GDPR News Center News for 10-18-2018

Chargebee’s GDPR Commitment

The EU’s General Data Protection Regulation was a much-needed push to bring them to the center. The core of Chargebee’s internal operations underpins protecting the personal data of our customers. Create a data retention policy and have an automated process in place to adhere to the same – Completed. Chargebee recognizes its responsibilities as a data controller towards its customers. Detailed out below are all the steps we have taken towards fulfilling all legal obligations under GDPR, as a data controller. 

Data Categorization and Analysis We have carried out a detailed data mapping exercise to track the flow of personal data through our systems. Data Retention We have established an automated data retention mechanism. The only data retained by us will be that which is needed from a compliance and legal standpoint, like invoices, subscription information, audit logs, etc… This is a conscious effort on our part to avoid storing and processing any customer data beyond the necessary period. We have a data processing addendum for our customers, that incorporates our GDPR principles. 

In addition to making Chargebee GDPR compliant, we wanted to help our customers leverage Chargebee to become GDPR compliant as well, without having to break a sweat. We have charted out a plan that will help merchants handle their customers’ PII data when a customer cancels their subscription with the merchant. While this is only the first step towards our commitment to help you handle the requirements of data privacy and protection, we are continuing to explore other features in the context of GDPR and data security. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.chargebee.com/security/gdpr

Chargebee’s GDPR Commitment

The EU’s General Data Protection Regulation was a much-needed push to bring them to the center. The core of Chargebee’s internal operations underpins protecting the personal data of our customers. Create a data retention policy and have an automated process in place to adhere to the same – Completed. Chargebee recognizes its responsibilities as a data controller towards its customers. Detailed out below are all the steps we have taken towards fulfilling all legal obligations under GDPR, as a data controller. 

Data Categorization and Analysis We have carried out a detailed data mapping exercise to track the flow of personal data through our systems. Data Retention We have established an automated data retention mechanism. The only data retained by us will be that which is needed from a compliance and legal standpoint, like invoices, subscription information, audit logs, etc… This is a conscious effort on our part to avoid storing and processing any customer data beyond the necessary period. We have a data processing addendum for our customers, that incorporates our GDPR principles. 

In addition to making Chargebee GDPR compliant, we wanted to help our customers leverage Chargebee to become GDPR compliant as well, without having to break a sweat. We have charted out a plan that will help merchants handle their customers’ PII data when a customer cancels their subscription with the merchant. While this is only the first step towards our commitment to help you handle the requirements of data privacy and protection, we are continuing to explore other features in the context of GDPR and data security. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.chargebee.com/security/gdpr

The Ultimate Guide to WordPress and GDPR Compliance

We have received dozens of emails from users asking us to explain GDPR in plain English and share tips on how to make your WordPress site GDPR compliant. Yes, as of WordPress 4.9.6, the WordPress core software is GDPR compliant. WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site. Here’s a step by step guide on how to add a GDPR comment privacy checkbox in your WordPress theme. 

Depending on which WordPress plugins you are using on your website, you would need to act accordingly to make sure that your website is GDPR compliant. WPForms, the contact form plugin we use on WPBeginner, has added several GDPR enhancements to make it easy for you to add a GDPR consent field, disable user cookies, disable user IP collection, and disable entries with a single click. If you’re using WooCommerce, the most popular eCommerce plugin for WordPress, then you need to make sure your website is in compliance with GDPR. The WooCommerce team has prepared a comprehensive guide for store owners to help them be GDPR compliant. There are several WordPress plugins that can help automate some aspects of GDPR compliance for you. 

Beware of any WordPress plugin that claims to offer 100% GDPR compliance. We will continue to monitor the plugin ecosystem to see if any other WordPress plugin stands out and offer substantial GDPR compliance features. We hope this article helped you learn about WordPress and GDPR compliance. 

Keywords: [“GDPR”,”Data”,”WordPress”]
Source: https://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know/

The Ultimate Guide to WordPress and GDPR Compliance

We have received dozens of emails from users asking us to explain GDPR in plain English and share tips on how to make your WordPress site GDPR compliant. Yes, as of WordPress 4.9.6, the WordPress core software is GDPR compliant. WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site. Here’s a step by step guide on how to add a GDPR comment privacy checkbox in your WordPress theme. 

Depending on which WordPress plugins you are using on your website, you would need to act accordingly to make sure that your website is GDPR compliant. WPForms, the contact form plugin we use on WPBeginner, has added several GDPR enhancements to make it easy for you to add a GDPR consent field, disable user cookies, disable user IP collection, and disable entries with a single click. If you’re using WooCommerce, the most popular eCommerce plugin for WordPress, then you need to make sure your website is in compliance with GDPR. The WooCommerce team has prepared a comprehensive guide for store owners to help them be GDPR compliant. There are several WordPress plugins that can help automate some aspects of GDPR compliance for you. 

Beware of any WordPress plugin that claims to offer 100% GDPR compliance. We will continue to monitor the plugin ecosystem to see if any other WordPress plugin stands out and offer substantial GDPR compliance features. We hope this article helped you learn about WordPress and GDPR compliance. 

Keywords: [“GDPR”,”Data”,”WordPress”]
Source: https://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know/

GDPR News Center News for 10-16-2018

Official Statement: EU GDPR Compliance

The protection of private information is fundamental to the trust Zoom users have given us when choosing our service. Zoom’s products now feature an explicit consent mechanism for EU users. Users that are detected via IP address as coming from a EU member state, upon their first visit to the zoom. Us website, will be presented with a cookie-pop up box that allows cookie preferences to be set. These cookie preferences can also be changed at any time in the future by visiting the cookie preferences link at the footer of any page on our website. 

EU users can opt-in to communications from Zoom when registering for Zoom-hosted webinars or downloading whitepapers from our website. We have appointed a Data Protection Officer, Kari Zeni, who is an expert on GDPR compliance topics. Zoom has entered into Data Protection Agreements with our vendors to ensure that the privacy and security of our customer data is protected. Zoom’s DPA has been thoroughly vetted to comply with all GDPR and other privacy and security-related requirements, has been drafted to clearly and accurately describe the manner in which Zoom consistently provides its service to all of its customers, and is consistent with the security program on which Zoom’s annual SOC2 third-party audit is premised. To be more transparent and have developed a cookie policy that describes the purpose of the cookies that Zoom uses. 

In addition to the privacy training that all Zoom employees receive during on-boarding and annually thereafter, employees with roles that are customer facing have been trained on GDPR and how it impacts their roles. GDPR empowers data subjects with certain rights to help assure the privacy and protection of their personal data. 

Keywords: [“Zoom”,”cookie”,”users”]
Source: https://support.zoom.us/hc/en-us/articles/360000126326-Official-Statement-EU-GDPR-Compliance

General Data Protection Regulation Compliance

On May 25, 2018, the General Data Protection Regulation replaced the Data Protection Directive that had been law across the European Union for the past 20 years. GDPR impacts any business that operates or collects data in or from Europe. We see GDPR as affording us yet another opportunity to continue our tradition of protecting and giving you more control over both your organizational and personal data. Multiple data centers to guarantee a secure and highly available service at scale. Our new Privacy Basics page gives you a snapshot of how we handle personal information and data, while the page design makes it easy for you to find the exact areas of our policies that concern you. 

We also offer various options on data processing terms for customers, depending on the plan or package you have selected. If you’ve purchased your plan via our website, you can access our data processing addendum here. We empower all of our customers to control their data through their account. As long as your account is active, you have full control over the specific types of data, and length of time you hold such data. We honour all deletions from an account, and all account data which has been expunged by you is permanently deleted from our back-ups within 90 days. 

We’re aware that many of our customers with EU users and EU affiliates would prefer that their data be hosted in the EU. To address this, we are actively engaged in building a data centre in the EU. Updates on when this data storage option will be available for customers will be provided through our website. Manage your company’s data with advanced security and control, so you can enable your teams to share and collaborate safely. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.surveymonkey.com/mp/gdpr/

GDPR for Microsoft Dynamics 365

Microsoft Dynamics 365 is committed to helping our customers meet their GDPR requirements. In this topic, you will find information and several resources to help you understand how Microsoft Dynamics supports the GDPR, and how we provide the information and tools that our customers need in order to define and support their GDPR obligations. The following white papers provide an overview of the GDPR for Dynamics 365 applications and services. What GDPR means for your business applications: the IDC analyst’s view. The GDPR grants individuals certain rights in connection with the processing of their personal data. 

DSRs on the Service Trust Portal – You can find information about what the GDPR requires of controllers and processors when you respond to DSRs, and how Microsoft enables you to do so. Compliance Manager is a cross-Microsoft cloud services solution that is designed to help organizations meet complex compliance obligations like the GDPR. It does real-time risk assessment that reflects your compliance posture against data protection regulations when you use Microsoft cloud services. Hear from Microsoft about how we support the GDPR, and learn how we are helping our Microsoft Dynamics customers support their GDPR requirements. Hear from Microsoft about the GDPR, what it means to our customers, and what it means to us as a corporation. 

Microsoft’s commitment to GDPR, privacy and putting customers in control of their own data, May 21, 2018, Julie Brill – Corporate Vice President and Deputy General Counsel, Microsoft. Essential Dynamics 365 resources to help you with GDPR compliance, May 14, 2018. Get deeper knowledge about Microsoft, the GDPR, and our own GDPR journey. 

Keywords: [“GDPR”,”compliance”,”Microsoft”]
Source: https://docs.microsoft.com/en-us/dynamics365/get-started/gdpr/

GDPR News Center News for 10-14-2018

No one’s ready for GDPR

The General Data Protection Regulation will go into effect on May 25th, and no one is ready – not the companies and not even the regulators. In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. When broken down by industry, 60 percent of tech companies said they weren’t ready. GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches to transparency for users about what data is being collected and why. Perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. 

A year ago, 61 percent of companies had not even started GDPR implementation. It’s not a pleasant position to be in, because GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. Because much of GDPR is ambiguous, how it will work in practice is up to what regulators do with it. Another GDPR provision that might strain regulatory resources is the data breach notification requirement. 

Regulators may not be ready to audit a company’s security or figure out exactly what to do to protect EU residents affected by the breach. GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. 

Keywords: [“company”,”GDPR”,”Data”]
Source: https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu

No one’s ready for GDPR

The General Data Protection Regulation will go into effect on May 25th, and no one is ready – not the companies and not even the regulators. In today’s meeting with the European Parliament, Mark Zuckerberg said Facebook would be GDPR compliant by the deadline, but if so, the company would be in the minority. When broken down by industry, 60 percent of tech companies said they weren’t ready. GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches to transparency for users about what data is being collected and why. Perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. 

A year ago, 61 percent of companies had not even started GDPR implementation. It’s not a pleasant position to be in, because GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. Because much of GDPR is ambiguous, how it will work in practice is up to what regulators do with it. Another GDPR provision that might strain regulatory resources is the data breach notification requirement. 

Regulators may not be ready to audit a company’s security or figure out exactly what to do to protect EU residents affected by the breach. GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. 

Keywords: [“company”,”GDPR”,”Data”]
Source: https://www.theverge.com/2018/5/22/17378688/gdpr-general-data-protection-regulation-eu

How marketers are navigating GDPR compliance creatively

With GDPR finally enforced, marketers are now legally bound to handle, process and store personal data much more securely and transparently. Interestingly, GDPR has led to a cultural split in businesses. Marketo published a report revealing that GDPR has produced two ‘tribes’. On the other hand, there’s legal-first, which is the group of senders who have focused almost exclusively on the process and compliance aspects of GDPR, without considering the opportunity it presents. For marketing-first senders GDPR provided an opportunity to refresh consent using a variety of engaging approaches, capturing consumer attention and imagination, while also achieving/maintaining compliance with the new requirements. 

Teaching customers GDPR. Another way marketers have engaged with consumers is by presenting GDPR as a customer service benefit. By providing this compliance information in a clear and concise way, marketers have created interest in GDPR by presenting the new laws through a positive lens. Lloyds Bank took this opportunity to educate its email subscribers, setting out the parameters and requirements of the GDPR in layman’s terms that were easy for the audience to understand. As previously mentioned, GDPR is also challenging data controllers to be clear and concise. 

Although GDPR is a serious topic, it doesn’t mean senders suddenly need to adopt a stoic tone – the messages can still be conveyed in a way their subscribers know – and even expect – of their brand, and this will have an impact on success. GDPR is clear that consent must be freely given, and data controllers should avoid making consent a precondition of a service. Take a look at all Econsultancy’s GDPR resources, including a guide for marketers and online and face-to-face training courses. 

Keywords: [“GDPR”,”customer”,”data”]
Source: https://econsultancy.com/how-marketers-are-navigating-gdpr-compliance-creatively/

GDPR News Center News for 10-10-2018

Mixpanel Help Center

Mixpanel strongly believes that customers should be able to control their data and trust that information is protected when stored in its servers. To support this, Mixpanel holds itself to strict data security and privacy standards, including compliance with the General Data Protection Regulation. Any Mixpanel account holder will be able to request an export of one’s own personal data, as well as the personal data of their own end-users. Our customers control what data is sent to Mixpanel, and may decide to halt the sending of personal data at any time. To the collection of one’s personal data, Mixpanel also has built dedicated methods for our client-side SDKs that can be used to opt end users out of tracking. 

Mixpanel collects information about how customers use the product, and uses this data to identify product gaps and improve existing products. See the information below for more details about the safeguards that Mixpanel puts in place to protect customer data. As processors of its customers’ data and to protect the privacy of information it stores, Mixpanel holds data no longer than is needed to provide its services. To further support this, Mixpanel is implementing a data retention policy starting May 25th:. Events received over 5 years ago are automatically deleted on an ongoing basis from all projects. 

Deleting a project through the Project Settings triggers a soft deletion, and the data in the deleted or reset project will remain stored in Mixpanel according to event and people data retention policies. Custom data retention windows can be set for people data by sending regular deletion requests to the Engage API. For more questions about setting custom data retention windows, contact our support team. Mixpanel has a dedicated Data Protection Officer, along with a team of privacy and security professionals dedicated to our compliance and to helping you maintain your compliance when using Mixpanel. 

Keywords: [“data”,”Mixpanel”,”customer”]
Source: https://help.mixpanel.com/hc/en-us/articles/360000345423-GDPR-Compliance

SiteGround is now GDPR Compliant

Over a year ago, SiteGround began the important task of preparing for the General Data Protection Regulation – a new law designed to protect the personal data and privacy of EU residents. The regulation aims to make personal data processing more transparent and to give people more control over their data. Our Data Processing Agreement, which regulates our responsibilities as a host, thus allowing our clients to have GDPR compliant sites themselves, if they need to. The first thing you need to know is that we collect the minimum data needed to provide our stellar service. To provide all services around your hosting account we share some of your data with external providers like domain registrars, SSL providers, and content delivery network providers. 

As a hosting provider we also have responsibilities as a data processor. This means that when our customers use our services to store any personal data on SiteGround servers, we are required by the GDPR to meet some criteria for handling this data too. The DPA puts in writing our obligation to access any data that our customers store on our servers only to the extent needed to provide our services and to make sure only employees that are directly involved with the provision of the service have access to it.3. Sometimes our partnering companies need access to the data uploaded on our servers so that we can provide our service. We provide access only to partners that have same or higher level of data protection as the one we guarantee you through our DPA.4. 

Our DPA responsibilities include timely disclosure by SiteGround, if a personal data breach is detected by us to have happened on the servers used by our clients. Also if SiteGround receives a request by an individual, using a website hosted on our servers, to exercise one of the personal data rights outlined in the GDPR, we’ll redirect them to the site owner. 

Keywords: [“Data”,”provide”,”GDPR”]
Source: https://www.siteground.com/blog/siteground-is-gdpr-compliant/

SiteGround is now GDPR Compliant

Over a year ago, SiteGround began the important task of preparing for the General Data Protection Regulation – a new law designed to protect the personal data and privacy of EU residents. The regulation aims to make personal data processing more transparent and to give people more control over their data. Our Data Processing Agreement, which regulates our responsibilities as a host, thus allowing our clients to have GDPR compliant sites themselves, if they need to. The first thing you need to know is that we collect the minimum data needed to provide our stellar service. To provide all services around your hosting account we share some of your data with external providers like domain registrars, SSL providers, and content delivery network providers. 

As a hosting provider we also have responsibilities as a data processor. This means that when our customers use our services to store any personal data on SiteGround servers, we are required by the GDPR to meet some criteria for handling this data too. The DPA puts in writing our obligation to access any data that our customers store on our servers only to the extent needed to provide our services and to make sure only employees that are directly involved with the provision of the service have access to it.3. Sometimes our partnering companies need access to the data uploaded on our servers so that we can provide our service. We provide access only to partners that have same or higher level of data protection as the one we guarantee you through our DPA.4. 

Our DPA responsibilities include timely disclosure by SiteGround, if a personal data breach is detected by us to have happened on the servers used by our clients. Also if SiteGround receives a request by an individual, using a website hosted on our servers, to exercise one of the personal data rights outlined in the GDPR, we’ll redirect them to the site owner. 

Keywords: [“Data”,”provide”,”GDPR”]
Source: https://www.siteground.com/blog/siteground-is-gdpr-compliant/

GDPR News Center News for 10-09-2018

GDPR, The Checklist For Compliance

With the General Data Protection Regulation arriving within weeks, businesses are now in the final sprint to achieve compliance before the May 25 deadline. As most people know by now, GDPR is a global data protection law passed by the European Union that shifts the ownership of customer data from the organizations that use it to the individual customer. This new regulation not only applies to European businesses that work with the customer data of EU citizens – it applies to any entities that work with said businesses as well, thus making GDPR a global data protection law. With Facebook’s recent misuse of its customer data, all eyes are on the proper protection of customers’ private information. Your data protection officer is your point person to ensure GDPR compliance. 

If your company stores personal data in permanent storage, you’ll need to perform a data protection impact assessment before each project that involves such personal data. Despite all of your preparations, data breaches will remain a substantial risk to not only your business and your compliance to GDPR but to the privacy and trust of your customers. In the event of a data breach, GDPR requires businesses to notify local data protection authorities of the breach within 72 hours of discovery. GDPR supports the data minimalization principle, requiring companies to only use and keep the personal data that is needed at any given time for any given purpose. Companies must then remove all traces of the customer data from its repositories, as well as any other repositories downstream where the data may have been shared and stored. 

While it will take more time than a few weeks to achieve full GDPR compliance, there is still time for companies to get started on the right foot with protecting their customer data for the long run. Now more than ever, the protection of customer data and privacy has global attention, and the world with GDPR will be a proving ground for companies to regain and maintain the trust of their customers. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.forbes.com/sites/forbestechcouncil/2018/06/04/gdpr-the-checklist-for-compliance/

Our GDPR Compliance Plan

All our customers need to agree to revised data protection terms to reflect the change from the Data Protection Act to General Data Protection Regulation. Where customers are processing personal data with GBG, as this is against third party data sources, we are asking our customers to advise us on the lawful processing condition for using our products/services. Consent is changing to be more explicit/transparent so at the point of data collection, the individual will need to be informed exactly how their data will be used and who it will be shared with. Consent can be selected by our customer who is asking us to process data on their behalf, as they will hold the first party consent and will have advised their consumer as to how their data will be processed in their privacy notice. Kate leads the Privacy and Data Compliance Team, where each Compliance Manager has a core focus on the products GBG deliver, helping embed data privacy into operations whilst also monitoring activity on an ongoing basis. 

We know what data we have, where it’s held, how we access it, the classification of the data, records for transfer and flow charts to show how it moves between systems, processes and countries. Due diligence prior to working with a third party is key to ensure data has been gathered lawfully, and to ensure any data we share will be secure. We have over 200 data partners globally, who need to comply with applicable data protection regulations. Depending on where the data partners is in the world, and what data they process, GDPR compliance may not be relevant. 33 states as data processor, GBG’s obligation is to notify data controllers without undue delay after becoming aware of it. We’re regularly audited by external third parties – our customers, our data partners and external bodies, such as IESB when reviewing our ISO27001 status or PCI:DSS compliance. 

We attend many conferences, webinars and are part of a compliance think tank with a number of businesses in the data industry. 

Keywords: [“data”,”customer”,”GBG”]
Source: https://www.gbgplc.com/our-gdpr-compliance-plan

Mixpanel Help Center

Mixpanel strongly believes that customers should be able to control their data and trust that information is protected when stored in its servers. To support this, Mixpanel holds itself to strict data security and privacy standards, including compliance with the General Data Protection Regulation. Any Mixpanel account holder will be able to request an export of one’s own personal data, as well as the personal data of their own end-users. Our customers control what data is sent to Mixpanel, and may decide to halt the sending of personal data at any time. To the collection of one’s personal data, Mixpanel also has built dedicated methods for our client-side SDKs that can be used to opt end users out of tracking. 

Mixpanel collects information about how customers use the product, and uses this data to identify product gaps and improve existing products. See the information below for more details about the safeguards that Mixpanel puts in place to protect customer data. As processors of its customers’ data and to protect the privacy of information it stores, Mixpanel holds data no longer than is needed to provide its services. To further support this, Mixpanel is implementing a data retention policy starting May 25th:. Events received over 5 years ago are automatically deleted on an ongoing basis from all projects. 

Deleting a project through the Project Settings triggers a soft deletion, and the data in the deleted or reset project will remain stored in Mixpanel according to event and people data retention policies. Custom data retention windows can be set for people data by sending regular deletion requests to the Engage API. For more questions about setting custom data retention windows, contact our support team. Mixpanel has a dedicated Data Protection Officer, along with a team of privacy and security professionals dedicated to our compliance and to helping you maintain your compliance when using Mixpanel. 

Keywords: [“data”,”Mixpanel”,”customer”]
Source: https://help.mixpanel.com/hc/en-us/articles/360000345423-GDPR-Compliance

GDPR News Center News for 10-08-2018

WP Engine & GDPR Compliance

WP Engine continually monitors developments in data security, privacy, and compliance around the globe, and we have invested considerable resources in preparing for EU Regulation 2016/679. We have always upheld the core privacy principles behind GDPR, as evidenced by our early adoption of the EU-US and Swiss-US Privacy Shield programs, and take very seriously the trust our customers place in us when they choose to store personal data on our platform. WP Engine will comply with GDPR’s requirements, both as a controller of our customers’ account data and a processor of the end-user personal data our customers store on our platform. In support of our customers’ compliance efforts, we have updated our terms to reflect the obligations we have as a processor under GDPR. These changes became effective May 10, 2018, and our DPA already applies to you by reference in your existing agreement. 

We encourage you to view this changelog and familiarize yourself with our terms to better understand how we support you and protect the security and privacy of your data. We also encourage our customers to begin assessing their own internal readiness if they haven’t already done so. The DPA applies to everyone, automatically, without the need to sign anything. If you are a WP Engine customer, you can log into the User Portal and access a pre-signed version of our DPA, which includes instructions for countersigning and returning the fully executed form to us. A: If you are a WP Engine customer, you can log into the User Portal and access our sub-processor list here. 

Note that not all vendors are applicable for every customer; whether a particular vendor applies to you depends on the services and features that you elect to use on our platform and the means by which you choose to communicate with us. If you have any specific questions about your service, please contact our Support team. We may update this list from time to time, as our business or our services evolve, so please check back regularly for updates. 

Keywords: [“customer”,”DPA”,”data”]
Source: https://wpengine.com/support/gdpr-compliance/

WP Engine & GDPR Compliance

WP Engine continually monitors developments in data security, privacy, and compliance around the globe, and we have invested considerable resources in preparing for EU Regulation 2016/679. We have always upheld the core privacy principles behind GDPR, as evidenced by our early adoption of the EU-US and Swiss-US Privacy Shield programs, and take very seriously the trust our customers place in us when they choose to store personal data on our platform. WP Engine will comply with GDPR’s requirements, both as a controller of our customers’ account data and a processor of the end-user personal data our customers store on our platform. In support of our customers’ compliance efforts, we have updated our terms to reflect the obligations we have as a processor under GDPR. These changes became effective May 10, 2018, and our DPA already applies to you by reference in your existing agreement. 

We encourage you to view this changelog and familiarize yourself with our terms to better understand how we support you and protect the security and privacy of your data. We also encourage our customers to begin assessing their own internal readiness if they haven’t already done so. The DPA applies to everyone, automatically, without the need to sign anything. If you are a WP Engine customer, you can log into the User Portal and access a pre-signed version of our DPA, which includes instructions for countersigning and returning the fully executed form to us. A: If you are a WP Engine customer, you can log into the User Portal and access our sub-processor list here. 

Note that not all vendors are applicable for every customer; whether a particular vendor applies to you depends on the services and features that you elect to use on our platform and the means by which you choose to communicate with us. If you have any specific questions about your service, please contact our Support team. We may update this list from time to time, as our business or our services evolve, so please check back regularly for updates. 

Keywords: [“customer”,”DPA”,”data”]
Source: https://wpengine.com/support/gdpr-compliance/

GDPR, The Checklist For Compliance

With the General Data Protection Regulation arriving within weeks, businesses are now in the final sprint to achieve compliance before the May 25 deadline. As most people know by now, GDPR is a global data protection law passed by the European Union that shifts the ownership of customer data from the organizations that use it to the individual customer. This new regulation not only applies to European businesses that work with the customer data of EU citizens – it applies to any entities that work with said businesses as well, thus making GDPR a global data protection law. With Facebook’s recent misuse of its customer data, all eyes are on the proper protection of customers’ private information. Your data protection officer is your point person to ensure GDPR compliance. 

If your company stores personal data in permanent storage, you’ll need to perform a data protection impact assessment before each project that involves such personal data. Despite all of your preparations, data breaches will remain a substantial risk to not only your business and your compliance to GDPR but to the privacy and trust of your customers. In the event of a data breach, GDPR requires businesses to notify local data protection authorities of the breach within 72 hours of discovery. GDPR supports the data minimalization principle, requiring companies to only use and keep the personal data that is needed at any given time for any given purpose. Companies must then remove all traces of the customer data from its repositories, as well as any other repositories downstream where the data may have been shared and stored. 

While it will take more time than a few weeks to achieve full GDPR compliance, there is still time for companies to get started on the right foot with protecting their customer data for the long run. Now more than ever, the protection of customer data and privacy has global attention, and the world with GDPR will be a proving ground for companies to regain and maintain the trust of their customers. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.forbes.com/sites/forbestechcouncil/2018/06/04/gdpr-the-checklist-for-compliance/

GDPR News Center News for 08-23-2018

GDPR by Wizuda

The General Data Protection Regulation 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for EU citizens. The GDPR aims to give EU citizens back control and transparency over their personal data, how it is used, by whom and for what purpose. Under the GDPR, personal data must be processed lawfully, fairly and in a transparent manner. As the GDPR is a regulation, it is legally binding; if you’re not compliant with the regulation then you’re breaking the law. It builds on the previous Data Protection Acts bringing more relevance to the technologies of today, in a world where data has become one of the most valuable assets of organisations. 

It comes into force on the 25th of May 2018 at which time businesses who do not comply may face significant fines of up to €20m or 4% of global annual turnover, whichever is greater. 

Keywords: [“Data”,”Regulation”,”GDPR”]
Source: https://wizuda.com/gdpr

General data protection regulation, GDPR

GDPR puts increased emphasis on data collection best practices, data controller transparency, and consumer choice – all of which play a meaningful role in the customer experience. With an eye toward customer experience, you may want to think about how the following GDPR principles affect your business efforts. Reduce unnecessary data collectionTake stock of the data you’re collecting. Provide the required notice for data collectionReview and update your current privacy notices, policies, and any information provided at data collection points. Remove unique identifiersConsider when to make some data anonymous or pseudonymous to help minimize compliance obligations and the risk of data and privacy breaches and claims. 

Fulfill data access and delete requestsUnderstand how your customer will reach out to you to make data access or delete requests. Know how to define internal data retention and deletion policies and procedures. 

Keywords: [“data”,”how”,”customer”]
Source: https://www.adobe.com/privacy/general-data-protection-regulation.html

Get GDPR compliant with Dynamics NAV – Dynamics NAV Team Blog

On May 25, 2018, a European privacy law is due to take effect that sets a new global bar for privacy rights, security, and compliance. The General Data Protection Regulation is fundamentally about protecting and enabling the privacy rights of individuals. The GDPR establishes strict privacy requirements governing how you manage and protect personal data while respecting individual choice-no matter where data is sent, processed, or stored. As mentioned in an earlier blog post, Microsoft is dedicated to helping our partners and customers meet the requirements of the GDPR. By May 2018, Dynamics NAV 2018, Dynamics NAV 2017, Dynamics NAV 2016, and Dynamcis NAV 2015 will be updated with tools to help you get GDPR compliant. 

The March cumulative updates have just been made available and provide the first round of updates for you. We have prepared a Dynamics NAV whitepaper that will help you prepare for compliance. 

Keywords: [“NAV”,”Dynamics”,”privacy”]
Source: https://blogs.msdn.microsoft.com/nav/2018/03/07/get-gdpr-compliant…

Protect passwords, IT accounts, privacy

As organizations race to adopt a DevSecOps model, eliminating security gaps in the DevOps environment and keeping user credentials secure are a top priority. Typical DevOps vulnerabilities include, embedded credentials in application environments, stored credentials in popular repositories, or shared private keys and credentials for fast access to source code. Join Thycotic Product Manager Dan Ritch as he explains how you can help assure proper credential security for your DevOps team with an automated privileged access solution. How to optimize your team’s DevOp’s environment to increase security without hindering their development and deployment schedules. An automated approach to remove hardcoded passwords and meet compliance without impacting workflow. 

How to integrate PAM security across each tool in the DevOps toolchain. PLUS: One lucky attendee will win a $50 Amazon gift card at the end of the webinar! 

Keywords: [“DevOps”,”credential”,”security”]
Source: https://thycotic.com/solutions/gdpr-compliance

GDPR Logger

Christian is the man with the ideas and the architect behind the GDPR Logger. From the beginning the GDPR Logger is designed by Christian who continually devices smart new features that ensures the solution is cutting edge software. John is the developer behind the GDPR Logger and has been a part of the team form the beginning where he developed the engine. John is a true wizard that can create all the features our IT Architect thinks up. Kuno develops the UI parts of the GDPR Logger and ensure that everything is presentable. 

With his usual patentability he helps to ensure that the GDPR Logger looks as it should. The always happy Tom is, apart from being a member of the board, the man that creates our partner canal. Tom is a master of Excel and always up for a cup of coffee to create some business. GDPR Logger for Notes & Domino ensures that you are ready when the new Personal Data Regulation becomes enforceable. 

Keywords: [“Logger”,”GDPR”,”ensure”]
Source: https://gdpr-logger.com

Home

The new GDPR regulations are just weeks away and as the biggest shake-up in data protection regulation in decades, preparations are well underway at businesses up and down the country. Our conference has been designed to doublecheck your strategy against expert opinion to ensure you are on the right track to compliance. The GDPR is raising the bar to a higher standard for consent as well as making it easy for people to withdraw their consent. Don’t be fooled into thinking this is about marketing alone, GDPR affects every aspect of your business. This event explores some of the detail through the eyes of compliance specialists, marketing gurus and data protection experts. 

With the Information Commissioner’s Office providing its updated guidance in December ahead of the implementation of the regulations in May 2018, our conference is perfectly timed so you can be confident your business is compliant. 

Keywords: [“GDPR”,”dealer”,”data”]
Source: https://amgdprconference.am-online.com

GDPR News Center News for 08-07-2018

Interact software

Interact has also performed a Data Protection Impact Assessment to determine compliance with security requirements of GDPR. Throughout 2017, Interact made a number of product changes, policy updates and internal process changes in anticipation of GDPR. Interact are committed to being GDPR complaint when it becomes enforceable in May of 2018. Ensuring all Interact employees continue to undertake mandatory data handling training. All Interact employees are required to participate in the training program even if their role doesn’t require them to handle customer data. 

Ensuring our vendors continue to adhere to the same high standards of security and privacy as Interact. Interact does not transfer data out of the customer’s chosen geographical region. Interact is a controller is respect of individuals interacting with our business such as website visitors, customers and prospective customers of Interact. Interact is also the processor in respect of our own data and that of our customers whose data we receive from users of our services. In some specific customer agreements, Interact can also be a sub-processor. 

If the Subject Access Request relates to data processed, stored or hosted within our services, Interact will refer the Subject Access Request to our customer – the data controller. Interact will assist with requests made by our customers in relation to such Subject Access Requests. As a customer of Interact, you are a data controller and Interact is acting as a processor for your data. If you are an employee of an Interact customer, please contact your employer. 

Keywords: [“Interact”,”Data”,”customer”]
Source: https://www.interact-intranet.com/gdpr

General Data Protection Regime,gdpr for India

General Data Protection Regulations or GDPR is the new Privacy Protection Regulation adopted on 27th April 2016 by the European Union in replacement of the earlier Data Protection Regime. These privacy regulations which come with restrictions on non transferability of EU data to non compliant countries make it highly relevant for countries outside EU also as it could make or mar the data processing industry. What distinguishes GDPR from the earlier regulations is the high level of penalties envisaged under the regulation which may go upto Euro 20 million or 4% of global turnover of a company and will be applicable even for Non EU based companies. If any Indian company is interested in working with data which includes personal information of EU citizens, the GDPR cannot be ignored. In a bid to promote wide spread compliance of GDPR in India which is in the larger interests of the country, Naavi has taken efforts to dedicate this website www. 

In towards building awareness about GDPR. Naavi is the pioneer in India for promoting awareness of Information Technology Act 2000 through www. Now these three websites willl form the GDPR Knowledge Center and together develop awareness of GDPR. It will also discuss and analyse its provisions to assist Indian IT industry to move towards a greater level of compliance. As always, the large IT companies have the means and skilled personnel to guide them and it is the SMEs who need special support. 

This GDPR Knowledge Center will try to specially assist such SMEs and Mobile APP companies to achieve GDPR compliance. 

Keywords: [“GDPR”,”Data”,”Regulation”]
Source: http://www.gdpr.ind.in

GDPR: These companies are getting killed by Europe’s new data protection law

The EU General Data Protection Regulation applies to any organization that holds or uses data on people inside the European Union, regardless of how big they are or where are they based. She said that while the new law would benefit consumers, it may also advantage large companies with the resources – lawyers, data experts and programmers – needed to make the transition. The new rules give Europeans more control over their personal data. In many cases, companies need consent to process that information. They won’t be allowed to store the data for longer than necessary, and they must respond to requests from customers who want their data deleted. 

Companies may also have to prove they are handling data correctly, meaning increased monitoring and documentation. Complying with the new regulations isn’t cheap, and experts say the world’s biggest companies are spending tens of millions of dollars to prepare. The current design, which was built in 2009, makes it difficult to delete data from user accounts. European lawmakers have pushed back on suggestions that GDPR could give the biggest tech companies an advantage over smaller rivals. Giovanni Buttarelli, the European Union’s data protection supervisor, said that the biggest companies will also face the largest fines if they violate the rules. 

The regulators can impose penalties on companies of up to €20 million or 4% of annual global sales, whichever is bigger. Experts say some smaller companies outside Europe might not yet realize that they have to comply with GDPR, because similar rules don’t exist in their home market. 

Keywords: [“company”,”Data”,”game”]
Source: http://money.cnn.com/2018/05/11/technology/gdpr-tech-companies-losers

Imperva Data Security & Compliance Center

The General Data Protection Regulation provides a single set of rules for protecting the personal data of all European Union residents and visitors. Key Term Definition Data Controller Entity determining the purposes and means of processing of personal data. Data Processor Entity that processes data on behalf of the data controller. Personal data cannot be attributed to an identified or identifiable Data Subject. Data Processors must notify the appropriate Data Controller immediately upon discovering a personal data breach. 

Notification, at a minimum, must describe the nature and consequences of the data breach, type and approximate number of affected Data Subjects and data records, remedial actions taken or proposed, and the name and contact information of person who can provide additional information. If a data breach risks the rights and freedoms of the affected Data Subjects, then the Data Controller must, without undue delay, notify each affected person. Data Controllers must perform a Data Protection Impact Assessment whenever a new processing operation – either a process or processing technology – is proposed. The transfer of personal data beyond the EU/EEA is prohibited unless certain data protection conditions are met by both the Data Controller and Data Processor. Classifies the discovered data according to its personal information data type and its security risk level. 

Pseudonymizes data by replacing sensitive data with realistic fictional data that maintains operational and statistical accuracy. Learn how Imperva data security and data masking solutions. 

Keywords: [“Data”,”personal”,”process”]
Source: https://www.imperva.com/data-security/regulation-glossary/gdpr/…

GDPR News Center News for 08-06-2018

General Data Protection Regulation

When it comes to data and data protection Agenci class ourselves as master craftsmen. GDPR Facts The government will repeal the current Data Protection Act 1998 on the 24th May 2018. The GDPR is a regulation and comes into force immediately on the 25th May 2018. Companies who breach GDPR will expect fines up to 4% of global TURNOVER. Companies need a clear process for managing Data Breaches. 

Companies will need to assign a Data Protection Officer. 10 Steps to GDPR Author Gary Hibberd The General Data Protection Regulations is a dramatic shake-up of data protection laws that affects European and UK citizens and comes into force on May 25th 2018. The current Data Protection Act is repealed and a new regulation comes into force. Role of the GDPR DPO Author Gary Hibberd Whilst the General Data Protection Regulations is clear about many things, the need for a designated Data Protection Officer seems to be confusing. GDPR Snake Oil Warning: Rant alert Author Gary Hibberd Like many in the Information Security/Cyber Security world at the moment I’m VERY excited about the new General Data Protection Regulations which come into force on May 25th, 2018. Author Gary Hibberd The General Data Protection Regulations promises to be one of the biggest changes in Data Protection laws in over two decades. 

The current Data Protection Act is repealed and a new regulation comes into force being the General Data Protection Regulations. Author Gary Hibberd Ok before we start I’ll warn you this blog is about ‘Data Regulations’ Wait!! Wait! Don’t go!! Data Protection Regulations are VERY important to you and to me. 

Keywords: [“data”,”GDPR”,”protection”]
Source: https://www.theagenci.com/gdpr

How will GDPR affect me as an employee?

In less than three months, all businesses and organisations across Europe that handle customer data will have to comply with the General Data Protection Regulation. For organisations, it will mean establishing clear procedures around consent and having a legal basis for gathering data, so employers need to sit up and pay attention. Any changes to their contract, company handbook or the processing of their data. The purposes of the processing of their personal data. Any third parties who receive their data, eg payroll providers. 

Any intention to transfer their data outside the EU. Their rights under GDPR, eg right to object or lodge a complaint. For employers looking at how GDPR will affect them, they are in danger of getting so wrapped up in the processing of external data that they may to forget about data pertaining to their own employees. She said organisations need to understand the lawful basis of processing personal data, and ensure transparency and accountability by creating a data protection policy and easily accessible data protection notices. For employees who process personal data as part of their role, Flannery said they should be fully abreast of their organisation’s GDPR compliance programme and how this will affect how they collect, access, process and store personal data. 

They only ever process personal data in line with their defined responsibilities. They have a clear overview and understanding of the organisation’s data protection notice, as well as easy access to all relevant internal policies. They are provided with training specific to the processing of personal data. 

Keywords: [“data”,”employee”,”personal”]
Source: https://www.siliconrepublic.com/advice/gdpr-employee-effects-data…

Countdown To GDPR · Forrester

Forrester Principal Analyst Fatemeh Khatibloo examines the impact of the new General Data Protection Regulation, which rewrites privacy rules and converts privacy as a human right to a force of market disruption. It is hard to overstate the impact of GDPR. Take one point: data. For most industries and companies, data is the new currency, enabling companies to create new customer value, products, and experiences. That means, upon a customer’s request, companies will need to wipe clean all of that customer’s data across the enterprise – including all systems of record, systems of insight, and systems of engagement – raising the bar for data governance well beyond most companies’ capabilities. 

Organizations are still working to understand, federate, and use diverse, dispersed, and dynamic customer data. By May 25, 2018, companies need to be able to work at scale and with precision to erase all data on a single customer and certify that result. Notify the relevant data protection authority of a breach within 72 hours. Remove ambiguous consent of data collection; consent opt-in will remain the default option. Relate the collection and/or processing of personal data to one or more specific purposes. 

The combination of empowered customers and the pace of digital disruption, let alone the growing specter of cyberthreats, is a potent brew that will put companies on the defense. GDPR adds a layer of complexity to the mix that will severely test companies. In this episode, Fatemeh Khatibloo describes the implications of GDPR and provides pragmatic guidance on how companies can prepare for compliance. 

Keywords: [“Data”,”companies”,”customer”]
Source: https://go.forrester.com/ep14-countdown-to-gdpr

GDPR and CRM: How to Manage Customer Data in 2018

3 CRM features to look for to help you manage customer data better. GDPR provides citizens of the EU with greater control over their personal data and assures that their information is being securely protected across Europe, regardless of whether the data processing takes place in the EU or not. The systems you use to store all your customer data. The legal aspects of the regulation and how it will affect the way you handle personal data. If you use a CRM solution, then it should support the collection and management of personal data in a secure way. 

GDPR has a big effect on how businesses collect, store and secure personal customer data. The good news is that GDPR and CRM have a lot in common as both GDPR and CRM are about building deeper trust and loyalty with new and existing customers through the professional handling of personal customer data. Managing personal data with CRM. Customer data, which goes into a CRM system, is by default, also personal data. Different types of data have different rules for how it should be processed. 

Basic data such as names, addresses, phone numbers are more general data and can be open to all employees within your company. SuperOffice CRM allows you to set up routines and automated rules for how different types of personal data can and should be handled by your company. Once you’ve evaluated your database for what kind of personal information you have, where it comes from and what legal basis you have for keeping it, and set up how you want the data to be handled, you will need a way to update all this personal data in the new GDPR world. 

Keywords: [“data”,”GDPR”,”personal”]
Source: https://www.superoffice.com/blog/gdpr-crm