GDPR News Center News for 10-22-2018

Working toward GDPR compliance

Compliance doesn’t have to be a scary word – even when facing the multifaceted challenges of meeting the European Union’s May 2018 deadline for its General Data Protection Regulation. SAS conducted a global GDPR survey among 340 business executives from multiple industries. Based on the results of that survey, this e-book delves into the biggest opportunities and challenges organizations face on the road to GDPR compliance. How to get started on the best path to compliance, based on advice from industry experts. How to turn this compliance challenge into a competitive advantage. 

How your peers are preparing across a variety of industries. An end-to-end approach that can help guide your journey to GDPR compliance. 

Keywords: [“Compliance”,”How”,”industry”]
Source: https://www.sas.com/en_us/whitepapers/gdpr-compliance-109048.html

IAB Europe’s GDPR Compliance Primer

The GDPR Compliance Primer has been prepared by the members of the IAB Europe GDPR Implementation Working Group, under the leadership of Improve Digital. The purpose of the GDPR Compliance Primer is to give companies a guide to navigating the first steps required for GDPR Compliance, and to make Members of IAB Europe aware of the scale and consequences of figuring out compliance with the GDPR. The GDPR Compliance Primer is an evolving document, and may be subject to change in case of major developments of public authorities or the work of IAB Europe’s GDPR Implementation Working Group. The current version is Version 1.0, published on 22 May 2017. 

Keywords: [“GDPR”,”Compliance”,”work”]
Source: https://www.iabeurope.eu/policy/iab-europes-gdpr-compliance-primer/

Amazon Web Services

The European Union’s General Data Protection Regulation protects European Union data subjects’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance. In addition to our own compliance, AWS is committed to offering services and resources to our customers to help them comply with GDPR requirements that may apply to their activities. New features are launched regularly, and AWS has 500+ features and services focused on security and compliance. 

Keywords: [“Data”,”compliance”,”Protection”]
Source: https://aws.amazon.com/compliance/gdpr-center/

Amazon Web Services

The European Union’s General Data Protection Regulation protects European Union data subjects’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance. In addition to our own compliance, AWS is committed to offering services and resources to our customers to help them comply with GDPR requirements that may apply to their activities. New features are launched regularly, and AWS has 500+ features and services focused on security and compliance. 

Keywords: [“Data”,”compliance”,”Protection”]
Source: https://aws.amazon.com/compliance/gdpr-center/

General Data Protection Regulation Resources from Kaseya

The General Data Protection Regulation is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. It also addresses the export of personal data outside the EU. Personal data is any information related to a person that can be used to identify the person, including a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. 

Keywords: [“European”,”Data”,”address”]
Source: https://www.kaseya.com/resources/gdpr

From Restaurants to Insurers, the Race to Comply With New GDPR Privacy Rules

As Europe’s new privacy law, known as GDPR, is set to take effect Friday, the focus has been on expected battles with technology giants such as Facebook Inc. and Alphabet Inc.’s Google. The new General Data Protection Regulation is forcing hundreds of thousands of companies-multinationals such as Mastercard Inc. and insurer Allianz SE, but also small manufacturers and even restaurants-to change how they gather and handle information about Europeans, even if the companies have no physical….. 

Keywords: [“Inc.”,”even”,”such”]
Source: https://www.wsj.com/articles/gdpr-has-companies-big-and-small-racing-to-comply-1527154200

GDPR Ready Solutions

ZL GDPR Ready Solutions offer a versatile set of data management functions to enable centralized control over enterprise personal data. Leveraging powerful search, remediation, and management capabilities, ZL Tech offers a solid foundation for GDPR compliance over high risk systems such as file shares, SharePoint, and email, which often contain ungoverned personal data. With GDPR fines up to 4% of global revenue effective May 18, it’s time to take the first step in managing personal data. 

Keywords: [“data”,”personal”,”GDPR”]
Source: http://www.zlti.com/gdpr-solutions

GDPR Ready Solutions

ZL GDPR Ready Solutions offer a versatile set of data management functions to enable centralized control over enterprise personal data. Leveraging powerful search, remediation, and management capabilities, ZL Tech offers a solid foundation for GDPR compliance over high risk systems such as file shares, SharePoint, and email, which often contain ungoverned personal data. With GDPR fines up to 4% of global revenue effective May 18, it’s time to take the first step in managing personal data. 

Keywords: [“data”,”personal”,”GDPR”]
Source: http://www.zlti.com/gdpr-solutions

GDPR & Beyond

On 25 May 2018, the European Union will officially enact the General Data Protection Regulation, which will have a transformative effect on how companies manage and secure personal data. The GDPR directive marks the biggest change to EU data privacy laws in more than 20 years and yet few enterprises are prepared to adapt and comply. GDPR & Beyond is your regulation-specific online resource for understanding the GDPR legislation, and how it impacts your business. 

Keywords: [“Data”,”GDPR”,”how”]
Source: https://www.gdprandbeyond.com/

General Data Protection Regulation

The regulation ecompasses steps to be taken in all areas of protecting an individual’s privacy – setting up security mechanisms, compliance, repercussions of breach and more. Non-compliance beyond the enforcement date, is liable to attract heavy penalties. Committed to protecting our customers personal data, Freshworks is here to help customers and end-users understand significance of the GDPR, its requirements and our allegiance to comply by global standards. 

Keywords: [“protecting”,”customers”]
Source: https://www.freshworks.com/privacy/gdpr/

GDPR News Center News for 10-21-2018

What do you do about General Data Protection Regulation?

We have adjusted our Terms of service to reflect this. Privacy and security are critical to everything we do. Mapping of security & privacy measures – Done CAIQ. Data store mapping – Done. Storage of customer’s DPO and security contacts – Done. 

Notification of customers about changes in conditions and DPA – Done. Algolia is also SOC2 Type 2 audited organization and complies with all the Security, Availability and Confidentiality requirements. We value your privacy, and we’ll do everything we can to protect it. Find out how to delete your personal data or how to delete your user’s data. Your data primarily stays in regions where you decide your data to reside. 

Logs of search queries and operations can be processed outside of the EU but always stay in a system respecting privacy and security. We comply with GDPR with our Community/Free plans as well. 

Keywords: [“Data”,”security”,”service”]
Source: https://www.algolia.com/doc/faq/security-privacy/gdpr/

Accellion Secure File Sharing Platform

Businesses must be able to find their European customers’ personally identifiable information and show who has access to the data, what they’re doing with it, and who they’re sharing it with to achieve GDPR compliance. The Accellion secure file sharing and governance platform provides this level of visibility and control to help businesses demonstrate GDPR compliance. Encryption key ownership – you decide when to rotate. Audit trail to connected on-prem and cloud content sources. Detailed reports allow for data analysis down to the file level. 

Full traceability of all content right up to delivery. Know and demonstrate which files have passed or failed AV, DLP and ATP scans. Comprehensive audit logs show data has been delivered and/or deleted. Automatically remove content upon project completion. 

Keywords: [“content”,”file”,”data”]
Source: https://www.accellion.com/platform/governance/gdpr-compliance/

GDPR Compliance

Inform: Review your vendor list and get comfortable with how data flows across your business, what type of personal data you collect and who has access. If JotForm is one of your vendors, and you have determined that you need a DPA in place with Jotfrom, our GDPR compliant DPA is available for download and signature at the link above. Assess: Undertake a risk assessment within your business and identify any gaps that need to be filled in order to meet GDPR compliance. Plan: Get in touch with us to understand how our products can help meet your compliance needs, and develop an action plan that is mindful of the May 25, 2018 deadline. Act: Implement your GDPR compliance program and make GDPR compliance an ongoing discipline. 

Keywords: [“compliance”,”GDPR”,”need”]
Source: https://www.jotform.com/gdpr-compliance/

GDPR Compliance

Inform: Review your vendor list and get comfortable with how data flows across your business, what type of personal data you collect and who has access. If JotForm is one of your vendors, and you have determined that you need a DPA in place with Jotfrom, our GDPR compliant DPA is available for download and signature at the link above. Assess: Undertake a risk assessment within your business and identify any gaps that need to be filled in order to meet GDPR compliance. Plan: Get in touch with us to understand how our products can help meet your compliance needs, and develop an action plan that is mindful of the May 25, 2018 deadline. Act: Implement your GDPR compliance program and make GDPR compliance an ongoing discipline. 

Keywords: [“compliance”,”GDPR”,”need”]
Source: https://www.jotform.com/gdpr-compliance/

How the Next-Generation Security Platform Contributes to GDPR Compliance

The General Data Protection Regulation is the European Union’s forthcoming personal data protection law. In May 2018, the GDPR will replace the 1995 Data Protection Directive, significantly changing the rules surrounding protection of personal data of EU residents. The Palo Alto Networks Next-Generation Security Platform can help with organisations’ security and data protection efforts related to GDPR compliance by assisting in securing personal data at the application, network and endpoint level, as well as in the cloud. It can also assist in understanding what data was compromised in the unfortunate instance of a breach, but first and foremost it will help organisations prevent data breaches from happening at all. 

Keywords: [“Data”,”Protection”,”personal”]
Source: https://www.paloaltonetworks.com/resources/whitepapers/gdpr-compliance-next-generation-security-platform

How the Next-Generation Security Platform Contributes to GDPR Compliance

The General Data Protection Regulation is the European Union’s forthcoming personal data protection law. In May 2018, the GDPR will replace the 1995 Data Protection Directive, significantly changing the rules surrounding protection of personal data of EU residents. The Palo Alto Networks Next-Generation Security Platform can help with organisations’ security and data protection efforts related to GDPR compliance by assisting in securing personal data at the application, network and endpoint level, as well as in the cloud. It can also assist in understanding what data was compromised in the unfortunate instance of a breach, but first and foremost it will help organisations prevent data breaches from happening at all. 

Keywords: [“Data”,”Protection”,”personal”]
Source: https://www.paloaltonetworks.com/resources/whitepapers/gdpr-compliance-next-generation-security-platform

Working toward GDPR compliance

Compliance doesn’t have to be a scary word – even when facing the multifaceted challenges of meeting the European Union’s May 2018 deadline for its General Data Protection Regulation. SAS conducted a global GDPR survey among 340 business executives from multiple industries. Based on the results of that survey, this e-book delves into the biggest opportunities and challenges organizations face on the road to GDPR compliance. How to get started on the best path to compliance, based on advice from industry experts. How to turn this compliance challenge into a competitive advantage. 

How your peers are preparing across a variety of industries. An end-to-end approach that can help guide your journey to GDPR compliance. 

Keywords: [“Compliance”,”How”,”industry”]
Source: https://www.sas.com/en_us/whitepapers/gdpr-compliance-109048.html

GDPR News Center News for 10-20-2018

Basecamp GDPR compliance

If you’re based in the EU or do business in the EU, yeah! GDPR has a long reach. If you have any EU personal data in your Basecamp account, such as names, email addresses, ID numbers, or anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including Basecamp. These agreements are commonly called a Data Processing Addendum, or DPA. 

Data Processing Addendum. Contracts required! Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed. Basecamp participates in the EU-US and Swiss-US Privacy Shield Framework to safeguard the transfer of personal data to the US, meeting the GDPR requirement for adequate data protection laws. 

Basecamp uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, and require the same of them. 

Keywords: [“data”,”processed”,”GDPR”]
Source: https://basecamp.com/about/policies/privacy/gdpr

Basecamp GDPR compliance

If you’re based in the EU or do business in the EU, yeah! GDPR has a long reach. If you have any EU personal data in your Basecamp account, such as names, email addresses, ID numbers, or anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including Basecamp. These agreements are commonly called a Data Processing Addendum, or DPA. 

Data Processing Addendum. Contracts required! Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed. Basecamp participates in the EU-US and Swiss-US Privacy Shield Framework to safeguard the transfer of personal data to the US, meeting the GDPR requirement for adequate data protection laws. 

Basecamp uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, and require the same of them. 

Keywords: [“data”,”processed”,”GDPR”]
Source: https://basecamp.com/about/policies/privacy/gdpr

WP GDPR Compliance

Release date: July 6th, 2018* Added the ability to add required ‘Consents’. These Consents will always be triggered on page load.* Added ‘Privacy’ column to the WooCommerce order overview. Added the ability to change the message of the required asterisk elements. Added the ability to remove ‘Consents’ via the admin panel. Added confirmation mails sent after processing a anonymise request. 

Added mail sent to the admin when a new request is created. Release date: May 8th, 2018* Added a button to retry creating database tables required by the request user data functionality. Release date: May 7th, 2018* Added the request user data page. Added countdown to GDPR deadline* Added ability to add custom error messages to Contact Form 7 and Gravity Forms. Added ability to add HTML tags to the texts and error messages. 

Added minimum supported version for Contact Form 7* Added minimum supported version for Gravity Forms* Added minimum supported version for WooCommerce* Delete all data created by the plugin after deactivating integrations or uninstalling the plugin. Release date: January 19th, 2018* Added default error message. 

Keywords: [“Added”,”2018″,”Release”]
Source: https://wordpress.org/plugins/wp-gdpr-compliance/

WP GDPR Compliance

Release date: July 6th, 2018* Added the ability to add required ‘Consents’. These Consents will always be triggered on page load.* Added ‘Privacy’ column to the WooCommerce order overview. Added the ability to change the message of the required asterisk elements. Added the ability to remove ‘Consents’ via the admin panel. Added confirmation mails sent after processing a anonymise request. 

Added mail sent to the admin when a new request is created. Release date: May 8th, 2018* Added a button to retry creating database tables required by the request user data functionality. Release date: May 7th, 2018* Added the request user data page. Added countdown to GDPR deadline* Added ability to add custom error messages to Contact Form 7 and Gravity Forms. Added ability to add HTML tags to the texts and error messages. 

Added minimum supported version for Contact Form 7* Added minimum supported version for Gravity Forms* Added minimum supported version for WooCommerce* Delete all data created by the plugin after deactivating integrations or uninstalling the plugin. Release date: January 19th, 2018* Added default error message. 

Keywords: [“Added”,”2018″,”Release”]
Source: https://wordpress.org/plugins/wp-gdpr-compliance/

GDPR Compliance – Nextcloud

Email or public cloud solutions do not provide much security for sensitive data. Encryption is complicated and cumbersome to use, reducing the real benefits due to employees working around them or making mistakes. Keeping data on your own infrastructure means you stay in control. Only then can you show your customers exactly where their sensitive documents are. Regulators can be certain that non-compliance with proper process is minimized. 

Most consumer-grade solutions like Dropbox or Office 365 were not designed with privacy regulations and security concerns in mind, mixing data from consumers and businesses, spread out in data centers across the globe. Rather than trying to work around their limitations, Nextcloud Files provides a security-first solution which puts you in complete control over the location and access policies of data with a private cloud solution. 

Keywords: [“data”,”solution”,”control”]
Source: https://nextcloud.com/gdpr/

GDPR News Center News for 10-19-2018

10 steps to GDPR compliance: How prepared are you? – IT Governance Blog

The EU General Data Protection Regulation takes effect in less than eight months, so now is a good time to review the steps you’ve taken to achieve compliance and what you still need to do. You can base that review on the Data Protection Commissioner’s compliance checklist, which is summarised here and outlines what organisations need to do before the 25 May 2018 deadline. Everyone else in the organisation responsible for regulatory compliance and data processing will also need to understand their obligations. Data subjects have a number of rights pertaining to the way organisations collect and hold their data. You’re not the only one who needs to know about data subjects’ rights. 

Organisations need to prove that they have a legal ground to process data. Organisations should learn when these grounds can be sought and adjust their data collection policies appropriately. The GDPR states that a data protection officer should oversee an organisation’s data protection strategies and compliance programme. One of the biggest challenges that the GDPR presents to organisations is its data breach notification requirements. Organisations must report data breaches to their supervisory authority within 72 hours of discovery, and provide them with as much detail as possible. 

Organisations should adopt a privacy-by-design approach to data protection. Each presentation covers a different aspect of the Regulation, such as data flow mapping, risk assessments and data protection by design. 

Keywords: [“Data”,”organisation”,”GDPR”]
Source: https://www.itgovernance.eu/blog/en/10-steps-to-gdpr-compliance-how-prepared-are-you

Canva Help Center

The GDPR is a standardized user data protection framework which operates across Europe and imposes obligations on organizations, like Canva, that handle the personal data of people in the European Economic Area. This page briefly explains what Canva is doing to work towards GDPR compliance. To identify the information that we collect about our users, how we use that information and keep it safe. If you continue to use Canva after we introduce these updates, it means you agree to this new policy. Second, we recognize that it’s important for you to control your information so we are investing in features that will help you to easily manage and access some of your information within Canva. 

We will provide more information on these features as they become available. Third, since we use some third-party suppliers to make Canva available, we are reviewing and negotiating these contracts with a view to ensuring that they comply with applicable laws, including GDPR. Where amendments to these agreements are required we are entering into Data Processing Agreements with our suppliers. Fourth, we recognize that protection of your data involves us so we are improving our internal controls around employee access to data and data security incidents. None of these steps are likely to impact the way you use Canva day to day – you and all our many users will remain free to design anything and publish anywhere! 

Keywords: [“Canva”,”data”,”information”]
Source: https://support.canva.com/legal/privacy/gdpr-compliance/

Canva Help Center

The GDPR is a standardized user data protection framework which operates across Europe and imposes obligations on organizations, like Canva, that handle the personal data of people in the European Economic Area. This page briefly explains what Canva is doing to work towards GDPR compliance. To identify the information that we collect about our users, how we use that information and keep it safe. If you continue to use Canva after we introduce these updates, it means you agree to this new policy. Second, we recognize that it’s important for you to control your information so we are investing in features that will help you to easily manage and access some of your information within Canva. 

We will provide more information on these features as they become available. Third, since we use some third-party suppliers to make Canva available, we are reviewing and negotiating these contracts with a view to ensuring that they comply with applicable laws, including GDPR. Where amendments to these agreements are required we are entering into Data Processing Agreements with our suppliers. Fourth, we recognize that protection of your data involves us so we are improving our internal controls around employee access to data and data security incidents. None of these steps are likely to impact the way you use Canva day to day – you and all our many users will remain free to design anything and publish anywhere! 

Keywords: [“Canva”,”data”,”information”]
Source: https://support.canva.com/legal/privacy/gdpr-compliance/

GDPR Compliance Solutions & Services

The primary objectives of the GDPR are to give people more control over their personal data, to help protect personal data from the risk of loss, and to unify regulatory privacy and data requirements within the EU. It is vital that any organization who conducts business in the EU understands the overall design of the GDPR and why preparing their technology and processes now for this new legislation is so critical. Today’s technology is much different than it was 20 years ago. No one could have predicted how the Internet, smartphones and the widespread use of social media applications such as Facebook and Twitter could have global implications. As a Regulation, the GDPR enacts a uniform data security law across the EU. 

Each EU country will no longer need to pass their own legislation for data security; the GDPR will be the guiding law. EU countries can still regulate certain types of data such as health data. If you are currently doing business in the EU, you may already have privacy processes and procedures in place. To ensure that your business is GDPR compliant, it is essential that you review your consent policies and procedures to verify that these meet the new higher standards. PossibleNOW and our sister company, CompliancePoint, can help you determine your preparedness and then recommend appropriate solutions and services. 

Keywords: [“Data”,”GDPR”,”Regulation”]
Source: https://www.possiblenow.com/gdpr-compliance-solutions-services

GDPR News Center News for 10-18-2018

Chargebee’s GDPR Commitment

The EU’s General Data Protection Regulation was a much-needed push to bring them to the center. The core of Chargebee’s internal operations underpins protecting the personal data of our customers. Create a data retention policy and have an automated process in place to adhere to the same – Completed. Chargebee recognizes its responsibilities as a data controller towards its customers. Detailed out below are all the steps we have taken towards fulfilling all legal obligations under GDPR, as a data controller. 

Data Categorization and Analysis We have carried out a detailed data mapping exercise to track the flow of personal data through our systems. Data Retention We have established an automated data retention mechanism. The only data retained by us will be that which is needed from a compliance and legal standpoint, like invoices, subscription information, audit logs, etc… This is a conscious effort on our part to avoid storing and processing any customer data beyond the necessary period. We have a data processing addendum for our customers, that incorporates our GDPR principles. 

In addition to making Chargebee GDPR compliant, we wanted to help our customers leverage Chargebee to become GDPR compliant as well, without having to break a sweat. We have charted out a plan that will help merchants handle their customers’ PII data when a customer cancels their subscription with the merchant. While this is only the first step towards our commitment to help you handle the requirements of data privacy and protection, we are continuing to explore other features in the context of GDPR and data security. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.chargebee.com/security/gdpr

Chargebee’s GDPR Commitment

The EU’s General Data Protection Regulation was a much-needed push to bring them to the center. The core of Chargebee’s internal operations underpins protecting the personal data of our customers. Create a data retention policy and have an automated process in place to adhere to the same – Completed. Chargebee recognizes its responsibilities as a data controller towards its customers. Detailed out below are all the steps we have taken towards fulfilling all legal obligations under GDPR, as a data controller. 

Data Categorization and Analysis We have carried out a detailed data mapping exercise to track the flow of personal data through our systems. Data Retention We have established an automated data retention mechanism. The only data retained by us will be that which is needed from a compliance and legal standpoint, like invoices, subscription information, audit logs, etc… This is a conscious effort on our part to avoid storing and processing any customer data beyond the necessary period. We have a data processing addendum for our customers, that incorporates our GDPR principles. 

In addition to making Chargebee GDPR compliant, we wanted to help our customers leverage Chargebee to become GDPR compliant as well, without having to break a sweat. We have charted out a plan that will help merchants handle their customers’ PII data when a customer cancels their subscription with the merchant. While this is only the first step towards our commitment to help you handle the requirements of data privacy and protection, we are continuing to explore other features in the context of GDPR and data security. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.chargebee.com/security/gdpr

The Ultimate Guide to WordPress and GDPR Compliance

We have received dozens of emails from users asking us to explain GDPR in plain English and share tips on how to make your WordPress site GDPR compliant. Yes, as of WordPress 4.9.6, the WordPress core software is GDPR compliant. WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site. Here’s a step by step guide on how to add a GDPR comment privacy checkbox in your WordPress theme. 

Depending on which WordPress plugins you are using on your website, you would need to act accordingly to make sure that your website is GDPR compliant. WPForms, the contact form plugin we use on WPBeginner, has added several GDPR enhancements to make it easy for you to add a GDPR consent field, disable user cookies, disable user IP collection, and disable entries with a single click. If you’re using WooCommerce, the most popular eCommerce plugin for WordPress, then you need to make sure your website is in compliance with GDPR. The WooCommerce team has prepared a comprehensive guide for store owners to help them be GDPR compliant. There are several WordPress plugins that can help automate some aspects of GDPR compliance for you. 

Beware of any WordPress plugin that claims to offer 100% GDPR compliance. We will continue to monitor the plugin ecosystem to see if any other WordPress plugin stands out and offer substantial GDPR compliance features. We hope this article helped you learn about WordPress and GDPR compliance. 

Keywords: [“GDPR”,”Data”,”WordPress”]
Source: https://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know/

The Ultimate Guide to WordPress and GDPR Compliance

We have received dozens of emails from users asking us to explain GDPR in plain English and share tips on how to make your WordPress site GDPR compliant. Yes, as of WordPress 4.9.6, the WordPress core software is GDPR compliant. WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site. Here’s a step by step guide on how to add a GDPR comment privacy checkbox in your WordPress theme. 

Depending on which WordPress plugins you are using on your website, you would need to act accordingly to make sure that your website is GDPR compliant. WPForms, the contact form plugin we use on WPBeginner, has added several GDPR enhancements to make it easy for you to add a GDPR consent field, disable user cookies, disable user IP collection, and disable entries with a single click. If you’re using WooCommerce, the most popular eCommerce plugin for WordPress, then you need to make sure your website is in compliance with GDPR. The WooCommerce team has prepared a comprehensive guide for store owners to help them be GDPR compliant. There are several WordPress plugins that can help automate some aspects of GDPR compliance for you. 

Beware of any WordPress plugin that claims to offer 100% GDPR compliance. We will continue to monitor the plugin ecosystem to see if any other WordPress plugin stands out and offer substantial GDPR compliance features. We hope this article helped you learn about WordPress and GDPR compliance. 

Keywords: [“GDPR”,”Data”,”WordPress”]
Source: https://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know/

GDPR News Center News for 10-17-2018

Achieving GDPR compliance in the cloud with Microsoft Azure

The General Data Protection Regulation officially goes into effect on May 25. Very soon, the GDPR will replace the Data Protection Directive as the new global standard on data privacy for all government agencies and organizations that do business with European Union citizens. When it does, all organizations that control, maintain, or process information involving EU citizens will be required to comply with strict new rules regarding the protection of personal customer data. For companies that store and manage data in the cloud, assuming existing infrastructure will remain compliant with new regulatory requirements might result in significant fines. It’s important to understand that the differences between the new GDPR and the Data Protection Directive could impact your cloud data and security controls. 

More than ever, this regulatory transition highlights the importance of implementing a comprehensive cloud security strategy for your company. According to a recent GDPR benchmarking survey, although 89 percent of organizations have a formal GDPR-readiness program, only 45 percent have completed a readiness assessment. At Microsoft, we’ve been preparing for GDPR compliance for the better part of a year and empowering our customers to do the same. Because Microsoft has extensive experience developing cloud solutions with security built-in, we’ve become a leading voice on solving GDPR-related privacy challenges in the cloud. Now, we’ve turned this experience and insight into a free, four-part video series, Countdown: Preparing for GDPR. 

Be sure to watch GDPR and Azure to learn more from David Burt, Senior Compliance Marketing Manager for Azure. 

Keywords: [“Data”,”GDPR”,”cloud”]
Source: https://azure.microsoft.com/en-us/blog/achieving-gdpr-compliance-in-the-cloud-with-microsoft-azure/

6 Key Steps to Ensure GDPR Compliance

Not everyone can be a GDPR compliance specialist, but that doesn’t mean you should ignore data protection and privacy; especially if you run a business. In most cases, there are different levels of key personnel that interact with customers’ data and therefore should be aware of the General Data Protection Regulation. Data processor – the entity that processes data on behalf of the Data Controller. An important step towards compliance with GDPR is to understand how data moves in your organization. Mapping the flow of data will also help you identify areas that could cause GDPR compliance problems. 

The GDPR is a business change project – the people you work with need to understand the importance of data protection and be trained on the basic principles of the GDPR and the procedures being implemented for compliance. Because GDPR has no clear-cut rules, the market will have to come up with different tactics to make sure that data is in compliance but not sacrifice user experience. Be smart while setting up the data breach matrix based on data breach severity, the number of data subjects affected, type of personal data affected, etc. You should review your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically in a commonly used format. Verify if data transfers outside the EU are compliant with GDPR requirements. 

The GDPR will require some organizations to designate a Data Protection Officer. If your organization processes data from underage subjects, you must ensure that you have adequate systems in place to verify individual ages and gather consent from guardians. 

Keywords: [“data”,”GDPR”,”personal”]
Source: https://www.codeinwp.com/blog/gdpr-compliance/

6 Key Steps to Ensure GDPR Compliance

Not everyone can be a GDPR compliance specialist, but that doesn’t mean you should ignore data protection and privacy; especially if you run a business. In most cases, there are different levels of key personnel that interact with customers’ data and therefore should be aware of the General Data Protection Regulation. Data processor – the entity that processes data on behalf of the Data Controller. An important step towards compliance with GDPR is to understand how data moves in your organization. Mapping the flow of data will also help you identify areas that could cause GDPR compliance problems. 

The GDPR is a business change project – the people you work with need to understand the importance of data protection and be trained on the basic principles of the GDPR and the procedures being implemented for compliance. Because GDPR has no clear-cut rules, the market will have to come up with different tactics to make sure that data is in compliance but not sacrifice user experience. Be smart while setting up the data breach matrix based on data breach severity, the number of data subjects affected, type of personal data affected, etc. You should review your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically in a commonly used format. Verify if data transfers outside the EU are compliant with GDPR requirements. 

The GDPR will require some organizations to designate a Data Protection Officer. If your organization processes data from underage subjects, you must ensure that you have adequate systems in place to verify individual ages and gather consent from guardians. 

Keywords: [“data”,”GDPR”,”personal”]
Source: https://www.codeinwp.com/blog/gdpr-compliance/

What is GDPR, and how does it affect me?

GDPR is intended to protect the privacy and personal data of European residents. That’s because the two-year transition period is ending, meaning that any organization that processes personal data of European residents will need to be compliant with these new regulations by May 25, 2018. These new GDPR rules set forth some stringent guidelines about how personal data may be collected, used, stored, protected, and shared with others. Personal Data is defined as any information that can be used to directly or indirectly identify a person. Mad Mimi is subject to the requirements of the GDPR because we process and store data about customers of ours that reside in the EU. 

These rules also apply to you, because you own contact lists and data about your email recipients. As the controller of that data, it’s your responsibility to make sure that data is being used in accordance with any and all applicable legal regulations, including GDPR. Although the law was adopted to protect European residents, it may still apply to your organization if you offer goods or services to, or monitor the behavior of, EU residents. Use certain levels of security to protect all stored personal data. Obtain consent to store and process personal data of our users. 

Keep records of what data we’ve stored and processed, and export or delete that data upon request. Obtain consent to store and process personal data of your customers and subscribers. Receive an export of all the data an organization stores about them. First, the recipient can write directly to you, the sender, and ask that their View and Click data not be tracked. 

Keywords: [“data”,”GDPR”,”any”]
Source: https://help.madmimi.com/what-is-gdpr-and-how-does-it-affect-me/

GDPR News Center News for 10-16-2018

Official Statement: EU GDPR Compliance

The protection of private information is fundamental to the trust Zoom users have given us when choosing our service. Zoom’s products now feature an explicit consent mechanism for EU users. Users that are detected via IP address as coming from a EU member state, upon their first visit to the zoom. Us website, will be presented with a cookie-pop up box that allows cookie preferences to be set. These cookie preferences can also be changed at any time in the future by visiting the cookie preferences link at the footer of any page on our website. 

EU users can opt-in to communications from Zoom when registering for Zoom-hosted webinars or downloading whitepapers from our website. We have appointed a Data Protection Officer, Kari Zeni, who is an expert on GDPR compliance topics. Zoom has entered into Data Protection Agreements with our vendors to ensure that the privacy and security of our customer data is protected. Zoom’s DPA has been thoroughly vetted to comply with all GDPR and other privacy and security-related requirements, has been drafted to clearly and accurately describe the manner in which Zoom consistently provides its service to all of its customers, and is consistent with the security program on which Zoom’s annual SOC2 third-party audit is premised. To be more transparent and have developed a cookie policy that describes the purpose of the cookies that Zoom uses. 

In addition to the privacy training that all Zoom employees receive during on-boarding and annually thereafter, employees with roles that are customer facing have been trained on GDPR and how it impacts their roles. GDPR empowers data subjects with certain rights to help assure the privacy and protection of their personal data. 

Keywords: [“Zoom”,”cookie”,”users”]
Source: https://support.zoom.us/hc/en-us/articles/360000126326-Official-Statement-EU-GDPR-Compliance

General Data Protection Regulation Compliance

On May 25, 2018, the General Data Protection Regulation replaced the Data Protection Directive that had been law across the European Union for the past 20 years. GDPR impacts any business that operates or collects data in or from Europe. We see GDPR as affording us yet another opportunity to continue our tradition of protecting and giving you more control over both your organizational and personal data. Multiple data centers to guarantee a secure and highly available service at scale. Our new Privacy Basics page gives you a snapshot of how we handle personal information and data, while the page design makes it easy for you to find the exact areas of our policies that concern you. 

We also offer various options on data processing terms for customers, depending on the plan or package you have selected. If you’ve purchased your plan via our website, you can access our data processing addendum here. We empower all of our customers to control their data through their account. As long as your account is active, you have full control over the specific types of data, and length of time you hold such data. We honour all deletions from an account, and all account data which has been expunged by you is permanently deleted from our back-ups within 90 days. 

We’re aware that many of our customers with EU users and EU affiliates would prefer that their data be hosted in the EU. To address this, we are actively engaged in building a data centre in the EU. Updates on when this data storage option will be available for customers will be provided through our website. Manage your company’s data with advanced security and control, so you can enable your teams to share and collaborate safely. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.surveymonkey.com/mp/gdpr/

GDPR for Microsoft Dynamics 365

Microsoft Dynamics 365 is committed to helping our customers meet their GDPR requirements. In this topic, you will find information and several resources to help you understand how Microsoft Dynamics supports the GDPR, and how we provide the information and tools that our customers need in order to define and support their GDPR obligations. The following white papers provide an overview of the GDPR for Dynamics 365 applications and services. What GDPR means for your business applications: the IDC analyst’s view. The GDPR grants individuals certain rights in connection with the processing of their personal data. 

DSRs on the Service Trust Portal – You can find information about what the GDPR requires of controllers and processors when you respond to DSRs, and how Microsoft enables you to do so. Compliance Manager is a cross-Microsoft cloud services solution that is designed to help organizations meet complex compliance obligations like the GDPR. It does real-time risk assessment that reflects your compliance posture against data protection regulations when you use Microsoft cloud services. Hear from Microsoft about how we support the GDPR, and learn how we are helping our Microsoft Dynamics customers support their GDPR requirements. Hear from Microsoft about the GDPR, what it means to our customers, and what it means to us as a corporation. 

Microsoft’s commitment to GDPR, privacy and putting customers in control of their own data, May 21, 2018, Julie Brill – Corporate Vice President and Deputy General Counsel, Microsoft. Essential Dynamics 365 resources to help you with GDPR compliance, May 14, 2018. Get deeper knowledge about Microsoft, the GDPR, and our own GDPR journey. 

Keywords: [“GDPR”,”compliance”,”Microsoft”]
Source: https://docs.microsoft.com/en-us/dynamics365/get-started/gdpr/

GDPR News Center News for 10-15-2018

GDPR Compliance: Requirements, Guidelines, Penalties and Resources

The new GDPR regulations protect both categories of private data. The new regulations will replace the previous legislation, including the Data Protection Act of 1998 and the 1995 Data Protection Regulation, helping to address current issues in personal data protection. The new GDPR legislation will hold organizations handling personal data more accountable through security regulations and strict standards of internal policy. Companies or organizations that offer services controlling or processing personal data of all individuals in the European Union must follow GDPR compliance. The Information Commissioner’s Office stated that if your organization is currently under the Data Protection Act, it will most likely have to follow GDPR policies. 

Within data-service organizations, the internal groups of data processors and data controllers must appoint a Data Protection Officer to oversee GDPR compliance. The DPO will oversee the data security strategies that process and control EU citizen data in a responsible and transparent way, such as storage of personal data, and will define how personal data will be responsibly processed. It’s best to prepare early, so find out the Do’s and Don’ts of GDPR Data Security. Under GDPR regulation, subjects will have more control over their personal data and companies will have to be transparent on how they use sensitive information. GDPR enforcement is much stricter than the former Data Protection Act, including costly fines up to €20 million or 4 percent of global annual turnover for non-compliance. 

Phase 1: Know your data Information – Identify types of information in scope of GDPR handled by the organization. The Information Commissioner’s Office provides this GDPR Checklist for data controllers and processors. 

Keywords: [“Data”,”GDPR”,”organization”]
Source: https://www.secureworks.com/blog/2018-gdpr-compliance-overview

GDPR Compliance: Requirements, Guidelines, Penalties and Resources

The new GDPR regulations protect both categories of private data. The new regulations will replace the previous legislation, including the Data Protection Act of 1998 and the 1995 Data Protection Regulation, helping to address current issues in personal data protection. The new GDPR legislation will hold organizations handling personal data more accountable through security regulations and strict standards of internal policy. Companies or organizations that offer services controlling or processing personal data of all individuals in the European Union must follow GDPR compliance. The Information Commissioner’s Office stated that if your organization is currently under the Data Protection Act, it will most likely have to follow GDPR policies. 

Within data-service organizations, the internal groups of data processors and data controllers must appoint a Data Protection Officer to oversee GDPR compliance. The DPO will oversee the data security strategies that process and control EU citizen data in a responsible and transparent way, such as storage of personal data, and will define how personal data will be responsibly processed. It’s best to prepare early, so find out the Do’s and Don’ts of GDPR Data Security. Under GDPR regulation, subjects will have more control over their personal data and companies will have to be transparent on how they use sensitive information. GDPR enforcement is much stricter than the former Data Protection Act, including costly fines up to €20 million or 4 percent of global annual turnover for non-compliance. 

Phase 1: Know your data Information – Identify types of information in scope of GDPR handled by the organization. The Information Commissioner’s Office provides this GDPR Checklist for data controllers and processors. 

Keywords: [“Data”,”GDPR”,”organization”]
Source: https://www.secureworks.com/blog/2018-gdpr-compliance-overview

Braintree Support Articles

The General Data Protection Regulation standardizes the handling of personal data across the EU and EEA. This new regulation goes into effect on May 25, 2018 and is intended to give individuals more control over their data and protect their right to privacy. GDPR is a fundamental shift in personal data regulation, so it’s important to understand how it will impact your business. Here are some important concepts as defined by GDPR:. Personal data: Any information relating to an individual. 

Data processing: Any operation or set of operations that is performed with personal data. Data controller: The party that determines why and how personal data will be processed. Data processor: The party that is responsible for handling personal data based on the controller’s determination. Braintree functions as a data controller for our merchants’ individual representatives. We may use merchant personal data to share messaging with the employees and contractors of our merchants, or in other situations of which the individual has been informed in advance and the actions taken are compliant with Data Protection Laws. 

When processing transactions with merchants as part of our Payment Services Agreement, our merchants are the controller and we function as the data processor on behalf our merchants. In this case, our merchants will be solely responsible for determining the purposes and means for processing personal data. As a data processor, Braintree will only process customer data in accordance with our merchants’ Privacy Policies. This new policy details the personal data we collect as a data controller, when we collect the personal data of our merchants’ individual representatives, and how we use this data across our services. 

Keywords: [“Data”,”merchant”,”personal”]
Source: https://articles.braintreepayments.com/risk-and-security/compliance/gdpr-readiness

Braintree Support Articles

The General Data Protection Regulation standardizes the handling of personal data across the EU and EEA. This new regulation goes into effect on May 25, 2018 and is intended to give individuals more control over their data and protect their right to privacy. GDPR is a fundamental shift in personal data regulation, so it’s important to understand how it will impact your business. Here are some important concepts as defined by GDPR:. Personal data: Any information relating to an individual. 

Data processing: Any operation or set of operations that is performed with personal data. Data controller: The party that determines why and how personal data will be processed. Data processor: The party that is responsible for handling personal data based on the controller’s determination. Braintree functions as a data controller for our merchants’ individual representatives. We may use merchant personal data to share messaging with the employees and contractors of our merchants, or in other situations of which the individual has been informed in advance and the actions taken are compliant with Data Protection Laws. 

When processing transactions with merchants as part of our Payment Services Agreement, our merchants are the controller and we function as the data processor on behalf our merchants. In this case, our merchants will be solely responsible for determining the purposes and means for processing personal data. As a data processor, Braintree will only process customer data in accordance with our merchants’ Privacy Policies. This new policy details the personal data we collect as a data controller, when we collect the personal data of our merchants’ individual representatives, and how we use this data across our services. 

Keywords: [“Data”,”merchant”,”personal”]
Source: https://articles.braintreepayments.com/risk-and-security/compliance/gdpr-readiness

GDPR News Center News for 10-14-2018

No one’s ready for GDPR

The General Data Protection Regulation will go into effect on May 25th, and no one is ready – not the companies and not even the regulators. In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. When broken down by industry, 60 percent of tech companies said they weren’t ready. GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches to transparency for users about what data is being collected and why. Perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. 

A year ago, 61 percent of companies had not even started GDPR implementation. It’s not a pleasant position to be in, because GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. Because much of GDPR is ambiguous, how it will work in practice is up to what regulators do with it. Another GDPR provision that might strain regulatory resources is the data breach notification requirement. 

Regulators may not be ready to audit a company’s security or figure out exactly what to do to protect EU residents affected by the breach. GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. 

Keywords: [“company”,”GDPR”,”Data”]
Source: https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu

No one’s ready for GDPR

The General Data Protection Regulation will go into effect on May 25th, and no one is ready – not the companies and not even the regulators. In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. When broken down by industry, 60 percent of tech companies said they weren’t ready. GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches to transparency for users about what data is being collected and why. Perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. 

A year ago, 61 percent of companies had not even started GDPR implementation. It’s not a pleasant position to be in, because GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. Because much of GDPR is ambiguous, how it will work in practice is up to what regulators do with it. Another GDPR provision that might strain regulatory resources is the data breach notification requirement. 

Regulators may not be ready to audit a company’s security or figure out exactly what to do to protect EU residents affected by the breach. GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. 

Keywords: [“company”,”GDPR”,”Data”]
Source: https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu

How marketers are navigating GDPR compliance creatively

With GDPR finally enforced, marketers are now legally bound to handle, process and store personal data much more securely and transparently. Interestingly, GDPR has led to a cultural split in businesses. Marketo published a report revealing that GDPR has produced two ‘tribes’. On the other hand, there’s legal-first, which is the group of senders who have focused almost exclusively on the process and compliance aspects of GDPR, without considering the opportunity it presents. For marketing-first senders GDPR provided an opportunity to refresh consent using a variety of engaging approaches, capturing consumer attention and imagination, while also achieving/maintaining compliance with the new requirements. 

Teaching customers GDPR. Another way marketers have engaged with consumers is by presenting GDPR as a customer service benefit. By providing this compliance information in a clear and concise way, marketers have created interest in GDPR by presenting the new laws through a positive lens. Lloyds Bank took this opportunity to educate its email subscribers, setting out the parameters and requirements of the GDPR in layman’s terms that were easy for the audience to understand. As previously mentioned, GDPR is also challenging data controllers to be clear and concise. 

Although GDPR is a serious topic, it doesn’t mean senders suddenly need to adopt a stoic tone – the messages can still be conveyed in a way their subscribers know – and even expect – of their brand, and this will have an impact on success. GDPR is clear that consent must be freely given, and data controllers should avoid making consent a precondition of a service. Take a look at all Econsultancy’s GDPR resources, including a guide for marketers and online and face-to-face training courses. 

Keywords: [“GDPR”,”customer”,”data”]
Source: https://econsultancy.com/how-marketers-are-navigating-gdpr-compliance-creatively/