GDPR News Center News for 10-20-2018

Basecamp GDPR compliance

If you’re based in the EU or do business in the EU, yeah! GDPR has a long reach. If you have any EU personal data in your Basecamp account, such as names, email addresses, ID numbers, or anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including Basecamp. These agreements are commonly called a Data Processing Addendum, or DPA. 

Data Processing Addendum. Contracts required! Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed. Basecamp participates in the EU-US and Swiss-US Privacy Shield Framework to safeguard the transfer of personal data to the US, meeting the GDPR requirement for adequate data protection laws. 

Basecamp uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, and require the same of them. 

Keywords: [“data”,”processed”,”GDPR”]
Source: https://basecamp.com/about/policies/privacy/gdpr

Basecamp GDPR compliance

If you’re based in the EU or do business in the EU, yeah! GDPR has a long reach. If you have any EU personal data in your Basecamp account, such as names, email addresses, ID numbers, or anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including Basecamp. These agreements are commonly called a Data Processing Addendum, or DPA. 

Data Processing Addendum. Contracts required! Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed. Basecamp participates in the EU-US and Swiss-US Privacy Shield Framework to safeguard the transfer of personal data to the US, meeting the GDPR requirement for adequate data protection laws. 

Basecamp uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, and require the same of them. 

Keywords: [“data”,”processed”,”GDPR”]
Source: https://basecamp.com/about/policies/privacy/gdpr

WP GDPR Compliance

Release date: July 6th, 2018* Added the ability to add required ‘Consents’. These Consents will always be triggered on page load.* Added ‘Privacy’ column to the WooCommerce order overview. Added the ability to change the message of the required asterisk elements. Added the ability to remove ‘Consents’ via the admin panel. Added confirmation mails sent after processing a anonymise request. 

Added mail sent to the admin when a new request is created. Release date: May 8th, 2018* Added a button to retry creating database tables required by the request user data functionality. Release date: May 7th, 2018* Added the request user data page. Added countdown to GDPR deadline* Added ability to add custom error messages to Contact Form 7 and Gravity Forms. Added ability to add HTML tags to the texts and error messages. 

Added minimum supported version for Contact Form 7* Added minimum supported version for Gravity Forms* Added minimum supported version for WooCommerce* Delete all data created by the plugin after deactivating integrations or uninstalling the plugin. Release date: January 19th, 2018* Added default error message. 

Keywords: [“Added”,”2018″,”Release”]
Source: https://wordpress.org/plugins/wp-gdpr-compliance/

WP GDPR Compliance

Release date: July 6th, 2018* Added the ability to add required ‘Consents’. These Consents will always be triggered on page load.* Added ‘Privacy’ column to the WooCommerce order overview. Added the ability to change the message of the required asterisk elements. Added the ability to remove ‘Consents’ via the admin panel. Added confirmation mails sent after processing a anonymise request. 

Added mail sent to the admin when a new request is created. Release date: May 8th, 2018* Added a button to retry creating database tables required by the request user data functionality. Release date: May 7th, 2018* Added the request user data page. Added countdown to GDPR deadline* Added ability to add custom error messages to Contact Form 7 and Gravity Forms. Added ability to add HTML tags to the texts and error messages. 

Added minimum supported version for Contact Form 7* Added minimum supported version for Gravity Forms* Added minimum supported version for WooCommerce* Delete all data created by the plugin after deactivating integrations or uninstalling the plugin. Release date: January 19th, 2018* Added default error message. 

Keywords: [“Added”,”2018″,”Release”]
Source: https://wordpress.org/plugins/wp-gdpr-compliance/

GDPR Compliance – Nextcloud

Email or public cloud solutions do not provide much security for sensitive data. Encryption is complicated and cumbersome to use, reducing the real benefits due to employees working around them or making mistakes. Keeping data on your own infrastructure means you stay in control. Only then can you show your customers exactly where their sensitive documents are. Regulators can be certain that non-compliance with proper process is minimized. 

Most consumer-grade solutions like Dropbox or Office 365 were not designed with privacy regulations and security concerns in mind, mixing data from consumers and businesses, spread out in data centers across the globe. Rather than trying to work around their limitations, Nextcloud Files provides a security-first solution which puts you in complete control over the location and access policies of data with a private cloud solution. 

Keywords: [“data”,”solution”,”control”]
Source: https://nextcloud.com/gdpr/

GDPR News Center News for 03-09-2018

Who Enforces GDPR Compliance?Sera-Brynn

One of the most talked about aspects of GDPR is GDPR compliance and non-compliance fines. They can be extraordinarily high – some as much as 4% of a business’ global revenue, or €20,000,000 whichever is higher. What’s not often discussed is how the GDPR regulation is going to be enforced – who is it that will come knocking? They’re called Supervisory Authorities and they have a number of investigative and corrective powers to bring to bear. Issue warnings should it appear a GDPR violation may occur. Order a processor or controller to comply with GDPR Impose limitations, and even bans, on processing. Each member state of the EU will appoint a SA who will work with other member state SAs. A business will have one “Lead” SA and a European Data Protection Board will coordinate the SAs. If your business processes or stores data on citizens of the EU and you’re concerned about GDPR compliance, contact-us.

Keywords: [“GDPR”,”business”,”SA”]
Source: https://sera-brynn.com/enforces-gdpr-compliance

CIBSE News

As a valued member of the global CIBSE community, we want to make sure you only ever receive communications that are relevant to you. On the 25 May 2018, the General Data Protection Regulation, intended to strengthen and unify data protection for all individuals, comes into effect. This means that you will need to manually opt-in to any future communications you wish to receive. After 25 May 2018, you will only receive marketing communications you have actively opted-in to, so make sure you don’t miss out. You can update your communications preferencs via your Preferences page in the MyCIBSE area by logging in. Simply select the types of communications you want to receive in future and the methods by which you are happy for us to communicate with you. Rights in relation to automated decision making and profiling. To see the current information about GDPR visit the ICO data protection reform website.

Keywords: [“communications”,”receive”,”Data”]
Source: https://www.cibse.org/news-and-policy/gdpr-updates

GDPR compliance checklist for recruitment

Hopefully, you already know your responsibilities and obligations, and your data subjects will soon understand their new rights and entitlements. The next stage in GDPR compliance for recruitment companies is to make sure that you have all of the facilities that you will need to manage the extra workload. That means staff and software solutions. No two businesses are the same, and it is impossible to predict how your data subjects may exercise their new rights, once they come into force. GDPR exposure must therefore be assessed on a case-by-case basis. Not preparing for a worst-case-scenario will always be a gamble – and one that could prove costly if you are unfortunate. So here is the eBoss, quick-glance checklist of tasks to complete before GDPR Day arrives. UPDATE Friday 8th December, 2017: eBoss has now launched our definitive guide to GDPR compliance for recruitment enterprises.

Keywords: [“GDPR”,”data”,”new”]
Source: https://www.ebossrecruitment.com/news/gdpr-recruitment-compliance-list

SANS Institute: Reading Room

Security Intelligence and the Critical Security Controls v6 by G. W. Ray Davidson, PhD – September 29, 2016 Security data is everywherein our logs, feeds from security devices, network and endpoint systems, anomaly reports, access records, network tra c data, security incident and event monitoring systems, and even in applications hosted in the cloud. All of this dataand the processes that use them combine to form an organizations security intelligence ecosystem. The major challenge of managing this ecosystem of security data is tying all these bits of data together and automating their correlation and use, with the goal of faster detection, prevention, continued security improvement and ultimately, reduced risk.1 The key to success is through automation and integration, according to the CIS Critical Security Controls, which is now in version 6.

Keywords: [“Security”,”data”,”Critical”]
Source: https://www.sans.org/reading-room/whitepapers/analyst/preparing…

GDPR Strategy: EU’s General Data Protection Regulation

Push privacy and GDPR to the top of your organization’s priority list. The question isn’t if you have a system to handle GDPR. It’s whether you have a system to manage the systems to handle GDPR. GDPR is about a whole a lot more than just consent. It’s about end-to-end orchestration, governance, dynamic processes, and auditability. It’s about getting your old systems to work with your new systems. It’s not just a matter of your business’ ability to react to customer requests; you’ll need a host of proactive processes as well. Pega applications can help your business fast-track GDPR compliance with closed-loop preference management, dynamic case management, no-code application development, and ironclad orchestration. About getting those old systems to work within your new automated processes? Not to worry. Pega Robotic Automation can help you take it on with ease.

Keywords: [“system”,”GDPR”,”processes”]
Source: https://www.pega.com/products/cloud/pega-trust-center/gdpr

GDPR Assessments

Data protection and cyber security laws in the EU are changing. On May 25, 2018, the General Data Protection Regulation will come into force, changing the way that marketers and organisations can handle personal data. Failure to comply with these laws could lead to a fine of up to €20 million, or 4% of your global turnover. Fulfilling requests for information The right to be forgotten and the erasure of data. To help you identify which customers in your database you should prioritise, we can get you started with topline analysis, highlighting the opt-in statuses within your database and the critical customers and prospects where action is needed now to gather permissions. The Blue Sheep GDPR Revenue Impact Assessment will provide your organisation with a diagnosis of your marketing database to enable you to take the action you need to ensure compliance come 2018..

Keywords: [“Data”,”database”,”2018″]
Source: https://www.bluesheep.com/database-solutions/gdpr-assessments