GDPR News Center News for 10-22-2018

Working toward GDPR compliance

Compliance doesn’t have to be a scary word – even when facing the multifaceted challenges of meeting the European Union’s May 2018 deadline for its General Data Protection Regulation. SAS conducted a global GDPR survey among 340 business executives from multiple industries. Based on the results of that survey, this e-book delves into the biggest opportunities and challenges organizations face on the road to GDPR compliance. How to get started on the best path to compliance, based on advice from industry experts. How to turn this compliance challenge into a competitive advantage. 

How your peers are preparing across a variety of industries. An end-to-end approach that can help guide your journey to GDPR compliance. 

Keywords: [“Compliance”,”How”,”industry”]
Source: https://www.sas.com/en_us/whitepapers/gdpr-compliance-109048.html

IAB Europe’s GDPR Compliance Primer

The GDPR Compliance Primer has been prepared by the members of the IAB Europe GDPR Implementation Working Group, under the leadership of Improve Digital. The purpose of the GDPR Compliance Primer is to give companies a guide to navigating the first steps required for GDPR Compliance, and to make Members of IAB Europe aware of the scale and consequences of figuring out compliance with the GDPR. The GDPR Compliance Primer is an evolving document, and may be subject to change in case of major developments of public authorities or the work of IAB Europe’s GDPR Implementation Working Group. The current version is Version 1.0, published on 22 May 2017. 

Keywords: [“GDPR”,”Compliance”,”work”]
Source: https://www.iabeurope.eu/policy/iab-europes-gdpr-compliance-primer/

Amazon Web Services

The European Union’s General Data Protection Regulation protects European Union data subjects’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance. In addition to our own compliance, AWS is committed to offering services and resources to our customers to help them comply with GDPR requirements that may apply to their activities. New features are launched regularly, and AWS has 500+ features and services focused on security and compliance. 

Keywords: [“Data”,”compliance”,”Protection”]
Source: https://aws.amazon.com/compliance/gdpr-center/

Amazon Web Services

The European Union’s General Data Protection Regulation protects European Union data subjects’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance. In addition to our own compliance, AWS is committed to offering services and resources to our customers to help them comply with GDPR requirements that may apply to their activities. New features are launched regularly, and AWS has 500+ features and services focused on security and compliance. 

Keywords: [“Data”,”compliance”,”Protection”]
Source: https://aws.amazon.com/compliance/gdpr-center/

General Data Protection Regulation Resources from Kaseya

The General Data Protection Regulation is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. It also addresses the export of personal data outside the EU. Personal data is any information related to a person that can be used to identify the person, including a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. 

Keywords: [“European”,”Data”,”address”]
Source: https://www.kaseya.com/resources/gdpr

From Restaurants to Insurers, the Race to Comply With New GDPR Privacy Rules

As Europe’s new privacy law, known as GDPR, is set to take effect Friday, the focus has been on expected battles with technology giants such as Facebook Inc. and Alphabet Inc.’s Google. The new General Data Protection Regulation is forcing hundreds of thousands of companies-multinationals such as Mastercard Inc. and insurer Allianz SE, but also small manufacturers and even restaurants-to change how they gather and handle information about Europeans, even if the companies have no physical….. 

Keywords: [“Inc.”,”even”,”such”]
Source: https://www.wsj.com/articles/gdpr-has-companies-big-and-small-racing-to-comply-1527154200

GDPR Ready Solutions

ZL GDPR Ready Solutions offer a versatile set of data management functions to enable centralized control over enterprise personal data. Leveraging powerful search, remediation, and management capabilities, ZL Tech offers a solid foundation for GDPR compliance over high risk systems such as file shares, SharePoint, and email, which often contain ungoverned personal data. With GDPR fines up to 4% of global revenue effective May 18, it’s time to take the first step in managing personal data. 

Keywords: [“data”,”personal”,”GDPR”]
Source: http://www.zlti.com/gdpr-solutions

GDPR Ready Solutions

ZL GDPR Ready Solutions offer a versatile set of data management functions to enable centralized control over enterprise personal data. Leveraging powerful search, remediation, and management capabilities, ZL Tech offers a solid foundation for GDPR compliance over high risk systems such as file shares, SharePoint, and email, which often contain ungoverned personal data. With GDPR fines up to 4% of global revenue effective May 18, it’s time to take the first step in managing personal data. 

Keywords: [“data”,”personal”,”GDPR”]
Source: http://www.zlti.com/gdpr-solutions

GDPR & Beyond

On 25 May 2018, the European Union will officially enact the General Data Protection Regulation, which will have a transformative effect on how companies manage and secure personal data. The GDPR directive marks the biggest change to EU data privacy laws in more than 20 years and yet few enterprises are prepared to adapt and comply. GDPR & Beyond is your regulation-specific online resource for understanding the GDPR legislation, and how it impacts your business. 

Keywords: [“Data”,”GDPR”,”how”]
Source: https://www.gdprandbeyond.com/

General Data Protection Regulation

The regulation ecompasses steps to be taken in all areas of protecting an individual’s privacy – setting up security mechanisms, compliance, repercussions of breach and more. Non-compliance beyond the enforcement date, is liable to attract heavy penalties. Committed to protecting our customers personal data, Freshworks is here to help customers and end-users understand significance of the GDPR, its requirements and our allegiance to comply by global standards. 

Keywords: [“protecting”,”customers”]
Source: https://www.freshworks.com/privacy/gdpr/

GDPR News Center News for 08-31-2018

GDPR Resources

On this page we’ve put together a set of resources about GDPR. We’re doing this so that those in the charity sector – and interested parties outside it – can learn about the practices by which the sector complies with these regulations. We begin with some general information on GDPR. We follow with the ways GDPR relates to fundraising, and then prospect research. We have a section listing resources on privacy impact assessments. 

We hope this list of resources is useful – if you have any questions or comments for us relating to GDPR, or any recommended resources, please get in touch. 

Keywords: [“GDPR”,”resources”,”any”]
Source: https://factary.com/gdpr-resources

Fix it Fast: Apply GDPR to Your Company in 10 Simple Steps: Amazon.co.uk: Patrick O’Kane, Kristy Grant-Hart: 9780993478857: Books

Very clear and easy to read – hard to understand why the ICO can’t produce guidelines as good as this, but anyway!My approach was to read 10 pages at time, then go and action it all and come back to the next 10 pages. You use it, it needs to be practical, as everyone’s GDPR implementation will be unique. The book has spaces for making notes in the book, but that isn’t my style – I prefer a digital approach. My only niggle is that there is not an online companion to this book, where you can login and do just that. I’m still giving this 5 stars, because the clarity of the content is worth the price alone. 

Keywords: [“book”,”pages”,”approach”]
Source: https://www.amazon.co.uk/GDPR-Apply-Company-Simple-Steps/dp/0993478859

A Guide to Help You Prepare for GDPR Compliance, Free Download

The General Data Protection Regulation protects the personal data of EU citizens. If your company handles the personal data of EU citizens, regardless of where you are based in the world, you’ll need to take some important steps to ensure that data is correctly controlled, processed, maintained, retained, and secured. With penalties as steep as €20,000,000 or 4% of your annual gross revenue, this should be a top priority for your team in 2017. It might be daunting, but we’ve pulled together some resources to help you prepare. Get the GDPR Toolkit, and be well on your way to having GDPR confidence. 

Keywords: [“Data”,”GDPR”,”personal”]
Source: https://information.rapid7.com/gdpr-toolkit-2.html

Our solutions

Encrypted storage – often referred to as ‘data at rest’ – is most commonly used to encrypt an entire disk, drive or device. This type of encryption becomes effective only once the system is stopped, the drive ejected or the encryption key blocked. Encrypted content – also referred to as granular encryption – means, typically, encrypting files or text at the application level. The most common example is email encryption, where the message format must remain intact for the email client application to be able to handle it, but the text body of the email is encrypted along with any attachments. 

Keywords: [“encrypt”,”encryption”,”email”]
Source: https://www.eset.com/uk/gdpr

Inbox Pros

Our privacy consultants can work with you to conduct the entire GDPR review process – including a risk analysis, level of effort analysis, and a prioritized GDPR project plan. For each gap, you’ll then need to identify specific remediation actions and estimate Levels of Effort – Low, Medium, and High. We map out the gaps and make sure each group is compliant with the GDPR. By investing the time up front to perform the proper analysis and planning, you can be confident that you will efficiently and effectively mitigate risk while meeting your company’s business objectives. 

Keywords: [“GDPR”,”analysis”,”risk”]
Source: https://inboxpros.com/gdpr

General Data Protection Regulation

With the General Data Protection Regulation 2016/679), the European Parliament, the Council and the European Commission intend to strengthen and unify data protection and privacy for individuals within the European Union. When the law takes effect in May 2018, it will trigger significant changes to how global brands approach online marketing, data protection and privacy policies. It’s important to note that the new legislation also addresses the export of personal data outside the EU – effectively extending its application to any business with even a single customer in Europe. 

Keywords: [“Data”,”Protection”,”European”]
Source: https://www.gigya.com/topic/gdpr

Data Catalog GDPR Compliant Solutions by Waterline Data

Organizations that fail to comply could be fined up to a maximum of €20,000,000 or 4 percent of annual global revenue, whichever is higher. Most organizations don’t have this information documented, and gathering it across a distributed data estate without some level of automation is next to impossible. Waterline provides the only solution that directly addresses the challenges presented by GDPR with software that automatically discovers data subject to GDPR; generates reports on the status of your GDPR compliant and non-compliant data; and makes it easy to secure GDPR data. 

Keywords: [“data”,”GDPR”,”Challenge”]
Source: https://www.waterlinedata.com/gdpr-compliance-solution

General Data Protection Regulation

Manage and implement security program practices on premises and in the cloud, such as risk assessment and mitigation, incident identification, escalation, response, forensics and resolution, personnel roles and responsibilities. Measure, document, and communicate program effectiveness to stakeholders. Monitor security operations and intelligence: monitor, detect, respond to and mitigate threats. Manage and implement security program practices such as risk assessment, roles and responsibilities, program effectiveness. Govern data incident response and forensics practices. 

Keywords: [“program”,”practices”,”security”]
Source: https://www.ibm.com/security/data-security/gdpr

GDPR Compliance for Small Businesses

SecurityMetrics PIIscan is a data discovery tools that assists with GDPR requirements by discovering unencrypted Personally Identifiable Information. PIIscan searches computer systems, hard drives, and attached storage devices for unencrypted PII. Once PIIscan has discovered unencrypted PII, a report is generated that displays where the data is located. This makes it easy to securely delete or encrypt this data and reduce your organization’s risk. By using PIIscan, you will also save time by not having to manually search for unencrypted PII on your systems. 

Keywords: [“unencrypted”,”PIIscan”,”PII”]
Source: https://www.securitymetrics.com/gdpr-defense

GDPR News Center News for 08-19-2018

Become completely GDPR compliant

Providing Best PracticesWe will share our expertise in protecting your data, adopting privacy principles, and complying with many complex international regulations. We will also communicate to you all information we gather from any respective Data Protection Authority or other organization. It’s important to note that GDPR compliance is ultimately a shared responsibility. In order to appropriately adopt the legislative requirements, you must understand the obligations your business faces. For more details, see Using Act-On to Manage Consent for the GDPR. 

Contractual CommitmentsAct-On requires all vendors we do business with to be contractually compliant with the GDPR. We also provide our customers with standard data protection clauses if requested. Account Provisioning All European based clients are provisioned in our European data centers ensuring your account remains within the EU. Privacy ShieldAct-On Software complies with the EU-U.S. Privacy Shield Framework. 

We are committed to subjecting all personal data received from European Union member countries to the Framework’s applicable Principles. 

Keywords: [“data”,”European”,”GDPR”]
Source: https://www.act-on.com/resources/gdpr

Eversheds International

We can’t find the page you were looking for. You might have been taken to this page for a number of reasons. If you followed a link from another website, or used a bookmark, the page may have been moved to a new location. Die von Ihnen aufgerufene Seite kann leider nicht gefunden werden. Dies kann verschiedene Gründe haben:Wenn Sie die Webadresse selbst eingegeben haben, überprüfen Sie bitte die richtige Schreibweise. 

Wenn Sie über einen Link einer anderen Website auf diese Seite gelangt sind oder ein Lesezeichen verwendet haben, kann es sein, dass die Seite auf eine neue Adresse umgezogen ist. Hemos rediseñado nuestra página web hace poco. Si ha seguido un enlace desde otra página web o utilizado un marcador, es posible que la página haya cambiado de sitio. Désolés, mais la page demandée n’a pu être trouvée. Vous avez pu être redirigé vers cette page pour plusieurs raisons. 

Si vous avez saisi l’adresse du site internet, veuillez vérifier qu’elle a été correctement orthographiée. Si vous avez suivi un lien partir d’un autre site internet, ou si vous avez eu recours un signet, il est possible que la page ait été déplacée. 

Keywords: [“page”,”página”,”Die”]
Source: http://www.eversheds-sutherland.com/…/HR-e-brief-GDPR

IEEE Policy on GDPR

IEEE understands that, in an increasingly data-driven world, keeping personal data private is becoming more difficult. Most importantly, we care about you and respect and value your time. IEEE wants to ensure that we provide to you the tools necessary to perform your IEEE responsibilities in a compliant and efficient way. A new regulation called the General Data Protection Regulation takes effect on 25 May 2018 and is expected to have far-reaching impact on how business will be conducted worldwide. For IEEE volunteers, the current process of collecting personal data and emailing on behalf of IEEE will change and impact your day-to-day IEEE volunteer activities. 

A new process for collecting and using personal data will be communicated. For IEEE members, IEEE respects your privacy and wants to honor the way that you wish to receive communications. Our goal is to continue to provide our members with valuable IEEE updates, information on new products and services, and opportunities in a way that best fits each member. You will be asked to provide consent for us to continue to share the communications you value and may already receive. 

Keywords: [“IEEE”,”data”,”member”]
Source: http://sites.ieee.org/gdpr

Getting ready for the GDPR

Recognising that existing data protection laws were insufficient to manage how data is being governed in today’s digital world – the EU drafted a comprehensive new set of regulations, the General Data Protection Regulation, which comes into effect on 25th May 2018. The GDPR includes several new and increased obligations that all organisations holding EU citizen data will need to adhere to. It focuses heavily on protecting individuals and their data through greater transparency and trust. At Experian, we believe the GDPR presents a positive opportunity to improve the way you organise and process your data; increasing the value you get from it and reinforcing customer-centric business practices that are essential in our data-driven age. Despite the publicity surrounding GDPR, many surveys – including our own – show that a significant proportion of businesses do not know what to do to get ready for the GDPR, or haven’t started yet. 

To help you prepare for the GDPR we have designed four packages, that can be taken separately or collectively, to help you manage elements required by the GDPR to thrive in our data-driven economy. 

Keywords: [“GDPR”,”data”,”help”]
Source: https://www.edq.com/uk/gdpr

GDPR Home

Orrick’s GDPR Team is pleased to provide your organisation with our GDPR Readiness Assessment Tool to help you evaluate your organisation’s current state of compliance with the GDPR. Click on the button below to begin the questionnaire. You may need input from different stakeholders within your organisation to help answer some questions. You can also click on the Answer Summary button at any time which allows you to view all of the responses you have provided. Your responses will automatically be saved when you click the Finish button in the questionnaire. 

You can submit your responses for review or you can download your responses to finish filling out the questionnaire at a later date. After submitting your responses you can download a report setting out your organisation’s readiness for the GDPR along with a copy of your responses. To learn more about Orrick’s data protection practice, please visit our Web site. You can also read Orrick’s latest thought leadership on data protection, regulatory compliance and cybersecurity matters on our blog Trust Anchor. Upload answers from a previous unsubmitted questionnaire. 

Keywords: [“responses”,”questionnaire”,”organisation”]
Source: https://gdpr.orrick.com

GDPR News Center News for 08-12-2018

Europe-based merchant accesses GDPR

The E.U.’s new data protection law goes into effect on May 25. The law – General Data Protection Regulation, or GDPR – is an insane set of regulations that make life difficult or even impossible for small businesses. Tell E.U. consumers who you are, what data you collect, why you collect the data, how long you intend to keep the data, and which third parties will receive it. Obtain consent from E.U. 

consumers before collecting any of their data – implied consent is not enough. Let E.U. consumers access their data, download their data, and delete their data. Inform E.U. consumers if a data breach has occurred. 

You must keep a record of which consumers reply with consent and delete the data of everyone else within a reasonable timescale. If you have already obtained permission from consumers to hold the data, all you have to do is tell them how to access, download, and delete it – with no need to wait for a reply. Analyze your site to determine the data you collect about a consumer and when you collect it. In the event of a data breach, you must inform all affected E.U. consumers within 72 hours. 

To minimize the risk of a data breach, keep your site current with all security patches. You have captured her data and, using the abandonment software, you have communicated with her. 

Keywords: [“data”,”consumer”,”delete”]
Source: https://www.practicalecommerce.com/europe-based-merchant-accesses-gdpr

GDPR Compliance and WordPress Forms: Everything You Need to Know

We can speak with a high degree of certainty where data collection through your forms is concerned. At its core, the GDPR is a move towards enshrining control of your personal data as a fundamental human right. The GDPR gives EU citizens control of their digital data by empowering them with the right to know when personal data is being collected, what data is being collected, access to that data, and to purge it on request. In short, the GDPR is a data privacy regulation that modernizes and normalizes data privacy laws across Europe and applies to any organization collecting data on EU citizens. In technical terms, the GDPR applies to any processing of personal data by both controllers and processors of that data. 

GDPR compliance requires data subjects be granted certain rights. Forms exist to collect data offered by your visitors, guests, and members. Drop dead easy way to comply: if you don’t need a record of the data collected via your forms, then simply don’t store the data. Many of us use our forms expressly for the purpose of collecting data, and having a record of submissions is mission critical. Ninja Forms can collect and store data in 2 ways: submissions and email. 

What we’re about to cover here is applicable to both forms of stored data. GDPR compliance requires that you be reachable and responsive to user requests for data that you’ve collected on them either to view or delete. 

Keywords: [“data”,”form”,”GDPR”]
Source: https://ninjaforms.com/gdpr-compliance-wordpress-forms

Managed Services & Cloud Computing Blog

A lot is changing in Europe and these changes will impact how MSPs deliver managed services in the future. The GDPR aims to keep as much European data within the confines of Europe, including the European cloud. There are two very real scenarios a non-European MSP should pay close attention to what is happening in Europe. First, The GDPR does not only apply to European MSPs. It applies to any MSP doing business in Europe. 

GDPR has a significant purpose in regulating data belonging to individuals. The GDPR for businesses is what MSPs need to be concerned with in the immediate future. While the GDPR does not license or tax MSPs, it does have significant authority to fine businesses for non-compliance. Here is a summary of what the GDPR does do to businesses, including MSPs. GDPR does. 

Managed services continues to grow globally, even in the face of the GDPR. The overall trend in managed services is becoming quite clear. European MSPs, in particular, will need to demonstrate things such as geolocation of data and geolocation of users with logical access to customer data. The GDPR will not make it more difficult to outsource to managed service providers. For those MSPs with solid transparency practices and good documentation of policies and procedures, their chances of reaping the vast rewards of cloud computing and managed services are very good indeed. 

Keywords: [“GDPR”,”MSP”,”European”]
Source: https://mspalliance.com/european-gdpr-explained-msps

GDPR consent examples and innovative methods to opt-in

Email marketing list growth is getting harder with GDPR consent and forthcoming ePrivacy regulation. Using the right method both GDPR consent compliance and continued strong email list growth are possible, as the test results and GDPR consent examples below show. Article 4(11) of GDPR sets a high bar for opt-in consent. Before I get into why and how to fix it with some GDPR consent examples, a little background is needed. Which is sufficient for marketing permission under PECR to customers is not sufficient for GDPR consent. 

Silent or soft opt-in is not acceptable for GDPR consent. To continue using soft opt-in for customers and email addresses provided during negotiation of a sale means considering use of legitimate interest rather than consent as the legal GDPR basis. The obvious implication is that getting valid GDPR consent will halve list growth. There is something better to get GDPR consent and opt-in. For prospects rather than customers there seems to be little alternative to consent using a positive action, valid GDPR consent. 

Using the no default choice approach to getting consent is also appropriate for marketing to people in Canada, as the requirement exists for explicit consent in CASL. As with GDPR, silent opt-in can’t be used to get CASL explicit consent. Using the above approach should give good results and be GDPR compliant in terms of consent capture. 

Keywords: [“consent”,”GDPR”,”opt-in”]
Source: https://www.zettasphere.com/gdpr-consent-opt-in-examples

GDPR News Center News for 06-06-2018

Data Protection – drafting GDPR-compliant commercial contracts

WordPress Plugins

Re-assignment of user data on erasure requests & pseudonymization of user website data. Right to access data by Data Subject with front-end requests button & double opt-in confirmation email. Data breach notification logs and batch email notifications to Data Subjects. Telemetry Tracker for visualizing plugins and website data. The Data Subject can place a request to download their data with the shortcode. 

The Data Subject can place a request to rectify data or file a complaint with the shortcode. The Access Data tool allows the Admin to look up a user email and view the data of a particular user. The Admin can download and export the data in a JSON or XML format and provide to the Data Subject if manually requested. Data breach notifications are also logged to all Data Subjects upon confirmation by Controller. If in the future, the Data Subject makes a complaint or there is a need to recover the data, the user can provide their email address and the 6 digit token they received from the deletion confirmation email to decrypt and retrieve the file. 

In case of a data breach, the Admin can generate a Data Breach Notification to users by logging the information and confirm the breach through a double opt-in confirmation email. WordPress Core and some plugins gather data from your install and send this data to an outside server. 

Keywords: [“Data”,”email”,”user”]
Source: https://wordpress.org/plugins/gdpr/

Yes, The GDPR Will Affect Your U.S.-Based Business

Coming in May 2018, the EU’s General Data Protection Regulation will bring about the greatest change to European data security in 20 years. Of course, an EU-based company or multinational corporation that does business in the EU is, we hope, well on the way to complying with the GDPR. But what about U.S. companies that have no direct business operations in any one of the 28 member states of the European Union. Any U.S. 

company that has a Web presence and markets their products over the Web will have some homework to do. A very important change in the GDPR that hasn’t received the attention it deserves has do with the geographic scope of this new law. To quickly summarize: Article 3 of the GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR. Two points of clarification. First, the law only applies if the data subjects, as the GDPR refers to consumers, are in the EU when the data is collected. 

This makes sense: EU laws apply in the EU. For EU citizens outside the EU when the data is collected, the GDPR would not apply. The second point is that a financial transaction doesn’t have to take place for the extended scope of the law to kick in. 

Keywords: [“Data”,”GDPR”,”law”]
Source: https://www.forbes.com/sites/forbestechcouncil/2017/12/04/yes-the-gdpr-will-affect-your-u-s-based-business/

Wordfence and GDPR: How The Defiant Team Are Preparing For GDPR

We want to send out an update on the new data protection law, the General Data Protection Regulation, going into effect soon and how Defiant is getting ready for it. This new European law goes into effect on May 25, 2018. It is a new set of rules designed to give European citizens more control over their personal data. Defiant is actively preparing with new website changes and updates to the Wordfence plugin. We are applying for the Privacy Shield certification program for both EU-US and Swiss-US and will soon have available a Data Processing Agreement for our EU customers who need one. 

We will send out another notification with a detailed blog post when we have completed preparing for the new privacy regulations. You will begin to see these changes and updates emerge starting next week. The team at Defiant, makers of Wordfence, care deeply about our customer privacy and data protection. This extends to our European customers and the rest of the globe. To this end, we have been working diligently with our internal team and with outside experts to understand the implications of the GDPR, to perform a comprehensive internal audit and to get our software, systems and processes compliant with the GDPR. 

As always I welcome your questions and comments below. 

Keywords: [“new”,”data”,”Defiant”]
Source: https://www.wordfence.com/blog/2018/05/wordfence-and-gdpr-how-the-defiant-team-are-preparing-for-gdpr/

Become completely GDPR compliant

Providing Best PracticesWe will share our expertise in protecting your data, adopting privacy principles, and complying with many complex international regulations. We will also communicate to you all information we gather from any respective Data Protection Authority or other organization. It’s important to note that GDPR compliance is ultimately a shared responsibility. In order to appropriately adopt the legislative requirements, you must understand the obligations your business faces. For more details, see Using Act-On to Manage Consent for the GDPR. 

Contractual CommitmentsAct-On requires all vendors we do business with to be contractually compliant with the GDPR. We also provide our customers with standard data protection clauses if requested. Account Provisioning All European based clients are provisioned in our European data centers ensuring your account remains within the EU. Privacy ShieldAct-On Software complies with the EU-U.S. Privacy Shield Framework. 

We are committed to subjecting all personal data received from European Union member countries to the Framework’s applicable Principles. 

Keywords: [“data”,”European”,”GDPR”]
Source: https://www.act-on.com/resources/gdpr/

GDPR News Center News for 06-05-2018

Understanding the General Data Protection Regulation (GDPR) and your options with Microsoft 365

New MailerLite GDPR Features Are Here

The flowers are blooming, the weather is finally nice and GDPR compliance starts on the 25th. The GDPR is the new set of guidelines that you must adhere to if you handle personal data of European Union citizens. As you know, we’ve been working hard to develop new features for MailerLite that will help make GDPR compliance easier for you and your subscribers. The right to be forgotten is a GDPR mandate that allows subscribers to ask you to delete all of the data associated with them. In your subscriber page, there is a new button called Actions. 

Obtaining active and explicit consent from subscribers is a huge deal for the GDPR. If you start sending emails to people who don’t want them, they can cause you a lot of problems within the GDPR framework when they complain. When you use MailerLite signup forms to acquire subscribers, we capture IP address, location, date, time, and the source of the consent form. MailerLite now displays this information in your subscriber profiles. The good news is that this data is available for both your new and old subscribers. 

While most of you have subscribers all over the world, the GDPR only applies to citizens of the European Union. If subscribers signup with a MailerLite form, our location tracking capabilities can determine if the person is signing up from an EU country. Starting May 14, we will launch a new rule in the subscriber filter called Location where you can sort your subscribers by location. We will also include a special list of all 28 EU countries to help you easily sort GDPR subscribers. 

Keywords: [“subscribe”,”GDPR”,”MailerLite”]
Source: https://blog.mailerlite.com/new-mailerlite-gdpr-features-are-here-part-1-of-3/

PECR and GDPR: why new rules aren’t to blame for all the dumb emails you’re getting

They have the same chirpy tone, are being sent from brands and ask whether you’d like to get more emails from that company. The majority of these emails cite the European General Data Protection Regulation, which starts to be enforced on May 25. That’s why you’re getting all those emails. It turns out, most of these emails are pointless. These are based upon a European e-privacy Directive and cover messages used for marketing – everything from the pesky emails to text messages. 

GDPR doesn’t replace PECR but sits alongside it and European regulators are coming up with a new set of e-privacy rules to replace it. A pre-ticked box saying you are willing to receive marketing emails doesn’t count as unambiguous consent. As well as consent, there are other ways for companies to obtain and process a person’s data and still be inline with the requirements of GPDR. Ultimately, the overlap between PECR and GDPR has meant some companies will lose subscribers to their mailing lists that have just ignored the deluge of messages being received. In an almost ironic twist, last year the ICO fined Honda and Flybe for sending emails asking people to agree to getting more emails. 

There also have been more malicious examples of email consent messages being sent. UK-based cybersecurity firm Redscan discovered phishing emails have been sent that were disguised as GDPR-related emails. The firm spotted a fake email that had been made to look like it was from Airbnb, stating its customers should click on a particular link to update their privacy settings. 

Keywords: [“email”,”consent”,”GDPR”]
Source: http://www.wired.co.uk/article/pecr-gdpr-emails

Collect Consent with GDPR Forms

Enabling GDPR fields on your signup forms does not make you compliant. To collect consent from new and existing contacts, you’ll set up your forms, create a segment, and send a consent campaign. GDPR forms are not compatible with embedded forms or MailChimp Subscribe. GDPR forms are only compatible with certain styles of pop-up forms. Just enabling GDPR fields on your signup forms will not make you compliant. 

Set up your GDPR-friendly signup form Enable GDPR fields Turn on GDPR fields for the signup forms for each list affected by the GDPR. Edit GDPR fieldsMailChimp provides suggested language for GDPR fields to make it easier for you to create your GDPR-friendly forms. Collect consent From new contacts After you save your changes in the form builder, that signup form will include GDPR fields on compatible published forms. After you enable GDPR form fields for your list, these fields will be included on the hosted signup forms for your list, update profile forms, and signup landing pages. GDPR fields are not compatible with embedded forms, form integrations, or MailChimp Subscribe. 

These fields will be included on most signup forms associated with that list, including pop-up forms, the hosted signup form, and signup landing pages. The changes you make in the form builder will apply to most MailChimp signup forms, including compatible pop-up forms and landing pages. Now that you’ve updated your forms and your segments are set up, you’ll be able to collect consent from new contacts and market accordingly. 

Keywords: [“form”,”GDPR”,”field”]
Source: https://kb.mailchimp.com/accounts/management/collect-consent-with-gdpr-forms

What is GDPR?

It’s about giving you greater security, transparency, and control of your personal data online. We think this is a good thing wherever you’re from, not just if you live in the European Union! We’ve made GDPR compliance a priority at Typeform: we created a team to work across the whole company to make sure we’re ready for GDPR even earlier than May 2018. For us this is not just box-ticking, but about baking these new principles of privacy and security into everything we do. We’re reviewing our contracts with vendors and partners to make sure they are also compliant, and can give us the guarantees on privacy and data protection that we need, such as the EU-US Privacy Shield framework. 

We are currently revisiting our data subject policies and processes so they are GDPR compliant. Good point! A data subject is legal jargon for any living person who has some personal data stored somewhere. That means pretty much all of us! We can’t rewrite European Regulations without all the legal jargon, but we’ll try to explain them to you when necessary! 

Our legal team is preparing a Data Processing Agreement that will be available to all our customers soon. Enterprise customers can also request Typeform to sign a custom Data Processing Agreement document by contacting Support. If you’re a company, this means more transparency and visibility of how we process personal data. If you’re an individual, you don’t need to do anything! This all just means your data is safer than ever. 

Keywords: [“data”,”GDPR”,”European”]
Source: https://www.typeform.com/help/gdpr-compliance/

GDPR News Center News for 06-03-2018

(GDPR) Afla totul despre protectia datelor cu caracter personal cu Bogdan Manolea

Wake-up call to business with one month to be GDPR-compliant

One month left before sweeping new EU data rules come into force. Companies should prioritise mapping out the data they hold and improving cyber security. There is exactly one month to go until the EU’s new General Data Protection Regulation comes into force, governing all data that companies hold on individuals. The website of the ICO has a handy 12-step guide that lays out how to document data, know the rights of individuals, deal with subject access requests, obtain consent, lawfully process data – and what to do in case of a breach. We have a lot of data – payroll, sales and marketing, HR . . 

Then there is who has external access to that data: cloud storage services, advertising and marketing companies, and subcontractors for example. First, GDPR sets out key rights for individuals, one of which is the right to be informed of what personal data a company holds. Anyone can issue what is known as a subject access request, which gives companies 30 days to list the data they hold. A detailed SAR will ask for a copy of all personal information, details of how it has been used, all the third parties which whom it has been shared, how long it has been stored and details of any data breach. Regulators do not like data breaches and customers like them even less. 

The arrival of the EU’s new data rules has created a rush among businesses and in the public sector for data protection officers, writes Barney Thompson. Chad Wollen, chief marketing officer at Smartpipe, which helps mobile and internet operators to monetise subscriber data, said businesses needed to remember the importance of the role before designating a member of their team. 

Keywords: [“data”,”company”,”GDPR”]
Source: https://www.ft.com/content/ee98973a-47d4-11e8-8ee8-cae73aab7ccb

GDPR: New EU data privacy regulation has left Silicon Valley scrambling

Tech companies are currently scrambling to get ready before May 25th, the date that will see the implementation of a major new piece of European data privacy legislation: GDPR. Here’s the quick-and-dirty version of what you need to know. It’s a major new piece of European regulation that addresses how EU citizens’ data can be used by corporations, introducing strict new rules around gaining people’s consent to process their data. GDPR furnishes Europeans with a number of additional rights when it comes to their data. Companies need to ask customers for their data in a clear and accessible way. 

Those customers will have the right to demand organisations delete their data when asked. They will be able to ask for information on how and why their data is being processed. If a company that holds their data realizes it has been breached, it must, in some circumstances, inform people within 72 hours. Even if a company has no offices in Europe, and its employees have never set foot on the continent – if they’ve got EU data, they’ve got to play by EU rules now. It’s a big deal, and dramatically changes how companies need to approach data. 

With only a month to go, companies are moving to make sure they have consent to hold the data they do. Many mailing lists are asking European users for permission to keep emailing them, while apps are making people provide explicit permission to use their data. Facebook, for example, has been prompting users to agree to how it wants to use their data – but has also been criticized for not providing users with a clear yes-or-no choice, with some experts suggesting its prompts might not be GDPR-compliant. 

Keywords: [“data”,”company”,”European”]
Source: http://www.businessinsider.com/what-is-gdpr-regulation-explained-2018-4

Companies Respond To The GDPR By Blocking All EU Users

While the effort is well-meaning and does have some good ideas concerning data control and transparency, we still feel that it was put in place by people who had little idea of the impact it would actually have, and will have disastrous consequences on online speech, in particular. F-Secure’s Mikko Hypponen has been tracking a bunch of examples and also highlighted a site called GDPR Shield that gives you some simple javascript to block EU visitors. Among those that Hypponen has noted cutting off EU users are the following: Ragnarok Online, Verve, Brent Ozar, Unroll. Hypponen also notes the very different reactions to all of this from EU readers and US readers. EU folks seem to be generally supportive of the GDPR and think that companies shutting down service are either stupid & ignorant or evil and thus should shut down. 

On the US side, he notes people are smug about how this serves the EU right and will harm the EU. It’s entirely possible both are right. The GDPR has significant problems – even if it does also have some good stuff. The fact that it feels like supporters of the GDPR refuse to fix the problems seems troubling. It’s going to have quite an impact and there seems to be little concern among those who support it. 

They automatically default to the idea that opposing the GDPR means that you want to do something bad, no matter how inaccurate that statement is. It would have been much better if those crafting the GDPR had actually bothered to listen to the wider concerns. They could have preserved some of the good ideas concerning control and transparency, without creating so much of a mess for everything else. 

Keywords: [“GDPR”,”idea”,”concern”]
Source: https://abovethelaw.com/2018/05/companies-respond-to-the-gdpr-by-blocking-all-eu-users/

GDPR News Center News for 03-20-2018

EU General Data Protection Regulation

The opinions of the German DPAs are for the present and may differ from the interpretation by the European Data Protection Committee. Processing of personal data for advertising – Replaced by DSK paper No. 3. Right of access by the data subject – Replaced by DSK paper No. 6. Employment data protection – Replaced by DSK paper No. 14. Previous articles Ansbach, 04.05.2016 GDPR published in the Official Journal of the European Union Now it is there, the General Data Protection Regulation. After a transitional period of two years, the GDPR will be applicable on 25th May 2018.Below you can navigate directly to the page of the Official Journal of the European Union to read all details of the official documents in the different languages. Ansbach, 11.04.2016 Final version of the EU-GDPR in German available The European Council has published the revised versions of the Data Protection Regulation in the official languages. According to the current plan, the approval of the reform package in the plenary of the European Parliament is going to take place on April 27, 2016. Ansbach, 05.02.2016 Trilog results published in German On 16 December 2015 via the so-called Trilogue proceeding the relevant legislative bodies, the European Parliament, the European Council and the European Commission reached an agreement on a final text of the General Data Protection Regulation. By the meeting of the Ministers of Justice and Ministers of the Interior on the 21st of April the text will be formally adopted and sent to the European Parliament for approval. The new rules will be published via the Official Journal of the European Union and become applicable two years thereafter. Ansbach, 05.01.2016 The General Data Protection Regulation is about to being published: Enhanced synopsis of the BayLDA On the 25th of January 2012, the European Commission published the “Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data”. The relevant legislative bodies, the European Parliament and the Council of the European Council did agree with the European Commission via the so-called Trilogue proceeding on a final draft in December 2015. This text needs to be translated into 22 official languages, before it can be published via the Official Journal of the European Union. After publication of the official German version of the General Data Protection Regulation, we plan to incorporate it as well by once again enhancing the synopsis.

Keywords: [“European”,”Data”,”Official”]
Source: https://www.lda.bayern.de/en/privacy_eu.html

GDPR 101

GDPR replaces the previous Data Protection Directive, adopted in 1995, and will in the UK strengthen the Data Protection Act. In compliance with GDPR, organizations must ensure measures have been taken to minimalize risk and the chance of data breach. Key definitions under GDPR:. Data subject – An individual who is the subject of personal data. Data processor – Any person who processes the data on behalf of the data controller. Data controller – A person who determines the purpose for which and the manner in which any personal data are, or are to be, processed. Data breach – A data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. The General Data Protection Regulation, has by some, been labelled the “Global Data Protection Regulation”, this is because under new definitions it will be applicable for all organizations within the EU but more importantly too, organizations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. One of the initial drivers for implementing the new legislation was to modernize data protection laws and to ensure all organizations have a “Level playing field” when it comes to data protection. Under GDPR an organization can be fined €10million or 2% of global revenue for failing to alert the necessary regulatory authority of a data breach within 72 hours. For a data breach itself, under GDPR, this rises to €20million or 4% of global revenue, whichever figure is higher. In line with other factors of GDPR, this must be trackable and the processes around deletion of personal data must be documented. Some organizations will be required to appoint a Data Protection Officer in the case where they are a public authority, an organization that engages in large-scale systematic monitoring or an organization that engages in large-scale processing of personal data. Internally organizations must implement “Appropriate” technical and organizational measures to secure personal data and reduce the risk of a data breach. The General Data Protection Regulation aims to give more protection of personal data for individuals as well as businesses and although there are heightened regulations around control, this is far from the only area covered by GDPR. All aspects of the DPA are still included in GDPR and protecting against Data Loss is still a priority. Working with trusted vendors and suppliers bears extra responsibility on both organizations as GDPR makes both data processors and data controllers liable.

Keywords: [“Data”,”organization”,”GDPR”]
Source: https://www.redstor.com/en/news/gdpr-101

GDPR News Center News for 03-02-2018

one of the biggest-ever dished out by ICO

GDPR gives CCTV operators chance to “Tackle negative image head-on”, says white paper. Watching the Watchers examines the changes introduced by the GDPR, identifies a shift “From compliance to accountability”, offers advice to CCTV operators and asks whether the new law might present an opportunity as well as a legal and administrative burden.

Keywords: [“GDPR”,”CCTV”,”operators”]
Source: https://www.ifsecglobal.com/tag/gdpr

European Union General Data Protection Regulation

The General Data Protection Regulation 2016/679) is a set of new laws by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. We aim to cover all the latest developments surrounding the new GDPR legislation.

Keywords: [“European”,”Protection”,”new”]
Source: https://eugdpr.com

Latest stories and news about Gdpr

Analýza GDPR #3: identifikace osobních údajůPříjemná vánoční přestávka je za námi a před námi rok 2018. Rok plný změn, kdy začne platit naše oblíbená regulace GDPR; rok, který bude jistě znamenat mnoho obchodních, pracovních i osobních úspěchů. Alespoň to vám všem z celého srdce přeji takto.

Keywords: [“rok”,”GDPR”,”osobních”]
Source: https://medium.com/tag/gdpr/latest

GDPR – risk3sixty LLC

Approved by the European Union on April 14, 2017 and fully enforceable beginning May 25, 2018, General Data Protection Regulation is arguably the most wide-reaching change to privacy requirements to date. How wide reaching is GDPR? If you are located in the EU and control or process personal data, if you offer goods or[].

Keywords: [“Data”]
Source: https://www.risk3sixty.com/tag/gdpr

GDPR Action Plan

You may think you’re immune from its impact, but if you do business with customers in the EU, think again. It’s time to rethink your organizational processes around compliance. This Forrester Research Brief helps your security, regulatory and privacy teams grasp the five changes necessary for GDPR compliance.

Keywords: [“think”,”compliance”]
Source: http://info.mimecast.com/gdpr-forrester.html

General Data Protection Regulation

The General Data Protection Regulation, the world’s most expansive data privacy law, takes effect May 25, 2018. Any group that processes the personal data of European residents must comply with the new law. Non-compliance can result in fines up to €20million or 4% of annual turnover, whichever is higher.

Keywords: [“Data”,”law”]
Source: https://www.veritas.com/gdpr

GDPR Readiness – Capgemini Worldwide

Organizations need to take action now to protect data assets, safeguard the privacy of both personal and corporate information, and to comply with the GDPR which comes into force on May 2018. Capgemini’s end-to-end portfolio is built on 12 services which will help clients comply with the GDPR mandates.

Keywords: [“comply”,”GDPR”]
Source: https://www.capgemini.com/…/gdpr-readiness

GDPR Readiness – Capgemini Worldwide

Organizations need to take action now to protect data assets, safeguard the privacy of both personal and corporate information, and to comply with the GDPR which comes into force on May 2018. Capgemini’s end-to-end portfolio is built on 12 services which will help clients comply with the GDPR mandates.

Keywords: [“comply”,”GDPR”]
Source: https://www.capgemini.com/resources/gdpr-readiness

IRESS :: GDPR

The General Data Protection Regulation will transform the way we collect, process and store personal data. With the data revolution on the horizon we wanted to update you on what we’re doing to meet the new requirements and provide some resources to help you prepare for it too.

Keywords: [“Data”]
Source: https://www.iress.com/uk/resources/mifid-ii-gdpr/gdpr

European General Data Protection Regulation

The European Union’s General Data Protection Regulation poses the biggest change to the regulatory landscape of data privacy. Coming into effect in May 2018, GDPR aims to unify data protection all across the EU and establish data privacy and protection as a fundamental right.

Keywords: [“Data”,”Protection”,”privacy”]
Source: https://www.checkpoint.com/products-solutions/gdpr

Compliance Week

Compliance Week’s free Webcasts are held most Thursdays at 2 p.m. EST. These Webcasts feature select partners discussing key GRC issues. Live Webcasts last one hour and must be viewed in their entirety in order for attendees to earn CPE credit.

Keywords: [“Webcasts”]
Source: https://www.complianceweek.com/webcasts/are-you-ready-for-gdpr-4…

General Data Protection Regulation

Under the GDPR, EU residents can expect greater data protection, privacy and control. More specifically, individuals will have the right to access their personal data, correct errors, object to or limit processing, erase, and request an export of their data from companies.

Keywords: [“data”]
Source: https://discover.sap.com/gdpr/en_us/index.html

GDPR – Page 3 – Legal News

The General Data Protection Regulation was published on 27 April 2016, and enforcement will begin on 25 May 2018. In some areas, the precise interpretation of the GDPR remains unclear, and businesses therefore face uncertainty in terms of their compliance obligations.

Keywords: []
Source: https://legalnews.be/en/tag/gdpr/page/3

General Data Protection Regulation Compliance

Take advantage of Microsoft product features to prepare for the General Data Protection Regulation. Download the Accelerate your GDPR Compliance Journey with the Microsoft 365 white paper and discover how you can take control, manage compliance and avoid risk.

Keywords: [“Take”,”Microsoft”,”Compliance”]
Source: https://www.microsoft.com/en-us/trustcenter/privacy/gdpr/readiness

Best Security Information & Event Management SIEM Vendors

Solutions Review brings all of the technology news, opinion, best practices and industry events together in one place. Every day our editors scan the Web looking for the most relevant content about Security Information & Event Management and posts it here.

Keywords: [“Event”]
Source: https://solutionsreview.com/security-information-event-management/…

Information Management

Email archives often overlooked in GDPR compliance efforts Nathaniel Borenstein Chief scientist. Whether it’s from customers, partners or colleagues, organizations collect hundreds, if not thousands, of emails that contain personal information every day.

Keywords: [“Email”]
Source: https://www.information-management.com/gdpr

GDPR Ready? Book A Complimentary Data Protection Risk Assessment Today

The General Data Protection Regulation applies to all companies, anywhere. In the world, which process any information about EU citizens. Introduces a new, broader definition of what ‘personal information’ means.

Keywords: [“information”]
Source: https://www.shredit.co.uk/en-gb/gdpr

GDPR e-news Archives

About cookies…. This website uses cookies to improve your experience on the site. To find out more about cookies or to opt out, visit our Cookies Policy.

Keywords: [“cookies”,”out”]
Source: http://www.napthens.co.uk/newsletter-update-type/gdpr-e-news