GDPR News Center News for 10-16-2018

Official Statement: EU GDPR Compliance

The protection of private information is fundamental to the trust Zoom users have given us when choosing our service. Zoom’s products now feature an explicit consent mechanism for EU users. Users that are detected via IP address as coming from a EU member state, upon their first visit to the zoom. Us website, will be presented with a cookie-pop up box that allows cookie preferences to be set. These cookie preferences can also be changed at any time in the future by visiting the cookie preferences link at the footer of any page on our website. 

EU users can opt-in to communications from Zoom when registering for Zoom-hosted webinars or downloading whitepapers from our website. We have appointed a Data Protection Officer, Kari Zeni, who is an expert on GDPR compliance topics. Zoom has entered into Data Protection Agreements with our vendors to ensure that the privacy and security of our customer data is protected. Zoom’s DPA has been thoroughly vetted to comply with all GDPR and other privacy and security-related requirements, has been drafted to clearly and accurately describe the manner in which Zoom consistently provides its service to all of its customers, and is consistent with the security program on which Zoom’s annual SOC2 third-party audit is premised. To be more transparent and have developed a cookie policy that describes the purpose of the cookies that Zoom uses. 

In addition to the privacy training that all Zoom employees receive during on-boarding and annually thereafter, employees with roles that are customer facing have been trained on GDPR and how it impacts their roles. GDPR empowers data subjects with certain rights to help assure the privacy and protection of their personal data. 

Keywords: [“Zoom”,”cookie”,”users”]
Source: https://support.zoom.us/hc/en-us/articles/360000126326-Official-Statement-EU-GDPR-Compliance

General Data Protection Regulation Compliance

On May 25, 2018, the General Data Protection Regulation replaced the Data Protection Directive that had been law across the European Union for the past 20 years. GDPR impacts any business that operates or collects data in or from Europe. We see GDPR as affording us yet another opportunity to continue our tradition of protecting and giving you more control over both your organizational and personal data. Multiple data centers to guarantee a secure and highly available service at scale. Our new Privacy Basics page gives you a snapshot of how we handle personal information and data, while the page design makes it easy for you to find the exact areas of our policies that concern you. 

We also offer various options on data processing terms for customers, depending on the plan or package you have selected. If you’ve purchased your plan via our website, you can access our data processing addendum here. We empower all of our customers to control their data through their account. As long as your account is active, you have full control over the specific types of data, and length of time you hold such data. We honour all deletions from an account, and all account data which has been expunged by you is permanently deleted from our back-ups within 90 days. 

We’re aware that many of our customers with EU users and EU affiliates would prefer that their data be hosted in the EU. To address this, we are actively engaged in building a data centre in the EU. Updates on when this data storage option will be available for customers will be provided through our website. Manage your company’s data with advanced security and control, so you can enable your teams to share and collaborate safely. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.surveymonkey.com/mp/gdpr/

GDPR for Microsoft Dynamics 365

Microsoft Dynamics 365 is committed to helping our customers meet their GDPR requirements. In this topic, you will find information and several resources to help you understand how Microsoft Dynamics supports the GDPR, and how we provide the information and tools that our customers need in order to define and support their GDPR obligations. The following white papers provide an overview of the GDPR for Dynamics 365 applications and services. What GDPR means for your business applications: the IDC analyst’s view. The GDPR grants individuals certain rights in connection with the processing of their personal data. 

DSRs on the Service Trust Portal – You can find information about what the GDPR requires of controllers and processors when you respond to DSRs, and how Microsoft enables you to do so. Compliance Manager is a cross-Microsoft cloud services solution that is designed to help organizations meet complex compliance obligations like the GDPR. It does real-time risk assessment that reflects your compliance posture against data protection regulations when you use Microsoft cloud services. Hear from Microsoft about how we support the GDPR, and learn how we are helping our Microsoft Dynamics customers support their GDPR requirements. Hear from Microsoft about the GDPR, what it means to our customers, and what it means to us as a corporation. 

Microsoft’s commitment to GDPR, privacy and putting customers in control of their own data, May 21, 2018, Julie Brill – Corporate Vice President and Deputy General Counsel, Microsoft. Essential Dynamics 365 resources to help you with GDPR compliance, May 14, 2018. Get deeper knowledge about Microsoft, the GDPR, and our own GDPR journey. 

Keywords: [“GDPR”,”compliance”,”Microsoft”]
Source: https://docs.microsoft.com/en-us/dynamics365/get-started/gdpr/

GDPR News Center News for 10-15-2018

GDPR Compliance: Requirements, Guidelines, Penalties and Resources

The new GDPR regulations protect both categories of private data. The new regulations will replace the previous legislation, including the Data Protection Act of 1998 and the 1995 Data Protection Regulation, helping to address current issues in personal data protection. The new GDPR legislation will hold organizations handling personal data more accountable through security regulations and strict standards of internal policy. Companies or organizations that offer services controlling or processing personal data of all individuals in the European Union must follow GDPR compliance. The Information Commissioner’s Office stated that if your organization is currently under the Data Protection Act, it will most likely have to follow GDPR policies. 

Within data-service organizations, the internal groups of data processors and data controllers must appoint a Data Protection Officer to oversee GDPR compliance. The DPO will oversee the data security strategies that process and control EU citizen data in a responsible and transparent way, such as storage of personal data, and will define how personal data will be responsibly processed. It’s best to prepare early, so find out the Do’s and Don’ts of GDPR Data Security. Under GDPR regulation, subjects will have more control over their personal data and companies will have to be transparent on how they use sensitive information. GDPR enforcement is much stricter than the former Data Protection Act, including costly fines up to €20 million or 4 percent of global annual turnover for non-compliance. 

Phase 1: Know your data Information – Identify types of information in scope of GDPR handled by the organization. The Information Commissioner’s Office provides this GDPR Checklist for data controllers and processors. 

Keywords: [“Data”,”GDPR”,”organization”]
Source: https://www.secureworks.com/blog/2018-gdpr-compliance-overview

GDPR Compliance: Requirements, Guidelines, Penalties and Resources

The new GDPR regulations protect both categories of private data. The new regulations will replace the previous legislation, including the Data Protection Act of 1998 and the 1995 Data Protection Regulation, helping to address current issues in personal data protection. The new GDPR legislation will hold organizations handling personal data more accountable through security regulations and strict standards of internal policy. Companies or organizations that offer services controlling or processing personal data of all individuals in the European Union must follow GDPR compliance. The Information Commissioner’s Office stated that if your organization is currently under the Data Protection Act, it will most likely have to follow GDPR policies. 

Within data-service organizations, the internal groups of data processors and data controllers must appoint a Data Protection Officer to oversee GDPR compliance. The DPO will oversee the data security strategies that process and control EU citizen data in a responsible and transparent way, such as storage of personal data, and will define how personal data will be responsibly processed. It’s best to prepare early, so find out the Do’s and Don’ts of GDPR Data Security. Under GDPR regulation, subjects will have more control over their personal data and companies will have to be transparent on how they use sensitive information. GDPR enforcement is much stricter than the former Data Protection Act, including costly fines up to €20 million or 4 percent of global annual turnover for non-compliance. 

Phase 1: Know your data Information – Identify types of information in scope of GDPR handled by the organization. The Information Commissioner’s Office provides this GDPR Checklist for data controllers and processors. 

Keywords: [“Data”,”GDPR”,”organization”]
Source: https://www.secureworks.com/blog/2018-gdpr-compliance-overview

Braintree Support Articles

The General Data Protection Regulation standardizes the handling of personal data across the EU and EEA. This new regulation goes into effect on May 25, 2018 and is intended to give individuals more control over their data and protect their right to privacy. GDPR is a fundamental shift in personal data regulation, so it’s important to understand how it will impact your business. Here are some important concepts as defined by GDPR:. Personal data: Any information relating to an individual. 

Data processing: Any operation or set of operations that is performed with personal data. Data controller: The party that determines why and how personal data will be processed. Data processor: The party that is responsible for handling personal data based on the controller’s determination. Braintree functions as a data controller for our merchants’ individual representatives. We may use merchant personal data to share messaging with the employees and contractors of our merchants, or in other situations of which the individual has been informed in advance and the actions taken are compliant with Data Protection Laws. 

When processing transactions with merchants as part of our Payment Services Agreement, our merchants are the controller and we function as the data processor on behalf our merchants. In this case, our merchants will be solely responsible for determining the purposes and means for processing personal data. As a data processor, Braintree will only process customer data in accordance with our merchants’ Privacy Policies. This new policy details the personal data we collect as a data controller, when we collect the personal data of our merchants’ individual representatives, and how we use this data across our services. 

Keywords: [“Data”,”merchant”,”personal”]
Source: https://articles.braintreepayments.com/risk-and-security/compliance/gdpr-readiness

Braintree Support Articles

The General Data Protection Regulation standardizes the handling of personal data across the EU and EEA. This new regulation goes into effect on May 25, 2018 and is intended to give individuals more control over their data and protect their right to privacy. GDPR is a fundamental shift in personal data regulation, so it’s important to understand how it will impact your business. Here are some important concepts as defined by GDPR:. Personal data: Any information relating to an individual. 

Data processing: Any operation or set of operations that is performed with personal data. Data controller: The party that determines why and how personal data will be processed. Data processor: The party that is responsible for handling personal data based on the controller’s determination. Braintree functions as a data controller for our merchants’ individual representatives. We may use merchant personal data to share messaging with the employees and contractors of our merchants, or in other situations of which the individual has been informed in advance and the actions taken are compliant with Data Protection Laws. 

When processing transactions with merchants as part of our Payment Services Agreement, our merchants are the controller and we function as the data processor on behalf our merchants. In this case, our merchants will be solely responsible for determining the purposes and means for processing personal data. As a data processor, Braintree will only process customer data in accordance with our merchants’ Privacy Policies. This new policy details the personal data we collect as a data controller, when we collect the personal data of our merchants’ individual representatives, and how we use this data across our services. 

Keywords: [“Data”,”merchant”,”personal”]
Source: https://articles.braintreepayments.com/risk-and-security/compliance/gdpr-readiness

GDPR News Center News for 10-14-2018

No one’s ready for GDPR

The General Data Protection Regulation will go into effect on May 25th, and no one is ready – not the companies and not even the regulators. In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. When broken down by industry, 60 percent of tech companies said they weren’t ready. GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches to transparency for users about what data is being collected and why. Perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. 

A year ago, 61 percent of companies had not even started GDPR implementation. It’s not a pleasant position to be in, because GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. Because much of GDPR is ambiguous, how it will work in practice is up to what regulators do with it. Another GDPR provision that might strain regulatory resources is the data breach notification requirement. 

Regulators may not be ready to audit a company’s security or figure out exactly what to do to protect EU residents affected by the breach. GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. 

Keywords: [“company”,”GDPR”,”Data”]
Source: https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu

No one’s ready for GDPR

The General Data Protection Regulation will go into effect on May 25th, and no one is ready – not the companies and not even the regulators. In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. When broken down by industry, 60 percent of tech companies said they weren’t ready. GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches to transparency for users about what data is being collected and why. Perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. 

A year ago, 61 percent of companies had not even started GDPR implementation. It’s not a pleasant position to be in, because GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. Because much of GDPR is ambiguous, how it will work in practice is up to what regulators do with it. Another GDPR provision that might strain regulatory resources is the data breach notification requirement. 

Regulators may not be ready to audit a company’s security or figure out exactly what to do to protect EU residents affected by the breach. GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. 

Keywords: [“company”,”GDPR”,”Data”]
Source: https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu

How marketers are navigating GDPR compliance creatively

With GDPR finally enforced, marketers are now legally bound to handle, process and store personal data much more securely and transparently. Interestingly, GDPR has led to a cultural split in businesses. Marketo published a report revealing that GDPR has produced two ‘tribes’. On the other hand, there’s legal-first, which is the group of senders who have focused almost exclusively on the process and compliance aspects of GDPR, without considering the opportunity it presents. For marketing-first senders GDPR provided an opportunity to refresh consent using a variety of engaging approaches, capturing consumer attention and imagination, while also achieving/maintaining compliance with the new requirements. 

Teaching customers GDPR. Another way marketers have engaged with consumers is by presenting GDPR as a customer service benefit. By providing this compliance information in a clear and concise way, marketers have created interest in GDPR by presenting the new laws through a positive lens. Lloyds Bank took this opportunity to educate its email subscribers, setting out the parameters and requirements of the GDPR in layman’s terms that were easy for the audience to understand. As previously mentioned, GDPR is also challenging data controllers to be clear and concise. 

Although GDPR is a serious topic, it doesn’t mean senders suddenly need to adopt a stoic tone – the messages can still be conveyed in a way their subscribers know – and even expect – of their brand, and this will have an impact on success. GDPR is clear that consent must be freely given, and data controllers should avoid making consent a precondition of a service. Take a look at all Econsultancy’s GDPR resources, including a guide for marketers and online and face-to-face training courses. 

Keywords: [“GDPR”,”customer”,”data”]
Source: https://econsultancy.com/how-marketers-are-navigating-gdpr-compliance-creatively/

GDPR News Center News for 10-13-2018

GDPR Compliance for 2018: It’s easier than you think

It’s the date that the European General Data Protection Regulation is set to go into effect. The new legislation is intended to offer consumers more protection for how businesses handle their personal data. Personal data also applies to any data that, when processed along with additional data or alone, could identify a specific individual. Who is a Data ControllerA natural or legal person or entity, who alone or with others, determines how personal data is, or will be, processed. Who is a Data ProcessorA natural or legal person or entity charged with the processing of personal data on behalf of a data controller. 

For the purposes of data you collected using ShortStack, you would be considered the data controller and ShortStack is the data processor. There may be other cases when you are working with individuals’ personal data in which case you would be the data processor. Individuals or businesses not located within the EU, but who are considered processors or controllers of the personal data of individuals located in the EU;. Individuals and businesses located in countries whose data protection laws are set to change alongside the GDPR – examples include the United Kingdom’s proposed Data Protection Bill, Switzerland’s updates to the Swiss Data Protection Act, and Norway’s new Personal Data Act;. You must provide individuals with information regarding how their data will be used. 

Under the GDPR, you are considered a Data Controller, while ShortStack is the Data Processor. For the most part, the GDPR only affects folks located within Europe or those processing the personal data of individuals located within Europe. While staying compliant with the GDPR is important if you are located within the EU or processing the personal data of individuals located in the EU, when you use ShortStack, it isn’t difficult to comply with the requirements. 

Keywords: [“Data”,”email”,”individual”]
Source: https://www.shortstack.com/blog/gdpr-compliance-its-easier-than-you-think/

How Raygun Is Handling GDPR Compliance

Overview The General Data Protection Regulation is a new set of rules designed to give EU citizens more control over their personal data. Raygun is committed to GDPR compliance across all products and services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts. Protecting your data As a Raygun customer, your data will be treated in accordance with the GDPR legislation. Security of our customers’ data is our number one priority, and Raygun has already obtained approval from EU data protection authorities, to enable transfer of data outside Europe, including to the U.S. 

Raygun customers can continue to run their global operations using Raygun in full compliance with EU law. The Raygun Data Processing Addendum is available to all Raygun customers that are processing personal data whether they are established in Europe or a global company operating in the European Economic Area. Raygun has appointed a Data Protection Officer where such appointment is required by Data Protection Laws and Regulations. Compliance Raygun will be implementing tools for administrators in your account settings to ensure they comply with GDPR and EU law before the legislation comes into effect on 25 May 2018. Raygun account owners will have the functionality to agree and sign the Data Processing Addendum between Raygun and your organization from within your account settings. 

All Raygun providers offer the ability to exclude specific and sensitive information before being sent for us to process. Some Raygun features allow you to send IP address information, email addresses, usernames and other custom data to assist with issue diagnosis. Raygun does not collect this information by default. 

Keywords: [“Data”,”Raygun”,”GDPR”]
Source: https://raygun.com/gdpr

How Raygun Is Handling GDPR Compliance

Overview The General Data Protection Regulation is a new set of rules designed to give EU citizens more control over their personal data. Raygun is committed to GDPR compliance across all products and services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts. Protecting your data As a Raygun customer, your data will be treated in accordance with the GDPR legislation. Security of our customers’ data is our number one priority, and Raygun has already obtained approval from EU data protection authorities, to enable transfer of data outside Europe, including to the U.S. 

Raygun customers can continue to run their global operations using Raygun in full compliance with EU law. The Raygun Data Processing Addendum is available to all Raygun customers that are processing personal data whether they are established in Europe or a global company operating in the European Economic Area. Raygun has appointed a Data Protection Officer where such appointment is required by Data Protection Laws and Regulations. Compliance Raygun will be implementing tools for administrators in your account settings to ensure they comply with GDPR and EU law before the legislation comes into effect on 25 May 2018. Raygun account owners will have the functionality to agree and sign the Data Processing Addendum between Raygun and your organization from within your account settings. 

All Raygun providers offer the ability to exclude specific and sensitive information before being sent for us to process. Some Raygun features allow you to send IP address information, email addresses, usernames and other custom data to assist with issue diagnosis. Raygun does not collect this information by default. 

Keywords: [“Data”,”Raygun”,”GDPR”]
Source: https://raygun.com/gdpr

GDPR News Center News for 10-12-2018

GDPR compliant? Here’s a handy five-step preparation checklist

There is no lack of content and information about General Data Protection Regulation out there, but most marketing professionals I spoke with about the regulation were confused about what GDPR is or how they should prepare their marketing programs, website, and data collection process before the enforcement date, May 25, 2018. Marketing departments are also often responsible for communicating with stakeholders after a data breach. Create a custom GDPR preparation checklist taking appropriate recommendations from the list below. The primary marketing data lead should work closely as part of a data governance team with the DPO to review and approve marketing campaigns with European contacts before execution. Document all the data collection channels and steps: Document all the channels from which the marketing department receives contact data such as events, website registrations, partners, sales, list purchases, etc. 

Create an age-verification process: GDPR requires parental consent to collect or process the personal data of children under the age of 16. If collecting personal data in person, such as at an event, for a testimonial video or at an in-store sign-up, ask for consent and include a check box or other field for the person to check or initial when the individual has agreed to be emailed. Then the IP address is covered under GDPR personal data. Constellation reminds marketers that the predecessor to GDPR, the EU Data Protection Directive, is still active and, under the threat of fines, it prohibits emailing individuals who previously unsubscribed. GDPR requires organizations to report data breaches no later than 72 hours after the organization becomes aware of the breach. 

Constellation advises CMOs to be proactive and design a data breach action plan as a precaution. The following are recommended best practices for marketers responding to a data breach. 

Keywords: [“data”,”GDPR”,”marketing”]
Source: https://www.zdnet.com/article/the-five-step-gdpr-preparation-checklist-for-marketing-organizations/

GDPR compliant? Here’s a handy five-step preparation checklist

There is no lack of content and information about General Data Protection Regulation out there, but most marketing professionals I spoke with about the regulation were confused about what GDPR is or how they should prepare their marketing programs, website, and data collection process before the enforcement date, May 25, 2018. Marketing departments are also often responsible for communicating with stakeholders after a data breach. Create a custom GDPR preparation checklist taking appropriate recommendations from the list below. The primary marketing data lead should work closely as part of a data governance team with the DPO to review and approve marketing campaigns with European contacts before execution. Document all the data collection channels and steps: Document all the channels from which the marketing department receives contact data such as events, website registrations, partners, sales, list purchases, etc. 

Create an age-verification process: GDPR requires parental consent to collect or process the personal data of children under the age of 16. If collecting personal data in person, such as at an event, for a testimonial video or at an in-store sign-up, ask for consent and include a check box or other field for the person to check or initial when the individual has agreed to be emailed. Then the IP address is covered under GDPR personal data. Constellation reminds marketers that the predecessor to GDPR, the EU Data Protection Directive, is still active and, under the threat of fines, it prohibits emailing individuals who previously unsubscribed. GDPR requires organizations to report data breaches no later than 72 hours after the organization becomes aware of the breach. 

Constellation advises CMOs to be proactive and design a data breach action plan as a precaution. The following are recommended best practices for marketers responding to a data breach. 

Keywords: [“data”,”GDPR”,”marketing”]
Source: https://www.zdnet.com/article/the-five-step-gdpr-preparation-checklist-for-marketing-organizations/

GDPR Compliance for 2018: It’s easier than you think

It’s the date that the European General Data Protection Regulation is set to go into effect. The new legislation is intended to offer consumers more protection for how businesses handle their personal data. Personal data also applies to any data that, when processed along with additional data or alone, could identify a specific individual. Who is a Data ControllerA natural or legal person or entity, who alone or with others, determines how personal data is, or will be, processed. Who is a Data ProcessorA natural or legal person or entity charged with the processing of personal data on behalf of a data controller. 

For the purposes of data you collected using ShortStack, you would be considered the data controller and ShortStack is the data processor. There may be other cases when you are working with individuals’ personal data in which case you would be the data processor. Individuals or businesses not located within the EU, but who are considered processors or controllers of the personal data of individuals located in the EU;. Individuals and businesses located in countries whose data protection laws are set to change alongside the GDPR – examples include the United Kingdom’s proposed Data Protection Bill, Switzerland’s updates to the Swiss Data Protection Act, and Norway’s new Personal Data Act;. You must provide individuals with information regarding how their data will be used. 

Under the GDPR, you are considered a Data Controller, while ShortStack is the Data Processor. For the most part, the GDPR only affects folks located within Europe or those processing the personal data of individuals located within Europe. While staying compliant with the GDPR is important if you are located within the EU or processing the personal data of individuals located in the EU, when you use ShortStack, it isn’t difficult to comply with the requirements. 

Keywords: [“Data”,”email”,”individual”]
Source: https://www.shortstack.com/blog/gdpr-compliance-its-easier-than-you-think/

GDPR News Center News for 10-11-2018

How to ensure GDPR compliance

We’re two months away from the huge new data regulation roll out. Coming into place on the 25th of May, 2018, it is the European Union’s revised regulation on personal data that will ensure that the privacy of EU citizens is protected in this ever advancing digital economy. GDPR compliance doesn’t just apply to EU businesses, it applies to any business that deals with personal data of EU citizens. Replacing the outdated Data Protection Directive, which has been in place since December 1995, the GDPR assures to protect citizens from the misuse of their personal information. The process of how to notice a loss or breach of data, and the steps to take to report it. 

Company-wide compliance is a team effort, so it is imperative for all staff members to fully understand the details of the GDPR, regardless whether or not they work directly with data. Data minimization is one of the specifications of the GDPR. It is to ensure that your business only holds and processes information that is absolutely necessary for duties to be carried out. Ensure your data controllers and processors are aware of the different laws in different member states. GDPR compliance involves adopting a privacy by design approach which includes undergoing a data protection impact assessment. 

Invest in a DPO. DPO stands for Data Protection Officer and it refers to individuals who are formally placed in a business to oversee protection strategies and to ensure compliance with the new requirements is in full swing. New regulation states that hiring a DPO is mandatory for businesses whose main activities involve monitoring of data subjects on a large scale, of special categories of data, or work with data relating to criminal convictions and offences. The purpose of the GDPR is to protect the privacy of EU citizens, and to create a harmonized data protection regulation throughout the continent. 

Keywords: [“data”,”GDPR”,”ensure”]
Source: https://zenkit.com/en/blog/how-to-ensure-gdpr-compliance/

Totara Learn 11 supports GDPR compliance

Totara Learning is pleased to announce the release of Totara Learn 11, a special interim release designed to help customers ensure their learning management platform supports their compliance with the EU General Data Protection Regulation before it becomes effective on 25th May 2018. Totara Learn 11 makes it easy for end users to understand what their data will be used for, who will have access to it, and provide consent to site policies regarding the usage of their personal data. With Totara Learn 11, administrators can create, publish and update multiple consent policies and track when end users have agreed to a particular version of a given policy. This makes it easier for administrators to monitor active policies and identify who may need to agree to a new policy version if circumstances change. This will also ensure that data handling and processing is transparent enough to abide by the new regulations, protecting organisations and end users alike. 

The new regulations give end users more control over the data they provide to organisations. All businesses inside and outside the EU that handle EU citizens’ personal data will need to comply with the new rules or risk legal action. Totara Learning has decided to release Totara Learn 11, which makes it easy to comply with the GDPR, earlier than its usual autumn release date. Other updates users can expect to see in Totara Learn 11 include many smaller theme improvements and bug fixes. Totara Learn 12 is scheduled for release in September, as per Totara Learn’s standard release schedule for major new versions of the software. 

To find out more about Totara Learn 11 and GDPR, take a look at the release notes and documentation here. There is also a new info sheet available here, and Wesley Holden will be presenting two webinars covering everything you need to know about Totara Learn 11, and partners can register for these here. 

Keywords: [“Totara”,”Learn”,”Data”]
Source: https://www.totaralms.com/about-us/news-events/totara-learn-11-supports-gdpr-compliance

Totara Learn 11 supports GDPR compliance

Totara Learning is pleased to announce the release of Totara Learn 11, a special interim release designed to help customers ensure their learning management platform supports their compliance with the EU General Data Protection Regulation before it becomes effective on 25th May 2018. Totara Learn 11 makes it easy for end users to understand what their data will be used for, who will have access to it, and provide consent to site policies regarding the usage of their personal data. With Totara Learn 11, administrators can create, publish and update multiple consent policies and track when end users have agreed to a particular version of a given policy. This makes it easier for administrators to monitor active policies and identify who may need to agree to a new policy version if circumstances change. This will also ensure that data handling and processing is transparent enough to abide by the new regulations, protecting organisations and end users alike. 

The new regulations give end users more control over the data they provide to organisations. All businesses inside and outside the EU that handle EU citizens’ personal data will need to comply with the new rules or risk legal action. Totara Learning has decided to release Totara Learn 11, which makes it easy to comply with the GDPR, earlier than its usual autumn release date. Other updates users can expect to see in Totara Learn 11 include many smaller theme improvements and bug fixes. Totara Learn 12 is scheduled for release in September, as per Totara Learn’s standard release schedule for major new versions of the software. 

To find out more about Totara Learn 11 and GDPR, take a look at the release notes and documentation here. There is also a new info sheet available here, and Wesley Holden will be presenting two webinars covering everything you need to know about Totara Learn 11, and partners can register for these here. 

Keywords: [“Totara”,”Learn”,”Data”]
Source: https://www.totaralms.com/about-us/news-events/totara-learn-11-supports-gdpr-compliance

GDPR News Center News for 10-10-2018

Mixpanel Help Center

Mixpanel strongly believes that customers should be able to control their data and trust that information is protected when stored in its servers. To support this, Mixpanel holds itself to strict data security and privacy standards, including compliance with the General Data Protection Regulation. Any Mixpanel account holder will be able to request an export of one’s own personal data, as well as the personal data of their own end-users. Our customers control what data is sent to Mixpanel, and may decide to halt the sending of personal data at any time. To the collection of one’s personal data, Mixpanel also has built dedicated methods for our client-side SDKs that can be used to opt end users out of tracking. 

Mixpanel collects information about how customers use the product, and uses this data to identify product gaps and improve existing products. See the information below for more details about the safeguards that Mixpanel puts in place to protect customer data. As processors of its customers’ data and to protect the privacy of information it stores, Mixpanel holds data no longer than is needed to provide its services. To further support this, Mixpanel is implementing a data retention policy starting May 25th:. Events received over 5 years ago are automatically deleted on an ongoing basis from all projects. 

Deleting a project through the Project Settings triggers a soft deletion, and the data in the deleted or reset project will remain stored in Mixpanel according to event and people data retention policies. Custom data retention windows can be set for people data by sending regular deletion requests to the Engage API. For more questions about setting custom data retention windows, contact our support team. Mixpanel has a dedicated Data Protection Officer, along with a team of privacy and security professionals dedicated to our compliance and to helping you maintain your compliance when using Mixpanel. 

Keywords: [“data”,”Mixpanel”,”customer”]
Source: https://help.mixpanel.com/hc/en-us/articles/360000345423-GDPR-Compliance

SiteGround is now GDPR Compliant

Over a year ago, SiteGround began the important task of preparing for the General Data Protection Regulation – a new law designed to protect the personal data and privacy of EU residents. The regulation aims to make personal data processing more transparent and to give people more control over their data. Our Data Processing Agreement, which regulates our responsibilities as a host, thus allowing our clients to have GDPR compliant sites themselves, if they need to. The first thing you need to know is that we collect the minimum data needed to provide our stellar service. To provide all services around your hosting account we share some of your data with external providers like domain registrars, SSL providers, and content delivery network providers. 

As a hosting provider we also have responsibilities as a data processor. This means that when our customers use our services to store any personal data on SiteGround servers, we are required by the GDPR to meet some criteria for handling this data too. The DPA puts in writing our obligation to access any data that our customers store on our servers only to the extent needed to provide our services and to make sure only employees that are directly involved with the provision of the service have access to it.3. Sometimes our partnering companies need access to the data uploaded on our servers so that we can provide our service. We provide access only to partners that have same or higher level of data protection as the one we guarantee you through our DPA.4. 

Our DPA responsibilities include timely disclosure by SiteGround, if a personal data breach is detected by us to have happened on the servers used by our clients. Also if SiteGround receives a request by an individual, using a website hosted on our servers, to exercise one of the personal data rights outlined in the GDPR, we’ll redirect them to the site owner. 

Keywords: [“Data”,”provide”,”GDPR”]
Source: https://www.siteground.com/blog/siteground-is-gdpr-compliant/

SiteGround is now GDPR Compliant

Over a year ago, SiteGround began the important task of preparing for the General Data Protection Regulation – a new law designed to protect the personal data and privacy of EU residents. The regulation aims to make personal data processing more transparent and to give people more control over their data. Our Data Processing Agreement, which regulates our responsibilities as a host, thus allowing our clients to have GDPR compliant sites themselves, if they need to. The first thing you need to know is that we collect the minimum data needed to provide our stellar service. To provide all services around your hosting account we share some of your data with external providers like domain registrars, SSL providers, and content delivery network providers. 

As a hosting provider we also have responsibilities as a data processor. This means that when our customers use our services to store any personal data on SiteGround servers, we are required by the GDPR to meet some criteria for handling this data too. The DPA puts in writing our obligation to access any data that our customers store on our servers only to the extent needed to provide our services and to make sure only employees that are directly involved with the provision of the service have access to it.3. Sometimes our partnering companies need access to the data uploaded on our servers so that we can provide our service. We provide access only to partners that have same or higher level of data protection as the one we guarantee you through our DPA.4. 

Our DPA responsibilities include timely disclosure by SiteGround, if a personal data breach is detected by us to have happened on the servers used by our clients. Also if SiteGround receives a request by an individual, using a website hosted on our servers, to exercise one of the personal data rights outlined in the GDPR, we’ll redirect them to the site owner. 

Keywords: [“Data”,”provide”,”GDPR”]
Source: https://www.siteground.com/blog/siteground-is-gdpr-compliant/

GDPR News Center News for 10-09-2018

GDPR, The Checklist For Compliance

With the General Data Protection Regulation arriving within weeks, businesses are now in the final sprint to achieve compliance before the May 25 deadline. As most people know by now, GDPR is a global data protection law passed by the European Union that shifts the ownership of customer data from the organizations that use it to the individual customer. This new regulation not only applies to European businesses that work with the customer data of EU citizens – it applies to any entities that work with said businesses as well, thus making GDPR a global data protection law. With Facebook’s recent misuse of its customer data, all eyes are on the proper protection of customers’ private information. Your data protection officer is your point person to ensure GDPR compliance. 

If your company stores personal data in permanent storage, you’ll need to perform a data protection impact assessment before each project that involves such personal data. Despite all of your preparations, data breaches will remain a substantial risk to not only your business and your compliance to GDPR but to the privacy and trust of your customers. In the event of a data breach, GDPR requires businesses to notify local data protection authorities of the breach within 72 hours of discovery. GDPR supports the data minimalization principle, requiring companies to only use and keep the personal data that is needed at any given time for any given purpose. Companies must then remove all traces of the customer data from its repositories, as well as any other repositories downstream where the data may have been shared and stored. 

While it will take more time than a few weeks to achieve full GDPR compliance, there is still time for companies to get started on the right foot with protecting their customer data for the long run. Now more than ever, the protection of customer data and privacy has global attention, and the world with GDPR will be a proving ground for companies to regain and maintain the trust of their customers. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.forbes.com/sites/forbestechcouncil/2018/06/04/gdpr-the-checklist-for-compliance/

Our GDPR Compliance Plan

All our customers need to agree to revised data protection terms to reflect the change from the Data Protection Act to General Data Protection Regulation. Where customers are processing personal data with GBG, as this is against third party data sources, we are asking our customers to advise us on the lawful processing condition for using our products/services. Consent is changing to be more explicit/transparent so at the point of data collection, the individual will need to be informed exactly how their data will be used and who it will be shared with. Consent can be selected by our customer who is asking us to process data on their behalf, as they will hold the first party consent and will have advised their consumer as to how their data will be processed in their privacy notice. Kate leads the Privacy and Data Compliance Team, where each Compliance Manager has a core focus on the products GBG deliver, helping embed data privacy into operations whilst also monitoring activity on an ongoing basis. 

We know what data we have, where it’s held, how we access it, the classification of the data, records for transfer and flow charts to show how it moves between systems, processes and countries. Due diligence prior to working with a third party is key to ensure data has been gathered lawfully, and to ensure any data we share will be secure. We have over 200 data partners globally, who need to comply with applicable data protection regulations. Depending on where the data partners is in the world, and what data they process, GDPR compliance may not be relevant. 33 states as data processor, GBG’s obligation is to notify data controllers without undue delay after becoming aware of it. We’re regularly audited by external third parties – our customers, our data partners and external bodies, such as IESB when reviewing our ISO27001 status or PCI:DSS compliance. 

We attend many conferences, webinars and are part of a compliance think tank with a number of businesses in the data industry. 

Keywords: [“data”,”customer”,”GBG”]
Source: https://www.gbgplc.com/our-gdpr-compliance-plan

Mixpanel Help Center

Mixpanel strongly believes that customers should be able to control their data and trust that information is protected when stored in its servers. To support this, Mixpanel holds itself to strict data security and privacy standards, including compliance with the General Data Protection Regulation. Any Mixpanel account holder will be able to request an export of one’s own personal data, as well as the personal data of their own end-users. Our customers control what data is sent to Mixpanel, and may decide to halt the sending of personal data at any time. To the collection of one’s personal data, Mixpanel also has built dedicated methods for our client-side SDKs that can be used to opt end users out of tracking. 

Mixpanel collects information about how customers use the product, and uses this data to identify product gaps and improve existing products. See the information below for more details about the safeguards that Mixpanel puts in place to protect customer data. As processors of its customers’ data and to protect the privacy of information it stores, Mixpanel holds data no longer than is needed to provide its services. To further support this, Mixpanel is implementing a data retention policy starting May 25th:. Events received over 5 years ago are automatically deleted on an ongoing basis from all projects. 

Deleting a project through the Project Settings triggers a soft deletion, and the data in the deleted or reset project will remain stored in Mixpanel according to event and people data retention policies. Custom data retention windows can be set for people data by sending regular deletion requests to the Engage API. For more questions about setting custom data retention windows, contact our support team. Mixpanel has a dedicated Data Protection Officer, along with a team of privacy and security professionals dedicated to our compliance and to helping you maintain your compliance when using Mixpanel. 

Keywords: [“data”,”Mixpanel”,”customer”]
Source: https://help.mixpanel.com/hc/en-us/articles/360000345423-GDPR-Compliance

GDPR News Center News for 10-08-2018

WP Engine & GDPR Compliance

WP Engine continually monitors developments in data security, privacy, and compliance around the globe, and we have invested considerable resources in preparing for EU Regulation 2016/679. We have always upheld the core privacy principles behind GDPR, as evidenced by our early adoption of the EU-US and Swiss-US Privacy Shield programs, and take very seriously the trust our customers place in us when they choose to store personal data on our platform. WP Engine will comply with GDPR’s requirements, both as a controller of our customers’ account data and a processor of the end-user personal data our customers store on our platform. In support of our customers’ compliance efforts, we have updated our terms to reflect the obligations we have as a processor under GDPR. These changes became effective May 10, 2018, and our DPA already applies to you by reference in your existing agreement. 

We encourage you to view this changelog and familiarize yourself with our terms to better understand how we support you and protect the security and privacy of your data. We also encourage our customers to begin assessing their own internal readiness if they haven’t already done so. The DPA applies to everyone, automatically, without the need to sign anything. If you are a WP Engine customer, you can log into the User Portal and access a pre-signed version of our DPA, which includes instructions for countersigning and returning the fully executed form to us. A: If you are a WP Engine customer, you can log into the User Portal and access our sub-processor list here. 

Note that not all vendors are applicable for every customer; whether a particular vendor applies to you depends on the services and features that you elect to use on our platform and the means by which you choose to communicate with us. If you have any specific questions about your service, please contact our Support team. We may update this list from time to time, as our business or our services evolve, so please check back regularly for updates. 

Keywords: [“customer”,”DPA”,”data”]
Source: https://wpengine.com/support/gdpr-compliance/

WP Engine & GDPR Compliance

WP Engine continually monitors developments in data security, privacy, and compliance around the globe, and we have invested considerable resources in preparing for EU Regulation 2016/679. We have always upheld the core privacy principles behind GDPR, as evidenced by our early adoption of the EU-US and Swiss-US Privacy Shield programs, and take very seriously the trust our customers place in us when they choose to store personal data on our platform. WP Engine will comply with GDPR’s requirements, both as a controller of our customers’ account data and a processor of the end-user personal data our customers store on our platform. In support of our customers’ compliance efforts, we have updated our terms to reflect the obligations we have as a processor under GDPR. These changes became effective May 10, 2018, and our DPA already applies to you by reference in your existing agreement. 

We encourage you to view this changelog and familiarize yourself with our terms to better understand how we support you and protect the security and privacy of your data. We also encourage our customers to begin assessing their own internal readiness if they haven’t already done so. The DPA applies to everyone, automatically, without the need to sign anything. If you are a WP Engine customer, you can log into the User Portal and access a pre-signed version of our DPA, which includes instructions for countersigning and returning the fully executed form to us. A: If you are a WP Engine customer, you can log into the User Portal and access our sub-processor list here. 

Note that not all vendors are applicable for every customer; whether a particular vendor applies to you depends on the services and features that you elect to use on our platform and the means by which you choose to communicate with us. If you have any specific questions about your service, please contact our Support team. We may update this list from time to time, as our business or our services evolve, so please check back regularly for updates. 

Keywords: [“customer”,”DPA”,”data”]
Source: https://wpengine.com/support/gdpr-compliance/

GDPR, The Checklist For Compliance

With the General Data Protection Regulation arriving within weeks, businesses are now in the final sprint to achieve compliance before the May 25 deadline. As most people know by now, GDPR is a global data protection law passed by the European Union that shifts the ownership of customer data from the organizations that use it to the individual customer. This new regulation not only applies to European businesses that work with the customer data of EU citizens – it applies to any entities that work with said businesses as well, thus making GDPR a global data protection law. With Facebook’s recent misuse of its customer data, all eyes are on the proper protection of customers’ private information. Your data protection officer is your point person to ensure GDPR compliance. 

If your company stores personal data in permanent storage, you’ll need to perform a data protection impact assessment before each project that involves such personal data. Despite all of your preparations, data breaches will remain a substantial risk to not only your business and your compliance to GDPR but to the privacy and trust of your customers. In the event of a data breach, GDPR requires businesses to notify local data protection authorities of the breach within 72 hours of discovery. GDPR supports the data minimalization principle, requiring companies to only use and keep the personal data that is needed at any given time for any given purpose. Companies must then remove all traces of the customer data from its repositories, as well as any other repositories downstream where the data may have been shared and stored. 

While it will take more time than a few weeks to achieve full GDPR compliance, there is still time for companies to get started on the right foot with protecting their customer data for the long run. Now more than ever, the protection of customer data and privacy has global attention, and the world with GDPR will be a proving ground for companies to regain and maintain the trust of their customers. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.forbes.com/sites/forbestechcouncil/2018/06/04/gdpr-the-checklist-for-compliance/

GDPR News Center News for 10-07-2018

Code42 and GDPR compliance

The General Data Protection Regulation is a regulation enacted to strengthen data privacy for all individuals within the European Union. All organizations that process personal data of individuals in the EU are required to comply with GDPR. Code42 users have substantial amounts of business-critical data on their devices, often including personal data. Data Processing Addendum Code42’s Master Services Agreement incorporates a Data Processing Addendum that provides contractual commitments Code42 customers need to meet their GDPR requirements. Code42’s compliance with GDPR. 

GDPR sets forth baseline data-protection requirements for organizations that process and move the personal data of individuals in the EU. Organizations subject to GDPR must ensure that any service providers, such as Code42, that process personal information of EU individuals, meet specific requirements. Transfers personal data outside the EU only if there is a lawful transfer mechanism in place with the organization receiving the data. It is your responsibility to develop the plan, methods, and procedures you will follow to be in compliance with GDPR. Data protection and recovery features. 

The following Code42 features enable data protection and recovery. Every file in user directories on all devices are backed up every 15 minutes or 30 minutes by default per file retention settings, allowing for robust data recovery. All data transferred to Code42 is encrypted at rest and in transit and is not processed by Code42 for any purpose other than as agreed upon for the provision of our products and services. Code42 allows users to recover their files in the event of data loss arising from events such as a stolen device or ransomware. The following Code42 features provide your compliance officer with information about the data retained and allow your organization to comply with reporting requirements in the event of a data breach. 

Use Code42’s reporting features as part of your analysis and required reporting in the event of data breaches. 

Keywords: [“Data”,”Code42″,”GDPR”]
Source: https://support.code42.com/Terms_and_conditions/Compliance_resources/Code42_and_GDPR_compliance

Code42 and GDPR compliance

The General Data Protection Regulation is a regulation enacted to strengthen data privacy for all individuals within the European Union. All organizations that process personal data of individuals in the EU are required to comply with GDPR. Code42 users have substantial amounts of business-critical data on their devices, often including personal data. Data Processing Addendum Code42’s Master Services Agreement incorporates a Data Processing Addendum that provides contractual commitments Code42 customers need to meet their GDPR requirements. Code42’s compliance with GDPR. 

GDPR sets forth baseline data-protection requirements for organizations that process and move the personal data of individuals in the EU. Organizations subject to GDPR must ensure that any service providers, such as Code42, that process personal information of EU individuals, meet specific requirements. Transfers personal data outside the EU only if there is a lawful transfer mechanism in place with the organization receiving the data. It is your responsibility to develop the plan, methods, and procedures you will follow to be in compliance with GDPR. Data protection and recovery features. 

The following Code42 features enable data protection and recovery. Every file in user directories on all devices are backed up every 15 minutes or 30 minutes by default per file retention settings, allowing for robust data recovery. All data transferred to Code42 is encrypted at rest and in transit and is not processed by Code42 for any purpose other than as agreed upon for the provision of our products and services. Code42 allows users to recover their files in the event of data loss arising from events such as a stolen device or ransomware. The following Code42 features provide your compliance officer with information about the data retained and allow your organization to comply with reporting requirements in the event of a data breach. 

Use Code42’s reporting features as part of your analysis and required reporting in the event of data breaches. 

Keywords: [“Data”,”Code42″,”GDPR”]
Source: https://support.code42.com/Terms_and_conditions/Compliance_resources/Code42_and_GDPR_compliance

How to ensure GDPR compliance

Coming into place on the 25th of May, 2018, it is the European Union’s revised regulation on personal data that will ensure that the privacy of EU citizens is protected in this ever advancing digital economy. GDPR compliance doesn’t just apply to EU businesses, it applies to any business that deals with personal data of EU citizens. Replacing the outdated Data Protection Directive, which has been in place since December 1995, the GDPR assures to protect citizens from the misuse of their personal information. The process of how to notice a loss or breach of data, and the steps to take to report it. Company-wide compliance is a team effort, so it is imperative for all staff members to fully understand the details of the GDPR, regardless whether or not they work directly with data. 

Provide training and information - which can be found on the General Data Protection Regulation PDF - and ensure your staff members are aware of the risks and consequences if the requirements are not met. Data minimization is one of the specifications of the GDPR. It is to ensure that your business only holds and processes information that is absolutely necessary for duties to be carried out. Ensure your data controllers and processors are aware of the different laws in different member states. GDPR compliance involves adopting a privacy by design approach which includes undergoing a data protection impact assessment. 

Invest in a DPO. DPO stands for Data Protection Officer and it refers to individuals who are formally placed in a business to oversee protection strategies and to ensure compliance with the new requirements is in full swing. New regulation states that hiring a DPO is mandatory for businesses whose main activities involve monitoring of data subjects on a large scale, of special categories of data, or work with data relating to criminal convictions and offences. The purpose of the GDPR is to protect the privacy of EU citizens, and to create a harmonized data protection regulation throughout the continent. 

Keywords: [“data”,”GDPR”,”ensure”]
Source: https://zenkit.com/en/blog/how-to-ensure-gdpr-compliance/