GDPR News Center News for 10-20-2018

Basecamp GDPR compliance

If you’re based in the EU or do business in the EU, yeah! GDPR has a long reach. If you have any EU personal data in your Basecamp account, such as names, email addresses, ID numbers, or anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including Basecamp. These agreements are commonly called a Data Processing Addendum, or DPA. 

Data Processing Addendum. Contracts required! Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed. Basecamp participates in the EU-US and Swiss-US Privacy Shield Framework to safeguard the transfer of personal data to the US, meeting the GDPR requirement for adequate data protection laws. 

Basecamp uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, and require the same of them. 

Keywords: [“data”,”processed”,”GDPR”]
Source: https://basecamp.com/about/policies/privacy/gdpr

Basecamp GDPR compliance

If you’re based in the EU or do business in the EU, yeah! GDPR has a long reach. If you have any EU personal data in your Basecamp account, such as names, email addresses, ID numbers, or anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including Basecamp. These agreements are commonly called a Data Processing Addendum, or DPA. 

Data Processing Addendum. Contracts required! Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed. Basecamp participates in the EU-US and Swiss-US Privacy Shield Framework to safeguard the transfer of personal data to the US, meeting the GDPR requirement for adequate data protection laws. 

Basecamp uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, and require the same of them. 

Keywords: [“data”,”processed”,”GDPR”]
Source: https://basecamp.com/about/policies/privacy/gdpr

WP GDPR Compliance

Release date: July 6th, 2018* Added the ability to add required ‘Consents’. These Consents will always be triggered on page load.* Added ‘Privacy’ column to the WooCommerce order overview. Added the ability to change the message of the required asterisk elements. Added the ability to remove ‘Consents’ via the admin panel. Added confirmation mails sent after processing a anonymise request. 

Added mail sent to the admin when a new request is created. Release date: May 8th, 2018* Added a button to retry creating database tables required by the request user data functionality. Release date: May 7th, 2018* Added the request user data page. Added countdown to GDPR deadline* Added ability to add custom error messages to Contact Form 7 and Gravity Forms. Added ability to add HTML tags to the texts and error messages. 

Added minimum supported version for Contact Form 7* Added minimum supported version for Gravity Forms* Added minimum supported version for WooCommerce* Delete all data created by the plugin after deactivating integrations or uninstalling the plugin. Release date: January 19th, 2018* Added default error message. 

Keywords: [“Added”,”2018″,”Release”]
Source: https://wordpress.org/plugins/wp-gdpr-compliance/

WP GDPR Compliance

Release date: July 6th, 2018* Added the ability to add required ‘Consents’. These Consents will always be triggered on page load.* Added ‘Privacy’ column to the WooCommerce order overview. Added the ability to change the message of the required asterisk elements. Added the ability to remove ‘Consents’ via the admin panel. Added confirmation mails sent after processing a anonymise request. 

Added mail sent to the admin when a new request is created. Release date: May 8th, 2018* Added a button to retry creating database tables required by the request user data functionality. Release date: May 7th, 2018* Added the request user data page. Added countdown to GDPR deadline* Added ability to add custom error messages to Contact Form 7 and Gravity Forms. Added ability to add HTML tags to the texts and error messages. 

Added minimum supported version for Contact Form 7* Added minimum supported version for Gravity Forms* Added minimum supported version for WooCommerce* Delete all data created by the plugin after deactivating integrations or uninstalling the plugin. Release date: January 19th, 2018* Added default error message. 

Keywords: [“Added”,”2018″,”Release”]
Source: https://wordpress.org/plugins/wp-gdpr-compliance/

GDPR Compliance – Nextcloud

Email or public cloud solutions do not provide much security for sensitive data. Encryption is complicated and cumbersome to use, reducing the real benefits due to employees working around them or making mistakes. Keeping data on your own infrastructure means you stay in control. Only then can you show your customers exactly where their sensitive documents are. Regulators can be certain that non-compliance with proper process is minimized. 

Most consumer-grade solutions like Dropbox or Office 365 were not designed with privacy regulations and security concerns in mind, mixing data from consumers and businesses, spread out in data centers across the globe. Rather than trying to work around their limitations, Nextcloud Files provides a security-first solution which puts you in complete control over the location and access policies of data with a private cloud solution. 

Keywords: [“data”,”solution”,”control”]
Source: https://nextcloud.com/gdpr/

GDPR News Center News for 08-30-2018

[WEBINAR] GDPR Compliance: “Explain Like I’m Five” with Data Privacy Expert

Jodi Daniels is a digital privacy expert with more than 19 years of experience in privacy, marketing, strategy, and finance roles. She is the founder of Red Clover Advisors, a data privacy consultancy that assists companies with GDPR compliance, operationalizing privacy, digital governance, and online data strategy. Ms. Daniels has worked in multiple industries such as financial services, automotive, media, and retail for Cox Enterprises, The Home Depot, and Deloitte. She most recently served as the privacy partner for digital banking and digital marketing, financial center channel operations, ATMs, and military banking channels at Bank of America. 

Keywords: [“privacy”,”digital”,”Bank”]
Source: https://www.bettercloud.com/monitor/webinar-gdpr-compliance

FE Preparing for GDPR

Like many companies FE is currently preparing for the General Data Protection Regulation when it comes into effect in May 2018. As a company that is built on the data we collect, you can imagine we are taking the GDPR requirements very seriously and are working to ensure that our privacy standards meet all the requirements of the regulation. To ensure we meet the standards required by GDPR, the way in which you login to FE Analytics and other products and services provided by FE will need to change. Over the coming weeks and months we will let you know what action you need to take. Please look out for further announcements and take the time to action them. 

Keywords: [“take”,”action”,”need”]
Source: http://info.financialexpress.net/gdpr

The General Data Protection Regulation

The General Data Protection Regulation is a series of laws that were approved by the EU Parliament in 2016. The EU’s General Data Protection Regulation is an initiative by the EU to bring data protection legislation into line with new ways that data is now used. The new regulations will give users great control over their data, including the ability to export it, withdraw consent and request access to it. It also makes data protection rules more or less identical throughout the EU, allowing for the easier transfer of data through out the European Union. It will affect any company that does business with Europe, whether they are based in the EU or not. 

Keywords: [“Data”,”Protection”,”Regulation”]
Source: https://www.privacytrust.com/gdpr

Countdown to GDPR Summit 2018

‘Driven by demand, and it’s game-changing importance, this will be our 3rd GDPR Summit in the space of just 7 months. No other topic area has ever generated this amount of attention’. It requires organisations to adhere to a host of strict data protection rules for processing the data of EU residents and will penalise those who are non- compliant. Heralding a new era in the regulation of personal data processing in Europe, the GDPR amplifies and expands the rights of individuals to control how their personal information is collected and processed and places new obligations squarely on the shoulders of organisations that collect personal data. 

Keywords: [“data”,”personal”,”processed”]
Source: https://gdpr18.com

GDPR Suite

This new regulation will dramatically change to the way data must be handled and processed in the European Union. iGrafx provides the intellectual property of knowing the regulatory elements of GDPR, the means to assess risk from the process perspective, and the system to document operations, model data flow, audit controls, implement GDPR required processes, all in order to help achieve GDPR compliance now and, most importantly, maintain it into the future. A solution for all GDPR Stakeholders: Legal, IT and Process. Process Templates to expedite documentation and automation. Complete visibility and control via Data Flow Modeling. 

Keywords: [“GDPR”,”process”,”data”]
Source: https://www.igrafx.com/products/gdpr-suite

GDPR Compliance: Essential Training

Course Transcript- [Mandy Huth] GDPR is the most comprehensive privacy regulation enacted to date. Any business that has European connections is likely impacted. Hi, I’m Mandy Huth, and I’ve helped organizations with over two billion dollars in revenue prepare for GDPR. In this course, I’ll show you the basics of the GDPR regulation. I’ll begin by discussing what it entails and who it impacts. 

I’ll show you who is responsible for protecting, monitoring and reporting data in various situations. Finally, I’ll discuss the rights of the data subject and how organizations must notify those subjects in case of a data breach. 

Keywords: [“I'll”,”data”,”GDPR”]
Source: https://www.linkedin.com/learning/gdpr-compliance-essential-training

Preservica

Preservica complies with the current 1998 Data Protection Act, and by 25th May 2018, Preservica cloud products and operations will meet the requirements of the General Data Protection Regulation helping our customers protect the rights of their data subjects. It’s important to note that although the GDPR is an EU regulation it may still apply to any organization which is a controller of personal data for an EU data subject, even if that organization is outside of the EU. Preservica will help ensure you meet your GDPR obligations and preserve your valuable digital information for the long-term. 

Keywords: [“Data”,”Preservica”,”organization”]
Source: https://preservica.com/about/gdpr

Data Governance for GDPR Compliance

Any company that processes personal data of individuals residing in the European Union must adhere to GDPR, regardless of their location. This infographic outlines the impact of not complying. DATUM’s GDPR Solution does the heavy lifting so you don’t have to. We provide the experts, the formula, the methodology and the assets you need to successfully comply with the new regulation. GDPR privacy regulation will significantly impact data governance for companies worldwide. 

This webinar sheds light on GDPR’s potential impact on your organization, as well as provide direction on how to meet this challenge head on. 

Keywords: [“GDPR”,”impact”,”regulation”]
Source: http://www.datumstrategy.com/gdpr-solution

GDPR News Center News for 08-17-2018

GDPR is a Process Issue

It is a process issue as much as a customer data one. GDPR and recent data breaches have put data privacy in the spotlight. The law applies to any company whose data processing concerns private data of EU data subjects, irrespective of the company’s location. Compliance requires understanding and control of data, processes and IT systems. Companies need to locate their data in the EU: Not true. 

Reputation: Trust can disappear overnight with a data breach or reported misuse of personal information. Data simplification: You must delete the personal data you don’t need or have permission to hold. You can also only hold personal data you have a valid basis for, and then only for a reasonable period – including all that duplicated data. With less data that is more up-to-date and accurate you will see immediate savings. Job #1 – Develop & deploy operational processes: There are specific processes that need to be documented, understood and followed; getting opt-in consent, Subject Matter Access requests, reporting data breaches. 

Job #2 – Where is the Personal Data stored: You need to take an inventory of all your internal systems and build a data catalog of each systems down to field level. You should delete all the data unless you can hold it for another legal basis. 

Keywords: [“Data”,”GDPR”,”company”]
Source: http://www.bpminstitute.org/resources/articles/gdpr-process-issue

GDPR resources

At Entity Group we have built GDPR resources based on our 30 years of experience in helping clients address data management and governance challenges. GDPR is one of the biggest data management problems we have seen companies struggle with. It is also a substantial opportunity for organisations acting in the role of data controllers and data processors to build trust with data subjects. They have the chance to become truly customer/citizen/employee centric with all the associated tangible and intangible benefits this can deliver. The reason why GDPR seems like such a big gap to fill is because very few organisations have a holistic data strategy in place and are in no position to take advantage of opportunities afforded by GDPR or any other regulatory obligation. 

Data governance and information management strategies can be difficult to articulate and seem even more difficult to execute. We believe they are achievable with the right assistance. GDPR compliance is a specific example of a data delta that needs to be crossed and the best way to approach it is with tried and tested data management techniques. It outlines our full approach to tackling data management in your organisation. We can also offer a great deal of practical assistance. 

Keywords: [“data”,”GDPR”,”management”]
Source: https://www.entitygroup.com/gdpr

GDPR Information

On May 25, 2018, the EU’s General Data Protection Regulation becomes effective, replacing existing EU data protection laws based on the 1995 EU Data Protection Directive. The GDPR strengthens privacy rights for EU individuals and extends the scope of responsibilities for businesses processing personal data of EU individuals. Aspect is taking steps to comply with the legislation and equip our customers to do the same by the May 25th effective date. Under the direction of Aspect’s global GDPR project team, Aspect has closely analyzed the requirements of the GDPR and is making the necessary modifications to its products and services, contracts, and documentation to support GDPR compliance for our customers. Aspect is finalizing a full information audit and data mapping exercise covering all personal information on data subjects processed by Aspect in its role as controller and processor. 

This effort includes all processing activities undertaken by Aspect by itself and on behalf of customers through Aspect’s products and services. The level of detail includes, but is not limited to, the purposes of processing, data subjects, categories of personal data, lawful bases for processing, location of data and retention periods. 

Keywords: [“Data”,”Aspect”,”processed”]
Source: https://www.aspect.com/company/gdpr

GDPR

Our Game Based Learning platform provides an organisation with the GDPR Foundation experience, this can be easily and quickly customized to reflect the organisations requirements – content, scenarios, risks, questions, analytics etc. Employees – GDPR is a very ‘dry’ subject, our GDPR Game Based Learning solution that will deliver GDPR awareness training in an engaging and enjoyable format. Speed – ALL of our games can be easily changed to reflect your organisations content, scenarios, processes & rules in HOURS not Days, turning our ‘foundation’ games into your bespoke solution. Change – once deployed our platform allows an experience to be easily changed, updated or amended to suit your organisations ever changing requirements – delivering a high ROI.Facilitation – our GDPR games can easily be deployed using self-facilitation, thus reducing the need for expensive training resources. Updated – our GDPR games will be updated to provide longevity to reflect the requirement that the regulation requires every employee to receive a knowledge ‘refresh’ as the regulation evolves. 

GDPR Experiences – our platform can be deployed locally, via the Cloud and played on Tablets or PCs, in single or multi-player mode. 

Keywords: [“GDPR”,”Game”,”experience”]
Source: http://www.applio.net/gdpr

How Stonewall are tackling GDPR with sophistication

Many charities are taking GDPR as an opportunity to clear out their contact lists completely and start all over again. They’re asking everyone they’re in touch with to refresh their consent to be contacted. It’s a big, official task, but that doesn’t mean it has to be boring. On Valentine’s Day, London-based charity Stonewall , an organisation working for inclusivness and equality for LGBT people, sent out an ingenious GDPR email dressed up as a romantic note that asked followers not to leave them. Ben Kremer, Senior Email Marketing Officer at Stonewal l said the idea behind the campaign came from a discussion around sending the email in the middle of February. 

Stonewall were applauded by fundraisers and charity supporters online. Ben says the response has inspired the team to be more creative with their communications, though he admits that the time needed to plan these campaigns is sometimes just not there. The email was phase one in a series of Stonewall communications for different audiences. They’ll be sending further comms to last givers and consistent donors. Though the new rules around GDPR have certainly caused an increase in workload for people at Stonewall, Ben says he thinks they are a good thing. 

Keywords: [“people”,”really”,”GDPR”]
Source: http://blog.justgiving.com/how-stonewall-is-tackling-gdpr-with-sophistication

GDPR News Center News for 08-16-2018

MaxCDN

This regulation broadens the privacy rights that EU individuals have over how their personal data is collected, processed and maintained. MaxCDN is committed to support our customers in meeting their obligations under the GDPR, through our role as a vendor and GDPR compliant data processor. As our customers maintain their compliance with applicable GDPR regulations, they can do so with the knowledge that for vendor compliance, MaxCDN will be a supportive business partner. Data Processing AddendumOne of your requirements may be to have a Data Processing Addendum for each of your vendors. We have taken the mystique out of that and post it here for our customers. 

We have an easy to use data processing agreement for existing customers. If you have determined that you are a controller under the terms of the GDPR and need a written personal data processing agreement with us, follow this link. You can sign electronically, and a confirmation copy will be provided to you. Privacy Settings and RequestsMaxCDN provides information about our data privacy policies, including how we use cookies, in the Privacy section of this website. We also provide tools on this website that allow users to control privacy preferences for certain aspects of using this site or interacting with MaxCDN, such as for cookies and marketing. 

Keywords: [“data”,”processed”,”privacy”]
Source: https://www.maxcdn.com/gdpr

Helping the UK’s SME businesses work towards GDPR compliance

GDPR is the General Data Protection Regulation and will replace the current Data Protection Act. It was introduced by the EU in May 2016 with a two-year transition period and comes into force on May 25 2018 and even though we are leaving the EU, the GDPR will remain. The aim of the GDPR is to unify data protection law within the European Union and to update outdated national data protection law. The UK’s DPA was last updated in 1998 and was not designed to cope with all the new data that has been generated by our current technology. Any entity that handles personal data, whether it belongs to customers OR staff, will be subject to the GDPR. 

Realistically, anyone currently subject to the DPA will also be subject to the GDPR. Preparing for the General Data Protection Regulation. The GDPR is about the rights individuals have over their personal data rather than a set of rules for businesses to follow. It gives individuals more control over the personal data a company holds about them and what these companies can do with it. With the key principle of transparency running through the GDPR, companies need to demonstrate how and why they have personal information, what they will do with it, how long they will keep it, and provide individuals with a number of other rights. 

Keywords: [“Data”,”GDPR”,”Protection”]
Source: https://www.check-gdpr.co.uk

ARMA International

This is a shift from the regulations that have been in place for the past 20 years, which put the responsibility on individual countries. Now, as a collective group, the EU is implementing changes that will have a broader impact. The EU countries have been preparing for years for these new regulations, and if your company operates in an EU country, stores data in an EU location, sell goods to EU residents, or even has customers who have access to your data when traveling through an EU country, you will be impacted by this change. While some companies are taking a wait-and-see approach, many are actively preparing for these changes. At ARMA Live! 2017, IBM’s Richard Hogg, CITP, and a strategic solutions provider for ARMA, spoke to conference attendees about preparing their organizations. 

Assess: Determine the data that will be impacted by GDPR regulations. Design: Plan the path you will take to meet there updated regulations. Transform: Develop a privacy compliance program and hire or appoint a data protection officer. Operate: Implement an ongoing inspection of your data and security. Conform: Follow the regulations and prepare for audits. 

If a data breach is to occur, be prepared to inform regulators. To learn more about GDPR and what you need to do to be prepared, visit IBM’s GDPR website. 

Keywords: [“data”,”regulations”,”prepare”]
Source: http://www.arma.org/default.asp?page=GDPR

GDPR Summit »

The GDPR Summit is being held on 30th May 2018 in the RDS, Dublin is a deep dive one-day event that will focus on the likely impact GDPR will have for anyone who handles data. This event will provide business with a a framework to keep your Organization GDPR Compliant. GDPR poses numerous challenges for businesses and will require a complete review of policies and procedures, contracts, processing activities and IT to assess compliance. Compliance with GDPR can also be a business opportunity for organisations who get it right to present themselves as trusted, responsible and ethical. Businesss and consumers understand that they need to share some of their data with third party organisations but they rightly expect that information to be kept safe and for organisations to be transparent about its use. 

The GDPR will apply in Ireland from 25th May 2018, when the Regulation comes into effect across the EU. This practical day looks at the key changes to data protection law that will apply under the GDPR, and provides guidance on what organisations should do now in order to prepare. Attend this invaluable day to discover how the new rules will affect your organisation and what steps you need to take now. To book your FREE place at the event Organisers Sponsors Media Partners. 

Keywords: [“GDPR”,”organisation”,”data”]
Source: http://www.gdprsummit.ie

GDPR News Center News for 06-13-2018

GDPR

Regulation 2016/6791, the European Union’s new General Data Protection Regulation, regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU. GDPR was adopted to replace the Directive 95/46/EC to implement a legally binding regulation that will be considered the EU data protection law and it is effective from May 25, 2018. GDPR also has extraterritorial applicability to all companies processing the personal data of data subjects residing in the European Union, regardless of the company’s location. GDPR provides data subjects with a wide range of rights that can be enforced against enterprises that process personal data. These rights will limit the ability of enterprises to lawfully process the personal data of data subjects in many of the ways that were regularly employed in the past. 

Failure to comply with the new data protection rules can result in sanctions from EU Data Protection Authorities ranging from a warning, a reprimand to a temporary or definitive ban on processing and a fine of up to €20 million or 4% of the business’s total annual worldwide turnover. Given the significant financial penalties for noncompliance and evidently more proactive compliance efforts planned by the EU data protection supervisor, the GDPR truly compels action from not only all enterprises that are doing business across Europe, but also all enterprises with offices in Europe, workers in Europe, and clients, customers, patients and any type of consumer in Europe. One of the main duties imposed by GDPR to organizations-data controllers is only using data processors that provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR, have these commitments specified in a contract and measures reviewed and audited by third parties against international standards like ISO, SSAE16/ISAE 3402 and others. Outsourced Data Protection Officer – DPO appointment is mandatory for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences. Article 35 of the GDPR introduces the concept of a Data Protection Impact Assessment, a process for building and demonstrating compliance. 

Process perspective: Change non-compliant and/or inefficient processes touching personal data. Technical perspective: Map and configure the right cloud technology solutions to policies and processes of handling personal data including Identifying, locating, cataloguing, pseudonymisation, encryption, deletion, rectification, transfer of, access to, and objection to processing of personal data. Transfer responsibility and risk to the Cloud provider as GDPR compliant data processor. 

Keywords: [“Data”,”GDPR”,”process”]
Source: https://www.gdpr.international

NEW EU DATA PRIVACY LEGISLATION

Subject Matter and Scope Whether it is for personal data or processing, the GDPR uses broad definitions. A company that is not established in the Union may have to comply with the Regulation when processing personal data of European residents:a) If the company offers goods or services to European data subjects in the EU; or,b) If the company is monitoring EU data subjects’ behavior; or,c) If the company processes personal data of EU individuals on behalf of other businesses. Key principles of the GDPR Some of the key principles of the GDPR are: Accountability and governance: companies must be able to demonstrate their compliance;⦁ Transparency: Personal data must be processed lawfully, fairly and transparently;⦁ Purpose limitation: the purpose for which data is collected must be specified, explicit and legitimate;⦁ Data Minimization: only relevant data should be collected and processed;⦁ Security: It must be processed in a way that ensures appropriate security of the personal data;⦁ Privacy-by-design/privacy-by default: GDPR creates a general obligation for companies to integrate data protection into their processing activities. Valid basis for data processing The GDPR provides six legal basis for processing of EU personal data. These includes:⦁ Consent of the data subject; Legitimate interest;⦁ Contractual obligation. 

It distinguishes between organizations that are data controllers and/or data processors. Responsibilities of a data controller can include:⦁ Maintain a record of processing activities;⦁ Notify personal data breaches; Conduct data protection impact assessment prior to processing; Designate a data protection officer or a representative in the European Union. Rights of the Data Subject The GDPR provides for many rights to data subjects. These rights include:⦁ Transparency and information: the controller must provide information to the data subject i.e. who they are and how to contact them, who the data protection officer is, why the controller needs the information and who is receiving it;⦁ Right of Access, Right to Rectification, Right to Erasure and Right to Restriction of Processing: The controller must act immediately to correct inaccurate personal data when the subject makes a complaint. 

The controller may have to erase personal data and/or restrict personal data processing; Liability and Penalties There are two tiers of maximum fines under the GDPR. The higher fine threshold is 4% of an undertaking’s worldwide annual turnover or 20 million euros, whichever is higher. Higher fines apply for instance in case of violation of the basic principles for processing data, including consent; data transfer provisions. Lower fines apply for non-compliance with notification of a personal data breach or the obligation to designate a data protection officer among others. 

Keywords: [“data”,”processed”,”personal”]
Source: https://www.export.gov/article?id=EU-NEW-DATA-PRIVACY-LEGISLATION-GDPR

GDPR News Center News for 05-18-2018

Person Centred Software

The right to be informed – you must let people know why you are processing the data, and provide a privacy notice to inform people and transparency over how you use personal data. The right of access – you must give confirmation that their data is being processed and give access to their personal information. The right of rectification – you must allow people’s information to be amended if information is inaccurate or incomplete. The right to erasure – the right to erasure is also known as ‘the right to be forgotten’. This right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. Article 5(2) requires that “The controller shall be responsible for, and be able to demonstrate, compliance with the principles.” Adequate, relevant and necessary in line with stated purpose. Processed and kept securely in an appropriate way for the type of data being held. Accurate and up-to-date, only kept for as long as necessary. Follow comprehensive but proportionate governance measures. Make use of good practice tools outlined by Information Commissioner’s Office, such as privacy impact assessments.

Keywords: [“right”,”data”,”processed”]
Source: http://personcentredsoftware.com/gdpr

A checklist for employers

The EU’s new General Data Protection Regulations, which will come into effect in the UK and across the rest of the EU in May 2018, will radically change the way businesses and organisations collect, manage and dispose of data. There are several elements to take into consideration when ensuring compliance with the GDPR; these include sharing data with third parties, ensuring that contracts and policies are compliant, and handling employee data. We have put together a basic checklist of some of the most important points for employers to consider when it comes to complying with the GDPR:. 1. Ensure your contracts of employment are up to date and contain a specific clause dedicated to data protection. Consider asking all employees to sign separate consent forms in relation to the processing of their data. Make sure you have a watertight reason to process sensitive person data. Employee handbooks should contain a Data Protection Policy, which all employees should read. 5. Be prepared to deal with Subject Access Requests from employees in a shorter timescale. If you would like more information on data protection or the GDPR, please contact our Data Protection team.

Keywords: [“Data”,”employee”,”Protection”]
Source: http://darwingray.com/news/gdpr-a-checklist-for-employers

GDPR News

What is GDPR? The EU General Data Protection Regulation replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizen’s data privacy and to reshape the way organizations across the region approach data privacy. The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. It is important to note that these rules apply to both controllers and processors – meaning ‘clouds’ will not be exempt from GDPR enforcement. How do MENTIS Products help in GDPR? MENTIS products can help organizations to comply with majority of the focus areas mentioned under GDPR. Details for how Mentis’ products map with Data Subject Rights and Organizational Governance are shown below. For more details on GDPR and our products, please fill the below form and reach out to us.

Keywords: [“Data”,”GDPR”,”Products”]
Source: http://www.mentisoftware.com/GDPR

GDPR

The regulation will be a ‘game changer’; a single set of rules governing how European citizens’ data is used. The world has changed greatly since the current data protection legislation was introduced. GDPR will address the impact of cultural, social and technological changes, such as cloud computing and social media. It will also impose legal obligations on data processors for the first time. All organisations will need to review the ways in which they deal with data. Businesses will need expert advice to comply with the regulation and adapt to the new administrative and reporting requirements. This hub compiles all of our GDPR content so we can share our insight and answer questions about some of the key changes under the regulation. We understand that compliance with GDPR can be complex. We hope that our know-how can help to ensure that you are ready for GDPR by 25 May 2018. Our GDPR content is designed to give you everything you need to understand the regulation and to prepare your business. Get ready for GDPR – how organisations can prepare for the new rules and ensure compliance. GDPR briefings – a deeper dive into the specifics of GDPR and its development.

Keywords: [“GDPR”,”regulation”,”data”]
Source: https://www.burges-salmon.com/gdpr

Vision Critical

On May 25, 2018 the EU General Data Protection Regulation becomes applicable and will be enforced by EU regulators. The GDPR will replace the existing EU data protection framework, known as the Data Protection Directive which has been in place since 1995. Unlike the Data Protection Directive, the GDPR will apply directly to any company that offers goods or services to and/or tracks the behavior of EU citizens even if that company does not have a place of business within the EU itself. At Vision Critical, we believe that people matter and our products and services are focused on strengthening our customer’s relationships with the people that matter most to them. Because of this central focus, we welcome the EU’s effort to strengthen individual’s rights with the regard to their control over, and the protection of, their personal data. Like many companies around the world, Vision Critical is hard at work updating our operations to ensure that we will be in compliance with the GDPR by May 25, 2018. These updates include the products and services we provide to you, our customers to ensure that you are able to use our platform in a GDPR-compliant manner.

Keywords: [“Protection”,”Data”,”GDPR”]
Source: https://www.visioncritical.com/gdpr