GDPR News Center News for 10-21-2018

What do you do about General Data Protection Regulation?

We have adjusted our Terms of service to reflect this. Privacy and security are critical to everything we do. Mapping of security & privacy measures – Done CAIQ. Data store mapping – Done. Storage of customer’s DPO and security contacts – Done. 

Notification of customers about changes in conditions and DPA – Done. Algolia is also SOC2 Type 2 audited organization and complies with all the Security, Availability and Confidentiality requirements. We value your privacy, and we’ll do everything we can to protect it. Find out how to delete your personal data or how to delete your user’s data. Your data primarily stays in regions where you decide your data to reside. 

Logs of search queries and operations can be processed outside of the EU but always stay in a system respecting privacy and security. We comply with GDPR with our Community/Free plans as well. 

Keywords: [“Data”,”security”,”service”]
Source: https://www.algolia.com/doc/faq/security-privacy/gdpr/

Accellion Secure File Sharing Platform

Businesses must be able to find their European customers’ personally identifiable information and show who has access to the data, what they’re doing with it, and who they’re sharing it with to achieve GDPR compliance. The Accellion secure file sharing and governance platform provides this level of visibility and control to help businesses demonstrate GDPR compliance. Encryption key ownership – you decide when to rotate. Audit trail to connected on-prem and cloud content sources. Detailed reports allow for data analysis down to the file level. 

Full traceability of all content right up to delivery. Know and demonstrate which files have passed or failed AV, DLP and ATP scans. Comprehensive audit logs show data has been delivered and/or deleted. Automatically remove content upon project completion. 

Keywords: [“content”,”file”,”data”]
Source: https://www.accellion.com/platform/governance/gdpr-compliance/

GDPR Compliance

Inform: Review your vendor list and get comfortable with how data flows across your business, what type of personal data you collect and who has access. If JotForm is one of your vendors, and you have determined that you need a DPA in place with Jotfrom, our GDPR compliant DPA is available for download and signature at the link above. Assess: Undertake a risk assessment within your business and identify any gaps that need to be filled in order to meet GDPR compliance. Plan: Get in touch with us to understand how our products can help meet your compliance needs, and develop an action plan that is mindful of the May 25, 2018 deadline. Act: Implement your GDPR compliance program and make GDPR compliance an ongoing discipline. 

Keywords: [“compliance”,”GDPR”,”need”]
Source: https://www.jotform.com/gdpr-compliance/

GDPR Compliance

Inform: Review your vendor list and get comfortable with how data flows across your business, what type of personal data you collect and who has access. If JotForm is one of your vendors, and you have determined that you need a DPA in place with Jotfrom, our GDPR compliant DPA is available for download and signature at the link above. Assess: Undertake a risk assessment within your business and identify any gaps that need to be filled in order to meet GDPR compliance. Plan: Get in touch with us to understand how our products can help meet your compliance needs, and develop an action plan that is mindful of the May 25, 2018 deadline. Act: Implement your GDPR compliance program and make GDPR compliance an ongoing discipline. 

Keywords: [“compliance”,”GDPR”,”need”]
Source: https://www.jotform.com/gdpr-compliance/

How the Next-Generation Security Platform Contributes to GDPR Compliance

The General Data Protection Regulation is the European Union’s forthcoming personal data protection law. In May 2018, the GDPR will replace the 1995 Data Protection Directive, significantly changing the rules surrounding protection of personal data of EU residents. The Palo Alto Networks Next-Generation Security Platform can help with organisations’ security and data protection efforts related to GDPR compliance by assisting in securing personal data at the application, network and endpoint level, as well as in the cloud. It can also assist in understanding what data was compromised in the unfortunate instance of a breach, but first and foremost it will help organisations prevent data breaches from happening at all. 

Keywords: [“Data”,”Protection”,”personal”]
Source: https://www.paloaltonetworks.com/resources/whitepapers/gdpr-compliance-next-generation-security-platform

How the Next-Generation Security Platform Contributes to GDPR Compliance

The General Data Protection Regulation is the European Union’s forthcoming personal data protection law. In May 2018, the GDPR will replace the 1995 Data Protection Directive, significantly changing the rules surrounding protection of personal data of EU residents. The Palo Alto Networks Next-Generation Security Platform can help with organisations’ security and data protection efforts related to GDPR compliance by assisting in securing personal data at the application, network and endpoint level, as well as in the cloud. It can also assist in understanding what data was compromised in the unfortunate instance of a breach, but first and foremost it will help organisations prevent data breaches from happening at all. 

Keywords: [“Data”,”Protection”,”personal”]
Source: https://www.paloaltonetworks.com/resources/whitepapers/gdpr-compliance-next-generation-security-platform

Working toward GDPR compliance

Compliance doesn’t have to be a scary word – even when facing the multifaceted challenges of meeting the European Union’s May 2018 deadline for its General Data Protection Regulation. SAS conducted a global GDPR survey among 340 business executives from multiple industries. Based on the results of that survey, this e-book delves into the biggest opportunities and challenges organizations face on the road to GDPR compliance. How to get started on the best path to compliance, based on advice from industry experts. How to turn this compliance challenge into a competitive advantage. 

How your peers are preparing across a variety of industries. An end-to-end approach that can help guide your journey to GDPR compliance. 

Keywords: [“Compliance”,”How”,”industry”]
Source: https://www.sas.com/en_us/whitepapers/gdpr-compliance-109048.html

GDPR News Center News for 10-02-2018

5 last-minute GDPR resources to help bring businesses into compliance

This Friday is the deadline for compliance with the European Union’s new General Data Protection Regulation, widely considered the strictest law in the world in terms of regulating the collection and use of consumer data. In broad strokes, GDPR generally requires companies get clear consent for collecting people’s personal data and allows people to access the data stored about them, fix it if it’s wrong, and delete it if they so choose. Even if your business isn’t based in the EU, it may still be required to comply with GDPR if it collects data on people in the EU, and the fines for not complying can be severe: up to 20 million euros or 4% of annual revenue in the most egregious cases. If you’re still scratching your head about what you need to do to get ready for the new law, here are a few resources that can help. Parker, an automated chatbot from international law firm Norton Rose Fulbright, can help if you’re still figuring out whether your business outside the EU even needs to comply with GDPR. 

Essentially a checklist in chat form, the tool can help you decide in a few minutes how concerned you need to be about the new regulation. This GDPR compliance checklist, developed by a group of startup founders from Belgium, can help you take the same rigorous approach to making sure you’re ready for the new law. While this guide is aimed at designers, it’s useful to anyone who’s involved in crafting websites, apps, or services that are going to potentially handle people’s personal data. Designers, developers, and managers all need to be thinking about what data they actually need to collect, and where they can store and process it. They also need to make sure users clearly agree to what’s going on and have the legally required resources to access, update, and delete their data if need be. 

If you want to let your customers see the data you have on them-and update or delete it if they wish-but you also store data across multiple cloud vendors, you might have some work to do. One solution is to use a core tool that syncs that data to as many of those third-party cloud services as possible to simplify things when those user requests come in or you’re preparing your compliance documentation. Segment, which has long helped companies connect with third-party data services, has rolled out tools to help its customers track those requests, data updates, and user consent changes to forward them on to supported vendors. 

Keywords: [“Data”,”need”,”new”]
Source: https://www.fastcompany.com/40575829/5-last-minute-gdpr-resources-to-help-bring-businesses-into-compliance

How to Comply with GDPR

The GDPR is designed to protect the personal data of EU citizens, and to do so it regulates how such data is collected, stored, processed, and destroyed. Perhaps most importantly, the territorial scope of the law is very broad. Article 3 of the GDPR states that a company anywhere in the world is subject to the GDPR if it processes the personal data of anyone residing in the EU. It doesn’t matter if your company has no offices or employees in the EU, or even if no transactions are carried out in the EU. If you process an EU citizen’s personal data, then you need to comply with the GDPR or face the financial consequences. 

While GDPR compliance is important, it is vital not to forget about the other compliance and data privacy regulations that may apply to your organization. This includes a GDPR checklist for data controllers and a GDPR checklist for data processors. Consider how to verify individuals’ ages and how you can obtain parental or guardian consent for any data processing activity. Designate someone to take responsibility for data protection compliance and consider whether you are required to formally designate a Data Protection Officer. The GDPR makes a distinction between a data processor and a data controller. 

For more on Data Protection Impact Assessments, see How a Data Protection Impact Assessment Helps You Comply with GDPR.Right to access, rectification and erasure. How to protect customer information under GDPR. The GDPR is designed to protect Data Subjects, but it goes to great lengths to avoid spelling out in technical terms what you need to do to ensure that you achieve suitable levels of data security. It’s a common myth that the GDPR requires the use of data encryption, and some consultants appear to be pushing sales of encryption products by implying that all you need to do is encrypt all your data and you will satisfy 90% of GDPR requirements. Any encryption initiative will likely involve an encryption product that handles data encryption as well as manages encryption keys, and may also include a cloud encryption gateway to ensure that data that is sent to the cloud for storage or processing is also encrypted. 

Detecting breaches is far from trivial – it takes an average of 191 days for data breaches to be detected, according to the Ponemon Institute’s 2017 Cost of A Data Breach Study. 

Keywords: [“Data”,”GDPR”,”company”]
Source: https://www.esecurityplanet.com/network-security/how-to-comply-with-gdpr.html

GDPR News Center News for 10-01-2018

What is GDPR? Understanding and Complying with GDPR Data Protection Requirements

A Definition of GDPR. The General Data Protection Regulation, agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data. The purpose of the GDPR is to impose a uniform data security law on all EU members, so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU. 

In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally. Articles 17 & 18 – Articles 17 and 18 of the GDPR give data subjects more control over personal data that is processed automatically. The result is that data subjects may transfer their personal data between service providers more easily, and they may direct a controller to erase their personal data under certain circumstances. Article 31 specifies requirements for single data breaches: controllers must notify SAs of a personal data breach within 72 hours of learning of the breach and must provide specific details of the breach such as the nature of it and the approximate number of data subjects affected. 

Articles 33 & 33a – Articles 33 and 33a require companies to perform Data Protection Impact Assessments to identify risks to consumer data and Data Protection Compliance Reviews to ensure those risks are addressed. Articles 36 & 37 – Articles 36 and 37 outline the data protection officer position and its responsibilities in ensuring GDPR compliance as well as reporting to Supervisory Authorities and data subjects. Article 45 – Article 45 extends data protection requirements to international companies that collect or process EU citizens’ personal data, subjecting them to the same requirements and penalties as EU-based companies. For many of these companies, the first step in complying with GDPR is to designate a data protection officer to build a data protection program that meets the GDPR requirements. 

Keywords: [“Data”,”GDPR”,”company”]
Source: https://digitalguardian.com/blog/what-gdpr-general-data-protection-regulation-understanding-and-complying-gdpr-data-protection

What is GDPR? Understanding and Complying with GDPR Data Protection Requirements

A Definition of GDPR. The General Data Protection Regulation, agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data. The purpose of the GDPR is to impose a uniform data security law on all EU members, so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU. 

In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally. Articles 17 & 18 – Articles 17 and 18 of the GDPR give data subjects more control over personal data that is processed automatically. The result is that data subjects may transfer their personal data between service providers more easily, and they may direct a controller to erase their personal data under certain circumstances. Article 31 specifies requirements for single data breaches: controllers must notify SAs of a personal data breach within 72 hours of learning of the breach and must provide specific details of the breach such as the nature of it and the approximate number of data subjects affected. 

Articles 33 & 33a – Articles 33 and 33a require companies to perform Data Protection Impact Assessments to identify risks to consumer data and Data Protection Compliance Reviews to ensure those risks are addressed. Articles 36 & 37 – Articles 36 and 37 outline the data protection officer position and its responsibilities in ensuring GDPR compliance as well as reporting to Supervisory Authorities and data subjects. Article 45 – Article 45 extends data protection requirements to international companies that collect or process EU citizens’ personal data, subjecting them to the same requirements and penalties as EU-based companies. For many of these companies, the first step in complying with GDPR is to designate a data protection officer to build a data protection program that meets the GDPR requirements. 

Keywords: [“Data”,”GDPR”,”company”]
Source: https://digitalguardian.com/blog/what-gdpr-general-data-protection-regulation-understanding-and-complying-gdpr-data-protection

5 last-minute GDPR resources to help bring businesses into compliance

This Friday is the deadline for compliance with the European Union’s new General Data Protection Regulation, widely considered the strictest law in the world in terms of regulating the collection and use of consumer data. In broad strokes, GDPR generally requires companies get clear consent for collecting people’s personal data and allows people to access the data stored about them, fix it if it’s wrong, and delete it if they so choose. Even if your business isn’t based in the EU, it may still be required to comply with GDPR if it collects data on people in the EU, and the fines for not complying can be severe: up to 20 million euros or 4% of annual revenue in the most egregious cases. If you’re still scratching your head about what you need to do to get ready for the new law, here are a few resources that can help. Parker, an automated chatbot from international law firm Norton Rose Fulbright, can help if you’re still figuring out whether your business outside the EU even needs to comply with GDPR. 

Essentially a checklist in chat form, the tool can help you decide in a few minutes how concerned you need to be about the new regulation. This GDPR compliance checklist, developed by a group of startup founders from Belgium, can help you take the same rigorous approach to making sure you’re ready for the new law. While this guide is aimed at designers, it’s useful to anyone who’s involved in crafting websites, apps, or services that are going to potentially handle people’s personal data. Designers, developers, and managers all need to be thinking about what data they actually need to collect, and where they can store and process it. They also need to make sure users clearly agree to what’s going on and have the legally required resources to access, update, and delete their data if need be. 

If you want to let your customers see the data you have on them-and update or delete it if they wish-but you also store data across multiple cloud vendors, you might have some work to do. One solution is to use a core tool that syncs that data to as many of those third-party cloud services as possible to simplify things when those user requests come in or you’re preparing your compliance documentation. Segment, which has long helped companies connect with third-party data services, has rolled out tools to help its customers track those requests, data updates, and user consent changes to forward them on to supported vendors. 

Keywords: [“Data”,”need”,”new”]
Source: https://www.fastcompany.com/40575829/5-last-minute-gdpr-resources-to-help-bring-businesses-into-compliance

GDPR News Center News for 08-30-2018

[WEBINAR] GDPR Compliance: “Explain Like I’m Five” with Data Privacy Expert

Jodi Daniels is a digital privacy expert with more than 19 years of experience in privacy, marketing, strategy, and finance roles. She is the founder of Red Clover Advisors, a data privacy consultancy that assists companies with GDPR compliance, operationalizing privacy, digital governance, and online data strategy. Ms. Daniels has worked in multiple industries such as financial services, automotive, media, and retail for Cox Enterprises, The Home Depot, and Deloitte. She most recently served as the privacy partner for digital banking and digital marketing, financial center channel operations, ATMs, and military banking channels at Bank of America. 

Keywords: [“privacy”,”digital”,”Bank”]
Source: https://www.bettercloud.com/monitor/webinar-gdpr-compliance

FE Preparing for GDPR

Like many companies FE is currently preparing for the General Data Protection Regulation when it comes into effect in May 2018. As a company that is built on the data we collect, you can imagine we are taking the GDPR requirements very seriously and are working to ensure that our privacy standards meet all the requirements of the regulation. To ensure we meet the standards required by GDPR, the way in which you login to FE Analytics and other products and services provided by FE will need to change. Over the coming weeks and months we will let you know what action you need to take. Please look out for further announcements and take the time to action them. 

Keywords: [“take”,”action”,”need”]
Source: http://info.financialexpress.net/gdpr

The General Data Protection Regulation

The General Data Protection Regulation is a series of laws that were approved by the EU Parliament in 2016. The EU’s General Data Protection Regulation is an initiative by the EU to bring data protection legislation into line with new ways that data is now used. The new regulations will give users great control over their data, including the ability to export it, withdraw consent and request access to it. It also makes data protection rules more or less identical throughout the EU, allowing for the easier transfer of data through out the European Union. It will affect any company that does business with Europe, whether they are based in the EU or not. 

Keywords: [“Data”,”Protection”,”Regulation”]
Source: https://www.privacytrust.com/gdpr

Countdown to GDPR Summit 2018

‘Driven by demand, and it’s game-changing importance, this will be our 3rd GDPR Summit in the space of just 7 months. No other topic area has ever generated this amount of attention’. It requires organisations to adhere to a host of strict data protection rules for processing the data of EU residents and will penalise those who are non- compliant. Heralding a new era in the regulation of personal data processing in Europe, the GDPR amplifies and expands the rights of individuals to control how their personal information is collected and processed and places new obligations squarely on the shoulders of organisations that collect personal data. 

Keywords: [“data”,”personal”,”processed”]
Source: https://gdpr18.com

GDPR Suite

This new regulation will dramatically change to the way data must be handled and processed in the European Union. iGrafx provides the intellectual property of knowing the regulatory elements of GDPR, the means to assess risk from the process perspective, and the system to document operations, model data flow, audit controls, implement GDPR required processes, all in order to help achieve GDPR compliance now and, most importantly, maintain it into the future. A solution for all GDPR Stakeholders: Legal, IT and Process. Process Templates to expedite documentation and automation. Complete visibility and control via Data Flow Modeling. 

Keywords: [“GDPR”,”process”,”data”]
Source: https://www.igrafx.com/products/gdpr-suite

GDPR Compliance: Essential Training

Course Transcript- [Mandy Huth] GDPR is the most comprehensive privacy regulation enacted to date. Any business that has European connections is likely impacted. Hi, I’m Mandy Huth, and I’ve helped organizations with over two billion dollars in revenue prepare for GDPR. In this course, I’ll show you the basics of the GDPR regulation. I’ll begin by discussing what it entails and who it impacts. 

I’ll show you who is responsible for protecting, monitoring and reporting data in various situations. Finally, I’ll discuss the rights of the data subject and how organizations must notify those subjects in case of a data breach. 

Keywords: [“I'll”,”data”,”GDPR”]
Source: https://www.linkedin.com/learning/gdpr-compliance-essential-training

Preservica

Preservica complies with the current 1998 Data Protection Act, and by 25th May 2018, Preservica cloud products and operations will meet the requirements of the General Data Protection Regulation helping our customers protect the rights of their data subjects. It’s important to note that although the GDPR is an EU regulation it may still apply to any organization which is a controller of personal data for an EU data subject, even if that organization is outside of the EU. Preservica will help ensure you meet your GDPR obligations and preserve your valuable digital information for the long-term. 

Keywords: [“Data”,”Preservica”,”organization”]
Source: https://preservica.com/about/gdpr

Data Governance for GDPR Compliance

Any company that processes personal data of individuals residing in the European Union must adhere to GDPR, regardless of their location. This infographic outlines the impact of not complying. DATUM’s GDPR Solution does the heavy lifting so you don’t have to. We provide the experts, the formula, the methodology and the assets you need to successfully comply with the new regulation. GDPR privacy regulation will significantly impact data governance for companies worldwide. 

This webinar sheds light on GDPR’s potential impact on your organization, as well as provide direction on how to meet this challenge head on. 

Keywords: [“GDPR”,”impact”,”regulation”]
Source: http://www.datumstrategy.com/gdpr-solution

GDPR News Center News for 08-02-2018

Trust, Safety & Compliance: A Survivor’s Guide to GDPR-mageddon

Washington D.C. – May 10, 2018 – One World Identity, an independent identity research and strategy company, today released ‘Trust, Safety & Compliance: A Survivor’s Guide to GDPR-mageddon,’ serving as the definitive primer on upcoming privacy rules in the European Union. The EU’s General Data Protection Regulation goes into effect on May 25th, 2018, and will have an effect on all companies that collect user data, making the need for clarity crucial in the days and weeks to come. The report provides a deep dive into providing a strong understanding of the changes that GDPR sets forth, and gives companies the concrete steps required to turn compliance into a competitive advantage. What GDPR says and further clarification on practical implications. How GDPR impacts each of the five OWI Identity Building Blocks, and highlights questions companies should consider as they adapt to consumer-centric data processing standards. 

Seven concrete steps companies can put in place now and whether or not such companies would be facing an immediate compliance mandate from GDPR. What companies should be watching for in the near-term. GDPR is about identity – the information that companies collect from their customers, the organizations with which those identities are shared, and the decisions that are made based on processing identity attributes. The new principles and data subject rights established under GDPR are wide-ranging, but companies won’t truly understand their scope until the first rounds of sanctions for noncompliance are levied after May 25, 2018. GDPR will raise the bar for data protection worldwide, even where the regulation doesn’t actively apply. 

Keywords: [“GDPR”,”company”,”Data”]
Source: https://oneworldidentity.com/trust-safety-compliance-a-survivors…

GDPR Briefing for marketing professionals

Learn the concepts and guidance of the GDPR and how you need to respond and when. Understand the context of GDPR, explaining differences to previous data protection legislation and relating it other laws such as the new ePrivacy directive / Privacy and Electronic Communications Regulations which will come into force at a similar time to GDPR. Prioritise actions you need to take to prepare and implement your solution. GDPR affects all businesses that market to customers in Europe. Senior marketing managers such as CMOs, heads of marketing and brand managers. 

Marketers involved with implementing GDPR, i.e. campaign and email marketing managers and execs. The guide contains practical information to help you understand GDPR and implement anything required before it comes into force. Resource Details Authors: Kim Greenop-Gadsby produced the original GDPR guide and ahead of the deadline in May, Steve Henderson has updated the guide. Format: Online long form containing the latest information on GDPR interpretation, with quizzes and actionable strategy recommendations. 

With over a decade’s experience in email, he is an expert on the impact of the GDPR and ePrivacy on the email marketing industry. Steve sits on the UK DMA Email Council, chairs the Legal Hub of the DMA Email Council, belongs to the CIPP/E, the CIPT and has been awarded the IAPP Fellow of Information Privacy. She manages all of Smart Insights email marketing and their automation platform. She gets very excited about all things email because she is #EmailGeekUK. Kim was born and bred in South Africa and has over 16 years experience in web development and digital marketing. 

Keywords: [“GDPR”,”email”,”marketing”]
Source: https://www.smartinsights.com/guides/gdpr-briefing

General Data Protection Regulations Reapit

Reapit is preparing its solutions for compliance with the forthcoming changes to data protection legislation in the UK. We have already made extensive changes to our software to help our clients to process data lawfully and uphold individual rights. Reapit has a large part to play in the lawful processing of personal data under the forthcoming changes to data protection legislation – our software acts as a central point in your estate agency through which all contact information is processed. We have already been working on how we need to adapt our solutions for the GDPR for over a year. This is a complex topic and we have prepared an extensive guide that explains the relevant aspects of the GDPR along with details of how our software has been updated to be compliant. 

There is a good deal of misinformation in the public domain about the GDPR. We would encourage you to only follow the advice of authoritative sources. In relation to the GDPR. For United Kingdom visit: https://ico.org. For frequent misconceptions and myths about the GDPR visit: https://iconewsblog.org. 

Neil Manito is Reapit’s resident guru on all things GDPR. Neil has spoken about the GDPR at a number of events and has been responsible for planning and implementing some of the most extensive changes to our software in 20 years to keep it compliant with the GDPR. Neil recently caught up with several of our clients to talk about the practical implications of the GDPR on agency. Listen to the Podcast here, or visit our Soundcloud page to listen offline or download. Our series of GDPR workshops have proved really popular. 

Keywords: [“GDPR”,”software”,”changes”]
Source: https://showcase.reapit.com/gdpr

GDPR Requirements in Plain English

Even if you’ve personally determined that you don’t need to necessarily become compliant, you definitely need to protect your user’s data and implementing the GDPR guidelines will help you improve that. Review the data you currently have on hand and make sure that none of these special categories of data exist and / or could be inferred from the data you control. Chapter 3 – People’s Data Rights Section 1 – Don’t make things confusing Article 12 – Be transparent about what you’re doing with data What it says. Be honest with people, use plain language to describe what you’re doing with their data at the time you collect it. Have a procedure in place to handle personal data requests to have their data deleted or fixed. 

You shouldn’t collect more data than you need and what data you do collect you need to pseudonymise. Section 3 – Consider and document how what you do may affect data security Article 35 – You should write up a data protection impact assessment before new projects What it says. Before you bring on new services to deal with data, you should figure out what impact that will have on security in terms of what exactly they are going to do with the data, an in particular if they’re doing to do profiling/filtering based on the data. Chapter 5 – How to handle transferring data out of the EU and GDPR Article 44 – Generally you should get permission What it says. Article 47 – Non EU companies can create their own strict data handling rules to be GDPR compliant What it says. 

If a company that is not in the EU wants to handle EU data they can create binding corporate rules that match the GDPR regulations. The old privacy and data regulations are out GDPR is in. 

Keywords: [“Data”,”article”,”need”]
Source: https://blog.varonis.com/gdpr-requirements-list-in-plain-english

GDPR News Center News for 07-19-2018

Stop whining, GDPR is actually good for your business

GDPR builds on and replaces the long standing Data Protection Directive. GDPR will protect and empower all EU citizens’ data privacy, and reshape the way organizations across the region approach data privacy. To be fair, many companies that use panel data already use explicit consent and hyper-transparent notice because of the nature of the data they collect. We seldom hear about these examples of companies that do a great job of protecting users’ data; we tend to only hear the bad. Better data leads to better marketing. 

GDPR focuses on first-party data, which means that the data you are storing about your customers is of the highest quality – since it came directly from them, with their permission. So collecting data through inbound marketing efforts can help get you GDPR compliant, while also optimizing your emails to increase conversions. GDPR will require a review of data handling and processing procedures; this presents a great opportunity to review and map your data flows or clean house and restructure them not only for compliance, but also for business efficiency around costs. The physical presence of data is so small that sometimes we don’t think of it as clutter. Pseudonymization is the separation of data from direct identifiers so that linkage to an identity is not possible without additional information that is held separately. 

Pseudonymization may significantly reduce the risks associated with data processing, while also maintaining the data’s utility and creating incentives for controllers to pseudonymize the data that they collect. GDPR gives companies an opportunity to take control of their own compliance, rather than register with the applicable data protection authorities. Under the previous directive, it was acceptable to remove a contact who had opted off your list while keeping their data on file – this is no longer the case. 

Keywords: [“Data”,”GDPR”,”need”]
Source: https://thenextweb.com/contributors/2018/03/18/stop-whining-gdpr…

Ben Davis: GDPR is the bible of customer-centricity

If you have read anything about the General Data Protection Regulation – and a recent Econsultancy survey suggests 67% of marketers have at least read some of the Information Commissioner’s Office’s guidance – then you might still be grappling with some knotty issues. Personally, I think the GDPR is as close as we’ll get to a religious text for data-driven, customer-focused marketers – that’s how powerful I believe it can be. During a discussion at this year’s Marketing Week Live, Marketing Week columnist Mark Ritson nominated the word ‘agility’ to be banished to Marketing Room 101, saying the word is used as an excuse by marketers that have no strategy. Well, accountability in GDPR means marketers in the midst of cooking up campaigns or new products will have to give much greater thought to planning and strategy as it pertains to data privacy. Marketers may have long parroted the line that they ‘put customers first’ but under GDPR they must back this up, putting customers back in control of their data and granting them their rights. 

There are many parts of GDPR that signal the need for a change in mindset among marketers. No longer can marketers process personal data for a purpose incompatible with that which was specified when the data was collected. Too often marketers have been of a mind to collect as much personal data as possible, to hoard it because it may just come in handy. Marketers may have long parroted the line that they ‘put customers first’ but under GDPR they must back this up. Transparency will only be achieved if marketing teams work closely with compliance, where relevant, to translate what needs to be conveyed into what customers will understand. 

The point is that this sort of education should sit with marketing if we truly believe we are the voice of the customer. Ben Davis is editor at Marketing Week’s sister title Econsultancy. 

Keywords: [“marketer”,”Data”,”customer”]
Source: https://www.marketingweek.com/2018/05/03/ben-davis-gdpr-bible…

GDPR and Social Media Privacy Reform

Welcome to this week’s edition of the Social Media Marketing Talk Show, a news show for marketers who want to stay on the leading edge of social media. On this week’s Social Media Marketing Talk Show, we explore how marketers are preparing for GDPR with Danielle Liss; Facebook ad updates with Amanda Bond; Snapchat, Pinterest, and more with Jeff Sieh; and other breaking social media marketing news of the week! The company rolled out new prompts that remind advertisers about Facebook’s anti-discrimination policies before they create an ad campaign. Snapchat Introduces Shoppable AR Lenses: Snapchat introduced a new Shoppable AR feature to its augmented reality Lenses. Now developers can access seven new templates for creating AR masks, distorting facial features, adding stylized overlays and 2D and 3D objects, and more for Snapchat. 

Snapchat announced a new integration with Giphy that will give Lens Studio developers access to a massive library of animated GIF stickers that can also be added to Lenses. Snap launches new features for Lens Studio https://t. Snapchat Releases Augmented Reality Games: Snapchat introduced Snappables, new Lenses that use touch, motion, and facial expressions to play augmented reality games within the app. Snappables live alongside Snapchat’s other Lenses and new ones will be released every week on both the iOS and Android versions of Snapchat. The new ad format, called Commercials, will run in select Snapchat Shows, but not in Snapchat’s Discover section or users’ personal stories. 

Pinterest Rolls Out New Business Profile and Insights: Pinterest rolled out a new business profile that features a dynamic cover image. Pinterest Releases New Features to Assist Visually Impaired Users: Pinterest rolled out several new features that will make the app and website more assessable for pinners who are blind or visually impaired. 

Keywords: [“new”,”Snapchat”,”Facebook”]
Source: https://www.socialmediaexaminer.com/gdpr-and-social-media-privacy…

GDPR News Center News for 07-14-2018

Microsoft GDPR Partner Summit

Thank you for your interest in the Microsoft GDPR Partner Summit. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union, or that collect and analyze data tied to EU residents. You are invited you to join us at the Microsoft GDPR Partner Summit to learn the latest on how we can support you and your customer on protecting data, champion privacy and comply with complex regulations. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. Be the first to know:Engage with Microsoft leadership, product group, sales and marketing teams to understand Microsoft’s approach to solutions and tools towards GDPR compliance, and how to capitalize on the vast business opportunity GDPR presents now and into the future. 

Connect in person:Join like-minded partners from around the world to collaborate and brainstorm on ways to expend and grow your business and build your GDPR practices. Presentation sessions will cover business opportunities and the latest Microsoft technologies and tools that help support GDPR compliance. This will be a 2-day summit where the first day is focused on GDPR business and overall market opportunities, as well as overviews and discussions of how Microsoft can help you deliver GDPR services to your customers utilizing products and services Microsoft offers. We will also have industry leaders and customer speakers join us on that day. The second day continues the summit by taking a deeper look into specific product capabilities, features and functions. 

You will hear from several Microsoft engineering leaders and Microsoft Architects on how to utilize Microsoft’s technology and platforms to build GDPR solutions for your customers. We look forward to having you join us at the Microsoft Conference Center Building 33 in Redmond, Washington on April 3-4, 2018. 

Keywords: [“Microsoft”,”GDPR”,”customer”]
Source: https://msgdprpartnersummit18.dynamiceventsreg.com

The Beginner’s Guide To The GDPR

The European Union’s General Data Protection Regulation is considered to be the most comprehensive and far-reaching data privacy initiative of the past 20 years. The GDPR regulates the collection and usage of personal data of a data subject. Personal data includes any information that can be used to indirectly identify an individual, such as a user ID, location data, or one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity. The GDPR does not regulate anonymous data; that is, data where no individual can be identified from the data, directly or indirectly. The GDPR requires parental consent for the collection, storage, and usage of personal data for anyone under 16 years old. 

The GDPR requires that companies notify individuals of a breach of their personal data where the risk of harm to the individual is high. Data brokers-such as Acxiom, Experian, and Epsilon-will need to revise their processes for collecting and selling user data. Under the GDPR, data controllers are only permitted to work with data processors that can provide sufficient guarantees that they meet the regulation’s requirements. Among other things, GDPR Article 28 sets out specific terms that a data controller must include in its contract with a data processor, if that processor will have access to EU personal data. If you send EU customer data to a data center or if your data center has servers located in the EU that will process your data, you as the data controller will want to determine whether it is GDPR compliant. 

Check with your provider to determine whether it owns or operates data centers in the EU and ensure your contract either prohibits the transfer of data there or meets GDPR compliance requirements. In addition to notifying data subjects, the GDPR also requires that a data controller that suffers a data breach to notify the appropriate regulator without undue delay. 

Keywords: [“Data”,”GDPR”,”company”]
Source: http://adprofs.co/beginners-guide-to-gdpr

GDPR: What You Need to Know About This New Law

The great thing about ecommerce is that it’s easier than ever to grow your business beyond your borders-but once you’re selling in multiple countries, you need to know a bit more about how they do business, and what you need to do to comply with their laws. There’s a new regulation coming to the European Union in 2018, called the General Data Protection Regulation. We sat down with one of our internal experts, Vivek Narayanadas, Shopify’s Data Protection Officer, to chat about what it means for you, and what you should be thinking about ahead of time. The General Data Protection Regulation-which I’ll now just call GDPR-is the European Union’s new data privacy law. When it takes effect, it’ll be the most comprehensive data privacy law in the world, and it’ll impact how companies collect and handle personal data about their customers. 

GDPR gives people more rights over their personal data, and it defines what counts as personal data very broadly. It specifically gives people the right to access, correct, delete, and restrict processing of their data, and sets out strict guidelines about how you need to get customers to agree that you can use their data. For sure! Under GDPR, if you collect or store any information that can be linked to an individual, that counts as personal data. GDPR goes broader than that-even information like an IP address that doesn’t identify a specific person counts as personal data. 

Started to review our contractual arrangements with subprocessors, to make sure they’re required to protect personal data. Implemented a detailed procedure to deal with data subject access requests, deletion requests, and government access requests. We’re working on preparing even more informational materials about our data protection program for merchants who are trying to make sure Shopify can support their data protection needs-so stay tuned, and know that we’re committed to being prepared for GDPR.. 

Keywords: [“Data”,”GDPR”,”need”]
Source: https://www.shopify.com/blog/gdpr-and-ecommerce

GDPR News Center News for 06-23-2018

Preparing for the General Data Protection Regulation

This checklist sets out 10 preliminary steps that schools can take now to prepare for the EU General Data Protection Regulation which comes into force in the UK on 25 May 2018. When the GDPR comes into force, it will entirely replace our current Data Protection Act 1998 and radically overhaul many of our existing data protection rules. One of the main features of the GDPR is that compliance alone is not enough; data controllers will also have to demonstrate their compliance and prove that they are taking data protection seriously by implementing a range of accountability measures. Unless you know what personal data you hold and how it is being processed, it will be difficult to comply with the GDPR’s accountability principles which require you to be able to demonstrate how the school complies with the data protection principles in practice. Due to the significant new burdens imposed on data controllers by GDPR, we recommend that all schools now formally appoint a DPO. 

Most schools have in fact already done this, because of the demands of the existing Data Protection Act. Schools will continue to be subject to an obligation to take organisational steps to keep personal data secure and the deployment of staff data protection training will continue to be expected. New starters should receive data protection training before they have access to personal data and existing staff should receive regular and refresher training. Carry out a data protection audit so you have a map of your personal data flows already in place when GDPR goes live. The Purpose of processing their data and the legal basis for the processing of that data. 

Under GDPR, consent of a data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to personal data relating to him or her being processed. As under current data protection law, the GDPR will continue to allow individuals to ask the school to give them a copy of their personal data together with other information about how it’s being processed by the school. Under current data protection law, transfers of personal data outside the European Economic Area are restricted and this will continue to be the case under GDPR. In general terms, the rules on data transfers under GDPR are very similar to those under the DPA with some improvements. 

Keywords: [“Data”,”school”,”GDPR”]
Source: https://www.hcrlaw.com/preparing-general-data-protection…

As these definitions are used to determine the scope of the proposed Regulation, any data that are not personal data are outside the scope of the proposed Regulation. Common misconceptions: – Just because data are not linked to a name does not mean that they are not personal data. Even removing further items from sets of data does not necessarily render such data anonymous. The data retention example would be covered under processing that is necessary for compliance with a legal obligation to which the controller is subject(c. 3 These embodied a stronger spirit than the Commission proposal, by recommending that personal data should only possibly be processed for incompatible purposes with consent of the data subject or where prescribed by law. While in some Member States it was traditionally seen as a privileged ground for lawfulness, it is only one among several in the currently applicable Data Protection Directive 95/46/EC. – Consent is one way for data subjects to control how data about them are processed. 

While the two rights are related, the right to data portability adds two new elements: data are to be provided in a structured electronic format allowing for further use, and it thereby protects users against lock-in effects. The second aspect only refers to data provided by the data subject, so it is clear that it applies to the raw material, such as bank account movements, but for example not to the bank’s internal risk rating of your account. There are concerns about controllers’ situation when they are legally obliged to store certain data if users want to take their data to another service. Article 17(1) deals with situations such as bringing a company to delete your customer data after the business relationship has ended. In both cases, it should be noted that these rights are not absolute; there are exceptions related to freedom of expression(a) in connection with Article 80). 

These exceptions allow Member States to restrict data protection rights in order to reconcile the fundamental rights to data protection and freedom of expression – There also seem to be misunderstandings about when data subjects are entitled to erasure of their data. Several exceptions are foreseen, including for cases where data are stored based on a legal obligation, public interest reasons in the area of public health, research, and where data have to be maintained for proof. 

Keywords: [“data”,”controller”,”subject”]
Source: https://edri.org/files/GDPR-key-issues-explained.pdf

Where to start?

If only it were that easy! Financial Services institutions have been embarking upon Customer Centricity and Digital Transformation program and discovering that just understanding where all ‘relevant’ Customer data is stored isn’t that straightforward. Typically, Customer data is stored in multiple siloed systems, in different formats, with differing levels of quality using different definitions and data conventions. One of the challenges with this approach is that the program is looking for data that is ‘relevant’ to Customer Centricity i.e. data that helps build a more complete picture of the Customer’s journey to help drive better service delivery and create up-sell /cross-sell opportunities. 

The sizeable potential impact of not being compliant means there is a real need to focus on understanding where relevant Customer data is held, right from the start. In a GDPR environment, this would typically include specific data attributes that either donate a location of relevant Customer data or areas where there may be potential data conflict. Once the policy has been defined, any solution needs to provide the automated discovery of relevant Customer data across any number of databases, sources, big data and cloud data stores. The automation of the first pass of data discovery is used to find the locations of relevant Customer data. Some data attributes will fit easily into the policy, some data attributes will be derived from relevant Customer data so need further examination and some data attributes will require much further examination. 

Classification helps define the priorities of potential data remediation based upon how the data attributes fit into, and confirm to, the policy definition. As mentioned previously, data proliferation is a major challenge around relevant Customer data as it’s often extracted from source systems and copied to other systems for subsequent processing. The reason for this is that once the data leaves the control of any properly governed environment, there becomes a potential risk that any subsequent processing creates yet another source of relevant Customer data, albeit a source that few will probably know about. The score is simply a number although the reason this becomes powerful is that it enables Financial Services institutions to start to prioritise the sequence in which sources of relevant Customer data need addressing. 

Keywords: [“data”,”customer”,”need”]
Source: https://blogs.informatica.com/2016/03/25/gdpr-where-to-start

GDPR News Center News for 06-02-2018

Del 1: Vad är GDPR?

HubSpot Product Readiness Page

Now that we’ve gotten product specifics out of the way, a quick word on our mindset towards the GDPR, as marketers. Here’s the thing: all of the recent data protection laws, from CAN-SPAM to CASL to the GDPR and beyond, are built for a simple reason: to provide better experiences for our customers and the people who trust us with their data. Complying with the GDPR will require effort, and that effort may lead to stress between now and deadline day. At the end of the day, if the GDPR makes your customers’ lives better, it’ll grow your business as a result. The GDPR has specific rules about enabling your contacts to specify exactly what they want to receive from you. 

The GDPR requires increased transparency around data collection and processing. Not only will that satisfy the specific contact in question; it’ll ensure that you’re not wasting your time trying to market and sell to people that have no interest in your product or service. Perhaps most importantly, the GDPR requires lawful basis for processing. That’s bad news if you’re purchasing lists: not only is this not allowed under the HubSpot Acceptable Use Policy, but now it’s also not permitted under the GDPR. That may sound painful in the short term, but it’s good news for your company in the long run. 

Making sure you have established a lawful basis will lead to a more engaged list, better email deliverability, and fewer annoyed contacts. For many companies — HubSpot included — GDPR compliance is stressful and work-heavy. As you work through those long hours reading through the GDPR and building out your process, don’t forget the purpose behind the law: to provide better, more secure, more transparent experiences for our customers. 

Keywords: [“GDPR”,”contact”,”better”]
Source: https://www.hubspot.com/data-privacy/gdpr/product-readiness

GDPR: 15 examples of repermissioning emails & campaigns

By now, you’ve probably received at least one email from a company asking you to confirm that you really do want to receive marketing emails. It could be argued that this approach creates a catch-22 scenario – to opt-out, users have to be somewhat engaged with Money Supermarket emails, but it is the recipients that are not engaged with these emails that are most likely to want to opt out. You wouldn’t expect anything less from PwC, but its repermissioning email includes everything that the ICO would want to see. Any marketer wanting to include all the right information in their repermissioning campaign would be wise the follow the lead of an email like this, in my opinion. Lots of companies are doing more than just emailing their database to establish consent – Manchester United, for example, has been using a combination of email, print handouts at games, video content and even advertising hoardings to get its fans to opt in. 

Desperate approach to GDPR… Man Utd using their ad hoardings to ask people to opt in for emails pic. It has taken the admirable approach of repermissioning its email newsletter. As discussed in the intro to this article, this means that those who miss or disregard a repermissioning email will be opted out automatically. You would imagine that where companies take this approach, asking for consent would be front and centre in any repermissioning email. 

This email shows the need to put the repermissioning message up front, as blatant as possible. Imperial College’s Enterprise Lab has the same issue that The Candidate has – the GDPR and opt-in message is buried within a very noisey email. Of all the emails featured here, I really like this subject line and headline. 

Keywords: [“email”,”Opt”,”repermission”]
Source: https://www.econsultancy.com/blog/69966-gdpr-15-good-bad-examples-of-repermissioning-emails-campaigns

GDPR Requirements in Plain English

Even if you’ve personally determined that you don’t need to necessarily become compliant, you definitely need to protect your user’s data and implementing the GDPR guidelines will help you improve that. Review the data you currently have on hand and make sure that none of these special categories of data exist and / or could be inferred from the data you control. Chapter 3 – People’s Data Rights Section 1 – Don’t make things confusing Article 12 – Be transparent about what you’re doing with data What it says. Be honest with people, use plain language to describe what you’re doing with their data at the time you collect it. Have a procedure in place to handle personal data requests to have their data deleted or fixed. 

You shouldn’t collect more data than you need and what data you do collect you need to pseudonymise. Section 3 – Consider and document how what you do may affect data security Article 35 – You should write up a data protection impact assessment before new projects What it says. Before you bring on new services to deal with data, you should figure out what impact that will have on security in terms of what exactly they are going to do with the data, an in particular if they’re doing to do profiling/filtering based on the data. Chapter 5 – How to handle transferring data out of the EU and GDPR Article 44 – Generally you should get permission What it says. Article 47 – Non EU companies can create their own strict data handling rules to be GDPR compliant What it says. 

If a company that is not in the EU wants to handle EU data they can create binding corporate rules that match the GDPR regulations. The old privacy and data regulations are out GDPR is in. 

Keywords: [“Data”,”article”,”need”]
Source: https://blog.varonis.com/gdpr-requirements-list-in-plain-english/

GDPR News Center News for 05-22-2018

Corso gratuito + presentazione software GDPR

GDPR Summary: What Every Digital Marketer Needs to Know About the New Regulations

There are a few lines around here, but surely I don’t look old enough to have been practicing law for 20 years, but I am a data protection lawyer, and that’s what GDPR is all about. What GDPR does is it really brings our data protection laws up to date with what’s going on with data. The last data protection laws that we had in Europe are 20 years old, and if you think about the differences in what we’re doing with data now and what we did 20 years ago, there’s a huge chasm and difference between what we could do then and what we can do now, so it’s only right that the law catches up with the reality of our data processing. That’s really what GDPR is all about, making sure that you’ve got a lawful ground of processing the personal data and bearing in mind these principles. Even within industries, there’s If you get a reputation within, say, the digital marketing industry or within the coaching industry or within the expert industry or whatever else, as the protection of personal data becomes more of a cultural norm, if you are the anomaly, then you’re going to start to lose customers. 

One new legal document that you will definitely need is a new privacy notice that you are going to be giving to your prospects whenever you’re collecting their data. Probably, it’s not new, but the most important thing, and what’s come out of my Facebook group is how little people actually know about this and how little people focus on it, is the security aspect of data. If you’re dealing with sensitive data, special category data, things like data consisting of racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health data, things like that. You’ve got all these different scales of people who are processors, but essentially, they are processing our data, our lists of data under our instruction. It’s mandatory to have an agreement between the data controller and the data processor that sets out these, it’s about eight things that the GDPR says you have to have in there. 

What you need to do first off is understand what is personal data and what’s not, so I’ve covered that on this call, so hopefully you know now. You need to redo your privacy notice, and again, that’s why it’s so key that you really get a good view on that data inventory of all the data that you hold and what the purpose is and what your lawful ground is, because all of that goes into your privacy notice, and if you get that wrong, and there are complaints later on, then you’re storing up problems for yourself. 

Keywords: [“data”,”people”,”need”]
Source: https://www.digitalmarketer.com/gdpr-summary/

Google Cloud: Ready for GDPR

Over a year ago, we wrote about our commitment to GDPR compliance across G Suite and Google Cloud Platform. Google Cloud’s focus on data security, privacy, and transparency provided a strong foundation towards achieving that commitment, and we’ve made multiple updates to ensure that Google Cloud customers can confidently use our services when the GDPR takes effect on May 25. Google Cloud generally acts as a data processor, and as a data processor we process data only as instructed by you-our customers. In turn, you own your data, and Google Cloud is committed to advancing tools and resources that put you in control. More than six months ago, well in advance of the GDPR coming into effect, we made important updates to our data processing terms for G Suite1 and Google Cloud Platform designed to directly address GDPR requirements. 

These contractual updates clearly articulate our privacy commitments to customers, and are fundamental to GDPR compliance for both Google and our Cloud customers. If you haven’t already, you can opt in to the new terms by following the instructions for G Suite and for Google Cloud Platform. G Suite and Google Cloud Platform have provided contractual commitments to customers around incident notification for many years, and our updated terms reflect the notification timelines for processors put forth in Article 33 of the GDPR. With hundreds of Google engineers across the globe dedicated to security, Google Cloud has and will continue to invest in threat detection, prevention, and incident response capabilities. Google Cloud provides solutions that can help organizations keep their sensitive data confidential, available, and resilient. 

We regularly test, assess, and evaluate the effectiveness of our technical and organizational security and privacy measures via third-party audits and certifications for G Suite and Google Cloud Platform. These certifications, as well as other third-party audits such as SOC1, SOC2, and SOC3, cover numerous services within Google Cloud. We provide GDPR-related documentation, white papers, videos, and other useful information for customers on our GDPR Resource Center, and will provide presentations, workshops, and opportunities for customers to engage directly with our compliance team in our global Cloud Summit and Cloud Next events throughout the year. 

Keywords: [“Cloud”,”data”,”Google”]
Source: https://www.blog.google/topics/google-cloud/google-cloud-ready-for-gdpr/