GDPR News Center News for 10-25-2018

EU GDPR Webinar: The IT Manager’s guide to GDPR – Getting your department up to speed and ready

GDPR Compliance

The regulation increases the level of control EEA citizens and residents have over their personal data in the new digital age and presents a more unified environment for international business across Europe. The Regulation impacts any business that receives, processes, stores or transfers personal data of EEA-based individuals, regardless of its location. Personal data is defined broadly and typically includes information relating to an individual such as name, email, location, online identifier, IP address, home address etc. New rights are given to individual data subjects concerning the personal data being stored, including the right prior notification of what data is being used for, how it will be processed and when it will be deleted. As a result, most businesses dealing the European market have had to review and update their data practices and privacy policies. 

BlueSnap & the GDPR. BlueSnap has been focused on completing its General Data Protection Regulation compliance efforts. To enable BlueSnap merchants to continue accepting orders from individuals based in the European Economic Area from that date onwards, the GDPR compels us to put into effect a Data Protection agreement containing mandatory provisions for all merchants wherever they are based. We therefore issued a Data Protection Addendum effective for BlueSnap and all merchants as from 25th May 2018. Review the new Data Protection Addendum here: https://home. 

In order to cover the aspect of data transfer from the European Economic Area to the US, BlueSnap has been certified on Privacy Shield since Q3 2016. We also added certification under the Swiss-US Privacy Shield scheme in 2017 and are currently finalizing updated data processing agreements with relevant parties involved in the processing, receipt, and storage of personal data. We strongly advise merchants that receive shopper details from EEA-based individuals to take immediate steps to ensure their own data management practices are in compliance with the GDPR, and that other third party services used in addition to BlueSnap, are also compliant. 

Keywords: [“data”,”BlueSnap”,”individual”]

‘Everyone is breaking the law right now’: GDPR compliance efforts are falling short

The arrival of the General Data Protection Regulation a month ago led to a flurry of activity, clogging email inboxes and flooding people with tracking consent notices. Experts say much of that activity was for show because much of it fails to render companies compliant with GDPR. Part of the issue, experts say, is the vague regulation has been interpreted in wildly different ways. GDPR consent-request messages vary wildly across sites. There are default pre-ticked opt-ins, buried options that require users to hunt for them, consent banners with information only available at a further click but no button to reject, and implied consent approaches. 

Others have simply reskinned cookie-banner messages required under the existing ePrivacy directive. A tumultuous few weeks after the law’s arrival on May 25, in which programmatic ad volumes plummeted mostly as a result of Google’s last-minute GDPR policy changes, programmatic spending is returning to pre-GDPR levels. GDPR has been criticized for being vague and open to interpretation, which is what led to such disparate consent-gaining methods. Publishers across Europe are divided between those that have taken softer legitimate interest-based approaches or opt-out methods to claim compliance, while others have gone the harder consent-based route that requires people to opt in. Bloomberg and Forbes appear to be taking strict active consent approaches, while others like the Guardian and MailOnline are running consent banners. 

Several publishers have divided explainers on their cookie use into those used for advertising and tracking, and those used for site analytics – though users aren’t always able to pick one and reject the other; in many cases, it’s all or nothing. Others are simply hoping to stay under the radar until they have figured out how to be compliant in a way that doesn’t damage the business model. Publishers went on a soul-searching mission when ad blocking reached crisis levels in 2017. 

Keywords: [“publishers”,”consent”,”GDPR”]

80 Percent of Companies Still Not GDPR-Compliant

Several weeks after the deadline for General Data Protection Regulation compliance, the vast majority of companies are either still working on it or have yet to begin the process. That’s according to the latest research from TrustArc, which surveyed 600 IT and legal professionals responsible for privacy at companies required to meet GDPR compliance in the United States, the United Kingdom and the European Union – one month following the May 25. Only one in five companies surveyed believe it is GDPR compliant, while 53 percent are in the implementation phase and 27 percent have not yet started their implementation. EU companies, excluding the U.K., are further along, with 27 percent reporting they are compliant, versus 12 percent in the U.S. and 21 percent in the U.K. 

While many companies have significant work to do, nearly three in four expect to be compliant by the end of this year and 93 percent by the end of 2019. While many companies still have a long way to go, a comparison to August 2017. About one in four companies spent more than $500,000 to become GDPR-compliant, while one in three plan to spend that amount on compliance efforts between June and December 2018. Percent of U.S. companies spent more than $1 million on compliance vx. 10 percent for U.K. 

and 7 percent for EU companies. Despite difficulties in becoming GDPR-compliant, 65 percent view GDPR as having a positive impact on their business, while 15 percent view the regulation as having a negative impact. Meeting customer expectations was the main driver to become compliant, much higher than concern for fines. Complexity of GDPR posed the biggest challenge to compliance. The vast majority said data privacy will become more important at their companies post-GDPR deadline, and 80 percent of companies plan to increase their spending on GDPR technology and tools to maintain compliance. 

Keywords: [“percent”,”companies”,”compliance”]

GDPR News Center News for 08-24-2018

General Data Protection Regulation

Here you can find the official PDF of the Regulation 2016/679 as a neatly arranged website. All Articles of the GDPR are linked with suitable recitals. The European Data Protection Regulation will be applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe. If you find the page useful, feel free to support us by sharing the project. Quick Access Important Issues Chapter 1 – General provisions Chapter 2 – Principles Chapter 3 – Rights of the data subject Chapter 4 – Controller and processor Chapter 5 – Transfers of personal data to third countries or international organisations Chapter 6 – Independent supervisory authorities Chapter 7 – Cooperation and consistency Chapter 8 – Remedies, liability and penalties Chapter 9 – Provisions relating to specific processing situations Chapter 10 – Delegated acts and implementing acts Chapter 11 – Final provisions. 

Keywords: [“Chapter”,”Data”,”provisions”]

General Data Protection Regulation Compliance

Commvault software integrates backup, recovery and archiving in a way that creates a single searchable pool of all your structured and unstructured data, no matter where it’s located. By simplifying information governance, Commvault gives you the visibility and control you need to meet your GDPR obligations. Identify the presence of personal data in all data locations. Automate special handling of information with standard data policies Support the export and erasure of personal data from all data sources. Maintain an auditable chain of custody on an individual’s personal data. 

Understand data leakage risk and speed up data breach analysis. By eliminating the need for multiple point products to manage your data, Commvault software does more than just lay a foundation for GDPR compliance – it also helps you improve operational efficiency, gain business advantage and boost employee productivity. 

Keywords: [“data”,”personal”,”Commvault”]


The documents in this section are offered to help churches comply with the General Data Protection Regulation which comes into force on 25 May 2018. It cannot cover comprehensively everything that any church might ever do with data but churches following this guidance should be well on their way to compliance. You will have heard a lot of concern about the need to obtain consent from data subjects. There are legal bases for processing data, other than consent, which have been included in the template Data Privacy Statement, and wherever possible it is recommended that the need to obtain consent is avoided. If you wish to collect or process Special Category Data you will need to obtain consent. 

A template consent form is included for this purpose. Further guidance is still expected from the Information Commissioners Office and this guidance will be added to or amended as becomes necessary. 

Keywords: [“Data”,”consent”,”obtain”]

GDPR Readiness « Sabre

The European Union General Data Protection Regulation is a data privacy law effective May 25, 2018, and will apply to any company, such as Sabre, that processes data for EU residents, regardless of the business location, in the context of the activities of the establishment. Changing our systems, contracts and processes to comply with the GDPR. Creating communication channels for continual updates. Participating on industry forums to develop common solutions with industry partners. Our customer expectations Think about the data minimization requirements, and please don’t provide more personal data than is needed. 

Appropriately prioritize data subject requests to ensure deadlines are met. Please respond quickly to new GDPR-related contract amendments. If you initiate it, please limit the language to that required by law, so that it may be completed quickly. 

Keywords: [“Data”,”please”,”quickly”]


Update: GDPR-friendly forms are now available for all MailChimp users. No matter what type of business you have or where in the world you’re located, chances are that you’ve heard a lot lately about the EU’s new data privacy law, the GDPR. As General Counsel. Last Tuesday, we announced in an email to our customers that MailChimp is adding single opt-in as an option for email lists, and making it the default setting in new and existing lists starting October 31. We’ve made an important change for MailChimp users located in the European Union: If your primary contact address. 

If your business is based in the European Union or you have customers or contacts in the EU, then you have probably heard of the General Data Protection Regulation by now. In this article, we’re going to cover a few things to keep in mind as GDPR approaches and provide you with the. 

Keywords: [“MailChimp”,”contact”,”Union”]

R U GDPR Ready?

There will be two levels of fines based on the GDPR. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher. The potential fines are substantial and a good reason for companies to ensure compliance with the Regulation. The EU Parliament had requested for fines to reach €100 million or 5% of the company’s global annual turnover. 

The agreed fines are the compromise that was reached. Fines for infringements will be considered on a case-by-case basis and will take a number of criteria into consideration, such as the intentional nature of the infringement, how many subjects were affected and any previous infringements by the controller or processor. 

Keywords: [“fines”,”companies”,”infringement”]

GDPR News Center News for 08-14-2018

Cracking the Programmer’s Interview Code

I’ve NEVER had to do a coding interview and I make really good money so it isn’t that I’m working for minimum wage. The best interview I’ve ever had is from the guy I currently work under. Now, if I ever did run into an interview where they wanted me to write code on a whiteboard, I’d probably pseudo code it out and explain that I’m a huge fan of Intellisense, particularly ReSharper, and Google and that I rely heavily on those two to get the syntax right. If you want a guy who can write code in notepad, I’m probably not the guy you’re looking for. In all my interviews, as a candidate, I’ve walked out having learned something new from a coding challenge. 

I think you missed out on one really critical component of white boarding code challenges. Once we’ve established that they aren’t lying on their resume about their experience, we can be pretty sure they’ve actually written code. A white board coding interview might be a way of getting at this information. Second, unless you state up front that you are only looking for pseudo code and how the candidate thinks, the candidate is going to stress over syntax. If the Interview only lasted 10 minutes, that would be a bad sign too. 

The way he talked about coding told me that he could code. You’ll get bonus points if you can walk into the interview already knowing what the pain points are so you can address them. 

Keywords: [“code”,”Interview”,”want”]

Understanding GDPR

Any company with personal data about customers who live in the European Union, including the UK. And by data I mean a person’s name, email, phone, address – stuff that identifies them. Availability – You need to treat your customer data like you would any of your business assets; you must keep it up-to-date, secure, and available for review if someone requests it. Right to be forgotten – Customers can, under certain circumstances. Data portability – Customers can ask for their personal data information to be supplied to them. 

They can send that data to other companies if they choose to. As you might guess from these first three hghlights, it’s critical to have your customer data clearly, cleanly and corrected structured. It must be clear WHY the user is being asked for their personal data and WHAT it will be used for. Responsibility – There are massive fines for breaches of the GDPR legislation – up to 4% of a company’s global annual turnover. To help avoid that sticky situation, you’ll be required to appoint a Data Protection Officer if you are part of a large company. 

The DPO will oversee all GDPR requirements and be the point of contact with regulators. It also allows them to ask for their data to be removed from a company database. For workplaces, it formalizes data processes, giving the opportunity to embed an all-hands security mentality. 

Keywords: [“data”,”GDPR”,”company”]

Ready for GDPR? Oracle Marketing Cloud gets you there!

Built on established and widely accepted privacy principles such as purpose limitation, lawfulness, transparency, integrity and confidentiality, the GDPR strengthens existing privacy and security requirements, including requirements for notice & consent, technical and operational security measures, and cross-border data flow mechanisms. Companies must implement an appropriate level of security, encompassing both technical and organizational security controls, to prevent data loss, information leaks, or other unauthorized data processing operations. The GDPR encourages companies to incorporate encryption, incident management, and network & system integrity, availability and resilience requirements into their security program. Companies have to inform their regulators and/or the impacted individuals without undue delay after becoming aware that their data has been subject to a data breach. Companies will be expected to document and maintain records of their security practices, to audit the effectiveness of their security program, and to take corrective measures where appropriate. 

If you would like to learn more about some of the requirements particularly relevant for marketers, please review our GDPR for Marketers whitepaper with more information about the native Data Privacy & Security features provided across the Oracle Marketing Cloud. 

Keywords: [“security”,”data”,”Companies”]


On this date, May 25th, in the year 2018, something called the General Data Protection Regulation will go into effect. I have written about the far-reaching privacy and cybersecurity impacts of this regulation here. Bear in mind that GDPR is a set of rules governing the privacy and security of personal data that is being implemented by the European Commission, but applies to many companies located OUTSIDE the European Union. For a start, GDPR gives data protection, and recourse for abuse or exposure of sensitive personal information, to residents of Europe, not just European citizens. Even if you’re in Idaho, selling motorcycle accessories via a website hosted in Chicago, and some of your current or former customers or prospects live in the EU, you could still be affected. 

If that sounds like no big deal, I assume you know where all of your customer and marketing data resides, and you have an easy way to look people up and remove them. That’s not even getting into questions of when and with whom you may have shared the data without the data subject’s explicit consent. So let’s say you have names and email addresses of people who have registered on your site as shoppers but you have assumed they would also like to know about motorcycling events and therefore shared their details with event organizers without explicit permission. 

Keywords: [“Data”,”GDPR”,”company”]

GDPR News Center News for 08-06-2018

General Data Protection Regulation

When it comes to data and data protection Agenci class ourselves as master craftsmen. GDPR Facts The government will repeal the current Data Protection Act 1998 on the 24th May 2018. The GDPR is a regulation and comes into force immediately on the 25th May 2018. Companies who breach GDPR will expect fines up to 4% of global TURNOVER. Companies need a clear process for managing Data Breaches. 

Companies will need to assign a Data Protection Officer. 10 Steps to GDPR Author Gary Hibberd The General Data Protection Regulations is a dramatic shake-up of data protection laws that affects European and UK citizens and comes into force on May 25th 2018. The current Data Protection Act is repealed and a new regulation comes into force. Role of the GDPR DPO Author Gary Hibberd Whilst the General Data Protection Regulations is clear about many things, the need for a designated Data Protection Officer seems to be confusing. GDPR Snake Oil Warning: Rant alert Author Gary Hibberd Like many in the Information Security/Cyber Security world at the moment I’m VERY excited about the new General Data Protection Regulations which come into force on May 25th, 2018. Author Gary Hibberd The General Data Protection Regulations promises to be one of the biggest changes in Data Protection laws in over two decades. 

The current Data Protection Act is repealed and a new regulation comes into force being the General Data Protection Regulations. Author Gary Hibberd Ok before we start I’ll warn you this blog is about ‘Data Regulations’ Wait!! Wait! Don’t go!! Data Protection Regulations are VERY important to you and to me. 

Keywords: [“data”,”GDPR”,”protection”]

How will GDPR affect me as an employee?

In less than three months, all businesses and organisations across Europe that handle customer data will have to comply with the General Data Protection Regulation. For organisations, it will mean establishing clear procedures around consent and having a legal basis for gathering data, so employers need to sit up and pay attention. Any changes to their contract, company handbook or the processing of their data. The purposes of the processing of their personal data. Any third parties who receive their data, eg payroll providers. 

Any intention to transfer their data outside the EU. Their rights under GDPR, eg right to object or lodge a complaint. For employers looking at how GDPR will affect them, they are in danger of getting so wrapped up in the processing of external data that they may to forget about data pertaining to their own employees. She said organisations need to understand the lawful basis of processing personal data, and ensure transparency and accountability by creating a data protection policy and easily accessible data protection notices. For employees who process personal data as part of their role, Flannery said they should be fully abreast of their organisation’s GDPR compliance programme and how this will affect how they collect, access, process and store personal data. 

They only ever process personal data in line with their defined responsibilities. They have a clear overview and understanding of the organisation’s data protection notice, as well as easy access to all relevant internal policies. They are provided with training specific to the processing of personal data. 

Keywords: [“data”,”employee”,”personal”]

Countdown To GDPR · Forrester

Forrester Principal Analyst Fatemeh Khatibloo examines the impact of the new General Data Protection Regulation, which rewrites privacy rules and converts privacy as a human right to a force of market disruption. It is hard to overstate the impact of GDPR. Take one point: data. For most industries and companies, data is the new currency, enabling companies to create new customer value, products, and experiences. That means, upon a customer’s request, companies will need to wipe clean all of that customer’s data across the enterprise – including all systems of record, systems of insight, and systems of engagement – raising the bar for data governance well beyond most companies’ capabilities. 

Organizations are still working to understand, federate, and use diverse, dispersed, and dynamic customer data. By May 25, 2018, companies need to be able to work at scale and with precision to erase all data on a single customer and certify that result. Notify the relevant data protection authority of a breach within 72 hours. Remove ambiguous consent of data collection; consent opt-in will remain the default option. Relate the collection and/or processing of personal data to one or more specific purposes. 

The combination of empowered customers and the pace of digital disruption, let alone the growing specter of cyberthreats, is a potent brew that will put companies on the defense. GDPR adds a layer of complexity to the mix that will severely test companies. In this episode, Fatemeh Khatibloo describes the implications of GDPR and provides pragmatic guidance on how companies can prepare for compliance. 

Keywords: [“Data”,”companies”,”customer”]

GDPR and CRM: How to Manage Customer Data in 2018

3 CRM features to look for to help you manage customer data better. GDPR provides citizens of the EU with greater control over their personal data and assures that their information is being securely protected across Europe, regardless of whether the data processing takes place in the EU or not. The systems you use to store all your customer data. The legal aspects of the regulation and how it will affect the way you handle personal data. If you use a CRM solution, then it should support the collection and management of personal data in a secure way. 

GDPR has a big effect on how businesses collect, store and secure personal customer data. The good news is that GDPR and CRM have a lot in common as both GDPR and CRM are about building deeper trust and loyalty with new and existing customers through the professional handling of personal customer data. Managing personal data with CRM. Customer data, which goes into a CRM system, is by default, also personal data. Different types of data have different rules for how it should be processed. 

Basic data such as names, addresses, phone numbers are more general data and can be open to all employees within your company. SuperOffice CRM allows you to set up routines and automated rules for how different types of personal data can and should be handled by your company. Once you’ve evaluated your database for what kind of personal information you have, where it comes from and what legal basis you have for keeping it, and set up how you want the data to be handled, you will need a way to update all this personal data in the new GDPR world. 

Keywords: [“data”,”GDPR”,”personal”]