GDPR News Center News for 10-23-2018

Box GDPR Compliance

With the General Data Protection Regulation just around the corner, we’re committed to being GDPR-ready by May 25, 2018, so that our customers can use Box with GDPR compliance in mind. At Box, we meet the highest bars possible for data privacy, as well as support organizations using Box while meeting data privacy obligations across the globe. With Box, every company – regardless of location or data privacy obligations – can work as one. 

Keywords: [“Box”,”Data”,”privacy”]
Source: https://www.box.com/gdpr

» Organisations

The General Data Protection Regulation very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities. 

Keywords: [“Data”,”personal”,”how”]
Source: http://gdprandyou.ie/organisations/

General Data Protection Regulation Consulting & Compliance Services

Create a pragmatic roadmap and facilitate data compliance by evaluating current security practices against GDPR requirements. GDPR consulting tailors appropriate security measures to your organization’s requirements. Avoid new vulnerabilities with ongoing security testing, assessments and exercises. Implement security controls and processes to patch gaps and help to maintain a GDPR-compliant security posture. 

Keywords: [“security”,”GDPR”,”requirements”]
Source: https://www.secureworks.com/services/security-consulting/controls-compliance/gdpr

Protect Personal Data on Your Website

Manually searching for data across your digital presence is a tedious task. With Siteimprove GDPR, you save that time by automatically locating the personal data you handle online-think names, ID numbers, cookies, and more. Now you have the power to pinpoint and remove that data across your website, minimizing the risk of fines and other legal consequences on your way to GDPR compliance. 

Keywords: [“data”,”across”,”GDPR”]
Source: https://siteimprove.com/en-us/gdpr/

Data Protection and Complying with GDPR Laws

It’s no longer just about finding and securing data: it’s about proactively capturing the full context of data, classifying what level of security is needed, establishing and adhering to the necessary controls, and implementing ongoing best practices to ensure data is managed safely and successfully. Collibra provides the necessary foundation for any successful cyber security program. 

Keywords: [“data”,”Collibra”,”security”]
Source: https://www.collibra.com/data-governance/data-protection/

EU General Data Protection Regulation

FastSpring is compliant with the EU General Protection Regulation. Our ecommerce platform is capable of conducting business with all EU-based customers online store. FastSpring complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. 

Keywords: [“FastSpring”]
Source: https://fastspring.com/gdpr/

GDPR Compliance and Elasticsearch

Mike joined Elastic in 2016 from Prelert, where he’d been VP of Products for Prelert’s machine learning technology. Mike’s focus at Elastic is to help users and customers succeed with security-related applications of the Elastic Stack. Starting his career as an ASIC designer, Mike has led the development of SIEM, network IPS, DDoS Defense, and network monitoring solutions. 

Keywords: [“Elastic”,”Mike”,”network”]
Source: https://www.elastic.co/webinars/gdpr-compliance-and-elasticsearch

GDPR Compliance and Elasticsearch

Mike joined Elastic in 2016 from Prelert, where he’d been VP of Products for Prelert’s machine learning technology. Mike’s focus at Elastic is to help users and customers succeed with security-related applications of the Elastic Stack. Starting his career as an ASIC designer, Mike has led the development of SIEM, network IPS, DDoS Defense, and network monitoring solutions. 

Keywords: [“Elastic”,”Mike”,”network”]
Source: https://www.elastic.co/webinars/gdpr-compliance-and-elasticsearch

Data Mapping May Be the Hardest Part of GDPR Compliance

K Royal is in the business of making sure companies are compliant with the European Union’s General Data Protection Regulation. As senior director of privacy at compliance and security company TrustArc Inc., she helps organizations bridge the gap between knowing they must fully follow the GDPR, and actually crossing the finish line. 

Keywords: [“company”]
Source: https://www.law.com/corpcounsel/2018/08/15/data-mapping-may-be-the-hardest-part-of-gdpr-compliance/

Data Mapping May Be the Hardest Part of GDPR Compliance

K Royal is in the business of making sure companies are compliant with the European Union’s General Data Protection Regulation. As senior director of privacy at compliance and security company TrustArc Inc., she helps organizations bridge the gap between knowing they must fully follow the GDPR, and actually crossing the finish line. 

Keywords: [“company”]
Source: https://www.law.com/corpcounsel/2018/08/15/data-mapping-may-be-the-hardest-part-of-gdpr-compliance/

eBay Inc.

The General Data Protection Regulation is a comprehensive update to existing European Union laws that goes into effect on May 25, 2018. The GDPR was designed to harmonize data privacy laws across Europe, to protect and empower all EU resident’s data privacy and to reshape the way organizations across the region approach data privacy. 

Keywords: [“Data”,”privacy”,”across”]
Source: https://www.ebayinc.com/our-company/privacy-center/gdpr/

Analytics Platform

Matomo GDPR services We offer solutions and services to help you have a Matomo configuration ready for GDPR compliance. As the world leaders when it comes to privacy and customer data, we are looking forward to providing you support for our analytics platform which helps you achieve GDPR compliance easily. 

Keywords: [“GDPR”,”compliance”,”help”]
Source: https://matomo.org/gdpr/

General Data Protection Regulation

The General Data Protection Regulation, the world’s most expansive data privacy law, takes effect May 25, 2018. Any group that processes the personal data of European residents must comply with the new law. Non-compliance can result in fines up to €20million or 4% of annual turnover, whichever is higher. 

Keywords: [“Data”,”law”]
Source: https://www.veritas.com/gdpr

GDPR Compliance in 5 minutes

General Data Protection Regulation has created a wealth of uncertainty around compliance for marketers. This 5 minute summary explains the core principals for GPDR, what it means for inbound and outbound marketing and how to make web forms compliant. 

Keywords: [“marketers”]
Source: https://www.youtube.com/watch?v=cBRUYUheTTs

GDPR Compliance in 5 minutes

General Data Protection Regulation has created a wealth of uncertainty around compliance for marketers. This 5 minute summary explains the core principals for GPDR, what it means for inbound and outbound marketing and how to make web forms compliant. 

Keywords: [“marketers”]
Source: https://www.youtube.com/watch?v=cBRUYUheTTs

GDPR News Center News for 10-14-2018

No one’s ready for GDPR

The General Data Protection Regulation will go into effect on May 25th, and no one is ready – not the companies and not even the regulators. In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. When broken down by industry, 60 percent of tech companies said they weren’t ready. GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches to transparency for users about what data is being collected and why. Perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. 

A year ago, 61 percent of companies had not even started GDPR implementation. It’s not a pleasant position to be in, because GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. Because much of GDPR is ambiguous, how it will work in practice is up to what regulators do with it. Another GDPR provision that might strain regulatory resources is the data breach notification requirement. 

Regulators may not be ready to audit a company’s security or figure out exactly what to do to protect EU residents affected by the breach. GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. 

Keywords: [“company”,”GDPR”,”Data”]
Source: https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu

No one’s ready for GDPR

The General Data Protection Regulation will go into effect on May 25th, and no one is ready – not the companies and not even the regulators. In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. When broken down by industry, 60 percent of tech companies said they weren’t ready. GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches to transparency for users about what data is being collected and why. Perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. 

A year ago, 61 percent of companies had not even started GDPR implementation. It’s not a pleasant position to be in, because GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. Because much of GDPR is ambiguous, how it will work in practice is up to what regulators do with it. Another GDPR provision that might strain regulatory resources is the data breach notification requirement. 

Regulators may not be ready to audit a company’s security or figure out exactly what to do to protect EU residents affected by the breach. GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. 

Keywords: [“company”,”GDPR”,”Data”]
Source: https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu

How marketers are navigating GDPR compliance creatively

With GDPR finally enforced, marketers are now legally bound to handle, process and store personal data much more securely and transparently. Interestingly, GDPR has led to a cultural split in businesses. Marketo published a report revealing that GDPR has produced two ‘tribes’. On the other hand, there’s legal-first, which is the group of senders who have focused almost exclusively on the process and compliance aspects of GDPR, without considering the opportunity it presents. For marketing-first senders GDPR provided an opportunity to refresh consent using a variety of engaging approaches, capturing consumer attention and imagination, while also achieving/maintaining compliance with the new requirements. 

Teaching customers GDPR. Another way marketers have engaged with consumers is by presenting GDPR as a customer service benefit. By providing this compliance information in a clear and concise way, marketers have created interest in GDPR by presenting the new laws through a positive lens. Lloyds Bank took this opportunity to educate its email subscribers, setting out the parameters and requirements of the GDPR in layman’s terms that were easy for the audience to understand. As previously mentioned, GDPR is also challenging data controllers to be clear and concise. 

Although GDPR is a serious topic, it doesn’t mean senders suddenly need to adopt a stoic tone – the messages can still be conveyed in a way their subscribers know – and even expect – of their brand, and this will have an impact on success. GDPR is clear that consent must be freely given, and data controllers should avoid making consent a precondition of a service. Take a look at all Econsultancy’s GDPR resources, including a guide for marketers and online and face-to-face training courses. 

Keywords: [“GDPR”,”customer”,”data”]
Source: https://econsultancy.com/how-marketers-are-navigating-gdpr-compliance-creatively/

GDPR News Center News for 10-02-2018

5 last-minute GDPR resources to help bring businesses into compliance

This Friday is the deadline for compliance with the European Union’s new General Data Protection Regulation, widely considered the strictest law in the world in terms of regulating the collection and use of consumer data. In broad strokes, GDPR generally requires companies get clear consent for collecting people’s personal data and allows people to access the data stored about them, fix it if it’s wrong, and delete it if they so choose. Even if your business isn’t based in the EU, it may still be required to comply with GDPR if it collects data on people in the EU, and the fines for not complying can be severe: up to 20 million euros or 4% of annual revenue in the most egregious cases. If you’re still scratching your head about what you need to do to get ready for the new law, here are a few resources that can help. Parker, an automated chatbot from international law firm Norton Rose Fulbright, can help if you’re still figuring out whether your business outside the EU even needs to comply with GDPR. 

Essentially a checklist in chat form, the tool can help you decide in a few minutes how concerned you need to be about the new regulation. This GDPR compliance checklist, developed by a group of startup founders from Belgium, can help you take the same rigorous approach to making sure you’re ready for the new law. While this guide is aimed at designers, it’s useful to anyone who’s involved in crafting websites, apps, or services that are going to potentially handle people’s personal data. Designers, developers, and managers all need to be thinking about what data they actually need to collect, and where they can store and process it. They also need to make sure users clearly agree to what’s going on and have the legally required resources to access, update, and delete their data if need be. 

If you want to let your customers see the data you have on them-and update or delete it if they wish-but you also store data across multiple cloud vendors, you might have some work to do. One solution is to use a core tool that syncs that data to as many of those third-party cloud services as possible to simplify things when those user requests come in or you’re preparing your compliance documentation. Segment, which has long helped companies connect with third-party data services, has rolled out tools to help its customers track those requests, data updates, and user consent changes to forward them on to supported vendors. 

Keywords: [“Data”,”need”,”new”]
Source: https://www.fastcompany.com/40575829/5-last-minute-gdpr-resources-to-help-bring-businesses-into-compliance

How to Comply with GDPR

The GDPR is designed to protect the personal data of EU citizens, and to do so it regulates how such data is collected, stored, processed, and destroyed. Perhaps most importantly, the territorial scope of the law is very broad. Article 3 of the GDPR states that a company anywhere in the world is subject to the GDPR if it processes the personal data of anyone residing in the EU. It doesn’t matter if your company has no offices or employees in the EU, or even if no transactions are carried out in the EU. If you process an EU citizen’s personal data, then you need to comply with the GDPR or face the financial consequences. 

While GDPR compliance is important, it is vital not to forget about the other compliance and data privacy regulations that may apply to your organization. This includes a GDPR checklist for data controllers and a GDPR checklist for data processors. Consider how to verify individuals’ ages and how you can obtain parental or guardian consent for any data processing activity. Designate someone to take responsibility for data protection compliance and consider whether you are required to formally designate a Data Protection Officer. The GDPR makes a distinction between a data processor and a data controller. 

For more on Data Protection Impact Assessments, see How a Data Protection Impact Assessment Helps You Comply with GDPR.Right to access, rectification and erasure. How to protect customer information under GDPR. The GDPR is designed to protect Data Subjects, but it goes to great lengths to avoid spelling out in technical terms what you need to do to ensure that you achieve suitable levels of data security. It’s a common myth that the GDPR requires the use of data encryption, and some consultants appear to be pushing sales of encryption products by implying that all you need to do is encrypt all your data and you will satisfy 90% of GDPR requirements. Any encryption initiative will likely involve an encryption product that handles data encryption as well as manages encryption keys, and may also include a cloud encryption gateway to ensure that data that is sent to the cloud for storage or processing is also encrypted. 

Detecting breaches is far from trivial – it takes an average of 191 days for data breaches to be detected, according to the Ponemon Institute’s 2017 Cost of A Data Breach Study. 

Keywords: [“Data”,”GDPR”,”company”]
Source: https://www.esecurityplanet.com/network-security/how-to-comply-with-gdpr.html

GDPR News Center News for 10-01-2018

What is GDPR? Understanding and Complying with GDPR Data Protection Requirements

A Definition of GDPR. The General Data Protection Regulation, agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data. The purpose of the GDPR is to impose a uniform data security law on all EU members, so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU. 

In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally. Articles 17 & 18 – Articles 17 and 18 of the GDPR give data subjects more control over personal data that is processed automatically. The result is that data subjects may transfer their personal data between service providers more easily, and they may direct a controller to erase their personal data under certain circumstances. Article 31 specifies requirements for single data breaches: controllers must notify SAs of a personal data breach within 72 hours of learning of the breach and must provide specific details of the breach such as the nature of it and the approximate number of data subjects affected. 

Articles 33 & 33a – Articles 33 and 33a require companies to perform Data Protection Impact Assessments to identify risks to consumer data and Data Protection Compliance Reviews to ensure those risks are addressed. Articles 36 & 37 – Articles 36 and 37 outline the data protection officer position and its responsibilities in ensuring GDPR compliance as well as reporting to Supervisory Authorities and data subjects. Article 45 – Article 45 extends data protection requirements to international companies that collect or process EU citizens’ personal data, subjecting them to the same requirements and penalties as EU-based companies. For many of these companies, the first step in complying with GDPR is to designate a data protection officer to build a data protection program that meets the GDPR requirements. 

Keywords: [“Data”,”GDPR”,”company”]
Source: https://digitalguardian.com/blog/what-gdpr-general-data-protection-regulation-understanding-and-complying-gdpr-data-protection

What is GDPR? Understanding and Complying with GDPR Data Protection Requirements

A Definition of GDPR. The General Data Protection Regulation, agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data. The purpose of the GDPR is to impose a uniform data security law on all EU members, so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU. 

In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally. Articles 17 & 18 – Articles 17 and 18 of the GDPR give data subjects more control over personal data that is processed automatically. The result is that data subjects may transfer their personal data between service providers more easily, and they may direct a controller to erase their personal data under certain circumstances. Article 31 specifies requirements for single data breaches: controllers must notify SAs of a personal data breach within 72 hours of learning of the breach and must provide specific details of the breach such as the nature of it and the approximate number of data subjects affected. 

Articles 33 & 33a – Articles 33 and 33a require companies to perform Data Protection Impact Assessments to identify risks to consumer data and Data Protection Compliance Reviews to ensure those risks are addressed. Articles 36 & 37 – Articles 36 and 37 outline the data protection officer position and its responsibilities in ensuring GDPR compliance as well as reporting to Supervisory Authorities and data subjects. Article 45 – Article 45 extends data protection requirements to international companies that collect or process EU citizens’ personal data, subjecting them to the same requirements and penalties as EU-based companies. For many of these companies, the first step in complying with GDPR is to designate a data protection officer to build a data protection program that meets the GDPR requirements. 

Keywords: [“Data”,”GDPR”,”company”]
Source: https://digitalguardian.com/blog/what-gdpr-general-data-protection-regulation-understanding-and-complying-gdpr-data-protection

5 last-minute GDPR resources to help bring businesses into compliance

This Friday is the deadline for compliance with the European Union’s new General Data Protection Regulation, widely considered the strictest law in the world in terms of regulating the collection and use of consumer data. In broad strokes, GDPR generally requires companies get clear consent for collecting people’s personal data and allows people to access the data stored about them, fix it if it’s wrong, and delete it if they so choose. Even if your business isn’t based in the EU, it may still be required to comply with GDPR if it collects data on people in the EU, and the fines for not complying can be severe: up to 20 million euros or 4% of annual revenue in the most egregious cases. If you’re still scratching your head about what you need to do to get ready for the new law, here are a few resources that can help. Parker, an automated chatbot from international law firm Norton Rose Fulbright, can help if you’re still figuring out whether your business outside the EU even needs to comply with GDPR. 

Essentially a checklist in chat form, the tool can help you decide in a few minutes how concerned you need to be about the new regulation. This GDPR compliance checklist, developed by a group of startup founders from Belgium, can help you take the same rigorous approach to making sure you’re ready for the new law. While this guide is aimed at designers, it’s useful to anyone who’s involved in crafting websites, apps, or services that are going to potentially handle people’s personal data. Designers, developers, and managers all need to be thinking about what data they actually need to collect, and where they can store and process it. They also need to make sure users clearly agree to what’s going on and have the legally required resources to access, update, and delete their data if need be. 

If you want to let your customers see the data you have on them-and update or delete it if they wish-but you also store data across multiple cloud vendors, you might have some work to do. One solution is to use a core tool that syncs that data to as many of those third-party cloud services as possible to simplify things when those user requests come in or you’re preparing your compliance documentation. Segment, which has long helped companies connect with third-party data services, has rolled out tools to help its customers track those requests, data updates, and user consent changes to forward them on to supported vendors. 

Keywords: [“Data”,”need”,”new”]
Source: https://www.fastcompany.com/40575829/5-last-minute-gdpr-resources-to-help-bring-businesses-into-compliance

GDPR News Center News for 09-28-2018

Most firms will not be GDPR-ready by compliance deadline

With just one month to go until the compliance deadline for the EU’s General Data Protection Regulation, research data shows that many companies will not be ready in time. Start Download. Only 51% of companies polled say they have all the systems in place that will enable them to remove EU citizen data from servers on request, including back-ups, in accordance with Articles 16 and 17 of the GDPR. Worryingly, 21% do not yet have any systems in place to meet these requirements, according to a study published by data security company WinMagic. In many cases, the survey shows that companies lack the systems and processes to ensure compliance with the new legislation, which affects all companies holding and processing EU citizen data. 

Organisations found to be non-compliant could also face a range of other punitive actions from data protection authorities, including compulsory data protection audits, warnings, reprimands, enforcement notices and stop processing orders. Data management delays: A quarter of respondents admitted that systems were only part implemented, and would not allow the automated removal of citizen data from back-ups. Failing to encrypt data: An average of 20% of the companies surveyed lack continuous encryption for personally identifiable information across their cloud and on-premise servers, despite appropriate levels of encryption and anonymisation being a requirement for GDPR compliance. Where companies lack strict security and encryption management for technologies such as virtual machines and hyper-converged infrastructure, uncontrolled data sprawl can be common, leading to silos of hidden data and a fragmentation of governance, which leaves companies non-compliant and at risk of heavy fines. Poor data breach monitoring: When a data breach occurs, the report said speed is the key element in responding to ongoing attacks, but also to controlling the spread and abuse of data by cyber criminals. 

The GDPR requires companies to report data breaches to the relevant data protection authority within 72 hours of discovery, yet 41% of respondents said they could not achieve this today. Many companies lack the tools that will identify whether a breach has ever occurred or the data taken. Commenting on the fast-approaching GDPR compliance deadline, Tamzin Evershed, senior director and global privacy lead at Veritas Technologies, said that in recent months, companies have been striving to gain complete visibility and control of their data – including what information is stored, who owns it, who has access and how it is used. This approach is in line with that advocated by UK information commissioner Elizabeth Denham, who has repeatedly emphasised that the GDPR is about gaining and maintaining consumer trust, which is essential for the development and innovation of business using data. 

Keywords: [“Data”,”company”,”breach”]
Source: https://www.computerweekly.com/news/252439872/Most-firms-will-not-be-GDPR-ready-by-compliance-deadline

Most firms will not be GDPR-ready by compliance deadline

With just one month to go until the compliance deadline for the EU’s General Data Protection Regulation, research data shows that many companies will not be ready in time. Start Download. Only 51% of companies polled say they have all the systems in place that will enable them to remove EU citizen data from servers on request, including back-ups, in accordance with Articles 16 and 17 of the GDPR. Worryingly, 21% do not yet have any systems in place to meet these requirements, according to a study published by data security company WinMagic. In many cases, the survey shows that companies lack the systems and processes to ensure compliance with the new legislation, which affects all companies holding and processing EU citizen data. 

Organisations found to be non-compliant could also face a range of other punitive actions from data protection authorities, including compulsory data protection audits, warnings, reprimands, enforcement notices and stop processing orders. Data management delays: A quarter of respondents admitted that systems were only part implemented, and would not allow the automated removal of citizen data from back-ups. Failing to encrypt data: An average of 20% of the companies surveyed lack continuous encryption for personally identifiable information across their cloud and on-premise servers, despite appropriate levels of encryption and anonymisation being a requirement for GDPR compliance. Where companies lack strict security and encryption management for technologies such as virtual machines and hyper-converged infrastructure, uncontrolled data sprawl can be common, leading to silos of hidden data and a fragmentation of governance, which leaves companies non-compliant and at risk of heavy fines. Poor data breach monitoring: When a data breach occurs, the report said speed is the key element in responding to ongoing attacks, but also to controlling the spread and abuse of data by cyber criminals. 

The GDPR requires companies to report data breaches to the relevant data protection authority within 72 hours of discovery, yet 41% of respondents said they could not achieve this today. Many companies lack the tools that will identify whether a breach has ever occurred or the data taken. Commenting on the fast-approaching GDPR compliance deadline, Tamzin Evershed, senior director and global privacy lead at Veritas Technologies, said that in recent months, companies have been striving to gain complete visibility and control of their data – including what information is stored, who owns it, who has access and how it is used. This approach is in line with that advocated by UK information commissioner Elizabeth Denham, who has repeatedly emphasised that the GDPR is about gaining and maintaining consumer trust, which is essential for the development and innovation of business using data. 

Keywords: [“Data”,”company”,”compliance”]
Source: https://www.computerweekly.com/news/252439872/Most-firms-will-not-be-GDPR-ready-by-compliance-deadline

GDPR News Center News for 09-03-2018

» Organisations

The General Data Protection Regulation very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities. 

Keywords: [“Data”,”personal”,”how”]
Source: http://gdprandyou.ie/organisations

Covering Digital Experience, Digital Workplace & Information Management

About Us. CMSWire is a leading, native digital publication produced by Simpler Media Group, Inc. We provide articles, research and events for sophisticated professionals driving digital customer experience strategy, evolving the digital workplace and creating intelligent information management practices. The CMSWire team produces 450+ authoritative articles per quarter for our 750,000 community members. 

Keywords: [“digital”,”articles”,”produced”]
Source: https://www.cmswire.com/…/5-ways-gdpr-will-change-marketing-forever

Covering Digital Experience, Digital Workplace & Information Management

About Us. CMSWire is a leading, native digital publication produced by Simpler Media Group, Inc. We provide articles, research and events for sophisticated professionals driving digital customer experience strategy, evolving the digital workplace and creating intelligent information management practices. The CMSWire team produces 450+ authoritative articles per quarter for our 750,000 community members. 

Keywords: [“digital”,”articles”,”produced”]
Source: https://www.cmswire.com/…/gdpr-penalties-faq-how-bad-will-it-be

GDPR and ePrivacy Guidance: Awin

GDPR.Awin has always taken data protection obligations seriously, and will continue to do so under new European legal framework surrounding the General Data Protection Regulation and ePrivacy Regulation. Although ePrivacy Regulation was intended to come into effect at the same time, the wording is still likely to change from its current form, and therefore is no longer anticipated to be ready on the same date. 

Keywords: [“Regulation”,”same”,”ePrivacy”]
Source: https://www.awin.com/us/gdpr

GDPR Compliance

GDPR is complex, but it’s also a unique opportunity. General Data Protection Regulation is a new set of laws that dramatically affects data privacy practices throughout the European Union. SAP can help plan your compliance needs and identify transformation opportunities. Watch Mathias Cellarius, head of Data Protection and Privacy at SAP, share his approach to safeguarding data and discuss SAP’s deep commitment to privacy. 

Keywords: [“Data”,”SAP”,”privacy”]
Source: https://discover.sap.com/gdpr/en-us/index.html

GDPR Management Schools

We are an exceptional team of professionals with a wealth of experience working in and with schools. Whether you are an individual school, a local authority support team, a multi academy trust or a private company supporting GDPR in schools we have the solution to make your task much easier. We are here to help you and your school ease your way into the next level of data protection in time for the May 2018 deadline. 

Keywords: [“school”,”support”,”team”]
Source: https://www.gdpr.school

Rapid7 Blog

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network-including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community-to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year. 

Keywords: [“Threat”]
Source: https://blog.rapid7.com/tag/gdpr

General Data Protection Regulation Free Guide

As the deadline approaches for compliance with the GDPR, you’ll need to know how much progress you�re making towards meeting the new requirements. That’s why we’ve created this customized compliance check, which lets you examine your data protection preparations, and highlight areas that will require more attention. It’s free to take, and will result in a free, detailed report, customized to your business. 

Keywords: [“free”,”customized”,”compliance”]
Source: https://encryption.eset.com

General Data Protection Regulation Free Guide

As the deadline approaches for compliance with the GDPR, you’ll need to know how much progress you�re making towards meeting the new requirements. That’s why we’ve created this customized compliance check, which lets you examine your data protection preparations, and highlight areas that will require more attention. It’s free to take, and will result in a free, detailed report, customized to your business. 

Keywords: [“free”,”customized”,”compliance”]
Source: https://encryption.eset.com/gb

Hospitality Data Protection Officer & GDPR

As hospitality companies conducting business in Europe prepare to make operational changes to conform with the EU General Data Protection Regulation, HFTP has put together the HFTP HDPO Task Force that will prepare resources for the industry. With a team of 23 experts, HFTP will build a program that demonstrates an individual’s competency for the position within a hospitality company. 

Keywords: [“HFTP”,”Force”,”Task”]
Source: https://www.hftp.org/hospitality_resources/hdpo

Infosys GDPR

General Data Protection Regulation is an European Union data privacy law that will replace the erstwhile EU Data Protection Directive 1995. The law which will become effective from May 2018, will require enterprises located or doing business in EU countries, to comply with its strict privacy requirements regardless of whether the location of data processing is within EU or outside. 

Keywords: [“Data”,”law”,”Protection”]
Source: https://www.infosys.com/gdpr

Cordery – Solutions

Cordery is a trading name of Cordery Compliance Limited. Authorised and regulated by the Solicitors Regulation Authority. Company number 07931532 registered in England and Wales. Cordery Compliance Limited trading as Cordery provides some products and services which are not regulated by the Solicitors Regulation Authority; we will clearly state this to you if this is the case. 

Keywords: [“Cordery”,”Company”,”Authority”]
Source: http://www.corderycompliance.com/solutions/cordery-gdpr-navigator

GDPR for Churches

Please note that this information is intended to help churches during their own preparations for GDPR, and should not be taken as legal advice. You should seek your own legal guidance to ensure compliance with GDPR. The current advice given by the ICO is still changing, and we will do our best to update this page as soon as anything new is released. 

Keywords: [“advice”,”legal”,”GDPR”]
Source: http://gdprforchurches.org.uk

GDPR News Center News for 09-01-2018

GDPR

The GDPR arose, in large part, as a holistic way to update existing, disparate, and sometimes-conflicting laws and regulations across the EU and to strengthen the protection of individuals’ personal data, in light of the rapidly-evolving technological landscape, increased interconnectivity and globalization, and more elaborate international transfers of personal data. The GDPR generally replaces the legacy mix of national data protection laws that are currently in place with a single, comprehensive law, which is directly enforceable in each EU member countries. 

Keywords: [“data”,”personal”,”GDPR”]
Source: https://www.fuze.com/GDPR

GDPR

As of May 25, every organization that does business in the EU will have to meet new data protection rules, or pay a steep fine. Compliance requires precise knowledge of the data you store and process, and the right data management policy across your organization. Software AG equips you with the means to quickly set up the knowledge base and process framework you need for achieving compliance by offering everything in one solution: business process analysis, enterprise architecture management, IT portfolio management and planning, and GRC practices. 

Keywords: [“management”,”process”,”data”]
Source: https://www.softwareag.com/corporate/innovation/gdpr/default.html

GDPR Design: GDPR Solutions To Help Companies Comply

GDPR Design has developed a series of low cost, cloud-based solutions to help SME businesses comply with GDPR and the data privacy laws. We are providing knowledge, experience and ongoing consultancy to help companies develop their data processes to benefit their business objectives. Using our experience of the SME market, our understanding of compliance and knowledge of online applications, we are focused on removing the headache and ongoing challenges of GDPR, allowing organisations to focus on what they do best – their core business services. 

Keywords: [“GDPR”,”business”,”ongoing”]
Source: https://gdpr.design

Privacy, Security and Information Law Fieldfisher

Vera Jourová, the European Union Commissioner for Justice, Consumers and Gender Equality, rounded off a recent three-day visit to the US in September with a speech at Berkeley School of Law on the current state of online privacy and consumer protection. Members of our Silicon Valley Privacy and Security team were there in person to hear Mrs Jourová address various topics, including the first joint annual review of Privacy Shield, the progress made for GDPR readiness to date and the ongoing issues of online hate speech and radicalisation. 

Keywords: [“privacy”,”online”,”speech”]
Source: http://privacylawblog.fieldfisher.com/tags/gdpr

We can assist you with the challenges of GDPR

As of 25 May 2018, the new EU data protection regulation GDPR will enter into force and replace the current laws on the processing of personal data. It will lead to a stricter law with respect to how companies and organisations can store, use and process collected personal data. The GDPR will affect all businesses and could have both cost and legal consequenses for your company. We can help you control the challenges of the GDPR. We can provide solutions that both handles and takes advantage of the new regulatory framework. 

Keywords: [“GDPR”,”data”,”both”]
Source: https://www.profitbase.com/gdpr/?lang=en

GDPR made searchable by Algolia. Chapters, articles and recitals easily readable

This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. 

Keywords: [“data”,”personal”,”persons”]
Source: https://gdpr.algolia.com/?ref=producthunt

GDPR360

Chances are you’ve heard of GDPR and that you’re comfortable that you’re addressing the challenges or you’re not quite sure how it affects you and what you need to do. GDPR is the new data protection framework that applies to any EU-based company that processes personal data and any company based outside the EU if it offers goods or services to EU data subjects or monitors their behaviour. For UK-based companies the new Data Protection Bill is currently being read in Parliament and this will bring the GDPR into UK law. 

Keywords: [“data”,”company”,”GDPR”]
Source: https://www.gdpr360.com

Unroll.Me To Stop Serving EU Users As GDPR Looms 05/07/2018

Me, the free email unsubscribe, will stop serving European users two days before the General Data Protection Regulation is scheduled to take effect. According to reports, the company could change this policy in the future. It apparently has decided that it cannot comply with GDPR, which takes effect on May 25. Last year, following a New York Times report on Unroll. Me’s data practices and the sale of Lyft data to Uber, the company was hit with a class-action lawsuit, alleging that it had violated the federal wiretap law. 

Keywords: [“users”,”Data”,”Slice”]
Source: https://www.mediapost.com/publications/article/318847/unrollme-to…

Download the GDPR eBook

Not to mention the 72 hour report window for security breaches. Undoubtedly, the most important message now is PREPARE WELL. It’s common knowledge that GDPR compliance prep requires hiring a Data Protection officer(DPO). Though he/she will be primarily responsible for the compliance process, the GDPR will affect every department throughout the entire organization. Read the InfoGov GDPR Basics eBook to find the answers to those questions and more as the EU GDPR implementation date draws nearer. 

Keywords: [“GDPR”,”questions”,”compliance”]
Source: https://www.infogovbasics.com/gdpr-basics-ebook

GDPR info centre

Even though the UK will turn its back on the EU in 2019, nothing will stop this law. It’s going ahead. Let’s be clear, GDPR will change everything about how you store, manage and process data for your staff. It has executives at multinationals feeling nervous, let alone employers at SMEs. The legal eagles at BrightHR came together with the data analysts and the software developers and, well, everyone, to explain GDPR in simple terms and offer guidance on what you need to do-starting today. 

Keywords: [“GDPR”,”data”,”let”]
Source: https://www.brighthr.com/gdpr

GDPR News Center News for 08-27-2018

GDPR implications for schools

There seems to be a lot of panic related to the introduction of GDPR however, compared to many private organisations, schools are much better placed to address the new regulations. In education, there has always been a culture that values every person’s rights and freedoms. Whilst there are many extra demands required to map and audit personal data stored and shared, schools with existing rigid data protection policies should see GDPR as an opportunity to improve the way they work. Schools have always had to give parents and children access to their data, but under GDPR individuals have the right to ask for that data to be forgotten. This regulation only applies to certain data that you store and GDPRiS will provide the right guidance in such instances. 

Keywords: [“data”,”right”,”schools”]
Source: https://www.gdpr.school/gdpr-schools

New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance

Catalin Cimpanu, reporting for BleepingComputer: A new service called GDPR Shield made the rounds last week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won’t have to deal with GDPR compliance. GDPR, or General Data Protection Regulation, is a new user and data privacy regulation slated to come into effect in the EU three weeks from now, on May 25, 2018. The new regulation brings a wealth of protections to user privacy but is a nightmare for companies doing business in Europe. The reasons are plenty, but the humongous fines for failing to meet GDPR standards are at the top of the list for most companies. 

Keywords: [“Data”,”company”,”GDPR”]
Source: https://yro.slashdot.org/story/18/05/07/1056215

GDPR READY 2018 – Uusi EU:n laajuinen tietosuoja-asetus

GDPR eli uusi EU:n laajuinen tietosuoja-asetus tekee jokaisesta suomalaisesta ohjelmistoyrityksestä rekisterinpitäjän sekä suurimmasta osasta henkilötietojen käsittelijän. GDPR eli uusi EU:n tasoinen tietosuoja-asetus astuu voimaan keväällä 2018. Jäsenille maksuttomassa koulutusohjelmassa käydään läpi käytännönläheisesti tietosuoja-asetuksen velvoitteet ja mahdollisuudet ohjelmistoyrittäjän näkökulmasta kahden vuoden aikana. Ohjelmistoyrittäjät ry ja asianajotoimisto HPP Oy järjestävät kaudella 2016-2018 tietosuoja-asetusta koskevan koulutusohjelman, jonka sisältö vaihtelee koulutustilaisuuksittain. Käytännön valmistelut on aloitettava jo nyt, jotta yrityksesi ja palvelusi on vaaditulla tasolla keväällä 2018! 

Keywords: [“mit”,”tulee”,”EU:n”]
Source: http://www.gdpr.fi

GDPR Compliance

I’m the Principal Security Manager here at Spanning Cloud Apps, and today, we’re going to be talking about the General Data Protection Regulation, what it does, and answering some questions from our customers. The GDPR is the latest legislation to come out of the European Union that deals directly with data privacy. Any company that processes EU citizen data will have to comply with this regulation. We have a pre-signed DPA for any customer that requires it, which also includes standard contractual clauses for those that require it. We work with our customers to ensure that their data stays within the European Economic Area and is never transferred out without their expressed permission. 

We also have secure mechanisms for data subject’s requests. 

Keywords: [“Spanning”,”Data”,”does”]
Source: https://spanning.com/gdpr

Data Protection Network

The GDPR will be implemented across all EU Member States on 25 May 2018. As the deadline draws ever closer organisations need to prepare for the swathes of changes the new Regulation ushers in. The Data Protection Network has produced some helpful guides to assist organisations in preparing for the new Law. Download – General Data Protection Regulation – a practical guide for business. GDPR Articles and Recitals – navigating your way through the GDPR text. 

The GDPR text is lengthy and comprises 99 Articles and 173 Recitals, the order of which doesn’t always flow naturally. So to help you the DPN has compiled pages which include the relevant text on each of the key topics. Simply click on a subject below to read the relevant GDPR Article or Recital. 

Keywords: [“GDPR”,”text”,”Recital”]
Source: https://www.dpnetwork.org.uk/gdpr

Implementing GDPR Conference

While many organisations have focused on securing GDPR compliance ahead of the May 2018 deadline, this date is just the beginning of a major transformation in the way we collect, store and use data. Join us for the Implementing GDPR Conference where leading experts will assess the legislation’s impact so far and help ensure your organisation is fully prepared for the future. Taking place one month after the GDPR deadline, this conference will give you the opportunity to compare your GDPR performance with examples of best practice, understand your obligations under the new regulations and re-evaluate your data security procedures. Course dates coming soon…. Please register interest below and we will keep you updated. 

Keywords: [“GDPR”,”data”,”Conference”]
Source: http://www.salford.ac.uk/onecpd/conferences/implementing-gdpr-conference

App devs bewildered by last-minute Google GDPR klaxon The Register

Roid developers are scrambling to change their apps after 11th hour privacy instructions from Google left them waiting on an SDK which still isn’t ready. On 4 May, just three weeks before the deadline for implementing GDPR, Google emailed developers who use its Admob advertising system that a new consent API was being rushed in – but wasn’t quite ready yet. In fact the official documentation, seen by us, advised devs not to test the API at all. It wasn’t clear when the consent message would appear, or what it would look like. This week Google clarified things – a bit – with an employee posting on the Admob forum. 

There will be three options on the consent dialog, a rep explained: 1) Personalised ads 2) Non-personalised ads or 3) Ad free. 

Keywords: [“consent”,”Google”,”ad”]
Source: https://www.theregister.co.uk/2018/05/10/google_gdpr_consent_klaxon

GDPR News Center News for 08-18-2018

Data Protection & GDPR

The EU’s GDPR represents a comprehensive reform of existing data protection laws. It requires a significant change in the way organizations manage personal data in today’s digital operating environment. GDPR encompasses data management and security, including new concepts – transparency and accountability – and a key requirement to notify data breaches. Non-compliance could lead to fines of 4% of an organization’s worldwide turnover or 20 million euro – whichever is higher. Be ready to demonstrate you take appropriate practices to protect personal data. 

A consistent GDPR roadmap with operational outcomes. Drawing on global experience across diverse industries. We also work with Data Protection Officers to set out the roles, organization, and IT requirements for protecting data assets and meeting GDPR requirements. With end-to-end data protection capabilities, Capgemini has a deep understanding of the GDPR, its associated business issues, and relevant technology solutions. We help CIO, CISO, DPO, CDO and DMO from all around the world meet GDPR requirements while building digital trust with automated solutions. 

Discover how we tailor our GDPR portfolio to the current GDPR readiness of individual clients. 

Keywords: [“data”,”GDPR”,”requirement”]
Source: https://www.capgemini.com/service/gdpr/data-protection-gdpr

General Data Protection Regulation

The GDPR aims to strengthen and unify data protection for people within European Union. It attempts to strike a balance between the rights of the individual and the ability of companies to differentiate their services and products by having access to quality information. The GDPR lays the foundation for determining what companies need to consider with regard to personal data and how they can demonstrate compliance. A key focus of GDPR is data privacy rights bestowed to an individual. Figure 1: Rights to the Individual under GDPR. 

In addition, GDPR focus areas include global applicability, enhanced responsibilities for data controllers and data processors, privacy by design, transparency, breach notification, and a penalty of 4% of annual worldwide turnover for non-compliance. With very little time remaining for General Data Protection Regulation to become effective, organizations need to know what has to be done to achieve compliance and also evaluate how they will address the technology and process challenges. With this webinar, we also explore the impact of GDPR on blockchain systems, as well as the scope of using a blockchain to implement GDPR solutions. 

Keywords: [“GDPR”,”data”,”compliance”]
Source: http://www.wipro.com/microsite/GDPR

GDPR could wipe 2% from Google’s revenues, according to Deutsche Bank

The European Union’s new General Data Protection Regulation could wipe 2 percentage points from the revenues of Alphabet, Google’s corporate parent, according to Deutsche Bank analyst Lloyd Walmsley and his team. GDPR comes into effect on May 25, 2018, and requires any company that does business in the EU to protect the privacy of consumers’ data, restrict what kinds of data companies can collect, and make data collection law across the continent simpler. The Deutsche Bank team regard the regulatory climate as somewhat threatening to Google, given recent negative rulings from the European Commission around Google’s alleged monopoly status in terms of online shopping, search and the bundling of Google apps on Android phones. When GDPR comes into effect, companies will be required to treat consumers with a high level of privacy by default, and get consent for further data transfers. Deutsche Bank estimates that about 33% of Google’s revenues come from Europe, and within that population, 30% of users might opt out of data sharing. 69 at the time of writing, having risen from $796 a year earlier. 

Google reported $28 billion in revenues for Q3 2017.. 

Keywords: [“Google”,”Data”,”company”]
Source: http://www.businessinsider.com/gdpr-effect-on-google-revenues-2018-1

EU General Data Protection ​Regulation

With fines up to four percent of annual revenue for a data breach possible through the GDPR – now is the time to re-think your privacy, security, and data governance strategy. AvePoint, in partnership with the Centre for Information Policy Leadership, a global privacy and cyber security think tank, surveys organizations around the world for GDPR readiness. Find out how your organization measures against the results. The broad terms of the GDPR mean that any company with a website offering goods or services to citizens of the EU may be subject to the regulation. This marks a significant change to the previous law, which most courts generally agree only maintains jurisdiction over companies with an established business in a particular state. 

The Operational Impact of the European Union General Data Protection Regulation on IT. Get a closer look at the impact the GDPR has on how your data is managed to understand how to disclose data privacy and protection practices, provide transparency, choice, and consent to your customers. Learn where to implement safeguards and controls around the collection, storage, protection, and sharing of personal data. 

Keywords: [“data”,”GDPR”,”Protection”]
Source: https://www.avepoint.com/gdpr

Pitchero

Store personal data exclusively in GDPR compliant systems such as Pitchero. Where necessary, have processes in place to gain consent for the data you hold(see the consent form contained within our GDPR Toolkit). Decide on appropriate retention policies for each type of data stored. Put in place appropriate organisational and technical measures to protect personal data. Where required, record your data processing activities and appoint a data protection officer. 

Undertake data protection impact assessments where necessary;. Provide tools to help access data needed for subject requests. Clearly display who has access to data and provide tools to add or remove access where appropriate. Data security Pitchero is committed to the secure storage of all user data, whether that be personal information or data important to your organisation. The Pitchero production system runs exclusively in Amazon Web Services data centres. 

AWS Cloud Security information . Where data is moved or stored outside of the EU, providers are vetted for compliance with the EU-US Privacy Shield. This prevents the interception of data between your browser and the Pitchero system. 

Keywords: [“Data”,”information”,”GDPR”]
Source: https://secure.pitchero.com/gdpr

GDPR News Center News for 08-17-2018

GDPR is a Process Issue

It is a process issue as much as a customer data one. GDPR and recent data breaches have put data privacy in the spotlight. The law applies to any company whose data processing concerns private data of EU data subjects, irrespective of the company’s location. Compliance requires understanding and control of data, processes and IT systems. Companies need to locate their data in the EU: Not true. 

Reputation: Trust can disappear overnight with a data breach or reported misuse of personal information. Data simplification: You must delete the personal data you don’t need or have permission to hold. You can also only hold personal data you have a valid basis for, and then only for a reasonable period – including all that duplicated data. With less data that is more up-to-date and accurate you will see immediate savings. Job #1 – Develop & deploy operational processes: There are specific processes that need to be documented, understood and followed; getting opt-in consent, Subject Matter Access requests, reporting data breaches. 

Job #2 – Where is the Personal Data stored: You need to take an inventory of all your internal systems and build a data catalog of each systems down to field level. You should delete all the data unless you can hold it for another legal basis. 

Keywords: [“Data”,”GDPR”,”company”]
Source: http://www.bpminstitute.org/resources/articles/gdpr-process-issue

GDPR resources

At Entity Group we have built GDPR resources based on our 30 years of experience in helping clients address data management and governance challenges. GDPR is one of the biggest data management problems we have seen companies struggle with. It is also a substantial opportunity for organisations acting in the role of data controllers and data processors to build trust with data subjects. They have the chance to become truly customer/citizen/employee centric with all the associated tangible and intangible benefits this can deliver. The reason why GDPR seems like such a big gap to fill is because very few organisations have a holistic data strategy in place and are in no position to take advantage of opportunities afforded by GDPR or any other regulatory obligation. 

Data governance and information management strategies can be difficult to articulate and seem even more difficult to execute. We believe they are achievable with the right assistance. GDPR compliance is a specific example of a data delta that needs to be crossed and the best way to approach it is with tried and tested data management techniques. It outlines our full approach to tackling data management in your organisation. We can also offer a great deal of practical assistance. 

Keywords: [“data”,”GDPR”,”management”]
Source: https://www.entitygroup.com/gdpr

GDPR Information

On May 25, 2018, the EU’s General Data Protection Regulation becomes effective, replacing existing EU data protection laws based on the 1995 EU Data Protection Directive. The GDPR strengthens privacy rights for EU individuals and extends the scope of responsibilities for businesses processing personal data of EU individuals. Aspect is taking steps to comply with the legislation and equip our customers to do the same by the May 25th effective date. Under the direction of Aspect’s global GDPR project team, Aspect has closely analyzed the requirements of the GDPR and is making the necessary modifications to its products and services, contracts, and documentation to support GDPR compliance for our customers. Aspect is finalizing a full information audit and data mapping exercise covering all personal information on data subjects processed by Aspect in its role as controller and processor. 

This effort includes all processing activities undertaken by Aspect by itself and on behalf of customers through Aspect’s products and services. The level of detail includes, but is not limited to, the purposes of processing, data subjects, categories of personal data, lawful bases for processing, location of data and retention periods. 

Keywords: [“Data”,”Aspect”,”processed”]
Source: https://www.aspect.com/company/gdpr

GDPR

Our Game Based Learning platform provides an organisation with the GDPR Foundation experience, this can be easily and quickly customized to reflect the organisations requirements – content, scenarios, risks, questions, analytics etc. Employees – GDPR is a very ‘dry’ subject, our GDPR Game Based Learning solution that will deliver GDPR awareness training in an engaging and enjoyable format. Speed – ALL of our games can be easily changed to reflect your organisations content, scenarios, processes & rules in HOURS not Days, turning our ‘foundation’ games into your bespoke solution. Change – once deployed our platform allows an experience to be easily changed, updated or amended to suit your organisations ever changing requirements – delivering a high ROI.Facilitation – our GDPR games can easily be deployed using self-facilitation, thus reducing the need for expensive training resources. Updated – our GDPR games will be updated to provide longevity to reflect the requirement that the regulation requires every employee to receive a knowledge ‘refresh’ as the regulation evolves. 

GDPR Experiences – our platform can be deployed locally, via the Cloud and played on Tablets or PCs, in single or multi-player mode. 

Keywords: [“GDPR”,”Game”,”experience”]
Source: http://www.applio.net/gdpr

How Stonewall are tackling GDPR with sophistication

Many charities are taking GDPR as an opportunity to clear out their contact lists completely and start all over again. They’re asking everyone they’re in touch with to refresh their consent to be contacted. It’s a big, official task, but that doesn’t mean it has to be boring. On Valentine’s Day, London-based charity Stonewall , an organisation working for inclusivness and equality for LGBT people, sent out an ingenious GDPR email dressed up as a romantic note that asked followers not to leave them. Ben Kremer, Senior Email Marketing Officer at Stonewal l said the idea behind the campaign came from a discussion around sending the email in the middle of February. 

Stonewall were applauded by fundraisers and charity supporters online. Ben says the response has inspired the team to be more creative with their communications, though he admits that the time needed to plan these campaigns is sometimes just not there. The email was phase one in a series of Stonewall communications for different audiences. They’ll be sending further comms to last givers and consistent donors. Though the new rules around GDPR have certainly caused an increase in workload for people at Stonewall, Ben says he thinks they are a good thing. 

Keywords: [“people”,”really”,”GDPR”]
Source: http://blog.justgiving.com/how-stonewall-is-tackling-gdpr-with-sophistication