-compliance/

GDPR, The Checklist For Compliance

With the General Data Protection Regulation arriving within weeks, businesses are now in the final sprint to achieve compliance before the May 25 deadline. As most people know by now, GDPR is a global data protection law passed by the European Union that shifts the ownership of customer data from the organizations that use it to the individual customer. This new regulation not only applies to European businesses that work with the customer data of EU citizens – it applies to any entities that work with said businesses as well, thus making GDPR a global data protection law. With Facebook’s recent misuse of its customer data, all eyes are on the proper protection of customers’ private information. Your data protection officer is your point person to ensure GDPR compliance. 

If your company stores personal data in permanent storage, you’ll need to perform a data protection impact assessment before each project that involves such personal data. Despite all of your preparations, data breaches will remain a substantial risk to not only your business and your compliance to GDPR but to the privacy and trust of your customers. In the event of a data breach, GDPR requires businesses to notify local data protection authorities of the breach within 72 hours of discovery. GDPR supports the data minimalization principle, requiring companies to only use and keep the personal data that is needed at any given time for any given purpose. Companies must then remove all traces of the customer data from its repositories, as well as any other repositories downstream where the data may have been shared and stored. 

While it will take more time than a few weeks to achieve full GDPR compliance, there is still time for companies to get started on the right foot with protecting their customer data for the long run. Now more than ever, the protection of customer data and privacy has global attention, and the world with GDPR will be a proving ground for companies to regain and maintain the trust of their customers. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.forbes.com/sites/forbestechcouncil/2018/06/04/gdpr-the-checklist-for-compliance/

GDPR News Center News for 10-07-2018

Code42 and GDPR compliance

The General Data Protection Regulation is a regulation enacted to strengthen data privacy for all individuals within the European Union. All organizations that process personal data of individuals in the EU are required to comply with GDPR. Code42 users have substantial amounts of business-critical data on their devices, often including personal data. Data Processing Addendum Code42’s Master Services Agreement incorporates a Data Processing Addendum that provides contractual commitments Code42 customers need to meet their GDPR requirements. Code42’s compliance with GDPR. 

GDPR sets forth baseline data-protection requirements for organizations that process and move the personal data of individuals in the EU. Organizations subject to GDPR must ensure that any service providers, such as Code42, that process personal information of EU individuals, meet specific requirements. Transfers personal data outside the EU only if there is a lawful transfer mechanism in place with the organization receiving the data. It is your responsibility to develop the plan, methods, and procedures you will follow to be in compliance with GDPR. Data protection and recovery features. 

The following Code42 features enable data protection and recovery. Every file in user directories on all devices are backed up every 15 minutes or 30 minutes by default per file retention settings, allowing for robust data recovery. All data transferred to Code42 is encrypted at rest and in transit and is not processed by Code42 for any purpose other than as agreed upon for the provision of our products and services. Code42 allows users to recover their files in the event of data loss arising from events such as a stolen device or ransomware. The following Code42 features provide your compliance officer with information about the data retained and allow your organization to comply with reporting requirements in the event of a data breach. 

Use Code42’s reporting features as part of your analysis and required reporting in the event of data breaches. 

Keywords: [“Data”,”Code42″,”GDPR”]
Source: https://support.code42.com/Terms_and_conditions/Compliance_resources/Code42_and_GDPR_compliance

Code42 and GDPR compliance

The General Data Protection Regulation is a regulation enacted to strengthen data privacy for all individuals within the European Union. All organizations that process personal data of individuals in the EU are required to comply with GDPR. Code42 users have substantial amounts of business-critical data on their devices, often including personal data. Data Processing Addendum Code42’s Master Services Agreement incorporates a Data Processing Addendum that provides contractual commitments Code42 customers need to meet their GDPR requirements. Code42’s compliance with GDPR. 

GDPR sets forth baseline data-protection requirements for organizations that process and move the personal data of individuals in the EU. Organizations subject to GDPR must ensure that any service providers, such as Code42, that process personal information of EU individuals, meet specific requirements. Transfers personal data outside the EU only if there is a lawful transfer mechanism in place with the organization receiving the data. It is your responsibility to develop the plan, methods, and procedures you will follow to be in compliance with GDPR. Data protection and recovery features. 

The following Code42 features enable data protection and recovery. Every file in user directories on all devices are backed up every 15 minutes or 30 minutes by default per file retention settings, allowing for robust data recovery. All data transferred to Code42 is encrypted at rest and in transit and is not processed by Code42 for any purpose other than as agreed upon for the provision of our products and services. Code42 allows users to recover their files in the event of data loss arising from events such as a stolen device or ransomware. The following Code42 features provide your compliance officer with information about the data retained and allow your organization to comply with reporting requirements in the event of a data breach. 

Use Code42’s reporting features as part of your analysis and required reporting in the event of data breaches. 

Keywords: [“Data”,”Code42″,”GDPR”]
Source: https://support.code42.com/Terms_and_conditions/Compliance_resources/Code42_and_GDPR_compliance

How to ensure GDPR compliance

Coming into place on the 25th of May, 2018, it is the European Union’s revised regulation on personal data that will ensure that the privacy of EU citizens is protected in this ever advancing digital economy. GDPR compliance doesn’t just apply to EU businesses, it applies to any business that deals with personal data of EU citizens. Replacing the outdated Data Protection Directive, which has been in place since December 1995, the GDPR assures to protect citizens from the misuse of their personal information. The process of how to notice a loss or breach of data, and the steps to take to report it. Company-wide compliance is a team effort, so it is imperative for all staff members to fully understand the details of the GDPR, regardless whether or not they work directly with data. 

Provide training and information - which can be found on the General Data Protection Regulation PDF - and ensure your staff members are aware of the risks and consequences if the requirements are not met. Data minimization is one of the specifications of the GDPR. It is to ensure that your business only holds and processes information that is absolutely necessary for duties to be carried out. Ensure your data controllers and processors are aware of the different laws in different member states. GDPR compliance involves adopting a privacy by design approach which includes undergoing a data protection impact assessment. 

Invest in a DPO. DPO stands for Data Protection Officer and it refers to individuals who are formally placed in a business to oversee protection strategies and to ensure compliance with the new requirements is in full swing. New regulation states that hiring a DPO is mandatory for businesses whose main activities involve monitoring of data subjects on a large scale, of special categories of data, or work with data relating to criminal convictions and offences. The purpose of the GDPR is to protect the privacy of EU citizens, and to create a harmonized data protection regulation throughout the continent. 

Keywords: [“data”,”GDPR”,”ensure”]
Source: https://zenkit.com/en/blog/how-to-ensure-gdpr-compliance/

GDPR News Center News for 10-06-2018

GDPR compliance deadline is approaching: 10 things to do right away

Under the GDPR and other data protection and privacy laws, personal data should be treated as the most precious asset owned by the enterprise. Businesses should hold training sessions to explain the details of GDPR compliance to make sure every employee is aware of their role in protecting data throughout the organization. A typical GDPR policy will establish procedures and protocols limiting access to personal data, set consent standards, and provide for practical procedures regarding the data subject’s right to access and, if requested, delete their personal data. Besides creating a foundation for GDPR specifically, enterprises should also develop and implement a full set of policies regarding data security. Policies dealing with intrusion detection, data classification, privacy protection, password management, auditing and logging, and encryption, just to name a few, should all be developed in support of an overall GDPR compliance policy. 

One of the major provisions of the GDPR is the concept of acquiring clear consent to use personal data from the data subjects themselves. While the GDPR requires policies and procedures that establish enterprise-wide data security, there are also specific provisions of the regulation that require organizations to provide data subjects with access to their data. If your enterprise does not currently provide these mechanisms for all data subjects, it is not in compliance with the GDPR and is subject to fines and penalties. To establish compliance with the GDPR, enterprises should implement procedures that require these steps and retrain personnel to include data protection in all development processes. SEE: Hiring kit: GDPR data protection compliance officer. 

The GDPR requires enterprises to perform Data Protection Impact Assessments for any new processing or changes to processing deemed to represent a high risk to the privacy and protection of personal data. The documentation of this auditing procedure could reveal areas of data privacy and protection vulnerability and advance the enterprise toward the goal of GDPR compliance. 

Keywords: [“data”,”GDPR”,”enterprise”]
Source: https://www.techrepublic.com/article/gdpr-compliance-deadline-is-approaching-10-things-to-do-right-away/

Our GDPR Commitment

With massively destructive data breaches hitting companies and even governments on a seemingly regular basis, sophisticated uses of personal data, and our on-demand data-driven way of life – the ability to process data and keep it private is critical. To ensure SurveyGizmo is responsibly processing data, our customers will have 24/7/365 access to a standard Data Processing Addendum as it becomes available. Company-wide GDPR training will take place before the May 25 deadline, ensuring all Gizmos are familiar with the regulation and our ongoing commitment to protecting data. Our data center in Germany signifies our invested partnership with our European-based clients, and allows us to keep EU data within the EU, eliminating many risks associated with transcontinental data transfers. With some of the strictest data privacy laws in all of the EU, Germany was quickly decided to be the home of our EU Data Center. 

Customers can exercise all or any of their individual rights under GDPR. As a SurveyGizmo customer, you can request any or all of their GDPR individual rights on your data through multiple systems and processes – via phone, email, or through our main website. Individuals have the right to access their personal data and supplementary information. Individuals have the right to object to: Data processing based on legitimate interested or the performance of a task in the public interest/exercise of official authority; Direct marketing;and Data processing for purpose of scientific/historical research and statistics. A data controller is a person who determine the purposes for which and the manner in which any personal data are, or are to be processed. 

In relation to personal data, a data processor is any person who processes the data on behalf of the data controller. A subprocessor can process personal data on behalf of the data exporter and is often a third-party. Disclosure of the information or data by transmission, dissemination or otherwise making available, or Alignment, combination, blocking, erasure or destruction of the information or data. 

Keywords: [“data”,”individual”,”SurveyGizmo”]
Source: https://www.surveygizmo.com/resources/blog/gdpr-commitment

Our GDPR Commitment

With massively destructive data breaches hitting companies and even governments on a seemingly regular basis, sophisticated uses of personal data, and our on-demand data-driven way of life – the ability to process data and keep it private is critical. To ensure SurveyGizmo is responsibly processing data, our customers will have 24/7/365 access to a standard Data Processing Addendum as it becomes available. Company-wide GDPR training will take place before the May 25 deadline, ensuring all Gizmos are familiar with the regulation and our ongoing commitment to protecting data. Our data center in Germany signifies our invested partnership with our European-based clients, and allows us to keep EU data within the EU, eliminating many risks associated with transcontinental data transfers. With some of the strictest data privacy laws in all of the EU, Germany was quickly decided to be the home of our EU Data Center. 

Customers can exercise all or any of their individual rights under GDPR. As a SurveyGizmo customer, you can request any or all of their GDPR individual rights on your data through multiple systems and processes – via phone, email, or through our main website. Individuals have the right to access their personal data and supplementary information. Individuals have the right to object to: Data processing based on legitimate interested or the performance of a task in the public interest/exercise of official authority; Direct marketing;and Data processing for purpose of scientific/historical research and statistics. A data controller is a person who determine the purposes for which and the manner in which any personal data are, or are to be processed. 

In relation to personal data, a data processor is any person who processes the data on behalf of the data controller. A subprocessor can process personal data on behalf of the data exporter and is often a third-party. Disclosure of the information or data by transmission, dissemination or otherwise making available, or Alignment, combination, blocking, erasure or destruction of the information or data. 

Keywords: [“data”,”individual”,”SurveyGizmo”]
Source: https://www.surveygizmo.com/resources/blog/gdpr-commitment