GDPR News Center News for 06-08-2018

Home Page of EU GDPR

After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. It will enter in force 20 days after its publication in the EU Official Journal and will be directly application in all members states two years after this date. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance will face heavy fines. The EU General Data Protection Regulation replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site. 

The EU General Data Protection Regulation is the most important change in. 

Keywords: [“Data”,”Protection”,”General”]
Source: https://www.eugdpr.org/

A major focus of GDPR is on conditions of consent which have been strengthened. So companies will not be able to use vague or confusing statements to get you to agree to give them data. Firms won’t be able to bundle consent for different things together either. Another rule will make it mandatory for companies to notify their data protection authority about a data breach within 72 hours of first becoming aware of it. When it comes to user data, consumers will have more control. 

You will be able to access the personal data being stored by companies and find out where and for what purpose it is being used. This means you can ask whoever is controlling your data to erase it and potentially stop third parties processing it too. Another provision of GDPR allows people to take their data and transfer it to a different service provider. 

Keywords: [“data”,”consent”,”able”]
Source: https://www.cnbc.com/2018/03/30/gdpr-everything-you-need-to-know.html

DigitalOcean: Cloud computing designed for developers

Passed in 2016, the new General Data Protection Regulation is the most significant legislative change in European data protection laws since the EU Data Protection Directive, introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it. We support the GDPR and will ensure all DigitalOcean services comply with its provisions by May 25, 2018. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance in the industry. 

Keywords: [“Protection”,”Data”,”GDPR”]
Source: https://www.digitalocean.com/security/gdpr/

Achieving GDPR Compliance shouldn’t feel like a struggle. This is a basic checklist you can use to harden your GDPR compliancy. If your organisation is determining the purpose of the storage or processing of personal information, it is considered a controller. If your organisation stores or processes personal data on behalf of another organisation, it is considered a processor. It is possible for your organisation to have both roles. 

Use the filter below to view only the relevant checklist items for your organisation. This list is far from a legal exhaustive document, it merely tries to help you overcome the struggle. Select your organisation’s role:Data Controller: I determine why data is processed. Data Processor: I store or process data for someone else. 

Keywords: [“organisation”,”data”,”process”]
Source: https://gdprchecklist.io/

LiveChat implements the General Data Protection Regulation

If your company is based in the EU or your customers are EU citizens, there are few things that might be important for you. If you collect personal data of your customers and process them via our app, you should inform your customers about their entitlements under GDPR. We recommend you ensure your policies and internal documentation are up to date and clear to your readers. If you are located in the EU or your country’s law requires it from you, you can sign a Data Processing Agreement with us. Providing our customers with updated DPA was our top priority, and now we will continue working on further steps, allowing us to become GDPR compatible. 

Keywords: [“customers”,”GDPR”,”data”]
Source: https://www.livechatinc.com/general-data-protection-regulation/

Guide to the General Data Protection Regulation

The Guide to the GDPR explains the provisions of the GDPR to help organisations comply with its requirements. It is for those who have day-to-day responsibility for data protection. This is a living document and we are working to expand it in key areas. It includes links to relevant sections of the GDPR itself, to other ICO guidance and to guidance produced by the EU’s Article 29 Working Party. Includes representatives of the data protection authorities from each EU member state, and the ICO is the UK’s representative. 

Alongside the Guide to the GDPR, we have produced a number of tools to help organisations to prepare for the GDPR:.. 

Keywords: [“GDPR”,”representative”,”produced”]
Source: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/?q=third+party

GDPR Overview

For SpringCM customers, compliance with all national and international data regulations, including GDPR, is a top priority. OCR to extract the content of any document as plain text and use it to make the document searchable. OCR is particularly important, as GDPR applies to historic information, as well. Metadata tagging on documents to allow for convenient searches in the event of the need to erase a particular EU citizen’s information. Advanced Search to execute document and folder searches with a great degree of granularity. 

Workflows to enable the convenient porting of personal data from one service provider to another. 

Keywords: [“document”,”Search”,”OCR”]
Source: https://www.springcm.com/products/security/gdpr-overview

GDPR News Center News for 06-07-2018

The ONLINE BUSINESS Owners Guide to GDPR (and Gettin’ to Grips with it!)

Top 5: Things you should know about GDPR

Companies have been preparing for it for awhile but if you’re still in the dark, it’s not too late to get up to speed. Here are five things to know about the EU’s GDPR:. 1. The GDPR attempts to give EU citizens more control over what data companies collect, store, and use.2. GDPR applies to every citizen of the EU and any business entity that transacts with them. Anything related to a person that can be used directly, or indirectly, to identify them is now regulated. 

You have to get explicit permission to process personal data and your request must be in clear language. It has to be as easy to withdraw consent as it was to give it.5. If an enterprise violates the practices of the GDPR, it can be fined up to 4% of the company’s global turnover or 20 million Euros, whichever is greater. Those are the big things but there are loads of other considerations like the right to be forgotten, data portability, and more. Hopefully these help get you wrap your head around the issue. 

When you’re ready for more, TechRepublic has a comprehensive guide to the topic: EU General Data Protection Regulation: A cheat sheet. 

Keywords: [“data”,”GDPR”,”more”]
Source: https://www.techrepublic.com/article/top-5-things-you-should-know-about-gdpr/

MailChimp for WordPress and the GDPR

In this article, we’ll be outlining some tips to help you comply with the General Data Protection Regulation privacy law, which takes effect on May 25, 2018. Since you install our MailChimp for WordPress plugin on your own site directly, all data is flowing directly from your site to MailChimp. You do not need to sign a data processor agreement with us. We recommend reviewing the following usages of the plugin to make sure your GDPR compliance is not negatively affected. Please note that this is not a complete list of what you need to do to be compliant. 

Always ask for explicit consent to transfer data to MailChimp. This means always asking your visitors before sending their data to MailChimp, while not pre-checking any of the sign-up checkboxes that our plugin provides. We recommend enabling double opt-in so you have additional evidence of consent. Inform users that data is being transferred to MailChimp. Use clear language in your sign-up forms, explaining that personal information is being sent to MailChimp. 

Keywords: [“MailChimp”,”Data”,”plugin”]
Source: https://kb.mc4wp.com/gdpr-compliance/

a16z Podcast: What to Know about GDPR – Andreessen Horowitz

Given concern around data breaches, the EU Parliament finally passed GDPR after four years of preparation and debate; it goes into enforcement on May 25, 2018. Though it originated in Europe, GDPR is a form of long-arm jurisdiction that affects many U.S. companies – including most software startups, because data collection and user privacy touch so much of what they do. With EU regulators focusing most on transparency, GDPR affects everything from user interface design to engineering to legal contracts and more. The two break down the basics all about GDPR in this episode of the a16z Podcast – the why, the what, the how, the who – including the easy things startups can immediately do, and on their own. 

GDPR may give startups an edge over bigger companies and open up opportunities, argue Hawke and Sinofsky; even with fewer resources, startups have more organizational flexibility, if they’re willing to put in the work. 

Keywords: [“GDPR”,”startups”,”privacy”]
Source: http://a16z.com/2018/04/12/gdpr-why-what-how-for-startups/

General data protection regulation, GDPR

GDPR puts increased emphasis on data collection best practices, data controller transparency, and consumer choice – all of which play a meaningful role in the customer experience. With an eye toward customer experience, you may want to think about how the following GDPR principles affect your business efforts. Reduce unnecessary data collectionTake stock of the data you’re collecting. Provide the required notice for data collectionReview and update your current privacy notices, policies, and any information provided at data collection points. Remove unique identifiersConsider when to make some data anonymous or pseudonymous to help minimize compliance obligations and the risk of data and privacy breaches and claims. 

Fulfill data access and delete requestsUnderstand how your customer will reach out to you to make data access or delete requests. Know how to define internal data retention and deletion policies and procedures. 

Keywords: [“data”,”how”,”customer”]
Source: https://www.adobe.com/privacy/general-data-protection-regulation.html

General Data Protection Regulation

Here you can find the official PDF of the Regulation 2016/679 as a neatly arranged website. All Articles of the GDPR are linked with suitable recitals. The European Data Protection Regulation will be applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe. If you find the page useful, feel free to support us by sharing the project. Quick Access Important Issues Chapter 1 – General provisions Chapter 2 – Principles Chapter 3 – Rights of the data subject Chapter 4 – Controller and processor Chapter 5 – Transfers of personal data to third countries or international organisations Chapter 6 – Independent supervisory authorities Chapter 7 – Cooperation and consistency Chapter 8 – Remedies, liability and penalties Chapter 9 – Provisions relating to specific processing situations Chapter 10 – Delegated acts and implementing acts Chapter 11 – Final provisions. 

Keywords: [“Chapter”,”Data”,”provisions”]
Source: https://gdpr-info.eu/

Article 3 EU General Data Protection Regulation

This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or. The monitoring of their behaviour as far as their behaviour takes place within the Union. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law. 

Keywords: [“Union”,”data”,”processing”]
Source: http://www.privacy-regulation.eu/en/article-3-territorial-scope-GDPR.htm

GDPR News Center News for 06-06-2018

Data Protection – drafting GDPR-compliant commercial contracts

WordPress Plugins

Re-assignment of user data on erasure requests & pseudonymization of user website data. Right to access data by Data Subject with front-end requests button & double opt-in confirmation email. Data breach notification logs and batch email notifications to Data Subjects. Telemetry Tracker for visualizing plugins and website data. The Data Subject can place a request to download their data with the shortcode. 

The Data Subject can place a request to rectify data or file a complaint with the shortcode. The Access Data tool allows the Admin to look up a user email and view the data of a particular user. The Admin can download and export the data in a JSON or XML format and provide to the Data Subject if manually requested. Data breach notifications are also logged to all Data Subjects upon confirmation by Controller. If in the future, the Data Subject makes a complaint or there is a need to recover the data, the user can provide their email address and the 6 digit token they received from the deletion confirmation email to decrypt and retrieve the file. 

In case of a data breach, the Admin can generate a Data Breach Notification to users by logging the information and confirm the breach through a double opt-in confirmation email. WordPress Core and some plugins gather data from your install and send this data to an outside server. 

Keywords: [“Data”,”email”,”user”]
Source: https://wordpress.org/plugins/gdpr/

Yes, The GDPR Will Affect Your U.S.-Based Business

Coming in May 2018, the EU’s General Data Protection Regulation will bring about the greatest change to European data security in 20 years. Of course, an EU-based company or multinational corporation that does business in the EU is, we hope, well on the way to complying with the GDPR. But what about U.S. companies that have no direct business operations in any one of the 28 member states of the European Union. Any U.S. 

company that has a Web presence and markets their products over the Web will have some homework to do. A very important change in the GDPR that hasn’t received the attention it deserves has do with the geographic scope of this new law. To quickly summarize: Article 3 of the GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR. Two points of clarification. First, the law only applies if the data subjects, as the GDPR refers to consumers, are in the EU when the data is collected. 

This makes sense: EU laws apply in the EU. For EU citizens outside the EU when the data is collected, the GDPR would not apply. The second point is that a financial transaction doesn’t have to take place for the extended scope of the law to kick in. 

Keywords: [“Data”,”GDPR”,”law”]
Source: https://www.forbes.com/sites/forbestechcouncil/2017/12/04/yes-the-gdpr-will-affect-your-u-s-based-business/

Wordfence and GDPR: How The Defiant Team Are Preparing For GDPR

We want to send out an update on the new data protection law, the General Data Protection Regulation, going into effect soon and how Defiant is getting ready for it. This new European law goes into effect on May 25, 2018. It is a new set of rules designed to give European citizens more control over their personal data. Defiant is actively preparing with new website changes and updates to the Wordfence plugin. We are applying for the Privacy Shield certification program for both EU-US and Swiss-US and will soon have available a Data Processing Agreement for our EU customers who need one. 

We will send out another notification with a detailed blog post when we have completed preparing for the new privacy regulations. You will begin to see these changes and updates emerge starting next week. The team at Defiant, makers of Wordfence, care deeply about our customer privacy and data protection. This extends to our European customers and the rest of the globe. To this end, we have been working diligently with our internal team and with outside experts to understand the implications of the GDPR, to perform a comprehensive internal audit and to get our software, systems and processes compliant with the GDPR. 

As always I welcome your questions and comments below. 

Keywords: [“new”,”data”,”Defiant”]
Source: https://www.wordfence.com/blog/2018/05/wordfence-and-gdpr-how-the-defiant-team-are-preparing-for-gdpr/

Become completely GDPR compliant

Providing Best PracticesWe will share our expertise in protecting your data, adopting privacy principles, and complying with many complex international regulations. We will also communicate to you all information we gather from any respective Data Protection Authority or other organization. It’s important to note that GDPR compliance is ultimately a shared responsibility. In order to appropriately adopt the legislative requirements, you must understand the obligations your business faces. For more details, see Using Act-On to Manage Consent for the GDPR. 

Contractual CommitmentsAct-On requires all vendors we do business with to be contractually compliant with the GDPR. We also provide our customers with standard data protection clauses if requested. Account Provisioning All European based clients are provisioned in our European data centers ensuring your account remains within the EU. Privacy ShieldAct-On Software complies with the EU-U.S. Privacy Shield Framework. 

We are committed to subjecting all personal data received from European Union member countries to the Framework’s applicable Principles. 

Keywords: [“data”,”European”,”GDPR”]
Source: https://www.act-on.com/resources/gdpr/

GDPR News Center News for 06-05-2018

Understanding the General Data Protection Regulation (GDPR) and your options with Microsoft 365

New MailerLite GDPR Features Are Here

The flowers are blooming, the weather is finally nice and GDPR compliance starts on the 25th. The GDPR is the new set of guidelines that you must adhere to if you handle personal data of European Union citizens. As you know, we’ve been working hard to develop new features for MailerLite that will help make GDPR compliance easier for you and your subscribers. The right to be forgotten is a GDPR mandate that allows subscribers to ask you to delete all of the data associated with them. In your subscriber page, there is a new button called Actions. 

Obtaining active and explicit consent from subscribers is a huge deal for the GDPR. If you start sending emails to people who don’t want them, they can cause you a lot of problems within the GDPR framework when they complain. When you use MailerLite signup forms to acquire subscribers, we capture IP address, location, date, time, and the source of the consent form. MailerLite now displays this information in your subscriber profiles. The good news is that this data is available for both your new and old subscribers. 

While most of you have subscribers all over the world, the GDPR only applies to citizens of the European Union. If subscribers signup with a MailerLite form, our location tracking capabilities can determine if the person is signing up from an EU country. Starting May 14, we will launch a new rule in the subscriber filter called Location where you can sort your subscribers by location. We will also include a special list of all 28 EU countries to help you easily sort GDPR subscribers. 

Keywords: [“subscribe”,”GDPR”,”MailerLite”]
Source: https://blog.mailerlite.com/new-mailerlite-gdpr-features-are-here-part-1-of-3/

PECR and GDPR: why new rules aren’t to blame for all the dumb emails you’re getting

They have the same chirpy tone, are being sent from brands and ask whether you’d like to get more emails from that company. The majority of these emails cite the European General Data Protection Regulation, which starts to be enforced on May 25. That’s why you’re getting all those emails. It turns out, most of these emails are pointless. These are based upon a European e-privacy Directive and cover messages used for marketing – everything from the pesky emails to text messages. 

GDPR doesn’t replace PECR but sits alongside it and European regulators are coming up with a new set of e-privacy rules to replace it. A pre-ticked box saying you are willing to receive marketing emails doesn’t count as unambiguous consent. As well as consent, there are other ways for companies to obtain and process a person’s data and still be inline with the requirements of GPDR. Ultimately, the overlap between PECR and GDPR has meant some companies will lose subscribers to their mailing lists that have just ignored the deluge of messages being received. In an almost ironic twist, last year the ICO fined Honda and Flybe for sending emails asking people to agree to getting more emails. 

There also have been more malicious examples of email consent messages being sent. UK-based cybersecurity firm Redscan discovered phishing emails have been sent that were disguised as GDPR-related emails. The firm spotted a fake email that had been made to look like it was from Airbnb, stating its customers should click on a particular link to update their privacy settings. 

Keywords: [“email”,”consent”,”GDPR”]
Source: http://www.wired.co.uk/article/pecr-gdpr-emails

Collect Consent with GDPR Forms

Enabling GDPR fields on your signup forms does not make you compliant. To collect consent from new and existing contacts, you’ll set up your forms, create a segment, and send a consent campaign. GDPR forms are not compatible with embedded forms or MailChimp Subscribe. GDPR forms are only compatible with certain styles of pop-up forms. Just enabling GDPR fields on your signup forms will not make you compliant. 

Set up your GDPR-friendly signup form Enable GDPR fields Turn on GDPR fields for the signup forms for each list affected by the GDPR. Edit GDPR fieldsMailChimp provides suggested language for GDPR fields to make it easier for you to create your GDPR-friendly forms. Collect consent From new contacts After you save your changes in the form builder, that signup form will include GDPR fields on compatible published forms. After you enable GDPR form fields for your list, these fields will be included on the hosted signup forms for your list, update profile forms, and signup landing pages. GDPR fields are not compatible with embedded forms, form integrations, or MailChimp Subscribe. 

These fields will be included on most signup forms associated with that list, including pop-up forms, the hosted signup form, and signup landing pages. The changes you make in the form builder will apply to most MailChimp signup forms, including compatible pop-up forms and landing pages. Now that you’ve updated your forms and your segments are set up, you’ll be able to collect consent from new contacts and market accordingly. 

Keywords: [“form”,”GDPR”,”field”]
Source: https://kb.mailchimp.com/accounts/management/collect-consent-with-gdpr-forms

What is GDPR?

It’s about giving you greater security, transparency, and control of your personal data online. We think this is a good thing wherever you’re from, not just if you live in the European Union! We’ve made GDPR compliance a priority at Typeform: we created a team to work across the whole company to make sure we’re ready for GDPR even earlier than May 2018. For us this is not just box-ticking, but about baking these new principles of privacy and security into everything we do. We’re reviewing our contracts with vendors and partners to make sure they are also compliant, and can give us the guarantees on privacy and data protection that we need, such as the EU-US Privacy Shield framework. 

We are currently revisiting our data subject policies and processes so they are GDPR compliant. Good point! A data subject is legal jargon for any living person who has some personal data stored somewhere. That means pretty much all of us! We can’t rewrite European Regulations without all the legal jargon, but we’ll try to explain them to you when necessary! 

Our legal team is preparing a Data Processing Agreement that will be available to all our customers soon. Enterprise customers can also request Typeform to sign a custom Data Processing Agreement document by contacting Support. If you’re a company, this means more transparency and visibility of how we process personal data. If you’re an individual, you don’t need to do anything! This all just means your data is safer than ever. 

Keywords: [“data”,”GDPR”,”European”]
Source: https://www.typeform.com/help/gdpr-compliance/

GDPR News Center News for 06-04-2018

Legal obligations and responsibilities for data processors and controllers under the GDPR

GDPR

To be effective from May 25, 2018, the primary goal of these changes is protection of personal data and rights of EU residents. The essence of the GDPR is in direct alignment with our core values of customer trust and data privacy. Create a comprehensive Privacy Management Framework that incorporates 130+ best practices and organizational measures, divided into 13 data privacy management categories. Appoint a Data Protection Officer/Official in an independent role. Risk management framework to assess and manage threats across the organization and real-time personal data – Completed. 

Embedding of personal data protection requirements within contracts and agreements with third-party service providers – Completed. Customer facing Data Protection Addendum – Completed, to be published soon. Vendor facing Data Protection Addendum – Completed, to be published soon. BS 10012:2017 Personal Information Management System [PIMS] & GDPR Regulation Compliance – BS 10012 helps organizations in managing risks to the privacy of personal data and implement necessary policies, procedures and controls to help ensure compliance with data protection legislation. We take utmost care to ensure that our customer data is secure and easily accessible. 

The GDPR applies not only to organizations located within the EU but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of EU data subjects. A controller is an entity that determines the purposes, conditions, and means of the processing of personal data, while a processor is an entity that processes personal data on behalf of the controller. 

Keywords: [“Data”,”GDPR”,”personal”]
Source: https://vwo.com/platform/security-compliance/gdpr/

GDPR: Are you ready for the EU’s huge data privacy shake-up?

The General Data Protection Regulation, which comes into force on 25 May, will be the biggest shake-up to data privacy in 20 years. A slew of recent high-profile breaches has brought the issue of data security to public attention. Claims surfaced last month that the political consultancy Cambridge Analytica used data harvested from millions of Facebook users without their consent. People are increasingly realising that their personal data is not just valuable to them, but hugely valuable to others. The growth of technology and electronic communication means that every day, almost every hour, we share our personal data with a huge number of organisations including shops, hospitals, banks and charities. 

That data often ends up in the hands of marketing companies, analysts and fraudsters. Now the law on data protection is about to catch up with technological changes. They will also have to use data minimisation techniques, including pseudonymisation – a technique that replaces some identifiers with fictitious entries to protect people’s privacy. These come from companies who have managed to get hold of our personal data without our knowledge or consent. Most public authorities and organisations that monitor and track behaviour must appoint a data protection officer. 

All of which means that the GDPR should make our personal data safer and less easily obtained by those we don’t want to have it. There are probably two reasons for this: first, if the UK watered down its data protection laws after Brexit, this might result in other Europeans treating the country as a pariah state, which would have an impact on trade. 

Keywords: [“data”,”company”,”consent”]
Source: http://www.bbc.com/news/technology-43657546

GDPR: These companies are getting killed by Europe’s new data protection law

The EU General Data Protection Regulation applies to any organization that holds or uses data on people inside the European Union, regardless of how big they are or where are they based. She said that while the new law would benefit consumers, it may also advantage large companies with the resources – lawyers, data experts and programmers – needed to make the transition. The new rules give Europeans more control over their personal data. In many cases, companies need consent to process that information. They won’t be allowed to store the data for longer than necessary, and they must respond to requests from customers who want their data deleted. 

Companies may also have to prove they are handling data correctly, meaning increased monitoring and documentation. Complying with the new regulations isn’t cheap, and experts say the world’s biggest companies are spending tens of millions of dollars to prepare. The current design, which was built in 2009, makes it difficult to delete data from user accounts. European lawmakers have pushed back on suggestions that GDPR could give the biggest tech companies an advantage over smaller rivals. Giovanni Buttarelli, the European Union’s data protection supervisor, said that the biggest companies will also face the largest fines if they violate the rules. 

The regulators can impose penalties on companies of up to €20 million or 4% of annual global sales, whichever is bigger. Experts say some smaller companies outside Europe might not yet realize that they have to comply with GDPR, because similar rules don’t exist in their home market. 

Keywords: [“company”,”Data”,”game”]
Source: http://money.cnn.com/2018/05/11/technology/gdpr-tech-companies-losers/index.html

AppSumo

The GDPR Tracker is an online tool that guides you step by step on how to document your data flows, internally and externally, so that you are closer to being GDPR compliant. The GDPR states that if you hold and process personal information of clients, employees, or suppliers residing in the EU, you are legally obliged to protect that information, regardless of industry. With the GDPR Tracker, you’ll have detailed information regarding the GDPR’s regulations. The GDPR Tracker also has instructions on what security measures to put in place to ensure that the digital and physical data you hold is secure. The GDPR Tracker will also track your progress so you know where you stand and how much you have left before you are no longer running from the law. 

Ensure GDPR compliance with a comprehensive list of actions to complete. Sumo-lings, you can grab lifetime access to the GDPR Tracker Plan for just $49! Start using the GDPR Tracker now! If you don’t use it to get GDPR compliant, you will be forced to spend valuable company dollars paying off huge fines. While we still recommend you consult a lawyer to ensure you’re fully compliant, the GDPR Tracker will save you from paying a lawyer to take you through the whole process. 

Lastly, the GDPR Tracker removes the stress and headaches from not knowing what to do and where to start. Much like paying taxes, becoming GDPR compliant is unavoidable. So instead of stressing yourself out over what to do and where to start, grab lifetime access to the GDPR Tracker for just $49! Get GDPR compliant now! 

Keywords: [“GDPR”,”track”,”compliant”]
Source: https://appsumo.com/gdpr-tracker/

GDPR News Center News for 06-03-2018

(GDPR) Afla totul despre protectia datelor cu caracter personal cu Bogdan Manolea

Wake-up call to business with one month to be GDPR-compliant

One month left before sweeping new EU data rules come into force. Companies should prioritise mapping out the data they hold and improving cyber security. There is exactly one month to go until the EU’s new General Data Protection Regulation comes into force, governing all data that companies hold on individuals. The website of the ICO has a handy 12-step guide that lays out how to document data, know the rights of individuals, deal with subject access requests, obtain consent, lawfully process data – and what to do in case of a breach. We have a lot of data – payroll, sales and marketing, HR . . 

Then there is who has external access to that data: cloud storage services, advertising and marketing companies, and subcontractors for example. First, GDPR sets out key rights for individuals, one of which is the right to be informed of what personal data a company holds. Anyone can issue what is known as a subject access request, which gives companies 30 days to list the data they hold. A detailed SAR will ask for a copy of all personal information, details of how it has been used, all the third parties which whom it has been shared, how long it has been stored and details of any data breach. Regulators do not like data breaches and customers like them even less. 

The arrival of the EU’s new data rules has created a rush among businesses and in the public sector for data protection officers, writes Barney Thompson. Chad Wollen, chief marketing officer at Smartpipe, which helps mobile and internet operators to monetise subscriber data, said businesses needed to remember the importance of the role before designating a member of their team. 

Keywords: [“data”,”company”,”GDPR”]
Source: https://www.ft.com/content/ee98973a-47d4-11e8-8ee8-cae73aab7ccb

GDPR: New EU data privacy regulation has left Silicon Valley scrambling

Tech companies are currently scrambling to get ready before May 25th, the date that will see the implementation of a major new piece of European data privacy legislation: GDPR. Here’s the quick-and-dirty version of what you need to know. It’s a major new piece of European regulation that addresses how EU citizens’ data can be used by corporations, introducing strict new rules around gaining people’s consent to process their data. GDPR furnishes Europeans with a number of additional rights when it comes to their data. Companies need to ask customers for their data in a clear and accessible way. 

Those customers will have the right to demand organisations delete their data when asked. They will be able to ask for information on how and why their data is being processed. If a company that holds their data realizes it has been breached, it must, in some circumstances, inform people within 72 hours. Even if a company has no offices in Europe, and its employees have never set foot on the continent – if they’ve got EU data, they’ve got to play by EU rules now. It’s a big deal, and dramatically changes how companies need to approach data. 

With only a month to go, companies are moving to make sure they have consent to hold the data they do. Many mailing lists are asking European users for permission to keep emailing them, while apps are making people provide explicit permission to use their data. Facebook, for example, has been prompting users to agree to how it wants to use their data – but has also been criticized for not providing users with a clear yes-or-no choice, with some experts suggesting its prompts might not be GDPR-compliant. 

Keywords: [“data”,”company”,”European”]
Source: http://www.businessinsider.com/what-is-gdpr-regulation-explained-2018-4

Companies Respond To The GDPR By Blocking All EU Users

While the effort is well-meaning and does have some good ideas concerning data control and transparency, we still feel that it was put in place by people who had little idea of the impact it would actually have, and will have disastrous consequences on online speech, in particular. F-Secure’s Mikko Hypponen has been tracking a bunch of examples and also highlighted a site called GDPR Shield that gives you some simple javascript to block EU visitors. Among those that Hypponen has noted cutting off EU users are the following: Ragnarok Online, Verve, Brent Ozar, Unroll. Hypponen also notes the very different reactions to all of this from EU readers and US readers. EU folks seem to be generally supportive of the GDPR and think that companies shutting down service are either stupid & ignorant or evil and thus should shut down. 

On the US side, he notes people are smug about how this serves the EU right and will harm the EU. It’s entirely possible both are right. The GDPR has significant problems – even if it does also have some good stuff. The fact that it feels like supporters of the GDPR refuse to fix the problems seems troubling. It’s going to have quite an impact and there seems to be little concern among those who support it. 

They automatically default to the idea that opposing the GDPR means that you want to do something bad, no matter how inaccurate that statement is. It would have been much better if those crafting the GDPR had actually bothered to listen to the wider concerns. They could have preserved some of the good ideas concerning control and transparency, without creating so much of a mess for everything else. 

Keywords: [“GDPR”,”idea”,”concern”]
Source: https://abovethelaw.com/2018/05/companies-respond-to-the-gdpr-by-blocking-all-eu-users/

GDPR News Center News for 06-02-2018

Del 1: Vad är GDPR?

HubSpot Product Readiness Page

Now that we’ve gotten product specifics out of the way, a quick word on our mindset towards the GDPR, as marketers. Here’s the thing: all of the recent data protection laws, from CAN-SPAM to CASL to the GDPR and beyond, are built for a simple reason: to provide better experiences for our customers and the people who trust us with their data. Complying with the GDPR will require effort, and that effort may lead to stress between now and deadline day. At the end of the day, if the GDPR makes your customers’ lives better, it’ll grow your business as a result. The GDPR has specific rules about enabling your contacts to specify exactly what they want to receive from you. 

The GDPR requires increased transparency around data collection and processing. Not only will that satisfy the specific contact in question; it’ll ensure that you’re not wasting your time trying to market and sell to people that have no interest in your product or service. Perhaps most importantly, the GDPR requires lawful basis for processing. That’s bad news if you’re purchasing lists: not only is this not allowed under the HubSpot Acceptable Use Policy, but now it’s also not permitted under the GDPR. That may sound painful in the short term, but it’s good news for your company in the long run. 

Making sure you have established a lawful basis will lead to a more engaged list, better email deliverability, and fewer annoyed contacts. For many companies — HubSpot included — GDPR compliance is stressful and work-heavy. As you work through those long hours reading through the GDPR and building out your process, don’t forget the purpose behind the law: to provide better, more secure, more transparent experiences for our customers. 

Keywords: [“GDPR”,”contact”,”better”]
Source: https://www.hubspot.com/data-privacy/gdpr/product-readiness

GDPR: 15 examples of repermissioning emails & campaigns

By now, you’ve probably received at least one email from a company asking you to confirm that you really do want to receive marketing emails. It could be argued that this approach creates a catch-22 scenario – to opt-out, users have to be somewhat engaged with Money Supermarket emails, but it is the recipients that are not engaged with these emails that are most likely to want to opt out. You wouldn’t expect anything less from PwC, but its repermissioning email includes everything that the ICO would want to see. Any marketer wanting to include all the right information in their repermissioning campaign would be wise the follow the lead of an email like this, in my opinion. Lots of companies are doing more than just emailing their database to establish consent – Manchester United, for example, has been using a combination of email, print handouts at games, video content and even advertising hoardings to get its fans to opt in. 

Desperate approach to GDPR… Man Utd using their ad hoardings to ask people to opt in for emails pic. It has taken the admirable approach of repermissioning its email newsletter. As discussed in the intro to this article, this means that those who miss or disregard a repermissioning email will be opted out automatically. You would imagine that where companies take this approach, asking for consent would be front and centre in any repermissioning email. 

This email shows the need to put the repermissioning message up front, as blatant as possible. Imperial College’s Enterprise Lab has the same issue that The Candidate has – the GDPR and opt-in message is buried within a very noisey email. Of all the emails featured here, I really like this subject line and headline. 

Keywords: [“email”,”Opt”,”repermission”]
Source: https://www.econsultancy.com/blog/69966-gdpr-15-good-bad-examples-of-repermissioning-emails-campaigns

GDPR Requirements in Plain English

Even if you’ve personally determined that you don’t need to necessarily become compliant, you definitely need to protect your user’s data and implementing the GDPR guidelines will help you improve that. Review the data you currently have on hand and make sure that none of these special categories of data exist and / or could be inferred from the data you control. Chapter 3 – People’s Data Rights Section 1 – Don’t make things confusing Article 12 – Be transparent about what you’re doing with data What it says. Be honest with people, use plain language to describe what you’re doing with their data at the time you collect it. Have a procedure in place to handle personal data requests to have their data deleted or fixed. 

You shouldn’t collect more data than you need and what data you do collect you need to pseudonymise. Section 3 – Consider and document how what you do may affect data security Article 35 – You should write up a data protection impact assessment before new projects What it says. Before you bring on new services to deal with data, you should figure out what impact that will have on security in terms of what exactly they are going to do with the data, an in particular if they’re doing to do profiling/filtering based on the data. Chapter 5 – How to handle transferring data out of the EU and GDPR Article 44 – Generally you should get permission What it says. Article 47 – Non EU companies can create their own strict data handling rules to be GDPR compliant What it says. 

If a company that is not in the EU wants to handle EU data they can create binding corporate rules that match the GDPR regulations. The old privacy and data regulations are out GDPR is in. 

Keywords: [“Data”,”article”,”need”]
Source: https://blog.varonis.com/gdpr-requirements-list-in-plain-english/

GDPR News Center News for 06-01-2018

It’s not too late to start your journey to GDPR readiness

Our Commitment to Data Privacy

Trello is committed to compliance with the General Data Protection Regulation, which will go into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law. Where we are transferring data outside of the EU, committing to appropriate data transfer mechanisms as required by GDPR. This includes our current Privacy Shield certification. 

Ensuring our staff that access and process our customer’s personal data are bound to maintain the confidentiality and security of that data. Holding any subprocessors that handle our customers’ personal data to the applicable data management, security and privacy standards required under GDPR. Commiting to carrying out data impact assessments and consulting with EU regulators where appropriate. We currently store data in data centers provided by Amazon Web Services located in the US. We may also allow employees and contractors located in the US, Europe and Australia access to certain data for product development, customer and technical support purposes. 

Trello features require that data be transferred to the US. In addition, our employees and contractors may need access to data stored in the EU from a non-EU country for technical and support related reasons. We are a certified entity under Atlassian’s Privacy Shield certification. Trello is 100% committed to customers’ success and the protection of customer data. Customers can count on our commitment to GDPR compliance. 

Privacy – We’re committed to protecting your privacy of your personal information. 

Keywords: [“Data”,”customer”,”privacy”]
Source: https://help.trello.com/article/1118-trello-and-gdpr-our-commitment-to-data-privacy

What is GDPR? Everything you need to know about the new general data protection regulations

One of the key components of the reforms is the introduction of the General Data Protection Regulation. At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. The definitions of each are laid out in Article 4 of the General Data Protection Regulation. If you are currently subject to the UK’s Data Protection Act, for example, it’s likely you will have to look at GDPR compliance too. GDPR extends the definition of personal data so that something like an IP address can be personal data. 

What that means, they say, is regulation will guarantee data protection safeguards are built into products and services from the earliest stage of development, providing ‘data protection by design’ in new products and technologies. One of the major changes GDPR will bring is providing consumers with a right to know when their data has been hacked. Once GDPR comes into force, it’ll introduce a duty for all organisations to report certain types of data breaches which involve unauthorised access to or loss of personal data to the relevant supervisory authority. The contact details of the data protection officer, or main point of contact dealing with the breach, will also need to be provided. GDPR might seem complex, but the truth of the matter is that for the most part, the legislation is consolidating principles which currently form part of the UK’s Data Protection Act. 

There are elements of GDPR such as breach notification and ensuring that someone is responsible for data protection which organisations need to address, or run the risk of a fine. Failure to comply with the data protection regulations could result in a €20 million fine, and Australian organisations with links to Europe will not be exempt. 

Keywords: [“data”,”GDPR”,”organisation”]
Source: https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/

How Thrive Themes Products Will Help You With GDPR Compliance

At Thrive Themes, we have been hard at work to help you keep your website GDPR compliant in the easiest and most seamless ways possible. In this post, you’ll discover the GDPR related features that we’ve already released and get up to date information about the ones we’re still working on. At Thrive Themes, we’re currently working on feature additions in our products that will make it easier for you to stay GDPR compliant. For lead generation forms created with our tools, we are working on a feature to add an optional checkbox for consent. An important part of GDPR is the citizen’s right to know what data about them is being collected and the right to have that data deleted. 

The WordPress team announced that a data export and removal tool will be added as a core feature. This is good news, because it means we can add data tracked by Thrive Themes products to this tool and you will have a central solution for managing data not only from our products, but from any other plugins and tools you might use. Thrive Quiz Builder can be used to gather insights about your audience, such as their personal preferences, their age range and gender or anything else you care to ask during a quiz. We’re about to release a new profiling feature which allows you to toggle between two types of data collection: anonymized and personal. Thrive Themes tools utilize cookies in various ways and will continue to do so. 

Proof of Opt-In. In the Thrive Leads reporting area, you can see a list of all leads that have signed up and you can see which of your Thrive Leads opt-in forms they have signed up for. P.S.: If you’re looking for the previous update video we created about GDPR features, click below. 

Keywords: [“Data”,”GDPR”,”tool”]
Source: https://thrivethemes.com/gdpr-features/