GDPR News Center News for 04-20-2018

Will May 2018 be the death of Whois?

The privacy regulation will have a major impact on industries that handle personal data of people in the EU, including the domain name industry. Domain name companies are scrambling to figure out how to comply with the regulation, all while racing against the clock with unclear guidelines from the EU and ICANN. A sweeping new privacy regulation. It will apply to all companies that handle data about EU residents, not just companies based in the EU. “The goal is to strengthen and unify data protection for all individuals of the EUto protect personal data and ensure free flow of data within the EU,” said Thomas Rickert, an attorney and Head of the Names & Numbers Forum at eco, which represents domain name registrars and registries. The regulation aims to minimize data collection and increase transparency. GDPR will certainly affect Whois and what data registrars collect about their customers, plus who they share it with. This includes registrars, registries, data escrow companies and even ICANN itself. “It’s safe to say that, since ICANN is spelling out the requirements on what needs to be collected and how data is being dealt with, ICANN is also a data controller and therefore the sanction risks are also with ICANN since they’re basically prescribing exactly what needs to be done with it.” It has created a matrix of data flow in the domain name process and opened it for public comment. The default is that data shouldn’t be collected and processed. So ICANN and its contracted parties will need to have a good reason for collecting data and an even better one for publishing it. Don’t expect everyone to be on the same page; law enforcement and intellectual property interests will push back against a reduction in public data. Right now registrars handle private information for.com and.net domains and publish this in Whois. These two domains are supposed to transfer to a thick Whois model, but don’t be surprised if this is delayed. New top level domain name companies are going to lean on their registry service providers for GDPR compliance when it comes to Whois. GDPR could impact the value of Whois privacy services, which are a big cash cow for many registrars.

Keywords: [“data”,”WHOIS”,”domain”]
Source: https://domainnamewire.com/2017/08/17/gdpr-whois

A guide for the perplexed

For a data engineer, the first four chapters are of most relevance. If you enact a process on behalf of the “Data Controller” then you are probably a “Data Processor”. As a “Data Subject” your rights are covered by a number of articles within the regulation. A Data Subject could ask your organisation to present their data to your competitor and you would be legally obliged to do this. The point of the regulation is to protect your personal data and therefore a “Data Controller” has to put in reasonable steps to ensure that any requests you may make actually do come from you. Where your data is acquired other than directly from you as “Data Subject” the organisation has to give you the contact details of the “Data Controller” from which they obtained it. General obligations Article 24 & 25 say that whatever safeguards, technical or organisational, to protect personal data must be put in a way that is by design & default. Article 35 says that when processing is likely to result in high risk we have to carry out a data impact assessment that takes into account the scope, context and purpose of activity. Article 30 makes it plain that a catalogue of processes must be maintained, who is responsible for them and the categories of personal data processed. In certain circumstances an organisation may have to appoint a data protection officer. The core function of the organisation is bulk processing of special categories of data such as forensic information. The regulation makes clear that the Data Protection Officer cannot be instructed or coerced by the Data Controller or Data Processor in the execution of their duties. If you put in place all the technical and organisational safeguards necessary to comply with GDPR then the personal data you hold on behalf of your “Data Subjects” should be well protected. Chapter 5 deals with transfer of data to countries and organisations outside of the EU Chapter 6 describes the posers and responsibiltiies of official/supervisory authorities. If an organisation has to gain explicit permission to use someones data then t.hose organisations that treat their customers with respect and demonstrate their trustworthiness are likely to be the winners from GDPR..

Keywords: [“data”,”organisation”,”Chapter”]
Source: http://sqlservercentral.com/articles/GDPR/165180

The GDPR will cause challenges for connected care developers

Telecare and telehealth apps and devices are potentially generating huge amounts of data that could be used for various purposes. Today, data is increasingly more used to help patients without the need of the patient’s own active involvement. This includes various kinds of health data as well as user location and movement data which could be used to identify abnormalities. If a user does things differently, for example not leaving or going to the bed as usual, a notification can be sent to relatives or care givers. Legislative authorities in the EU are developing and designing legal frameworks that should be in line with the new data driven world of mobile health. As part of this, the European Commission will in 2018 implement a General Data Protection Regulation that aims to harmonise data protection rules in the EU, ensuring legal certainty for businesses and increasing trust on eHealth services with a consistent high level of protection of individuals. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international businesses by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive and it becomes enforceable from May 25 next year after a two-year transition period. It does not require national governments to pass any enabling legislation and will be directly binding and applicable. Ers Frick, Senior Analyst, Berg Insight says:”While the future is data driven, end-users do care more and more about integrity aspects. The GDPR aims to increase privacy for the end-user which is a step in the right direction. The regulation by default actually prohibits processing of health data unless explicit consent has been given. At the same time, this will cause challenges for those telecare and telehealth solution providers that are not proactively working on their preparations.” “If the solution providers are not enough prepared for handling, processing and storing sensitive data in accordance to GDPR, they could risk heavy fines if not fulfilling the requirements.”

Keywords: [“data”,”GDPR”,”Protection”]
Source: https://iotbusinessnews.com/2017/12/15/30807-gdpr-will-cause…

GDPR News Center News for 04-19-2018

Solix Technologies, Inc.

Are you ready for GDPR? On 25 May 2018, the European Union will bring into force the General Data Protection Regulation. Thanks to digital transformation initiatives, even traditional organizations have begun to experience an explosion of data in various forms and frequency. While this data is a treasure trove of insights, it has also exposed organizations to data breaches and compliance nightmares. For over a decade, Solix has been helping global businesses from across industry verticals better organize their enterprise information for optimized infrastructure, data security, advanced analytics and compliance. Solix understands the complexity involved in complying with GDPR and has therequired expertise and software to help organizations design and implement a sustainable GDPR compliance strategy. The Solix GDPR Readiness Assessment provides an in-depth assessment of your organization’s data practices including data collection, access, usage, processing, retention, protection and deletion. It provides risk and remediation-focused insights, and actionable guidance for your data policies, procedures and practices. This deep dive into your organizations data environment will provide an action plan to not only address GDPR, but strengthen your overall Information Governance approach. The Solix Common Data Platform is a highly scalable and robust next-generation Big Data management platform that features uniform data collection, metadata management, data governance, ILM, data security, data discovery, and a full set of interfaces to support plug-and- play stack creation and modernization. Now with its enhanced capabilities for GDPR compliance, Solix CDP accelerates GDPR compliance and helps sustain it even in the most complex and demanding data environments. Solix CDP Features that support GDPR:. Discover & Report PII: Identify personal and its location. Data as a Service: Centralize data access for all non-production data access & processing. Data Protection: Anonymize or Encrypt data as needed. Manage Data Retention and Deletion: Manage data retention and deletion based on consent & right to be forgotten. Full Audit Trail & Reports: Comprehensive reports on all user activities related to PII data.

Keywords: [“Data”,”GDPR”,”organization”]
Source: https://www.solix.com/solutions/solutions-by-business-issue/gdpr

Queen’s Speech: New data protection law

Plans for new data protection rules in the UK have been confirmed in the Queen’s Speech. They will give young people the right to demand social networks delete any personal data they had shared prior to turning 18. The Queen said the UK would retain its “World-class” data protection regime. The proposed Data Protection Bill will reflect plans described in the Conservative Party manifesto ahead of the general election in June. Ensuring data protection rules were “Suitable for the digital age”. “Empowering individuals to have more control over their personal data”. Giving people the “Right to be forgotten” when they no longer wanted a company to process their data – providing there were no legitimate grounds for a company retaining the data. Modernising data processing procedures for law enforcement agencies. Allowing police and the authorities to “Continue to exchange information quickly and easily with international partners” to fight terrorism and other serious crimes. The government also said it would implement the General Data Protection Regulation – new EU data protection rules due to come into force in 2018. It said the new UK bill would ensure the country met its obligations while a member of the EU, and would help the UK maintain its “Ability to share data with other EU members states and internationally after we leave the EU”. The new bill will replace the Data Protection Act 1998. Responding to the speech, a spokesman for the technology industry trade body techUK said: “We support the government’s commitment to maintain the UK’s world-class protection of people’s personal data. This will include implementing the General Data Protection Regulation, the biggest transformation of data protection rules in a generation.” The announcement was also welcomed by Nick Taylor, managing director at business consultancy Accenture Strategy. “This new data protection law is the news that many companies have been waiting for to accelerate their GDPR programme and make it a concrete part of their business,” he said. “Companies now have certainty that they will have to comply with tougher rules, and this gives them the incentive, and need to get their GDPR programme right.”

Keywords: [“data”,”protection”,”new”]
Source: http://www.bbc.com/news/technology-40353424

Law Firm & Solicitors Huddersfield

The need for change comes from the way in which data is now published and shared for example online and on social media where data easily crosses national boundaries. Data Protection Officers – many businesses will be required to formally appoint a Data Protection Officer, that person having their own duties to perform. In the private sector only, if there is a genuine and legitimate reason to process the personal data that outweighs any potential harm to the individual in question. You need to consider whether the personal data that you are collecting, holding and processing in connection with your employees is necessary for meeting your obligations under your contract of employment with them. Although you don’t need consent, you should still inform your employees of what personal data you are collecting, holding and processing, why you are doing it and who you are sharing that personal data with. There will be specific occasions on which you need to obtain consent because the collecting, holding and processing of personal data is not strictly necessary for meeting your obligations under the contract of employment. Previously an individual had to give their free agreement to personal data being processed. An umbrella consent form that requires consent to a broad range of data collection and processing may not be acceptable and you should consider whether you can break the consent down into various components. Employees will have a right to request that personal data is erased. The processing of personal data is no longer necessary in relation to the purposes for which it was collected or processed. The individual has objected to the personal data being processed and the employer cannot show that they have an overriding legitimate reason for continuing. Identify what personal data you hold and determine whether you need to hold or process it. If you do need to hold or process that personal data, make sure you understand what it is, why you need it, how you hold and process it, and how you keep it secure. Evaluate who has access to that personal data internally. Evaluate who you share that personal data with externally and consider whether you need separate agreements in place to secure that personal data.

Keywords: [“data”,”personal”,”Consent”]
Source: https://www.eatonsmith.co.uk/news/gdpr-for-employers

GDPR News Center News for 04-18-2018

Microsoft Partner Network

The Partner Role in GDPR. Partners can play a critical role in helping commercial customers adapt to the new regulation. Microsoft’s Role in GDPR. Microsoft is committed to helping its commercial customers achieve GDPR compliance. At Microsoft Inspire, we announced Microsoft 365, a set of commercial offerings drawing from Office 365, Windows 10, and Enterprise Mobility and Security. For partners, Microsoft 365 is a great platform on which to build a profitable set of security and productivity solutions to simplify the task of identifying, classifying, and governing personal data. Finally, Microsoft 365 aids customers in complying with the new standards for transparency, accountability, and record keeping. Throughout the journey, partners are indispensable at every turn, and Microsoft 365 makes it easier for partners to serve customers. With Microsoft 365, partners stand to make nearly $1500 in revenue per user over three years based on a 5000 seat deployment. With Microsoft 365, partners stand to make over $700 in margin per user over three years based on a 5000 seat deployment. Partners are electing to lead with Microsoft as they prepare their GDPR-related offerings. Crayon is another partner that is leading with Microsoft. Their offer expands to both midmarket and enterprise customers; and it ranges from how to support and train Data Protection Officers, to assessing customers’ technology environments and serving them with the best that Microsoft has to offer-Microsoft 365. “Microsoft really takes care of its partner ecosystem and helps partners with capacity building where it is required.” – Nabil Chebbi, Vice President, Cloud Sales and Marketing Enablement, Crayon Supporting Our Partners. GDPR Product Demos – Tools for partners to demonstrate how the Microsoft cloud helps customers comply with the GDPR. GDPR Activity Hub – A solution accelerator tool that helps partners operationalize GDPR related processes and activities. Microsoft 365 is the offering to support customers in their GDPR journey. How are you making the most of the GDPR opportunity? What conversations are you having with customers as they get ready for GDPR? Share your thoughts with the Microsoft Partner Network Community.

Keywords: [“customer”,”GDPR”,”Microsoft”]
Source: https://blogs.partner.microsoft.com/mpn/gdpr-the-time-is-now

The Fintech Times

Recently there has been a lot column space devoted to the GDPR requirements and the potential penalties of non compliance. GDPR is the biggest change to EU privacy law for over 20 years and all member states and affected entities must be ready by the 25th May 2018. The core rules are broadly the same as current regulations and they will look quite familiar to an expert eye, but the new regulations add a number of important new responsibilities on data controllers and processors. For example the right to be forgotten, data portability and right to restriction of processing. One major change is the consequence of non compliance, which could result in a fine of up to 2% of total global annual turnover or €10m GDPR EXPLAINED being levied against an organisation. The industry is busy getting ready for GDPR across many areas and the level of investigation is very detailed. Brokers and insurers may have the same data but there will be delays in updating that data due to the monthly/quarterly nature of the bordereau processing. Who should a customer ask to amend or delete information and how do all parties ensure this happens across all departments? What consents do insurers and brokers need to obtain when processing data across different areas? How will insurers and Third Party Administrators share and use information to manage claims and reduce fraud especially where external data sources are used to detect fraudulent activity? External data sources are used to verify or support underwriting and pricing activities. At Blocksure we have built an operating system for the insurance industry which has been designed with GDPR and data privacy in mind from the start. The customer is in control of their own information and all sensitive data is protected by methods such as encryption, pseudonymisation and data minimisation. This model reduces the burden of compliance with GDPR as entities only need to be able to amend and delete their copy of the data without having to be concerned about the entry, viewing, transfer or extraction of that data. Customers, intermediaries and insurers are all in sync via a smart bordereau, which transfers data real time. Blocksure OS makes adherence to GDPR easier and reduces the scope for non compliance.

Keywords: [“data”,”GDPR”,”customer”]
Source: https://thefintechtimes.com/gdpr-explained

How We Developed the IBM Security GDPR Framework

In our previous blog post, Adam Nelson and I suggested that you set aside time with other people in your organization and familiarize yourselves with General Data Protection Regulation and its requirements. After at least a dozen iterations, I finally came to develop a five-phase framework that addresses both privacy and security, approaching GDPR as a journey on which some organizations might be just starting, while others would be further along. The first thing we decided was that each of the framework’s five phases had to address both privacy and security issues – because GDPR requires organizations to ensure both. Security is all about how you control and protect that data. Here’s another way to think about it: You can have security without privacy, but you can’t have privacy without security. Looking at the five phases of the IBM GDPR security framework, it’s pretty easy to see how all the pieces fit together. You figure out which of the data you collect and store is covered by GDPR regulations, and then you plot a course to discover it. Your goal in Phase 3 is to transform your practices, understanding that the data you deem valuable to your organization is equally valuable to the people it represents. This is where you need to develop a sustainable privacy compliance program, implement security and governance controls and potentially appoint a Data Protection Officer. Now you’re continually inspecting your data, monitoring personal data access, testing your security, using privacy and security by design principles and purging unneeded data. Phase 5 – the final phase – is where you’re ready to conform with the necessary GDPR requirements. The good news is that, since I created the framework, we have adopted and expanded it to create the overall IBM GDPR Framework, which adds further details such as a simplified capability architecture that includes information governance and a set of pathways to help you get started across your organization. So there you have it: a direct approach to GDPR readiness. Learn more about how IBM Security can help you navigate the journey to GDPR readiness here. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

Keywords: [“Data”,”GDPR”,”security”]
Source: https://securityintelligence.com/how-we-developed-the-ibm-security…

GDPR News Center News for 04-17-2018

The GDPR and Cyber Security

The date May 25th 2018 is metaphorically stamped, sketched, etched, chiseled, and/or tattooed all over thousands of organizations worldwide as the deadline to comply with the new General Data Protection Regulation looms ever closer. Data required is for the “Stated purpose” is collected. Data is held securely within the EU. Data is only accessed by authorized persons. Data is accurate and can be verified by the individual. Any data transfers that need to be made outside the EU must adhere to strict controls, whereby only approved data stores and access methods can be used, even if it’s within the same organization. Any breach of the key rules designed to protect the individual’s data must be reported within 72 hours to the EU State Regulator. The organization must demonstrate principles such as transparency and accountability, particularly how the GDPR has been adhered to. A primary focus of the GDPR – which won’t come as a surprise since we’re talking about individuals’ privacy – is how organizations must protect such privacy from data breaches. This is where the GDPR collides with current cybersecurity issues, examples of which we see in massive data breaches that have been clogging the news cycle over the past few years. In some cases, as far as the organizations have been concerned, data breaches really were old news, at least to the executives who were aware of the breaches a full year before the public was notified. According to Fortune magazine, under the GDPR, Uber would have broken at least three GDPR rules: not properly protecting the data, not telling regulators about the hack, and not informing its customers until a year later. Countless businesses from entrepreneurs to corporations of all sizes are being hit daily with phishing attacks that have the potential to compromise millions of people’s data. The bottom line for organizations worldwide is that the GDPR is a massive game-changer in terms of privacy regulation as well as an acknowledgement that private, personally identifiable data must be more vigilantly protected. Want to learn more about GDPR and Inspired eLearning’s Security Awareness Training Solutions? Inspired eLearning offers GDPR and Security Awareness training to keep you and your organization informed and prepared.

Keywords: [“Data”,”GDPR”,”organization”]
Source: https://inspiredelearning.com/blog/gdpr-cyber-security

GDPR’s Right to Explanation: the pros and the cons – Sophos News

One example is GDPR’s Right to Explanation, which will affect algorithms that make decisions based on user behaviors. The problem, some believe, is that it’s impractical – impossible, even – to explain every decision made by algorithms, including those at the heart of many security programs. Autonomous vehicles are controlled by a multitude of algorithms that make many kinds of decisions. Often, the challenge of explaining an algorithmic decision comes not from the complexity of the algorithm, but the difficulty of giving meaning to the data it draws on. Privacy advocates have raised concern that the information used to build the algorithms is biased against minorities. It’s reasonable to argue that some algorithms collect data that can violate a person’s privacy while having no impact on the problems they were originally set up to solve. One area where it could offer greater consideration is in offering better intellectual property protections to the inventors of the algorithms, Levy noted. Rather, the problem is in the humans who set the algorithms. A Wall Street Journal article about the book sums up the essence with this headline: Algorithms Aren’t Biased, But the People Who Write Them May Be. In our own image. Levy believes we’re on path to a future where asking an algorithm why it reached a certain conclusion will be much like asking people about their judgments or tastes. The answer might resemble “Just because” as algorithms become more like the minds that create them. As we entrust algorithms to produce more complex classifications and predictions, we’ll be asking them to venture out of the light of objective truths into the shadows of subjectivity. Questions are bound to arise about the ‘fairness’ of the training sets, about the social and political leanings of the company that produced the algorithms, and whether any of the values of individual programmers had any influence. Levy noted with a smile, “There are sure to be algorithms that could help with that.” Analysts Bryce Goodman and Seth Flaxman wrote in their paper, European Union regulations on algorithmic decision-making and a right to explanation, that despite the problems right of explanation presents, there are also opportunities to make better algorithms.

Keywords: [“algorithm”,”Explanation”,”Right”]
Source: https://news.sophos.com/en-us/2017/05/22/gdprs-right-to…

GDPR

Here’s how we’re getting Optimizely ready. Optimizely has a Security, Privacy, and Compliance Team with compliance experts, data protection specialists, and security experts preparing the company and our products for GDPR. The Committee includes executive level members who are committed to enhancing trust and transparency and to obtain buy-in from the entire organization. The committee has already met internally to discuss and kick off our GDPR compliance plan. We are also continually enhancing our security to better protect our service and earn our customer’s trust. With our current measures and continual improvements, we believe we are well placed to provide appropriate security measures for your data and earn your trust. For customers who process personal data from the EU, we also offer EU Model Contract Clauses for your business’s personal data, making it easier to ensure you are using EU-compliant contractual protections. We plan to enhance our forms to help with GDPR compatibility and will also become Swiss Privacy Shield certified by the end of the year. All Optimizely employees will receive Privacy training as part of their continuous Security Awareness Training. Optimizely engineers complete additional Software Security training annually. Since your customers are concerned about their own data privacy, we provide several technical solutions to help address that concern. Optimizely reviews new and existing product development throughout the software development lifecycle for security and privacy considerations. Optimizely will begin implementing periodic Privacy Impact Assessments. Optimizely uses world-class third party vendors with robust security to help deliver our platform. Vendors like AWS and Google App Engine offer best in class solutions, and they have committed to enhancing their terms to comply with the GDPR. We currently conduct security and privacy reviews as part of our vendor procurement process and plan to enhance that process further in anticipation of the GDPR. Incident Response. We maintain and continue to invest in advanced threat detection and avoidance technologies, as well as a rigorous 24/7 incident management program to help you identify and respond to security or privacy events.

Keywords: [“Security”,”Privacy”,”Optimizely”]
Source: https://www.optimizely.com/compliance/gdpr

GDPR News Center News for 04-16-2018

Is your backup infrastructure ready for GDPR?

A data breach can have significant impacts on an organisation’s profitability and brand image. When TalkTalk suffered a data breach in 2016, the Information Commissioner’s Office fined the telco £400,000. Beyond this initial fine, other sources estimate the hack cost TalkTalk £60M, and led to the loss of over 100,000 customers. With the introduction of GDPR in May next year, fines are set to increase to a maximum of £17.9 million or 4% of revenue, and so it’s the perfect time to review your data backup processes. The GDPR states that personal data should only ever be collected for a specific, intended purpose. More importantly for backup, you should only retain data for enough time to let you reasonably achieve that purpose. The regulation doesn’t currently specify a time frame it classes as ‘reasonable’, however it’s worth taking a look at your current backup processes anyway to ensure you’re not holding anything longer than necessary. Another core aspect of the GDPR is the mandate that all storage infrastructure must be designed to offer “Data protection by design and by default” – whether it’s on-premises, or in the cloud. This also extends beyond your own IT systems to those used by third parties you outsource to – and data must also be protected as it travels between these different data centres and clouds. Changing your data storage and backup processes now rather than later will take you one step closer to achieving data protection by default. Reviewing your storage and backup processes, tools and infrastructure is the first vital step in ensuring you are meeting the terms of the GDPR – and securing your data against cybercrime. Achieving a deep understanding of your storage estate can be challenging. Without extensive knowledge of the regulation it can be tough to see exactly what is missing from your existing IT policies, and what you need to change to meet the demands of the GDPR. As a HPE Platinum Partner, DTP has in depth experience implementing the latest HPE storage and backup solutions. Download our free white paper below and prepare your data centre for GDPR compliance. Get in touch with one of our storage and backup experts today for a complimentary GDPR compliance evaluation or read our five step guide to become GDPR compliant.

Keywords: [“data”,”GDPR”,”backup”]
Source: https://dtpgroup.co.uk/news-articles/gdpr-backup

GDPR: The vital role HR professionals can play in ensuring data security

Simon Fitchett, COO of UK Data Group discusses the importance of ensuring Data Security and the role HR Professionals can play. There are scaremongers galore whenever you mention GDPR -the General Data Protection Regulation – coming into force on 25th May 2018, and the focus often falls on the fines and penalties for non-compliance! GDPR is intended to legislate a common-sense data security approach offering protection by design and by default. In short; GDPR will address the desire to minimise the collection of personal data – or in business terms – only keep and manage the data you need! The trend is to view Big Data as a valued business approach – the more data you have the better for your business – however, GDPR will encourage business to delete personal data that is either no longer necessary or valid to their business needs. The common-sense approach aims to restrict access to the data you do hold, and secure that data through its entire lifecycle. Again, in simple terms: All e-commerce and Cloud based businesses are included with all the security implications that creates – you do not need to have a physical presence in the EU and you need to look after your data! One of the highest profile mandates set out by GDPR is to ‘keep customers data safe’, after all this is all about ‘Data Protection’. In today’s ever-changing world technology is only as good as the infrastructure its sits on and the same applies to security of data. Ensuring data is stored and managed on secure infrastructure is vital and only then can security, control and ownership of personal data be truly demonstrated and evidenced. Businesses simply need to establish WHO will be responsible for protection of customer and employee data and how that data is managed. HR Professionals should consider the role of the Data Protection Officer and have plans and procedures in place for data control, monitoring and management. Data Security and the protection of personal data is imperative. Data Control starts with consent! HR Professionals should work with sales and marketing teams to review all current client data and manage the consent, usage and access / deletion GDPR requirements. GDPR is as much for employee’s protection as it is for client or prospect data retention and protection.

Keywords: [“Data”,”GDPR”,”Protection”]
Source: http://hrnews.co.uk/gdpr-vital-role-hr-professionals-can-play-ensuring…

The GDPR countdown

Published 15th December 20173 minutes to read. The General Data Protection Regulation comes into force on 25th May 2018 and our journey towards compliance is well underway. The GDPR protects each of us as individuals, because it stops companies using our personal data in a way that we’re unhappy with, or didn’t even know about. It also puts a responsibility on these companies to keep any data they hold about us up-to-date and secure. Speaking from our perspective at Key, these principles fall very much in line with our own values on how customers should be treated. We hold a significant amount of personal data about people who are currently employed by Key Portfolio or who were in the past, as well as those who considered joining at some point. We take our responsibility to these individuals seriously. Our first step was to audit the personal data that we hold across our business. This involved listing all the different types of data we collect or have collected in the past – including email addresses, National Insurance numbers and copies of ID – and identifying where it came from. This stage of our audit is complete and we’re now in the process of documenting how we use each piece of information, so that we can determine what lawful basis we have for processing it. It’s important that we fully understand these differences before we proceed. Our next steps will be to review where and how we need to change our processes and policies to ensure we are fully compliant with the new regulation by May 2018. This will include making sure that where we share data with you, such as for payroll purposes or referring candidates to our service, it’s done with the candidate’s knowledge and that an audit trail is in place to support this. Among other changes, we expect our review to result in the release of an updated privacy notice and the addition of more transparent wording on our forms to explain exactly how we will use any data submitted to us. We anticipate that this article will be followed by a more detailed update as we approach implementation, and we’ll certainly consult with you in plenty of time about anything that we need to start doing differently. In the meantime, if you need anything specific from us in relation to the GDPR, just let us know.

Keywords: [“Data”,”how”,”where”]
Source: https://key.co.com/news/the-gdpr-countdown

GDPR News Center News for 04-15-2018

Retargeters Feel The GDPR Pressure; Facebook Tests Local News Feed

Tracking restrictions in Europe and on popular web browsers like Safari are putting retargeting companies in a bind – and “Desperate times call for desperate in-browser messages,” reports Ross Benes at Digiday. Some retargeters now drop in-browser messages that opt in users if the message is closed. Using these tactics is “Going to become a high-stakes poker game for advertisers once GDPR goes into effect,” says Altimeter analyst Susan Etlinger. Facebook is testing a product called Today In that creates a feed of local news and entertainment. Facebook’s News Partnership team is evaluating local news sources to gather content, and the product is being tested in six medium-sized cities. “It’s possible that being part of a separate, local section of the app will help drive more traffic back to publishers’ stories and websites where they can make money through advertising,” reports Kurt Wagner at Recode, “But there is no way for publishers to make money off the new local section at launch.” The section could also help supplement Facebook’s other local-focused channels, such as a check-in feature that might compete with Foursquare. “People say content is king? I think [consumer] experience is the kingmaker,” says Kevin Reilly, president of TBS and TNT, in a Variety profile. Reilly is frustrated that cable distributors have failed to innovate for entertainment consumers. “But we’re trying to optimize everything we have, and build out our competency with data.” More. Startup fashion and beauty brands have promulgated on Facebook and Instagram, but so too have scam manufacturers. With so many legitimate startups hawking near-luxury products at low prices, it’s harder for users to identify knockoffs. Most of these pop-up merchants use the ecommerce platform Shopify, which “Solders digital advertising through Facebook onto the world of Asian manufacturers and wholesalers,” writes Alexis Madrigal for The Atlantic. These operations aren’t get-rich-quick schemes. Buying products in Asia is cheap, but the practice comes with real costs, and can require pumping thousands or tens of thousands of dollars a day back into Facebook advertising. For Facebook and Shopify, this is big business, at least as long as they aren’t burdened with the kind of product and payment return policies found on Amazon.

Keywords: [“Facebook”,”product”,”advertisers”]
Source: https://adexchanger.com/ad-exchange-news/thursday-01112018

So, What is GDPR, and Why Should Your Customers Care?

We all know GDPR is on the way and, to date, most of the articles have been industry-focused, talking about the affect it will have on companies and organizations that gather, hold and process data. I recently wrote about why DBAs should care about it, and advised that you should start your GDPR journey now by finding out where your data is, what exactly that data is, and who is accessing it. Soon the wind will start blowing from another direction, that of what the GDPR calls ‘data subjects’. These ‘data subjects’ will wake up to the rights GDPR grants them and realize they should care about it too. Yahoo recently admitted that a data breach four years ago leaked the account details of every one of its three billion customers, not the one billion it initially claimed. GDPR is introducing new rights at the same time that the threats to data are the biggest they’ve ever been. The more leaks and breaches there are, the more your customers will learn that GDPR grants them six specific rights, and the louder they’ll ask how you’re meeting those obligations. GDPR requires that data protection safeguards are integrated into products and services from the earliest stage of development, with privacy always the default option. Privacy by design will become a legal requirement, and only data absolutely necessary will be allowed to be held and processed. This right is all about transparency and means that individuals have the right to be informed when data is collected about them, where from, what it is, and for what purpose. A copy of all of the data held also has to be provided, free of charge, on request, in electronic format. GDPR requires organizations holding data on individuals to notify them if a data breach is likely to result in a risk to their rights and freedoms. GDPR brings portability to data, giving individuals the right to have their data transferred elsewhere in a ‘structured, commonly used, machine-readable and interoperable format’. From next May, Individuals will have the right to request that their personal data is erased without undue delay, and no longer disseminated or processed by third parties. Now is a good time to think about the kind of personal data your company or organization processes, and how you’ll answer questions from customers when they become aware of their new rights.

Keywords: [“data”,”right”,”GDPR”]
Source: http://www.dataversity.net/gdpr-customers-care

GDPR and Communication

This challenge has a precise date: 25 May, 2018, the day when the General Data Protection Regulation comes into force. The regulation focuses on the clear and unequivocal protection of people and the dispersion and use of their personal data. The name itself is telling: “Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”. It’s relevant to all of us as it has direct application in 28 countries without needing to be adopted into national laws, and applies to any organization operating within the European Union or storing data from European citizens. It’s also clear that as this regulation is about people then we have to communicate with them. The implications of GDPR need to be communicated internally and externally by companies and organizations transparently and effectively. Without this, the objectives of this regulation won’t be met. GDPR impacts beyond how we communicate with internal and external audiences. Organizations will have to respond – regardless of their technology and resourcing capabilities – to applications for oblivion, data footprint and data portability. The communication also has to be planned and delivered around making explicit and clear commitments to managing the different kinds of personal data held, including photographs; the outsourcing to companies who may have access to such data; with the publication of the data held; and, for example, with the management of personal data of candidates and of former employees. All this applies to not only the data held in a digital format but also to data that’s stored on paper. The person who called me, called me by name nicely and politely. This example illustrates the kinds of responses that companies must be prepared to give from 25 May: we have to have peoples’ express permission to use personal data and know exactly the source of that data. This was an example of the use of personal data for commercial purposes, but it would be exactly the same if a request came as part of an internal communication campaign. GDPR offers us an excellent opportunity to improve the relationships with internal and external audiences in the spirit and context of integrated communication.

Keywords: [“Data”,”personal”,”Regulation”]
Source: http://www.globalalliancepr.org/thoughts/2017/9/27/gdpr-and-communication

GDPR News Center News for 04-14-2018

GDPR

The GDPR will impact all churches, is unaffected by Brexit, and will come into force in the UK from 25 May 2018. In conjunction with Stone King, our longstanding Partner in Ministry, ACAT is holding half-day seminars in three different locations to give practical guidance on this new legislation, with particular relevance to churches and faith organisations. We are extremely grateful that Vicki Bowles, Head of Knowledge Management, Charity & Social Enterprise Team, Stone King, is leading these seminars for us. Vicki’s background in regulation and charity law means that she brings a practical and sensitive approach, which is particularly helpful to ACAT members. All churches keep data on the members of their congregation, donors and planned givers, Electoral Rolls, and similar information. This seminar will provide a General Introduction to the GDPR and the Data Protection Bill in a church context aimed at churches and faith organisations to help you prepare for the changes that will apply to your organisation from May 2018. In this seminar we will talk about the legal framework and how the GDPR and the Data Protection Bill fit together. We will take you through the most relevant provisions of the GDPR with comments about the Bill and available guidance. Registration for all seminars will begin at 10:00, with the seminar itself from 10:30 to 13:15. We anticipate that these seminars will be of interest to many members of the church leadership, not just the treasurer, hence we are incorporating a discount for multiple delegates from the same church. 1 delegate: £35; 2 delegates: £30 each; 3 or more delegates: £25 each. ACAT is the national charity for treasurers of churches and Christian charities, providing training, advice and information to members. GDPR consent issues, what the ‘legal basis for processing’ means, the legal basis which churches might use in different circumstances and what counts as adequate consent under the GDPR. We will give you practical guidance on handling Subject Access Requests and outline the changes that will be required for GDPR compliance. Senior Leadership Team, Trustees, Treasurers, Gift Aid Officers involved in GDPR compliance, those with specific data protection compliance responsibilities. Newark NG24 2AG. Due to popular demand, a further GDPR Seminar is offered in Taunton.

Keywords: [“church”,”GDPR”,”seminar”]
Source: https://www.acat.uk.com/gdpr.html

Groupcall Limited and EU GDPR

GDPR becomes enforceable from May 2018, and whilst many of its main concepts and principles are much the same as those in the current Data Protection Act, it also introduces a number of new, more stringent data protection rules with which we must all comply. We need to review everything we do to ensure we fully comply with GDPR and all the data protection requirements it brings. Our Senior Management Team are fully aware of the new GDPR regulations and the impact this is likely to have on both Groupcall and the education industry in general. We have made all our staff aware of the new regulations and what this means to us through GDPR awareness sessions. We are conducting an audit of all personal data we hold or process, including where it comes from and who it is shared with. We are reviewing the legal basis for all personal data processing to ensure we are compliant and to ensure that, if required, we have the appropriate consent in place. We are reviewing and updating our policies and procedures to ensure that we comply with all the rights of individuals under GDPR including processes for secure data deletion, handling Subject Access Requests etc. We have for several years ensured that we have data protection by design throughout our processes and we continue with this. We have made a good start on our compliance with GDPR and will be fully compliant well in advance of May 2018. Need assistance in themselves becoming GDPR compliant and to that end we are holding a series of GDPR training courses. These are for their staff to help them understand GDPR and in particular what impact it will have on the world of education. Finally, together with some of our partners, we have developed a GDPR compliance toolkit, GDPR in Schools, which will help schools, academy trusts etc. Through the compliance process, as well as enabling them to monitor their own and their suppliers’ compliance with GDPR in a simple yet effective way. We believe that compliance with GDPR will help to strengthen and unify data protection rules across Europe and will undoubtedly help protect the vast amounts of personal data that is processed in the education industry. Becoming fully compliant with GDPR is not simply an aim for Groupcall, but a commitment through which we will protect all personal data we process in the best way possible at all times.

Keywords: [“GDPR”,”Data”,”Protection”]
Source: https://www.groupcall.com/news/groupcall-and-gdpr

GDPR: A chance for charities to change with the times » Charity Digital News

Jim Bowes, CEO and Founder of Manifesto, the award-winning agency of creatives and technologists who collaborate with exceptional organisations to change things for the better, shares his views on GDPR and the opportunity it presents charities. While most of the focus on GDPR has been on commercial businesses, it’s worth noting that charities are not exempt from controversies surrounding data privacy either. The Information Commissioner’s Office has recently handed out several fines to a number of reputable charity organisations for swapping or selling donor lists containing confidential information. As a result, the charity sector needs to understand and prepare for these changes. Charities run the risk of falling foul of data protection rules too – and risk damaging their reputations as a result. The well-documented collapse of Kids Company caused serious harm to the public’s perception of charities. Last year, the Charity Commission found that trust and confidence in charities was at its lowest level since the report began in 2005. In the same report, the Charity Commission revealed that 1 in 10 people identify effective management as the most important factor in their trust and confidence in charities. Charities now have an opportunity to view data protection as an act of corporate social responsibility that can boost their public image, as well as a legal requirement. The purpose of GDPR is to keep personal data safe, so if charities can embrace this legislation and show a willingness to comply, it will send a clear message to their supporters that the organisation really cares about protecting their private information. As a result, those charities that can successfully navigate the transition to GDPR have a chance to engage with their supporters in a more open and positive way. The charity sector is currently one of the least digitally mature sectors, since most organisations opt for human interactions rather than automated tools. As the recent fines handed out by the Information Commissioner’s Office demonstrate, some charities still lag behind in this area. As a result, rather than dreading these new regulations, charities should see GDPR as an opportunity to bring their systems up to date. Charities who are already compliant with the Data Protection Act should be well on their way to being GDPR-ready.

Keywords: [“charity”,”data”,”GDPR”]
Source: https://www.charitydigitalnews.co.uk/2017/10/27/gdpr-a-chance-for…

GDPR News Center News for 04-13-2018

Interactive Compliance Training

Non-EU CompaniesThe GDPR protects any personal data you, as an EU citizen, provide to organizations outside the EU to obtain goods or services. It also applies to non-EU-based organizations that may monitor how you behave online. This means that all organizations, irrespective of where they are located, must ensure that the personal data of EU citizens is protected to the standard outlined in the GDPR. Personal DataThe definition of “Personal data” has been widened significantly – for example, IP addresses, cookie identifiers, mobile device ID, and other types of online identifiers are now considered personal data. For example, if your company website is accessible to EU consumers and you collect their IP addresses in access logs, or track EU visitors using cookies, the data you collect is subject to the GDPR. Privacy by Design and DefaultPrivacy by design is an approach to projects that promotes privacy and data protection compliance from the start. Organizations must ensure that privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. Building new IT systems for storing or accessing personal data. Developing legislation, policy, or strategies that have privacy implications. Organizations should therefore ensure that they integrate core privacy considerations into existing project management and risk management methodologies and policies. Privacy by default means that the strictest privacy settings automatically apply for products and services and no manual change to such privacy settings should be required on the part of the user. Transferring Data Outside the EUPersonal data can only be transferred to countries outside the EU and the EEA where certain, very specific arrangements are in place ensuring data protection. Some countries are recognized by the EU as having adequate protections in place, i.e. in line with the standards of protection required in the EU. However, for most other non-EEA countries, there are procedures that need to be complied with in order for the legitimate transfer of personal data from the EU, such as entering into data transfer contracts between the companies who are sharing the personal data. Note that countries outside the EU and EEA are often referred to as “Third countries.”

Keywords: [“data”,”Privacy”,”personal”]
Source: https://interactiveservices.com/gdpr-training

GDPR: A work in progress

ACF has received several queries recently from members concerned about how the General Data Protection Regulation may affect foundations. The implications for foundations are not clear yet as there is no such specific guidance, but this brief blog provides an update of what we know, what we don’t know, and what to expect in the coming months. The GDPR is an EU legal framework which sets an updated standard of data protection for organisations across the EU and for any organisations that process the data of individuals in member states even if they aren’t in the EU. It is due to come into force in the UK on 25 May 2018, and the government has stated that the UK’s withdrawal from the EU will not affect its commencement. It has also provided some sector specific guidance including a page for charities, which can be accessed here. A great deal of guidance for charities has been designed with service providing and fundraising charities in mind. This means that for foundations, or other charities which use data for purposes other than direct marketing, understanding the requirements and assessing the impact can be challenging. ACF is working closely with members, experts and other umbrella bodies across the voluntary sector to identify the issues for foundations and find answers to member queries. We are aiming to publish a briefing note on the GDPR as soon as we have some clarity and confirmation as to what the issues and solutions might be. We are also exploring the possibility of hosting a briefing event or training session for foundations. Where is the line drawn between individual and organisational consent? What constitutes marketing materials in the context of a foundation or other non-fundraising charity? Might it include, for example, promotion of a new grant programme or funding opportunity? It would be good to hear from you whether you have logged any further issues in relation to your practice, and also if you have already sought professional advice on the issues that you would be willing to share. We will continue to work with others in the sector to find out more and keep members informed. If you have any further thoughts, questions or suggestions, please contact Emma Hutchins, ACF’s Policy and Communications Officer. ICO’s overview of the GDPR ICO’s support for charities ICO’s current guide to data protection.

Keywords: [“charity”,”foundation”,”member”]
Source: http://www.acf.org.uk/news/gdpr-a-work-in-progress

The Technology Solution

Clients have a right to see the personal data you hold on them and you need to have a method for keeping this data up to date. One of the issues firms voice to us regularly, is that the quality of the data in their back-office system is suspect. At moneyinfo, we take the data from your back office, overlay it with up to date data from your platforms and providers and then keep this up to date for you daily. One of the recommendations in the GDPR is that clients should if possible be given access to a secure portal where they can see the data you hold on them. Having access to the data online means they can understand the data you hold on them and check it’s up to date, notifying you of issues before issues occur. All these can contain personal data on clients, prospects, staff and suppliers. Moneyinfo can display the data you hold on individuals, aggregating data from your existing systems and display it to the individual in an easy to digest dashboard format. Individuals can control their data, notifying you of inaccuracies or out-of-date data and using detailed privacy controls, directly control who can view what data about them. Will you still need to audit your existing systems? Yes, but if the current data you process is in moneyinfo then the requirement is more easily covered. If your client portal allows a client to see a superset of all the data you hold on them, then you are limiting the subject access requests to a minimum and these will most likely be relating to a specific event. Moneyinfo provides a dashboard access to all the data you hold on behalf of a client meaning your privacy statement is backed up by technology making it much easier for a client to understand what data you hold and why and how you are using it. Further helping you demonstrate your commitment to GDPR and data privacy for your clients. Managing client privacy and addressing data quality issues. Article 5(d) – Personal Data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. Recital 63 – Where possible, the controller should be able to provide remote access to a secure system which would provide the data subject with direct access to his or her personal data.

Keywords: [“data”,”client”,”system”]
Source: http://www.moneyinfo.com/news/GDPR3

GDPR News Center News for 04-12-2018

Accelerate your GDPR compliance with the Microsoft Cloud

While some companies have started working towards GDPR compliance, Gartner believes that less than 50 percent of all organizations will fully comply with the GDPR when it goes into effect on May 25, 2018.* We know that the cloud can help dramatically increase that compliance rate, and we are dedicated to helping our customers on this journey. With roughly 160 GDPR requirements ranging from how you collect, store and use personal information, to mandating a 72-hour notification for personal data breaches, it’s clear that using cloud technology can help accelerate the path to compliance for most organizations. Nearly a decade ago, Microsoft established our Trusted Cloud Principles to guide our Microsoft cloud technology. These investments align closely with the intentions of the GDPR, and because of this, the Microsoft Cloud can uniquely provide an expedited journey to GDPR compliance. In February of this year, we announced that Microsoft cloud services will comply with GDPR by May 25, 2018, across Office 365, Dynamics 365, Azure, including Azure data services, Enterprise Mobility + Security, and Windows 10. Through these investments, we will also help you validate that when you are using the Microsoft Cloud, you are using services compliant with the GDPR. Cloud for compliance. Beyond making our cloud services compliant, the Microsoft Cloud provides sophisticated, built-in controls that can help you meet GDPR requirements. Powerful intelligence capabilities can be applied to the GDPR requirements when using the Microsoft Cloud. We continue to innovate in order to make GDPR compliance easier for you to achieve. Later this year we plan to release a new dashboard that provides a quantitative assessment to help identify where you are in your journey to GDPR compliance. This upcoming release builds on the foundation of Office 365 Secure Score, launched earlier this year, to provide you greater clarity on your path toward GDPR compliance. In the Microsoft Tech Community privacy forum you can discuss GDPR issues and learn from experts. We’ve collaborated with consulting firms with deep policy knowledge of privacy and the GDPR, who can help you plan and implement process and technology to be GDPR compliant. As the GDPR deadline draws closer, we are here to partner with you. Meeting GDPR doesn’t have to be a difficult path and Microsoft is here to help.

Keywords: [“GDPR”,”Microsoft”,”cloud”]
Source: https://blogs.microsoft.com/blog/2017/05/24/accelerate-gdpr…

GDPR: The five things teachers should do first

General Data Protection Regulation will reshape the way organisations approach data privacy in the European Union and beyond. GDPR will come into force on May 25, 2018, and is designed to harmonize data privacy laws across Europe and to protect and empower all EU citizens’ data privacy. It covers such topics as data breaches, citizens’ right to access data, their right to have personal data erased, and the requirement to design systems with data privacy built in from the start. As part of the event, Mark Orchison, Managing Director at education technology consultants 9ine Consulting, revealed the five aspects of GDPR that educators should understand first. Under current laws for collecting personal data, an organisation must tell an individual who they are and how they will use the information they receive. They will need to spell out their lawful basis for processing the information, their data retention periods and that individuals have a right to lodge a complaint with the Information Commissioner’s Office if they think there is an issue with the way their data is handled. Encrypting your devices helps to protect user data from theft and other malicious actions. A hacker will be unable to access the data without this passphrase, even if they remove the hard drive. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled. Teachers often work at home in the evening, at weekends and during school holidays, but this can raise issues when it comes to data movement and storage. Information relating to pupils and staff can be lost or stolen if stored on unprotected USB sticks and personal laptops – according to research from EE, almost 10 million mobile devices such as smartphones, tablets and laptops containing sensitive business data were lost by employees across Britain in 2013/2014. Moving data to easily accessible WiFi networks will also raise concerns. Always keep personal and work-related information separate, and encrypt all files and devices that relate to your job. According to the Government’s “10 steps to cybersecurity” the use of USB sticks should be limited, they should be encrypted and that the school devices they plug into have adequate end-point protection. End-point protection means that users make sure every device – PCs, laptops, phones or servers – is responsible for its own security.

Keywords: [“Data”,”device”,”Protection”]
Source: https://news.microsoft.com/en-gb/2017/11/20/gdpr-the-five-things…

Security and Data Protection to Help You Achieve, Maintain, and Document Compliance

Barracuda provides a comprehensive and integrated set of security solutions. They use state-of-the-art technology to block highly sophisticated malware from penetrating your network, to help prevent the exfiltration or theft of data, and to secure data in the event of natural disasters and equipment failure. Barracuda NextGen Firewalls are designed to make it easy to secure and regulate network and application access. Whether your infrastructure is on-premises, in the cloud, or a combination, they provide advanced security at all network and data-transfer boundaries. Barracuda Essentials for Email Security is a complete email security and management solution that also provides secure archiving and backup to protect personal data and communications from loss and theft. Barracuda Web Application Firewalls eliminate web app vulnerabilities to prevent intrusions, and secure data stored in web application servers. Barracuda Backup creates secure, redundant, real-time, 256-bit AES encrypted backup of your offsite replicated data. Backups can be replicated to an off-site physical or virtual appliance, to the Barracuda Cloud, or to Amazon Web Services. This protects data against ransomware and other criminal attacks, along with natural disasters, hardware failures, and human error. Barracuda Message Archiver is a cloud-connected email archiving solution that captures and securely stores an unmodified copy of every message at the time it is sent or received. Granular retention polices ensure original data is kept without risk of amendment or deletion, while historical data and items such as appointments, contacts, tasks, and notes can also be imported to provide a comprehensive archive. Comprehensive audit trails help you demonstrate regulatory compliance. Barracuda security solutions including NextGen Firewalls, Web Security Gateways, Essentials for Email Security, and Web Application Firewalls all use state-of-the-art analytics to filter outgoing traffic and prevent spyware, keyloggers, and other malicious phone-home malware from transmitting sensitive data outside the network. If your organization does fall victim to a data breach, gathering and analyzing information about the breach should be as fast and easy as possible. This information can be used by admins to analyze, remediate, and notify in case of data breaches and other security incidents.

Keywords: [“data”,”Barracuda”,”security”]
Source: https://www.barracuda.com/solutions/gdpr

GDPR News Center News for 04-11-2018

GDPR: What Americans Need to Know

The General Data Protection Regulation will be the global law of the land starting on May 25, 2018. The GDPR requires any company that does business with European Union-based residents to maintain strict data protection protocols. The processes for collecting data must be relevant to how the data will be used by the company. Companies should be willing and able to explain exactly what data has been collected and why. Security practices must demonstrate a clear ability to safeguard against loss, damage, and destruction, and data should not be held longer than is necessary. A few issues include abstractly written rules for why data is being collected, overreaching requirements for scrubbing customer data when requested, and the need for some companies to totally revamp security procedures solely for the purpose of ensuring compliance. Under the bylaws, EU citizen data must be protected and you must provide the citizen with said data if he or she requests it. You may be required to purge that data from your systems if and when the citizen makes the request. The law instead focuses on personally identifiable information and where the person associated with the data resides. If your company is hit by a massive cyberattack on May 26, 2018, then you can’t claim “Insufficient time” as an excuse for divulging EU citizen data. “You can be asked to show your journey into compliance already. Have you inventoried? What’s your protocol for an EU citizen to ask about your data? These companies can be asked for this information right now. They will start to be fined next year if they can’t demonstrate compliance after May.”. This person, whom the GDPR law dubs the “Data Protection Officer,” will be the point person responsible for walking the GDPR oversight team through the ways in which your company has been securing its data. You’ll need to verify employee identities and institute multi-factor authentication when accessing PII and for transactions that include PII data. You’ll need to cut out any practices that access or process data for unauthorized purposes, constantly monitor and verify data to ensure relevance, and completely and irreversibly purge customer data when asked to do so. Finally, if your organization’s data is breached, then you’ll need to notify your associated GDPR supervisor immediately to describe the breach and its consequences in full.

Keywords: [“Data”,”company”,”GDPR”]
Source: https://www.pcmag.com/article/356899/gdpr-what-americans-need-to-know

Moodle’s GDPR approach and plan

Here we outline Moodle’s approach and plan for the implementation of support for the EU General Data Protection Regulation. Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers. During the summer we put together an initial plan on what developments are needed to enable organisations using Moodle to comply with GDPR and then sought more feedback. We have also engaged a specialist lawyer from Europe on a consultancy basis who has a strong background in data protection and data privacy to examine the specifications and make recommendations on where they can be improved to better enable organisations to be GDPR compliant. We now have a plan to meet those needs and are scheduling the development within our Open Source team under the lead of Sander Bangma, our new Open Source coordinator. The PlanWe have a set of features now in development which will meet those compliance needs covering the following areas: onboarding of new users, privacy statements, the tracking of consent and handling of subject access requests. Listing and requesting consent for all 3rd-parties who may receive user data. A request to erase all identifiable user data on Moodle. We will be releasing these plugins, scheduled for March 2018, which will enable those using Moodle 3.3 and 3.4 to become compliant with the new regulations by installing and configuring the plugins in addition to implementing the required organisational procedures and processes. These features will then become part of Moodle 3.5 release which is a Long Term Supported version of Moodle. If you are not on Moodle 3.3 or above we recommend you upgrade before the end of February 2018. We are currently reviewing in what form we will offer a solution for Moodle 3.2 and below. If you are on Moodle 3.3 or above you should make sure that you update to the most recent version of these releases. Installing the plugins alone is not going to be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required and you should engage with your IT and legal department on what is required.

Keywords: [“Moodle”,”need”,”Data”]
Source: https://moodle.com/2017/12/21/moodle-gdpr-approach-plan

GDPR – REVOLUTION 99 – GRATEFUL DREAD PUBLIC RADIO – PEACE-PROGRESSIVE NEWS/TALK NETRADIO FOR A BETTER WORLD

GRATEFUL DREAD PUBLIC RADIO, founded in Baltimore in 1996, provides peace-progressive news/talk internet radio for the revolution! GDPR Revolution99 is independent, listener-supported activist netradio for a better world: news/talk programming, activism, POVs you won’t find in mainstream, corporate radio and more. We are radio for the progressive community and the anti-Trump resistance, the 99 Percent’s one-stop shop for voices and views you won’t find in the corporate establishment media. Our peace-progressive programming covers the gamut: progressive talk shows; news and analysis programming; green-focused environmental offerings with a focus on sustainability; educational shows and documentary and lecture series; inspirational activism-centered programs that inspire positive action for peace and justice and the necessary stance against the fascist and bigoted Republican Party and Donald Trump; public affairs programs covering religion, LGBT issues, the workers’ movement, and more; and, of course, arts and culture programming that fills the air with beautiful language, important literature, and sounds ranging from Rodgers and Hammerstein to Garcia and Weir. Check out our complete program guide, and then tune in and turn on! LISTEN LIVE HERE. ARMCHAIR ACTIVIST ALERT OF THE DAY ARCHIVE. Join us as we work to move the revolution of the 99 percent forward. We are independent, noncorporate, listener-funded noncommercial media for We The People; we exist for YOU: Listen regularly and support our work – click the support link above for numerous ways to help or use the donation button on the right side of the page. With Trump in power, the republic, the people, and independent alternative media are particularly vulnerable. In the fight for a better nation and world, we must work together. PLEASE SUPPORT GDPR EMERGENCY GOFUNDME CAMPAIGN. Your help is needed more than ever. LEND A HELPING HAND. Global Giving has a list of a number of projects that provide emergency. Hispanic Federation is accepting donations to help those. We must help our fellow citizens – they need our assistance! You can help people affected by disasters big and small,like the wildfires and countless other crises, by supporting Red.Cross Disaster Relief. Your gift enables the group to prepare for,respond to, and help people when they need it the most.

Keywords: [“program”,”help”,”work”]
Source: http://gdprnashville.org