GDPR News Center News for 10-23-2018

Box GDPR Compliance

With the General Data Protection Regulation just around the corner, we’re committed to being GDPR-ready by May 25, 2018, so that our customers can use Box with GDPR compliance in mind. At Box, we meet the highest bars possible for data privacy, as well as support organizations using Box while meeting data privacy obligations across the globe. With Box, every company – regardless of location or data privacy obligations – can work as one. 

Keywords: [“Box”,”Data”,”privacy”]
Source: https://www.box.com/gdpr

» Organisations

The General Data Protection Regulation very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities. 

Keywords: [“Data”,”personal”,”how”]
Source: http://gdprandyou.ie/organisations/

General Data Protection Regulation Consulting & Compliance Services

Create a pragmatic roadmap and facilitate data compliance by evaluating current security practices against GDPR requirements. GDPR consulting tailors appropriate security measures to your organization’s requirements. Avoid new vulnerabilities with ongoing security testing, assessments and exercises. Implement security controls and processes to patch gaps and help to maintain a GDPR-compliant security posture. 

Keywords: [“security”,”GDPR”,”requirements”]
Source: https://www.secureworks.com/services/security-consulting/controls-compliance/gdpr

Protect Personal Data on Your Website

Manually searching for data across your digital presence is a tedious task. With Siteimprove GDPR, you save that time by automatically locating the personal data you handle online-think names, ID numbers, cookies, and more. Now you have the power to pinpoint and remove that data across your website, minimizing the risk of fines and other legal consequences on your way to GDPR compliance. 

Keywords: [“data”,”across”,”GDPR”]
Source: https://siteimprove.com/en-us/gdpr/

Data Protection and Complying with GDPR Laws

It’s no longer just about finding and securing data: it’s about proactively capturing the full context of data, classifying what level of security is needed, establishing and adhering to the necessary controls, and implementing ongoing best practices to ensure data is managed safely and successfully. Collibra provides the necessary foundation for any successful cyber security program. 

Keywords: [“data”,”Collibra”,”security”]
Source: https://www.collibra.com/data-governance/data-protection/

EU General Data Protection Regulation

FastSpring is compliant with the EU General Protection Regulation. Our ecommerce platform is capable of conducting business with all EU-based customers online store. FastSpring complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. 

Keywords: [“FastSpring”]
Source: https://fastspring.com/gdpr/

GDPR Compliance and Elasticsearch

Mike joined Elastic in 2016 from Prelert, where he’d been VP of Products for Prelert’s machine learning technology. Mike’s focus at Elastic is to help users and customers succeed with security-related applications of the Elastic Stack. Starting his career as an ASIC designer, Mike has led the development of SIEM, network IPS, DDoS Defense, and network monitoring solutions. 

Keywords: [“Elastic”,”Mike”,”network”]
Source: https://www.elastic.co/webinars/gdpr-compliance-and-elasticsearch

GDPR Compliance and Elasticsearch

Mike joined Elastic in 2016 from Prelert, where he’d been VP of Products for Prelert’s machine learning technology. Mike’s focus at Elastic is to help users and customers succeed with security-related applications of the Elastic Stack. Starting his career as an ASIC designer, Mike has led the development of SIEM, network IPS, DDoS Defense, and network monitoring solutions. 

Keywords: [“Elastic”,”Mike”,”network”]
Source: https://www.elastic.co/webinars/gdpr-compliance-and-elasticsearch

Data Mapping May Be the Hardest Part of GDPR Compliance

K Royal is in the business of making sure companies are compliant with the European Union’s General Data Protection Regulation. As senior director of privacy at compliance and security company TrustArc Inc., she helps organizations bridge the gap between knowing they must fully follow the GDPR, and actually crossing the finish line. 

Keywords: [“company”]
Source: https://www.law.com/corpcounsel/2018/08/15/data-mapping-may-be-the-hardest-part-of-gdpr-compliance/

Data Mapping May Be the Hardest Part of GDPR Compliance

K Royal is in the business of making sure companies are compliant with the European Union’s General Data Protection Regulation. As senior director of privacy at compliance and security company TrustArc Inc., she helps organizations bridge the gap between knowing they must fully follow the GDPR, and actually crossing the finish line. 

Keywords: [“company”]
Source: https://www.law.com/corpcounsel/2018/08/15/data-mapping-may-be-the-hardest-part-of-gdpr-compliance/

eBay Inc.

The General Data Protection Regulation is a comprehensive update to existing European Union laws that goes into effect on May 25, 2018. The GDPR was designed to harmonize data privacy laws across Europe, to protect and empower all EU resident’s data privacy and to reshape the way organizations across the region approach data privacy. 

Keywords: [“Data”,”privacy”,”across”]
Source: https://www.ebayinc.com/our-company/privacy-center/gdpr/

Analytics Platform

Matomo GDPR services We offer solutions and services to help you have a Matomo configuration ready for GDPR compliance. As the world leaders when it comes to privacy and customer data, we are looking forward to providing you support for our analytics platform which helps you achieve GDPR compliance easily. 

Keywords: [“GDPR”,”compliance”,”help”]
Source: https://matomo.org/gdpr/

General Data Protection Regulation

The General Data Protection Regulation, the world’s most expansive data privacy law, takes effect May 25, 2018. Any group that processes the personal data of European residents must comply with the new law. Non-compliance can result in fines up to €20million or 4% of annual turnover, whichever is higher. 

Keywords: [“Data”,”law”]
Source: https://www.veritas.com/gdpr

GDPR Compliance in 5 minutes

General Data Protection Regulation has created a wealth of uncertainty around compliance for marketers. This 5 minute summary explains the core principals for GPDR, what it means for inbound and outbound marketing and how to make web forms compliant. 

Keywords: [“marketers”]
Source: https://www.youtube.com/watch?v=cBRUYUheTTs

GDPR Compliance in 5 minutes

General Data Protection Regulation has created a wealth of uncertainty around compliance for marketers. This 5 minute summary explains the core principals for GPDR, what it means for inbound and outbound marketing and how to make web forms compliant. 

Keywords: [“marketers”]
Source: https://www.youtube.com/watch?v=cBRUYUheTTs

GDPR News Center News for 08-29-2018

IDC GDPR Hands-on Workshop

About IDC. International Data Corporation is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,100 analysts worldwide, IDC offers global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries. IDC’s analysis and insight helps IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. Founded in 1964, IDC is a wholly-owned subsidiary of International Data Group, the world’s leading media, data and marketing services company. 

Keywords: [“technology”,”IDC”,”Data”]
Source: https://www.idc.com/cee/events/65322-idc-gdpr-hands-on-workshop

Varonis Systems

Identifying GDPR data is the first step in preparing for the upcoming EU GDPR. With Varonis, you can automatically identify both country-specific and general patterns: country-specific patterns include Na.tional Identification Numbers, Vehicle ID information, Telephone numbers, Banking data, and more. Generic patterns include credit card numbers, IP addresses, even blood type. Once identified, you can generate reports on GDPR applicable data: including permissions, open access, and stale data. Classifications will help you meet GDPR head-on, building out security policy to monitor and alert on GDPR affected data. 

Get a personalized demo on how we help with GDPR with our expert team. 

Keywords: [“GDPR”,”data”,”Numbers”]
Source: https://www.varonis.com/products/gdpr-software

Fix it Fast

Fix it Fast will help you to implement the key requirements of GDPR. It contains templates, outlines, examples and plain-English explanations to help you to:Complete your data inventory so you know where all your data is. Draft and institute a Privacy Impact Assessment process. This book’s 10 Simple Steps will take you from beginning to end of your GDPR readiness and implementation project. This isn’t a legal book – it’s a practical, no-nonsense guide to getting the job done fast. 

This book helps is built for compliance officers, lawyers, information technology and information security professionals, and anyone else tasked with GDPR compliance to complete the critical tasks. 

Keywords: [“book”,”GDPR”,”help”]
Source: http://www.gdprfixitfast.com

GDPR Resource Centre

Peter oversees Bullhorn’s international operations outside North America in his role as Executive Vice President. Peter joined Bullhorn in 2009 and was responsible for its highly successful UK launch and continued expansion internationally. Peter has grown the international team to over 100 staff, established Bullhorn as the UK’s market leading recruitment software and has expanded Bullhorn’s reach into EMEA and APAC, achieving a user base of more than 30,000 international users. Prior to taking on the launch of Bullhorn International, Peter spent 20 years working in the recruitment industry and held a number of senior director roles before moving into the technology space. 

Keywords: [“Bullhorn”,”international”,”Peter”]
Source: https://www.bullhorn.com/uk/gdpr

GDPR Compliance

The European Union’s General Data Privacy Protection regulation institutes wide-sweeping changes to data privacy for any business collecting and processing data on EU citizens, residents, and visitors. It gives data subjects greater rights and control over their personal information and requires that businesses meet stringent data privacy protection measures as outlined in the GDPR. The GDPR goes into effect May 25, 2018 and businesses found in non-compliance face a fine of up to €20 million or 4 percent of annual revenue, whichever is greater. If you have not yet begun your GDPR compliance process, Imperva can help you meet key security requirements. 

Keywords: [“Data”,”GDPR”,”Privacy”]
Source: https://www.imperva.com/solutions/compliance

FuseMail

FuseMail, as part of the j2 Global group, is taking all necessary steps to comply with the GDPR, including engaging key stakeholders across our company to assess impact of the GDPR on our customers and actively evaluating our internal controls and procedures to identify any changes that need to be implemented in order to comply with the GDPR by the May 25, 2018 deadline. FuseMail will also be incorporating language into existing and new contracts and updating our privacy policies to provide additional assurance that we have appropriate legal mechanisms and safeguards in place to securely process and transfer personal data in relation to the services we provide. 

Keywords: [“GDPR”,”provide”,”comply”]
Source: https://fusemail.com/gdpr

QuickBooks and GDPR

GDPR will regulate the processing of personal data about EU individuals. This means the collection, storage, transfer or use of data, including the tracking of online activities. It doesn’t matter where the companies processing the personal data are based – if the information relates to an EU individual, it will be subject to the new law. Under GDPR, ‘personal data’ means any data that relates to an identified or identifiable individual, which includes things like your name, your home address, or a government-issued identification number. It does not include non-personal data, such a company registration number, a general corporate email alias or anonymised data. 

Keywords: [“data”,”include”,”individual”]
Source: https://quickbooks.intuit.com/uk/gdpr

GDPR Transparency and Consent Framework – IAB Tech Lab

IAB Europe and IAB Tech Lab have released the technical specifications for the GDPR Transparency & Consent Framework. The specifications will be maintained by a working group of the IAB Tech Lab going forward, in a collaboration between IAB Europe and IAB Tech Lab that leverages IAB Europe’s policy and legal expertise and IAB Tech Lab’s technical expertise. GDPR Transparency & Consent Framework – Cookie and Vendor List Format v1.0a. The following drafts are in public comment for 30 days until June 1, 2018 – however you are invited to adopt the pubvendors. Json technology as a beta implementation, even before the specifications are finalized. 

Keywords: [“IAB”,”Lab”,”Tech”]
Source: https://iabtechlab.com/standards/gdpr-transparency-and-consent…

GDPR News Center News for 08-19-2018

Become completely GDPR compliant

Providing Best PracticesWe will share our expertise in protecting your data, adopting privacy principles, and complying with many complex international regulations. We will also communicate to you all information we gather from any respective Data Protection Authority or other organization. It’s important to note that GDPR compliance is ultimately a shared responsibility. In order to appropriately adopt the legislative requirements, you must understand the obligations your business faces. For more details, see Using Act-On to Manage Consent for the GDPR. 

Contractual CommitmentsAct-On requires all vendors we do business with to be contractually compliant with the GDPR. We also provide our customers with standard data protection clauses if requested. Account Provisioning All European based clients are provisioned in our European data centers ensuring your account remains within the EU. Privacy ShieldAct-On Software complies with the EU-U.S. Privacy Shield Framework. 

We are committed to subjecting all personal data received from European Union member countries to the Framework’s applicable Principles. 

Keywords: [“data”,”European”,”GDPR”]
Source: https://www.act-on.com/resources/gdpr

Eversheds International

We can’t find the page you were looking for. You might have been taken to this page for a number of reasons. If you followed a link from another website, or used a bookmark, the page may have been moved to a new location. Die von Ihnen aufgerufene Seite kann leider nicht gefunden werden. Dies kann verschiedene Gründe haben:Wenn Sie die Webadresse selbst eingegeben haben, überprüfen Sie bitte die richtige Schreibweise. 

Wenn Sie über einen Link einer anderen Website auf diese Seite gelangt sind oder ein Lesezeichen verwendet haben, kann es sein, dass die Seite auf eine neue Adresse umgezogen ist. Hemos rediseñado nuestra página web hace poco. Si ha seguido un enlace desde otra página web o utilizado un marcador, es posible que la página haya cambiado de sitio. Désolés, mais la page demandée n’a pu être trouvée. Vous avez pu être redirigé vers cette page pour plusieurs raisons. 

Si vous avez saisi l’adresse du site internet, veuillez vérifier qu’elle a été correctement orthographiée. Si vous avez suivi un lien partir d’un autre site internet, ou si vous avez eu recours un signet, il est possible que la page ait été déplacée. 

Keywords: [“page”,”página”,”Die”]
Source: http://www.eversheds-sutherland.com/…/HR-e-brief-GDPR

IEEE Policy on GDPR

IEEE understands that, in an increasingly data-driven world, keeping personal data private is becoming more difficult. Most importantly, we care about you and respect and value your time. IEEE wants to ensure that we provide to you the tools necessary to perform your IEEE responsibilities in a compliant and efficient way. A new regulation called the General Data Protection Regulation takes effect on 25 May 2018 and is expected to have far-reaching impact on how business will be conducted worldwide. For IEEE volunteers, the current process of collecting personal data and emailing on behalf of IEEE will change and impact your day-to-day IEEE volunteer activities. 

A new process for collecting and using personal data will be communicated. For IEEE members, IEEE respects your privacy and wants to honor the way that you wish to receive communications. Our goal is to continue to provide our members with valuable IEEE updates, information on new products and services, and opportunities in a way that best fits each member. You will be asked to provide consent for us to continue to share the communications you value and may already receive. 

Keywords: [“IEEE”,”data”,”member”]
Source: http://sites.ieee.org/gdpr

Getting ready for the GDPR

Recognising that existing data protection laws were insufficient to manage how data is being governed in today’s digital world – the EU drafted a comprehensive new set of regulations, the General Data Protection Regulation, which comes into effect on 25th May 2018. The GDPR includes several new and increased obligations that all organisations holding EU citizen data will need to adhere to. It focuses heavily on protecting individuals and their data through greater transparency and trust. At Experian, we believe the GDPR presents a positive opportunity to improve the way you organise and process your data; increasing the value you get from it and reinforcing customer-centric business practices that are essential in our data-driven age. Despite the publicity surrounding GDPR, many surveys – including our own – show that a significant proportion of businesses do not know what to do to get ready for the GDPR, or haven’t started yet. 

To help you prepare for the GDPR we have designed four packages, that can be taken separately or collectively, to help you manage elements required by the GDPR to thrive in our data-driven economy. 

Keywords: [“GDPR”,”data”,”help”]
Source: https://www.edq.com/uk/gdpr

GDPR Home

Orrick’s GDPR Team is pleased to provide your organisation with our GDPR Readiness Assessment Tool to help you evaluate your organisation’s current state of compliance with the GDPR. Click on the button below to begin the questionnaire. You may need input from different stakeholders within your organisation to help answer some questions. You can also click on the Answer Summary button at any time which allows you to view all of the responses you have provided. Your responses will automatically be saved when you click the Finish button in the questionnaire. 

You can submit your responses for review or you can download your responses to finish filling out the questionnaire at a later date. After submitting your responses you can download a report setting out your organisation’s readiness for the GDPR along with a copy of your responses. To learn more about Orrick’s data protection practice, please visit our Web site. You can also read Orrick’s latest thought leadership on data protection, regulatory compliance and cybersecurity matters on our blog Trust Anchor. Upload answers from a previous unsubmitted questionnaire. 

Keywords: [“responses”,”questionnaire”,”organisation”]
Source: https://gdpr.orrick.com

GDPR News Center News for 06-20-2018

General Data Protection Regulations

GDPR will be the strictest compliance regulation to date. With tighter controls and significantly higher penalties, the new compliance law is poised to enforce the protection of European citizens’ private data like never before-forever impacting the way EU and U.S. organizations handle their data. The changes that GDPR requires will take considerable time and budget to develop and implement, so organizations need to start the process of upgrading their personal data security processes now. It’s estimated that achieving full compliance will take anywhere from several months to well over a year depending on an organization’s size, complexity, and current privacy maturity level. 

Being prepared to comply with GDPR will likely require significant changes to organizations’ policies as well as investments in new security and privacy tools, frameworks, technologies, and personnel. With a compliance deadline right around the corner, organizations need to get started today, if they have not already. Preparing for GDPR involves creating, reconfiguring, and beefing up many aspects of organizations’ current data security and compliance programs. HyTrust has already begun helping organizations to prepare for the looming radical changes to the compliance landscape with data security best practices and solutions that mitigate risks of a breach in any environment, including private, public hybrid and multi-cloud platforms. HyTrust has architected a state-of-the-art lifecycle approach that automates the protection of virtual machines and data so GDPR conformance can more easily be achieved while retaining the agility and IT cost savings benefits of a virtualized cloud infrastructure. 

HyTrust solutions supported by our Cloud Security Policy Framework looks holistically at the GDPR lifecycle process and provides capabilities that address each phase of that lifecycle from helping organizations understand where their GDPR sensitive data is located, who is accessing the data and when – to encrypting data-at-rest across any cloud platform and allowing organizations to own and manage their own encryption keys on premises with no impact to performance or business operations. With our flexible logical boundary enforcement capabilities, we also enable organizations to allow GDPR sensitive workloads and the data inside those workloads to only run and be decrypted on trusted hardware in specific locations. Leveraging these capabilities will make organizations much better prepared to respond to the most significant and strictest data privacy compliance mandates to date. 

Keywords: [“organizations”,”data”,”GDPR”]
Source: https://www.hytrust.com/gdpr

WTF is GDPR? – TechCrunch

A major point of note right off the bat is that GDPR does not merely apply to EU businesses; any entities processing the personal data of EU citizens need to comply. The extra-territorial scope of GDPR casts the European Union as a global pioneer in data protection – and some legal experts suggest the regulation will force privacy standards to rise outside the EU too. Sure, some US companies might prefer to swallow the hassle and expense of fragmenting their data handling processes, and treating personal data obtained from different geographies differently, i.e. rather than streamlining everything under a GDPR compliant process. At very least runs the risk of bad PR if you’re outed as deliberately offering a lower privacy standard to your home users vs customers abroad. 

Ultimately, it may be easier for businesses to treat GDPR as the new ‘gold standard’ for how they handle all personal data, regardless of where it comes from. GDPR inflating the financial risks around handling personal data should naturally drive up standards – because privacy laws are suddenly a whole lot more costly to ignore. The proposed data redress body – called noyb; short for: ‘none of your business’ – is being made possible because GDPR allows for collective enforcement of individuals’ data rights. Consent requirements for processing personal data are also considerably strengthened under GDPR – meaning lengthy, inscrutable, pre-ticked T&Cs are likely to be unworkable. on the plus side for data controllers – GDPR removes the requirement to submit notifications to local DPAs about data processing activities. 

The data protection officer role that GDPR brings in as a requirement for many data handlers is intended to help them ensure compliance. Under GDPR, people who have consented to their personal data being processed also have a suite of associated rights – including the right to access data held about them; the right to request rectification of incomplete or inaccurate personal data; the right to have their data deleted; the right to restrict processing; the right to data portability. There’s more! Another major change under GDPR relates to security incidents – aka data breaches – with the regulation doing what the US still hasn’t been able to: Bringing in a universal standard for data breach disclosures. Having a written contract in place between a data controller and a data processor was a requirement before GDPR but contract requirements are wider now and there are some specific terms that must be included in the contract, as a minimum. 

Keywords: [“data”,”GDPR”,”personal”]
Source: https://techcrunch.com/2018/01/20/wtf-is-gdpr

How our products help with GDPR compliance

Securing and managing personal data is critical to you, your customers, and to complying with the coming requirements of the GDPR. Microsoft designed Enterprise Mobility + Security to safeguard customer data both in the cloud, and on-premises, with industry-leading security capabilities. This includes personal data no matter where it might travel across your users, devices, and apps. Enterprise Mobility + Security offers innovative technology and solutions today that can help you on your journey to reducing risks and achieving compliance with the GDPR.Microsoft designed Enterprise Mobility + Security with industry-leading security capabilities to safeguard your data in the cloud, including the categories of personal data identified by the GDPR. Enterprise Mobility + Security can help you on your journey to reducing risks and achieving compliance with the GDPR.The GDPR obligations include discovering what personal data you hold and where it resides, controlling how your users access and use personal data, and establishing security controls to prevent, detect, and respond to vulnerabilities and data breaches. 

Azure Active Directory helps you ensure that only authorized users can access your computing environments, data, and applications. Microsoft Cloud App Security helps you discover all the cloud apps in your environment, identify users and usage, and get a risk score for each app. Cloud App Security then provides visibility, control, and threat protection for the data stored in those cloud apps. Microsoft Intune helps you protect data that may be stored on personal computers and mobile devices. You can control access, encrypt devices, selectively wipe data, and control which applications store and share personal data. 

Microsoft Azure Information Protection helps ensure that your data is identifiable and secure, a key requirement of the GDPR-regardless of where it’s stored or how it’s shared. You can classify, label, and protect new or existing data, share it securely with people within or outside of your organization, track usage, and even revoke access remotely. Azure Information Protection also includes rich logging and reporting to monitor the distribution of data, and options to manage and control your encryption keys. It employs machine learning and the latest user and entity behavioral analytics to help find advanced persistent threats and detect suspicious activities and malicious attacks used by cybercriminals, to help identify breaches before they cause damage to your business. 

Keywords: [“data”,”Security”,”help”]
Source: https://www.microsoft.com/en-us/trustcenter/privacy/gdpr/solutions

GDPR News Center News for 06-16-2018

Address GDPR Requirements with SAP Customer Data Cloud, from Gigya

If you serve even a single customer in Europe -thanks to the European Union’s General Data Protection Regulation – you must now maintain proof of how, when, where and why you collect and process their personal data. SAP Customer Data Cloud, from Gigya, can help your business address many of the toughest requirements of the GDPR. By enabling you to be more transparent with your customers in how you collect and use their personal data, our products are designed to help you build trust with your customers and encourage long-term brand loyalty. SAP Customer Data Cloud helps businesses identify, engage and build a single view of each customer, to better understand who they are and fuel trusted, relevant experiences across their journeys. Our products are designed to help address many aspects of GDPR compliance without breaking the customer experience. 

Consumer data protection and privacy: Central to our three integrated products SAP Customer Identity. SAP Customer Identity offers registration forms that are customizable through UI builder, markup extensions or direct API access, enabling clients to easily set up consistently branded forms and flows that conform to requirements for different markets and regions. Thanks to GDPR, it’s now imperative to obtain explicit consent from consumers to use their data, to manage each customer’s profile, preference and consent data throughout their relationship with your business, and to enable access to a self-service preference center where customers can view, update, export, delete and freeze processing of their data. SAP Customer Consent provides full lifecycle enterprise preference management that helps businesses address these requirements and build trust and loyalty with customers. SAP Customer Profile facilitates this unified customer view, which also supports compliance by centralizing the governance and orchestration of customer data across the organization, providing visibility into the status of every application and service, and helping businesses respond to regulatory audit requests in a timely manner. 

SAP Expert Services for SAP Customer Data Cloud is dedicated to ensuring that your implementation meets your business objectives, and that you are equipped with the knowledge and tools that you need to succeed – right out of the gate and into the future. As part of our implementation process, the flow of customer data within the organization and among third-party technologies will be fully mapped so that the proper processes can be architected for editing and deleting data. Throughout the process, we will apply privacy-by-design principles and methodologies to help address the numerous requirements of the GDPR for transparent online interactions and customer visibility and control of data. 

Keywords: [“customer”,”Data”,”help”]
Source: https://www.gigya.com/solution-addressing-gdpr-compliance

What is the GDPR? And What Does it Mean for the Marketing Industry?

If Amy downloads an ebook from The Paint Company to research what colours she can combine for the decoration of her new house, The Paint Company will need to make sure that they explain to Amy how they’re going to use her data. So while it’s clearly important to be transparent at the time of collection, it’s important that organizations remain open and transparent throughout the marketing process, and in terms of how it manages personal data after the relationship has ended. If the online course is being run by a third party training company on behalf of The Paint Company, they, The Paint Company will need to ensure that the training company have Amy’s consent to use the data. Depending on the type of data collected and the ways it is being used, companies may need to consider encrypting the data, using pseudonymization or anonymization methods to protect it or segregating the data from other data in their systems. Before collecting the data, The Paint Company should have assessed the types of data they planned to collect and work with their security team to ensure that it meets the standards of the GDPR. 

These standards will differ depending on the kinds of data collected and how they’ll use that data. Only employees who need to access that data for the intended purpose have access to it and contracts with any vendors touching that data contain the relevant security protections. Before running the campaign, The Paint Company will need to ensure their system has the capability to not only obtain Amy’s and the other participant’s consent to all uses of their data, but also to record that consent. So if the relationship is terminated for any reason, they need to ensure they have a data retention policy in place which outlines how long they will retain that individual’s data for and the business justification for holding on to the data for that specified period. The Paint Company will need to ensure they comply with their own data retention policy if they want to hold on to any of Amy’s data after her account is closed. 

If the individual requests at any time that their data should be deleted, the data controller has to comply with that request and confirm the deletion, not only from their own systems but from any downward vendors’ systems who were processing that data on behalf of the organization. We expect greater communication and transparency around data collection will lead to better understanding about why people should share data. It’s rightly causing many organizations to rethink how they approach marketing, but it’s also a huge opportunity for businesses to articulate the importance of people sharing their data and how it leads to greater personalization, better products and services, and a more efficient data economy. 

Keywords: [“data”,”company”,”GDPR”]
Source: https://blog.hubspot.com/marketing/what-is-the-gdpr

GDPR News Center News for 04-11-2018

GDPR: What Americans Need to Know

The General Data Protection Regulation will be the global law of the land starting on May 25, 2018. The GDPR requires any company that does business with European Union-based residents to maintain strict data protection protocols. The processes for collecting data must be relevant to how the data will be used by the company. Companies should be willing and able to explain exactly what data has been collected and why. Security practices must demonstrate a clear ability to safeguard against loss, damage, and destruction, and data should not be held longer than is necessary. A few issues include abstractly written rules for why data is being collected, overreaching requirements for scrubbing customer data when requested, and the need for some companies to totally revamp security procedures solely for the purpose of ensuring compliance. Under the bylaws, EU citizen data must be protected and you must provide the citizen with said data if he or she requests it. You may be required to purge that data from your systems if and when the citizen makes the request. The law instead focuses on personally identifiable information and where the person associated with the data resides. If your company is hit by a massive cyberattack on May 26, 2018, then you can’t claim “Insufficient time” as an excuse for divulging EU citizen data. “You can be asked to show your journey into compliance already. Have you inventoried? What’s your protocol for an EU citizen to ask about your data? These companies can be asked for this information right now. They will start to be fined next year if they can’t demonstrate compliance after May.”. This person, whom the GDPR law dubs the “Data Protection Officer,” will be the point person responsible for walking the GDPR oversight team through the ways in which your company has been securing its data. You’ll need to verify employee identities and institute multi-factor authentication when accessing PII and for transactions that include PII data. You’ll need to cut out any practices that access or process data for unauthorized purposes, constantly monitor and verify data to ensure relevance, and completely and irreversibly purge customer data when asked to do so. Finally, if your organization’s data is breached, then you’ll need to notify your associated GDPR supervisor immediately to describe the breach and its consequences in full.

Keywords: [“Data”,”company”,”GDPR”]
Source: https://www.pcmag.com/article/356899/gdpr-what-americans-need-to-know

Moodle’s GDPR approach and plan

Here we outline Moodle’s approach and plan for the implementation of support for the EU General Data Protection Regulation. Earlier this year we reached out to the community through our forums and social media to gauge the needs of different organisations on how they would need to comply with GDPR. We received direct input from a number of Moodle institutions, our Moodle Partner network and developers. During the summer we put together an initial plan on what developments are needed to enable organisations using Moodle to comply with GDPR and then sought more feedback. We have also engaged a specialist lawyer from Europe on a consultancy basis who has a strong background in data protection and data privacy to examine the specifications and make recommendations on where they can be improved to better enable organisations to be GDPR compliant. We now have a plan to meet those needs and are scheduling the development within our Open Source team under the lead of Sander Bangma, our new Open Source coordinator. The PlanWe have a set of features now in development which will meet those compliance needs covering the following areas: onboarding of new users, privacy statements, the tracking of consent and handling of subject access requests. Listing and requesting consent for all 3rd-parties who may receive user data. A request to erase all identifiable user data on Moodle. We will be releasing these plugins, scheduled for March 2018, which will enable those using Moodle 3.3 and 3.4 to become compliant with the new regulations by installing and configuring the plugins in addition to implementing the required organisational procedures and processes. These features will then become part of Moodle 3.5 release which is a Long Term Supported version of Moodle. If you are not on Moodle 3.3 or above we recommend you upgrade before the end of February 2018. We are currently reviewing in what form we will offer a solution for Moodle 3.2 and below. If you are on Moodle 3.3 or above you should make sure that you update to the most recent version of these releases. Installing the plugins alone is not going to be enough to meet the GDPR requirements. Correct configuration and implementation of the required processes and procedures is also required and you should engage with your IT and legal department on what is required.

Keywords: [“Moodle”,”need”,”Data”]
Source: https://moodle.com/2017/12/21/moodle-gdpr-approach-plan

GDPR – REVOLUTION 99 – GRATEFUL DREAD PUBLIC RADIO – PEACE-PROGRESSIVE NEWS/TALK NETRADIO FOR A BETTER WORLD

GRATEFUL DREAD PUBLIC RADIO, founded in Baltimore in 1996, provides peace-progressive news/talk internet radio for the revolution! GDPR Revolution99 is independent, listener-supported activist netradio for a better world: news/talk programming, activism, POVs you won’t find in mainstream, corporate radio and more. We are radio for the progressive community and the anti-Trump resistance, the 99 Percent’s one-stop shop for voices and views you won’t find in the corporate establishment media. Our peace-progressive programming covers the gamut: progressive talk shows; news and analysis programming; green-focused environmental offerings with a focus on sustainability; educational shows and documentary and lecture series; inspirational activism-centered programs that inspire positive action for peace and justice and the necessary stance against the fascist and bigoted Republican Party and Donald Trump; public affairs programs covering religion, LGBT issues, the workers’ movement, and more; and, of course, arts and culture programming that fills the air with beautiful language, important literature, and sounds ranging from Rodgers and Hammerstein to Garcia and Weir. Check out our complete program guide, and then tune in and turn on! LISTEN LIVE HERE. ARMCHAIR ACTIVIST ALERT OF THE DAY ARCHIVE. Join us as we work to move the revolution of the 99 percent forward. We are independent, noncorporate, listener-funded noncommercial media for We The People; we exist for YOU: Listen regularly and support our work – click the support link above for numerous ways to help or use the donation button on the right side of the page. With Trump in power, the republic, the people, and independent alternative media are particularly vulnerable. In the fight for a better nation and world, we must work together. PLEASE SUPPORT GDPR EMERGENCY GOFUNDME CAMPAIGN. Your help is needed more than ever. LEND A HELPING HAND. Global Giving has a list of a number of projects that provide emergency. Hispanic Federation is accepting donations to help those. We must help our fellow citizens – they need our assistance! You can help people affected by disasters big and small,like the wildfires and countless other crises, by supporting Red.Cross Disaster Relief. Your gift enables the group to prepare for,respond to, and help people when they need it the most.

Keywords: [“program”,”help”,”work”]
Source: http://gdprnashville.org