GDPR News Center News for 10-25-2018

EU GDPR Webinar: The IT Manager’s guide to GDPR – Getting your department up to speed and ready

GDPR Compliance

The regulation increases the level of control EEA citizens and residents have over their personal data in the new digital age and presents a more unified environment for international business across Europe. The Regulation impacts any business that receives, processes, stores or transfers personal data of EEA-based individuals, regardless of its location. Personal data is defined broadly and typically includes information relating to an individual such as name, email, location, online identifier, IP address, home address etc. New rights are given to individual data subjects concerning the personal data being stored, including the right prior notification of what data is being used for, how it will be processed and when it will be deleted. As a result, most businesses dealing the European market have had to review and update their data practices and privacy policies. 

BlueSnap & the GDPR. BlueSnap has been focused on completing its General Data Protection Regulation compliance efforts. To enable BlueSnap merchants to continue accepting orders from individuals based in the European Economic Area from that date onwards, the GDPR compels us to put into effect a Data Protection agreement containing mandatory provisions for all merchants wherever they are based. We therefore issued a Data Protection Addendum effective for BlueSnap and all merchants as from 25th May 2018. Review the new Data Protection Addendum here: https://home. 

In order to cover the aspect of data transfer from the European Economic Area to the US, BlueSnap has been certified on Privacy Shield since Q3 2016. We also added certification under the Swiss-US Privacy Shield scheme in 2017 and are currently finalizing updated data processing agreements with relevant parties involved in the processing, receipt, and storage of personal data. We strongly advise merchants that receive shopper details from EEA-based individuals to take immediate steps to ensure their own data management practices are in compliance with the GDPR, and that other third party services used in addition to BlueSnap, are also compliant. 

Keywords: [“data”,”BlueSnap”,”individual”]

‘Everyone is breaking the law right now’: GDPR compliance efforts are falling short

The arrival of the General Data Protection Regulation a month ago led to a flurry of activity, clogging email inboxes and flooding people with tracking consent notices. Experts say much of that activity was for show because much of it fails to render companies compliant with GDPR. Part of the issue, experts say, is the vague regulation has been interpreted in wildly different ways. GDPR consent-request messages vary wildly across sites. There are default pre-ticked opt-ins, buried options that require users to hunt for them, consent banners with information only available at a further click but no button to reject, and implied consent approaches. 

Others have simply reskinned cookie-banner messages required under the existing ePrivacy directive. A tumultuous few weeks after the law’s arrival on May 25, in which programmatic ad volumes plummeted mostly as a result of Google’s last-minute GDPR policy changes, programmatic spending is returning to pre-GDPR levels. GDPR has been criticized for being vague and open to interpretation, which is what led to such disparate consent-gaining methods. Publishers across Europe are divided between those that have taken softer legitimate interest-based approaches or opt-out methods to claim compliance, while others have gone the harder consent-based route that requires people to opt in. Bloomberg and Forbes appear to be taking strict active consent approaches, while others like the Guardian and MailOnline are running consent banners. 

Several publishers have divided explainers on their cookie use into those used for advertising and tracking, and those used for site analytics – though users aren’t always able to pick one and reject the other; in many cases, it’s all or nothing. Others are simply hoping to stay under the radar until they have figured out how to be compliant in a way that doesn’t damage the business model. Publishers went on a soul-searching mission when ad blocking reached crisis levels in 2017. 

Keywords: [“publishers”,”consent”,”GDPR”]

80 Percent of Companies Still Not GDPR-Compliant

Several weeks after the deadline for General Data Protection Regulation compliance, the vast majority of companies are either still working on it or have yet to begin the process. That’s according to the latest research from TrustArc, which surveyed 600 IT and legal professionals responsible for privacy at companies required to meet GDPR compliance in the United States, the United Kingdom and the European Union – one month following the May 25. Only one in five companies surveyed believe it is GDPR compliant, while 53 percent are in the implementation phase and 27 percent have not yet started their implementation. EU companies, excluding the U.K., are further along, with 27 percent reporting they are compliant, versus 12 percent in the U.S. and 21 percent in the U.K. 

While many companies have significant work to do, nearly three in four expect to be compliant by the end of this year and 93 percent by the end of 2019. While many companies still have a long way to go, a comparison to August 2017. About one in four companies spent more than $500,000 to become GDPR-compliant, while one in three plan to spend that amount on compliance efforts between June and December 2018. Percent of U.S. companies spent more than $1 million on compliance vx. 10 percent for U.K. 

and 7 percent for EU companies. Despite difficulties in becoming GDPR-compliant, 65 percent view GDPR as having a positive impact on their business, while 15 percent view the regulation as having a negative impact. Meeting customer expectations was the main driver to become compliant, much higher than concern for fines. Complexity of GDPR posed the biggest challenge to compliance. The vast majority said data privacy will become more important at their companies post-GDPR deadline, and 80 percent of companies plan to increase their spending on GDPR technology and tools to maintain compliance. 

Keywords: [“percent”,”companies”,”compliance”]

GDPR News Center News for 08-27-2018

GDPR implications for schools

There seems to be a lot of panic related to the introduction of GDPR however, compared to many private organisations, schools are much better placed to address the new regulations. In education, there has always been a culture that values every person’s rights and freedoms. Whilst there are many extra demands required to map and audit personal data stored and shared, schools with existing rigid data protection policies should see GDPR as an opportunity to improve the way they work. Schools have always had to give parents and children access to their data, but under GDPR individuals have the right to ask for that data to be forgotten. This regulation only applies to certain data that you store and GDPRiS will provide the right guidance in such instances. 

Keywords: [“data”,”right”,”schools”]

New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance

Catalin Cimpanu, reporting for BleepingComputer: A new service called GDPR Shield made the rounds last week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won’t have to deal with GDPR compliance. GDPR, or General Data Protection Regulation, is a new user and data privacy regulation slated to come into effect in the EU three weeks from now, on May 25, 2018. The new regulation brings a wealth of protections to user privacy but is a nightmare for companies doing business in Europe. The reasons are plenty, but the humongous fines for failing to meet GDPR standards are at the top of the list for most companies. 

Keywords: [“Data”,”company”,”GDPR”]

GDPR READY 2018 – Uusi EU:n laajuinen tietosuoja-asetus

GDPR eli uusi EU:n laajuinen tietosuoja-asetus tekee jokaisesta suomalaisesta ohjelmistoyrityksestä rekisterinpitäjän sekä suurimmasta osasta henkilötietojen käsittelijän. GDPR eli uusi EU:n tasoinen tietosuoja-asetus astuu voimaan keväällä 2018. Jäsenille maksuttomassa koulutusohjelmassa käydään läpi käytännönläheisesti tietosuoja-asetuksen velvoitteet ja mahdollisuudet ohjelmistoyrittäjän näkökulmasta kahden vuoden aikana. Ohjelmistoyrittäjät ry ja asianajotoimisto HPP Oy järjestävät kaudella 2016-2018 tietosuoja-asetusta koskevan koulutusohjelman, jonka sisältö vaihtelee koulutustilaisuuksittain. Käytännön valmistelut on aloitettava jo nyt, jotta yrityksesi ja palvelusi on vaaditulla tasolla keväällä 2018! 

Keywords: [“mit”,”tulee”,”EU:n”]

GDPR Compliance

I’m the Principal Security Manager here at Spanning Cloud Apps, and today, we’re going to be talking about the General Data Protection Regulation, what it does, and answering some questions from our customers. The GDPR is the latest legislation to come out of the European Union that deals directly with data privacy. Any company that processes EU citizen data will have to comply with this regulation. We have a pre-signed DPA for any customer that requires it, which also includes standard contractual clauses for those that require it. We work with our customers to ensure that their data stays within the European Economic Area and is never transferred out without their expressed permission. 

We also have secure mechanisms for data subject’s requests. 

Keywords: [“Spanning”,”Data”,”does”]

Data Protection Network

The GDPR will be implemented across all EU Member States on 25 May 2018. As the deadline draws ever closer organisations need to prepare for the swathes of changes the new Regulation ushers in. The Data Protection Network has produced some helpful guides to assist organisations in preparing for the new Law. Download – General Data Protection Regulation – a practical guide for business. GDPR Articles and Recitals – navigating your way through the GDPR text. 

The GDPR text is lengthy and comprises 99 Articles and 173 Recitals, the order of which doesn’t always flow naturally. So to help you the DPN has compiled pages which include the relevant text on each of the key topics. Simply click on a subject below to read the relevant GDPR Article or Recital. 

Keywords: [“GDPR”,”text”,”Recital”]

Implementing GDPR Conference

While many organisations have focused on securing GDPR compliance ahead of the May 2018 deadline, this date is just the beginning of a major transformation in the way we collect, store and use data. Join us for the Implementing GDPR Conference where leading experts will assess the legislation’s impact so far and help ensure your organisation is fully prepared for the future. Taking place one month after the GDPR deadline, this conference will give you the opportunity to compare your GDPR performance with examples of best practice, understand your obligations under the new regulations and re-evaluate your data security procedures. Course dates coming soon…. Please register interest below and we will keep you updated. 

Keywords: [“GDPR”,”data”,”Conference”]

App devs bewildered by last-minute Google GDPR klaxon The Register

Roid developers are scrambling to change their apps after 11th hour privacy instructions from Google left them waiting on an SDK which still isn’t ready. On 4 May, just three weeks before the deadline for implementing GDPR, Google emailed developers who use its Admob advertising system that a new consent API was being rushed in – but wasn’t quite ready yet. In fact the official documentation, seen by us, advised devs not to test the API at all. It wasn’t clear when the consent message would appear, or what it would look like. This week Google clarified things – a bit – with an employee posting on the Admob forum. 

There will be three options on the consent dialog, a rep explained: 1) Personalised ads 2) Non-personalised ads or 3) Ad free. 

Keywords: [“consent”,”Google”,”ad”]

GDPR News Center News for 08-25-2018

General Data Protection Regulation

GDPR takes effect on May 25, 2018, replacing existing EU data protection law. It will affect all EU organizations as well as organizations outside of the EU that offer goods or services to, or process personal data of, EU data subjects. OpenX has been preparing for GDPR since the beginning of 2017. Our early leadership in data protection and compliance allowed us to implement Data Processing Agreements across our exchange in October 2017. We have also reviewed and revised our data security and data protection protocols and policies across the company to comply with GDPR’s requirements. 

As a publisher-focused exchange, we act as a data processor for our publishers and developers. OpenX is committed to helping you understand and prepare for the General Data Protection Regulation. Check out our resources below to stay up to date on EU privacy policies. 

Keywords: [“data”,”protection”,”GDPR”]

A major focus of GDPR is on conditions of consent which have been strengthened. So companies will not be able to use vague or confusing statements to get you to agree to give them data. Firms won’t be able to bundle consent for different things together either. Another rule will make it mandatory for companies to notify their data protection authority about a data breach within 72 hours of first becoming aware of it. When it comes to user data, consumers will have more control. 

You will be able to access the personal data being stored by companies and find out where and for what purpose it is being used. This means you can ask whoever is controlling your data to erase it and potentially stop third parties processing it too. Another provision of GDPR allows people to take their data and transfer it to a different service provider. 

Keywords: [“data”,”consent”,”able”]


This FAQ and the links within provide a general overview of the EU General Data Protection Regulation. It is not intended as and shall not be construed as legal advice. Citrix does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that customers or channel partners are in compliance with any law or regulation. Customers and channel partners are responsible for ensuring their own compliance with relevant laws and regulations, including GDPR. Customers and channel partners are responsible for interpreting themselves and/or obtaining advice of competent legal counsel with regard to any relevant laws and regulations applicable to them that may affect their operations and any actions they may need to take to comply with such laws and regulations. 

Keywords: [“Regulation”,”law”,”any”]

Senzing ER for GDPR Compliance: Discover the Missing Link Today

GDPR compliance is challenging organizations to respond quickly to data subject access requests. Senzing has developed a highly effective Single Subject Search solution to help companies reduce the costs, time and risks of answering data subject access requests. Senzing ER for GDPR offers a real-time solution for discovering Who is Who in your data. The vital first step every organization must take to become GDPR compliant. Without an effective way to quickly and reliably locate all citizen data, it will be difficult to become GDPR ready. 

Senzing ER for GDPR is an easy to use, effective and affordable Single Subject Search solution that enables you to manage search requests. Most EU companies aren’t ready for GDPR. Get the report with results from Senzing’s recent survey of more than 1,000 companies. 

Keywords: [“GDPR”,”Senzing”,”subject”]

GDPR Non-compliance Risks & Mitigation Strategies

ABOUT TRUSTARC. TrustArc powers privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management. The foundation for our solutions is the TrustArc Privacy Platform which provides a flexible, scalable, and secure way to manage privacy. Our technology platform, fortified through six years of operating experience across a wide range of industries and client use cases, along with our services, leverage deep privacy expertise and proven methodologies which we have continuously enhanced through thousands of client projects over the past two decades. Headquartered in San Francisco, and backed by a global team, we help over 1,000 clients worldwide demonstrate compliance, minimize risk, and build trust. 

Keywords: [“privacy”,”client”,”TrustArc”]


It comes into effect on May 25, 2018, bringing with it a host of new obligations for those companies, and new privacy rights for their end users. Processing data can mean many things, from collecting data to storing and using it. Organizations large and small that process the personal data of EU-based individuals are now preparing for the new regulation, and Evernote is no exception. We believe that GDPR complements our existing data protection policies and processes, giving us a solid foundation and helping us maintain a strong commitment to data privacy. To help guide our readiness initiatives, Evernote actively collaborates with privacy experts from the Center for Democracy and Technology and the Future of Privacy Forum. 

Evernote continues to be EU-US Privacy Shield and Swiss-US Privacy Shield certified. 

Keywords: [“Data”,”privacy”,”GDPR”]

EU GDPR: The Right to be Forgotten

The EU General Data Protection Regulation, a landmark piece of legislation that will strengthen and unify data protection for individuals in Europe and beyond, now has an enforcement date – May 25, 2018. More specifically, the law stipulates that organizations must adhere to customers’ ‘right to be forgotten. Individuals can request the deletion of data about them. Companies will only keep data long-term to comply with retention policies or other acceptable reasons. Individuals must provide explicit consent for data about them to be held and processed. 

Companies must be able to provide evidence of individuals providing this knowing consent. Use these resources to expand your knowledge of the upcoming General Data Protection Regulation, including information on the ‘right to be forgotten’ requirement. 

Keywords: [“Data”,”individuals”,”provide”]

GDPR News Center News for 08-24-2018

General Data Protection Regulation

Here you can find the official PDF of the Regulation 2016/679 as a neatly arranged website. All Articles of the GDPR are linked with suitable recitals. The European Data Protection Regulation will be applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe. If you find the page useful, feel free to support us by sharing the project. Quick Access Important Issues Chapter 1 – General provisions Chapter 2 – Principles Chapter 3 – Rights of the data subject Chapter 4 – Controller and processor Chapter 5 – Transfers of personal data to third countries or international organisations Chapter 6 – Independent supervisory authorities Chapter 7 – Cooperation and consistency Chapter 8 – Remedies, liability and penalties Chapter 9 – Provisions relating to specific processing situations Chapter 10 – Delegated acts and implementing acts Chapter 11 – Final provisions. 

Keywords: [“Chapter”,”Data”,”provisions”]

General Data Protection Regulation Compliance

Commvault software integrates backup, recovery and archiving in a way that creates a single searchable pool of all your structured and unstructured data, no matter where it’s located. By simplifying information governance, Commvault gives you the visibility and control you need to meet your GDPR obligations. Identify the presence of personal data in all data locations. Automate special handling of information with standard data policies Support the export and erasure of personal data from all data sources. Maintain an auditable chain of custody on an individual’s personal data. 

Understand data leakage risk and speed up data breach analysis. By eliminating the need for multiple point products to manage your data, Commvault software does more than just lay a foundation for GDPR compliance – it also helps you improve operational efficiency, gain business advantage and boost employee productivity. 

Keywords: [“data”,”personal”,”Commvault”]


The documents in this section are offered to help churches comply with the General Data Protection Regulation which comes into force on 25 May 2018. It cannot cover comprehensively everything that any church might ever do with data but churches following this guidance should be well on their way to compliance. You will have heard a lot of concern about the need to obtain consent from data subjects. There are legal bases for processing data, other than consent, which have been included in the template Data Privacy Statement, and wherever possible it is recommended that the need to obtain consent is avoided. If you wish to collect or process Special Category Data you will need to obtain consent. 

A template consent form is included for this purpose. Further guidance is still expected from the Information Commissioners Office and this guidance will be added to or amended as becomes necessary. 

Keywords: [“Data”,”consent”,”obtain”]

GDPR Readiness « Sabre

The European Union General Data Protection Regulation is a data privacy law effective May 25, 2018, and will apply to any company, such as Sabre, that processes data for EU residents, regardless of the business location, in the context of the activities of the establishment. Changing our systems, contracts and processes to comply with the GDPR. Creating communication channels for continual updates. Participating on industry forums to develop common solutions with industry partners. Our customer expectations Think about the data minimization requirements, and please don’t provide more personal data than is needed. 

Appropriately prioritize data subject requests to ensure deadlines are met. Please respond quickly to new GDPR-related contract amendments. If you initiate it, please limit the language to that required by law, so that it may be completed quickly. 

Keywords: [“Data”,”please”,”quickly”]


Update: GDPR-friendly forms are now available for all MailChimp users. No matter what type of business you have or where in the world you’re located, chances are that you’ve heard a lot lately about the EU’s new data privacy law, the GDPR. As General Counsel. Last Tuesday, we announced in an email to our customers that MailChimp is adding single opt-in as an option for email lists, and making it the default setting in new and existing lists starting October 31. We’ve made an important change for MailChimp users located in the European Union: If your primary contact address. 

If your business is based in the European Union or you have customers or contacts in the EU, then you have probably heard of the General Data Protection Regulation by now. In this article, we’re going to cover a few things to keep in mind as GDPR approaches and provide you with the. 

Keywords: [“MailChimp”,”contact”,”Union”]

R U GDPR Ready?

There will be two levels of fines based on the GDPR. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher. The potential fines are substantial and a good reason for companies to ensure compliance with the Regulation. The EU Parliament had requested for fines to reach €100 million or 5% of the company’s global annual turnover. 

The agreed fines are the compromise that was reached. Fines for infringements will be considered on a case-by-case basis and will take a number of criteria into consideration, such as the intentional nature of the infringement, how many subjects were affected and any previous infringements by the controller or processor. 

Keywords: [“fines”,”companies”,”infringement”]

GDPR News Center News for 08-13-2018

Analytics Platform

The General Data Protection Regulation is a regulation which strengthen and unify data protection for all individuals within the European Union. If you are processing personal data, you need to inform users at the point of the data collection with a clear privacy notice. The reasons why you are processing the personal data. If a visitor asks you to get access to her or his personal data, you have the responsibility to check her/his identity. Inform the data subject that you have properly deleted their personal data and ask for confirmation that they received your message. 

If you are presented with a request to rectify the data of a data subject, we recommend you to use the right to erasure instead. If for a specific reason you really need to exercise this right and you self host your Matomo, the only way is to access the Matomo database. A user has the right to ask to get a copy of their personal data. Send the data to the data subject if you are sure about their identity and ask them to confirm that they received it. A user has to be able to object to the processing of their personal data. 

Inform your visitors through a clear privacy notice whenever you’re collecting personal data. Make your team aware that you are using Matomo Analytics and what data is being collected by your analytics platform. Include Matomo in your data privacy impact assessment, if applicable. 

Keywords: [“data”,”Matomo”,”personal”]

Worried about GDPR? Just build radically private software

On May 25, the European Union will begin enforcing the General Data Protection Regulation, which requires companies to behave responsibly in their collection and management of personal data. While the general consensus agrees on the need for data privacy, only some companies have shifted away from speed and growth at all costs toward building software that respects user privacy. Acquire data progressively and only when you genuinely need it. Only collect data you have a need for and only do it when you have the need for it. Clearly state what you’ll be using the data for and how that benefits users. 

Radically private software means that if users don’t give informed consent, you can’t use their data at all. No more UI tricks like the button to give consent is big and red, while the button to withhold data is small and gray. Make opting out easy – and let users change their minds and take their data with them. A regulation requires banks to make customer account data available in easy-to-use formats so they can change banks more seamlessly. Enabling this sort of data portability is important in radically private software. 

It’s almost always possible to de-anonymize the data and trace individuals within it, so removing classic personal data such as names, addresses, and phone numbers is not enough. Communicate clearly with users about steps you’ll take if a data breach occurs. 

Keywords: [“Data”,”users”,”consent”]

GDPR Compliance Solutions & Services

The primary objectives of the GDPR are to give people more control over their personal data, to help protect personal data from the risk of loss, and to unify regulatory privacy and data requirements within the EU. It is vital that any organization who conducts business in the EU understands the overall design of the GDPR and why preparing their technology and processes now for this new legislation is so critical. Today’s technology is much different than it was 20 years ago. No one could have predicted how the Internet, smartphones and the widespread use of social media applications such as Facebook and Twitter could have global implications. As a Regulation, the GDPR enacts a uniform data security law across the EU. 

Each EU country will no longer need to pass their own legislation for data security; the GDPR will be the guiding law. EU countries can still regulate certain types of data such as health data. If you are currently doing business in the EU, you may already have privacy processes and procedures in place. To ensure that your business is GDPR compliant, it is essential that you review your consent policies and procedures to verify that these meet the new higher standards. PossibleNOW and our sister company, CompliancePoint, can help you determine your preparedness and then recommend appropriate solutions and services. 

Keywords: [“Data”,”GDPR”,”Regulation”]

Free-to-play game Loadout ending service in wake of GDPR regulation

The developer behind Loadout, a free-to-play title for PC and PlayStation 4, has announced that it will be shutting the game down for good later this month following issues with rising costs and new regulations in the EU. In a public post to the game’s community, the Edge of Reality team said that the upcoming General Data Protection Regulation guidelines for the European Union delivered one of the final blows the game, noting that the dev simply lacks the resources to update Loadout in a way that would make it GDPR compliant. GDPR regulation deals with how personal data is handled, particularly when that data is being exported outside of the EU. Though the regulations were adopted in 2016, GDPR is due to become enforceable after its two-year transition period ends on May 25, 2018. Loadout is just the latest game to shut down following the updated data protection regulations. 

Loadout’s developer notes that GDPR isn’t solely responsible for the team’s decision to shut down the game. The team notes that costs to keep the game up and running have been increasing, while Loadout’s revenue has been staying flat. The dev notes that the cloud-based service that the game was built on has also announced that it is ending service, possibly as a result of GDPR as well, and porting Loadout to a different service would be far too costly. 

Keywords: [“GDPR”,”game”,”Loadout”]

GDPR News Center News for 08-12-2018

Europe-based merchant accesses GDPR

The E.U.’s new data protection law goes into effect on May 25. The law – General Data Protection Regulation, or GDPR – is an insane set of regulations that make life difficult or even impossible for small businesses. Tell E.U. consumers who you are, what data you collect, why you collect the data, how long you intend to keep the data, and which third parties will receive it. Obtain consent from E.U. 

consumers before collecting any of their data – implied consent is not enough. Let E.U. consumers access their data, download their data, and delete their data. Inform E.U. consumers if a data breach has occurred. 

You must keep a record of which consumers reply with consent and delete the data of everyone else within a reasonable timescale. If you have already obtained permission from consumers to hold the data, all you have to do is tell them how to access, download, and delete it – with no need to wait for a reply. Analyze your site to determine the data you collect about a consumer and when you collect it. In the event of a data breach, you must inform all affected E.U. consumers within 72 hours. 

To minimize the risk of a data breach, keep your site current with all security patches. You have captured her data and, using the abandonment software, you have communicated with her. 

Keywords: [“data”,”consumer”,”delete”]

GDPR Compliance and WordPress Forms: Everything You Need to Know

We can speak with a high degree of certainty where data collection through your forms is concerned. At its core, the GDPR is a move towards enshrining control of your personal data as a fundamental human right. The GDPR gives EU citizens control of their digital data by empowering them with the right to know when personal data is being collected, what data is being collected, access to that data, and to purge it on request. In short, the GDPR is a data privacy regulation that modernizes and normalizes data privacy laws across Europe and applies to any organization collecting data on EU citizens. In technical terms, the GDPR applies to any processing of personal data by both controllers and processors of that data. 

GDPR compliance requires data subjects be granted certain rights. Forms exist to collect data offered by your visitors, guests, and members. Drop dead easy way to comply: if you don’t need a record of the data collected via your forms, then simply don’t store the data. Many of us use our forms expressly for the purpose of collecting data, and having a record of submissions is mission critical. Ninja Forms can collect and store data in 2 ways: submissions and email. 

What we’re about to cover here is applicable to both forms of stored data. GDPR compliance requires that you be reachable and responsive to user requests for data that you’ve collected on them either to view or delete. 

Keywords: [“data”,”form”,”GDPR”]

Managed Services & Cloud Computing Blog

A lot is changing in Europe and these changes will impact how MSPs deliver managed services in the future. The GDPR aims to keep as much European data within the confines of Europe, including the European cloud. There are two very real scenarios a non-European MSP should pay close attention to what is happening in Europe. First, The GDPR does not only apply to European MSPs. It applies to any MSP doing business in Europe. 

GDPR has a significant purpose in regulating data belonging to individuals. The GDPR for businesses is what MSPs need to be concerned with in the immediate future. While the GDPR does not license or tax MSPs, it does have significant authority to fine businesses for non-compliance. Here is a summary of what the GDPR does do to businesses, including MSPs. GDPR does. 

Managed services continues to grow globally, even in the face of the GDPR. The overall trend in managed services is becoming quite clear. European MSPs, in particular, will need to demonstrate things such as geolocation of data and geolocation of users with logical access to customer data. The GDPR will not make it more difficult to outsource to managed service providers. For those MSPs with solid transparency practices and good documentation of policies and procedures, their chances of reaping the vast rewards of cloud computing and managed services are very good indeed. 

Keywords: [“GDPR”,”MSP”,”European”]

GDPR consent examples and innovative methods to opt-in

Email marketing list growth is getting harder with GDPR consent and forthcoming ePrivacy regulation. Using the right method both GDPR consent compliance and continued strong email list growth are possible, as the test results and GDPR consent examples below show. Article 4(11) of GDPR sets a high bar for opt-in consent. Before I get into why and how to fix it with some GDPR consent examples, a little background is needed. Which is sufficient for marketing permission under PECR to customers is not sufficient for GDPR consent. 

Silent or soft opt-in is not acceptable for GDPR consent. To continue using soft opt-in for customers and email addresses provided during negotiation of a sale means considering use of legitimate interest rather than consent as the legal GDPR basis. The obvious implication is that getting valid GDPR consent will halve list growth. There is something better to get GDPR consent and opt-in. For prospects rather than customers there seems to be little alternative to consent using a positive action, valid GDPR consent. 

Using the no default choice approach to getting consent is also appropriate for marketing to people in Canada, as the requirement exists for explicit consent in CASL. As with GDPR, silent opt-in can’t be used to get CASL explicit consent. Using the above approach should give good results and be GDPR compliant in terms of consent capture. 

Keywords: [“consent”,”GDPR”,”opt-in”]

GDPR News Center News for 08-08-2018

GDPR: The Meetings View: Business Travel News

If you’re a travel manager with purview over meetings, get ready. Meetings are a different ball game when it comes to the European Union’s General Data Protection Regulation, which will be enforced beginning May 25. If you think that internal employees, by accepting a position with the company, implicitly consent to sharing of their data for corporate meetings purposes, you’ll be surprised to find out otherwise. If you think meetings hotels are data controllers and you can set those contracts on autopilot just like preferred transient properties, don’t relax just yet. We now have a call [almost] every week, and it’s mostly me saying that I thought of something else we need to address from a meetings standpoint. 

Scholar: Companies are doing what they need to do at a high level, but they often don’t understand the numerous interactions that take place for meetings and events. Meeting leaders are being asked to include GDPR compliance as part of their performance metrics. EY has different master service agreements for the transient program compared to meetings and events. It’s about educating the company that meetings are different. BTN: Let’s talk about some of these GDPR tools and how you envision them working as a meeting gets pushed through a technology-enabled process. 

If the company takes this route, we will have the tools to do it, with consent to be part of the meetings management process. Scholar: We’re never going to get 100 percent of our meetings in a technology, so the best thing you can do is to give a checklist on the things that must happen. 

Keywords: [“Meeting”,”Data”,”event”]

Implications of the GDPR for marketing in UK and Europe

Where marketing is concerned, this completely changes the way we think about handling data. Creating another purpose to use that information will need further consent from the data subject. In terms of marketing databases these will need to be cleansed and reviewed to ensure your organization can identify if consent has been granted lawfully and fairly, whether it is being used for explicit and legitimate purposes, what data has been collected, and the accuracy of that information. Consent plays a very big part in digital and direct marketing as the Data Controller and processor has to adhere to a clear set of boundaries which are demonstrated in the following text taken from the regulation. If we analyze the regulation with reference to consent there are definitely some clear guidelines that outline the dos and don’ts of gaining consent;. 

You must be able to demonstrate how the data subject has consented to the processing which means marketing must record how and who gave consent. The data subject must be able to withdraw consent at any time and it shall be as easy to withdraw consent as to give it. Consent should cover all processing activities carried out for the same purposes. If processing for multiple purposes consent should be given for all of those purposes. Consent should not be considered freely given if the data subject has no genuine or free choice. 

Silent consent, pre-ticked boxes or inactivity should not constitute consent. Then there is a physical action such as having an opt-in box so they can record how the data subject gave consent. 

Keywords: [“consent”,”data”,”purpose”]

Step-by-step GDPR guide for managers

Not easy to implement If data processing or data security isn’t your core product, this can be a tough nut to crack. The goal of GDPR: protect personal data of citizens of the European Union and regulate how it may be used. Especially in cases like leaking sensitive data or personal data stolen from your system. Things like cross-border data transfers, handling and securing personal data, transparency on why/how you handle data…. Example: You can only acquire personal data for legitimate reasons and have stated the exact purpose of handling personal data transparently. 

Data category affected The type of data that was affected. Suspending data transfers to parties within any third country or any international organisation. Demand to communicate a personal data breach to the data subject. Data processing which require regular and systematic monitoring of data subjects on a large scale or monitoring of individuals. There is an easy way to answer this question: if you find it hard to answer the remaining security questions in this GDPR guide below, it’s time to freshen up on understanding data security. 

Create a simple overview of all services your product is dependent on third-party data or you’re supplying them with data. If you did any serious modifications on your data layer, you’ll probably also need to change request or callbacks to your system. Congrats, you’ve made it to the end of this GDPR guide longread! I hope this GDPR guide helped you create more understanding and take the first steps to become complaint. 

Keywords: [“data”,”GDPR”,”any”]


The new General Data Protection Regulation of the EU will take effect on May 25th, 2018. The General Data Protection Regulation is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. Today, the field of data protection is regulated by each 28 EU member state’s own laws. Consent for personal data to be shared and processed. Personal data may not be shared or processed without the explicit consent of the data subject. 

Data subject must be advised exactly and plainly on what data will be collected and how it will be used. Consent will be required for all processed or stored data, including systems already in place. Organisations will have to work out a way to gain consent which is fair, lawful and allowed. Appoint reprezentative inside EU. Review data collection procedures. 

Create data protection awareness program for employees. Moving data outside the EU. Of course these are only the maximal possible fines, their enforcement will be proprotionate. In general, they expect the companies to map what data they have, check if their processing is fair, lawful and allowed, remove any unneded data, create a procedure for consent handling, recognize the rights granted to individuals, create risk assasment from the data subject’s perspective, reduce risks, have incident response plan, host security awareness trainings for employees; finally, do all this before May 25th, 2018. 

Keywords: [“Data”,”Consent”,”Protection”]

GDPR News Center News for 08-05-2018

GDPR Readiness Center

The EU General Data Protection Regulation will apply directly in all EU member states on May 25, 2018, giving companies less than a year to comply. The GDPR imposes far-reaching obligations for companies in the EU that collect, use, or otherwise process personal information. While the GDPR is pan-European in scope, individual Member States will be issuing implementation guidelines and in some areas more detailed rules. We are closely monitoring all developments related to local implementation on behalf of our clients and are making them available here so that you can track them as well. With possible penalties of up to €20 million or 4% of global annual revenue for non-compliance, companies cannot afford to turn a blind eye. 

Morrison & Foerster’s global Privacy + Data Security team has extensive experience advising companies across industries in all phases of GDPR preparedness. Explore our readiness center as you continue to assess your obligations and chart a roadmap to compliance. We would be delighted to speak with you if we can assist. Download MoFo’s two-page reference guide for key dates, obligations, and considerations as you execute your readiness plan. Track the status of Member State implementation and access the text of the implementation acts using our clickable map. 

The data protection authorities of several EU member states have issued local guidance on GDPR implementation and other resources to help organizations in their preparedness efforts. Germany became the first EU Member State to pass a law implementing the GDPR. Read our analysis of the German law and access its full text here. 

Keywords: [“GDPR”,”implementation”,”member”]

GDPR: Are you ready for the EU’s huge data privacy shake-up?

The General Data Protection Regulation, which comes into force on 25 May, will be the biggest shake-up to data privacy in 20 years. A slew of recent high-profile breaches has brought the issue of data security to public attention. Claims surfaced last month that the political consultancy Cambridge Analytica used data harvested from millions of Facebook users without their consent. People are increasingly realising that their personal data is not just valuable to them, but hugely valuable to others. The growth of technology and electronic communication means that every day, almost every hour, we share our personal data with a huge number of organisations including shops, hospitals, banks and charities. 

That data often ends up in the hands of marketing companies, analysts and fraudsters. Now the law on data protection is about to catch up with technological changes. They will also have to use data minimisation techniques, including pseudonymisation – a technique that replaces some identifiers with fictitious entries to protect people’s privacy. These come from companies who have managed to get hold of our personal data without our knowledge or consent. Most public authorities and organisations that monitor and track behaviour must appoint a data protection officer. 

All of which means that the GDPR should make our personal data safer and less easily obtained by those we don’t want to have it. There are probably two reasons for this: first, if the UK watered down its data protection laws after Brexit, this might result in other Europeans treating the country as a pariah state, which would have an impact on trade. 

Keywords: [“data”,”company”,”consent”]

Best Practices for GDPR and File Transfer

It will apply to any non-EU businesses that handle the data of EU citizens in Union. This means that the biggest cloud and social media companies such as Google, Facebook, Twitter, Microsoft, Apple, will be required to comply with the regulations. The first draft of the regulation was published by the European Commission in 2012. It is hoped that a final agreement will be reached by the end of 2015. That will then usher in the two-year period before which the GDPR comes into force, meaning it should-in theory-be applicable across the 28 member states by the end of 2017. 

That applies both to data gathered after the implementation of the regulation and-crucially-data that’s already held. Best Practice: All existing data will have to be audited to make sure it complies with the new standard. The current draft of the regulation requires any organisation suffering a breach to notify it within 72 hours to the Data Protection Authority and anyone affected by a breach. Best Practice: Organisations worldwide would be required by GDPR to notify EU citizens of any data breach within 72 hours. Penalties The current proposal is for fines of up to €1m or 2 percent of global turnover, depending on the seriousness of the breach. 

It’s critical that organisations use the next two years to really get to know their own data landscape, to identify areas that need attention and to identify the technologies and service providers that can help them be ready for the day the new regime comes into force. Ipswitch’s MOVEit Managed File Transfer offers secure and reliable transfer of sensitive data among and between business partners. 

Keywords: [“Data”,”Regulation”,”any”]

Topic: GDPR compliance ·

I’m not sure that specific field will be added to core but I’m sure a plugin will be easy to build. One more plugin, it is an additional risk of having incompatibilities, slower site, an obsolete version after 2 years. BuddyPress does not save any data related to IP address inside cookies. If you are using Akismet plugin for spam protection for BuddyPress, they will check logged in member IP address to cross check with their spammer’s database log, again that’s not the BuddyPress thing. The problem is that BuddyPress has so many 3rd party extensions that building a GDPR compliant community is virtually impossible. 

You use BuddyPress, plus some plugin for photos, other for location, another for videos etc. Even if BuddyPress will be GDPR compliant without those other plugins also hooking into it you CAN NOT assure that users can download all their data. Erictracz BuddyPress will also be ready with GDPR compliance in coming updates. For 3rd party plugin concern, Site owners are ultimately responsible for the all the plugins they are using at their site, and they also have to understand the functionality of each plugin including their data collection and storage methods before using them. Regarding 3rd party BuddyPress developers, after BuddyPress GDPR compliance release they can update their plugins to hook all user specific data at BuddyPress option which allow users to delete themselves. 

Hdcms You can create a profile fields with terms & condition or take a look at plugin. Asked to integrate it in next version of buddypress. 

Keywords: [“plugin”,”buddypress”,”data”]

GDPR News Center News for 07-31-2018

How to get GDPR compliant with Microsoft – TechNet UK Blog

When the EU’s GDPR is introduced this year, the bar for data privacy protection in the UK will be raised. For thousands of businesses GDPR highlights daunting issues of compliance. The May 25, 2018, deadline for GDPR compliance is drawing closer but many businesses, including some Microsoft Partners and customers, are unsure where to begin. Microsoft has released a set of assets that will help businesses and Microsoft partners achieve GDPR compliance. You’ll also get detailed guidance on how GDPR will affect your business, including the supporting Microsoft technologies and features that could be leveraged to help achieve compliance. 

Partners can also download the accompanying GDPR Detailed Assessment, intended to be used by Microsoft partners to assist customers in assessing their journey to GDPR readiness. The GDPR Detailed Assessment is also accompanied by supporting materials to assist partners in facilitating customer GDPR assessments. Microsoft has also introduced a GDPR product demo for Microsoft 365 Enterprise, showcasing features for GDPR compliance. The fundamental goal of this project is to show how businesses can use Microsoft technology, like SharePoint, Office UI Fabric and Office 365, to easily build GDPR solutions. There are also a wealth of resources that support Microsoft partners in making the most of GDPR as a market opportunity. 

Prepare for GDPR. Microsoft is committed to helping customers achieve GDPR compliance and have committed that their technology will be GDPR compliant by May 2018. Whilst Microsoft does not provide any GDPR specific training, organisations that need to also skill up their employees can turn to third-party training providers for GDPR training. 

Keywords: [“GDPR”,”Microsoft”,”compliance”]

Smartsheet Prepares for GDPR

We take very seriously the need to keep the personal data that customers entrust to Smartsheet private and secure. As the European Union seeks to further strengthen EU residents’ privacy rights with the General Data Protection Regulation, we are working to ensure our compliance in advance of the GDPR May 2018 effective date. The GDPR legislation is designed to give EU residents more control over and information about the use of their personal data across digital platforms. To ensure our compliance with the GDPR standards as of its effective date, we are undergoing the process of reviewing and, where necessary, updating our current policies and practices. Today I wanted to share some information about our current practices and our plans related to GDPR compliance. 

Similar to the Data Protection Directive, the GDPR requires that an adequate transfer mechanism be in place in order to facilitate the transfer of personal data from the EU to the United States. To enable our EU customers to meet this requirement, Smartsheet self-certifies under the EU-US Privacy Shield and the Swiss-US Privacy Shield. That’s why we protect all customer data with a rigorous combination of infrastructure and procedures. Smartsheet was built with strict security requirements and protocols to ensure the security your data. Here at Smartsheet, we value our customers’ privacy and respect each person’s interest in knowing how their personal data is collected and used. 

As I mentioned previously, we are undergoing the process of updating our current policies and practices to ensure compliance with the GDPR standards as of its May 25, 2018 effective date. For the latest information on Smartsheet and GDPR, please visit this page. 

Keywords: [“GDPR”,”data”,”privacy”]

GDPR – Essentiamail

If you’ve any questions about email marketing and GDPR, or if you’ve any general queries about the legislation, please do feel free to call us – we’d be happy to have a chat. Either way, it will have implications for the way companies conduct their marketing and interact with customers and prospects. The only change that is likely to affect B2B marketers is for those that market to sole traders and partnerships. For sole traders and partnerships, the rules that apply to B2C will apply to B2B marketers. In order to send email or text marketing messages to a sole trader for example, you would need their express opted-in consent. 

If you are emailing or texting a marketing message to an individual employee of a corporate, a limited company, a LLP, partnerships in Scotland or a government body you do not need them to opt-in. Essentially, if you are marketing to individuals or companies by telephone or direct mail, you do not need prior consent. No matter what channel you use for marketing, or who you are marketing to, the information on the ICO website stipulates that content must be about products or services that are relevant to that individual’s job role. It would be acceptable to keep only the amount of data necessary to suppress that person from receiving any further marketing messages. Proof of consent – The GDPR states that it is down to the company from whom the marketing messages come to prove that consent was obtained. 

Not only is it necessary for compliance with the law, it makes good marketing sense to use data that is up to date, compliant, and from a reliable source. If any of these factors are in doubt, the results of your marketing campaigns are likely to suffer as a direct result. 

Keywords: [“marketing”,”consent”,”GDPR”]

GDPR News Center News for 07-22-2018

GDPR Explained: What are the Technical Security Requirements?

The upcoming GDPR will bring substantial changes to how organizations process personal data. Every time we buy a product online, pay our taxes or use a service, we have to hand over some of our personal data. Clearly, cyber theft of the data exposes us to significant personal risks. Data Subject RightsTo be informed about processing of the personal data, to have access to the data, to be forgotten, to be notified about a data breach, and so on. The rights along with privacy principles dictate the implementation of security controls and managing personal data lifecycle. 

Data Protection Impact AssessmentDPIA includes such tasks as identification of data flows, evaluation of security controls, assessing effects of a presumed data breach and mitigating privacy risks. The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing… Data Breach NotificationOrganizations shall monitor access to personal data and effectiveness of security controls in order to detect data breaches in their systems. That means to identify personal data processed in the system, find users having access to the data, evaluate security controls, and identify risks to data subjects in case of the data breach. 

The second step is mitigating identified risks: restrict access to personal data, implement security controls, and configure blocking and erasing rules for personal data. We have to monitor access to personal data, detect ongoing cyberattacks, and prepare incident response plans. It’s noteworthy, that GDPR in many different ways requires monitoring access to the data and effectiveness of security controls. 

Keywords: [“data”,”personal”,”GDPR”]

Is Your Nonprofit Ready for GDPR?

The new EU data protection law, the General Data Protection Regulation comes into force on May 25th and it brings with it an entirely new set of rules that nonprofits world-wide – not just in the European Union – will have to abide by. If your nonprofit has even one constituent in the European Union, this regulation is something you need to be aware of and comply with. If your organization hasn’t talked to expert counsel to be prepared for GDPR compliance, there’s no time to lose at this point. Some key things to know It doesn’t matter that your nonprofit isn’t in the EU. The GDPR covers privacy as it relates to individuals resident in the European Union, but companies and nonprofits everywhere in the world must be in compliance. 

Even if your organization is based in the US or Canada, if you have any kind of constituent living in the EU, then your organization must be in compliance. The data doesn’t have to be strictly private or confidential. Your nonprofit may need to hire a designated data protection officer. If your nonprofit already has a HIPAA compliance officer, that person would be a logical choice for this added role. EU residents will have the right, among other things, to control how you collect and use their data. 

Take some first steps: Your organization’s leadership should confer with your nonprofit’s legal counsel about your responsibilities to abide by GDPR. Talk to colleagues at organizations like yours and find out what they’re doing. EUROPEAN COMMISSION. The EC has published its own webpage with information about the Regulation and data protection, with a library of white papers, guides, and further information links. INSTITUTE OF FUNDRAISING. 

The IoF has put together a series of helpful guides and events to help nonprofits prepare for when GDPR takes effect. 

Keywords: [“data”,”organization”,”nonprofit”]

How GDPR Impacts Marketers: What You Need to Know

In this article, you’ll find a plain-language overview of GDPR, how it could impact your data collection, and what you need to do to make sure you’re compliant before May 25, 2018. A non-EU-based business must comply with the GDPR if it collects or processes personal data of any EU resident. GDPR may require significant changes in how a company discloses and obtains consent to collect personal data. Explain why the entity wants the data and what it will do with the data. Individuals have a right to access their data, which means the right to know where, why, and how their data is processed. 

Under GDPR, a company may not collect personal data of anyone under 16 without parental consent. For many social media marketers, there are many questions about whether compliance is necessary for companies outside of the EU. However, non-EU companies must comply with GDPR if: 1) they collect or process personal data of any EU resident, or 2) the company’s activities relate to offering goods or services to EU citizens, regardless of whether payment is required. Any non-EU-based business must comply with the GDPR if it collects or processes personal data. After you’ve determined what personal information you collect or process, obtain explicit consent, described above, for each reason you collect such data. 

If you still aren’t sure exactly what personal data you may be collecting, here are a few examples that are common for social media marketers, along with some tips on how to stay compliant for each. If you have ads on your website from a third-party ad server, upon entering your site, users should immediately consent to your use of a third-party server that collects user data for advertising and marketing purposes. GDPR Personal Data Reports: generates a personal data report for users invoking their Right of Access. 

Keywords: [“data”,”consent”,”personal”]