GDPR News Center News for 10-24-2018

Webinar: SharePoint and GDPR Compliance

How to Update Your Existing Privacy Policy for GDPR Compliance

The purpose of the GDPR is much the same as previous regulations: to protect the privacy and personal information of residents of the EU. The GDPR builds upon old laws to create a more clear and complete set of rules that you must follow when collecting and using personal data from residents of the EU. The goal is for the GDPR to cover the entire region to make compliance easier than dealing with separate laws in multiple different countries. Remember, even if your company is not located within the EU, you must comply with the GDPR if you have users who reside within the EU. The GDPR makes it very clear that any entity which collects or processes the personal data of residents of the EU must abide by its regulations. 

In addition to new, stricter privacy laws, the penalties for failing to follow the GDPR guidelines have been increased. In your clause about how you use the personal data that you collect, simply add a sentence that states if you do or don’t use personal information to make automated decisions. The GDPR requires more detailed disclosure about exactly how users’ personal data is handled, including any third-parties that you share data with. Your Data Protection Officer should be chosen by the same standards as any position, such as professional qualities and knowledge of the field of data protection. The concept of a Data Protection Officer is not to make things more complicated, but instead to have a knowledgeable expert who can answer questions and be on the lookout for policy breaches that could be harmful to your company. 

The primary role of a Data Protection Officer is to ensure that data privacy laws are being followed. You should read the full details about Data Privacy Officers in the GDPR and appoint a qualified candidate before May 25, 2018 if your company’s operations require it. Users have well-defined rights under the GDPR when it comes to having access to their personal data. Not only have the maximum penalties for breaking privacy laws increased under the GDPR, but the GDPR has also made it easier for data protection authorities to investigate and penalize non-compliance under the new regulations. Factors such as how many people were affected and for how long, negligence versus intentional practices, and the degree of cooperation with regulators can all affect the severity of the fines for failing to follow the GDPR requirements. 

Keywords: [“data”,”GDPR”,”personal”]
Source: https://termsfeed.com/blog/gdpr-compliance-update-privacy-policy/

Vanderbilt Industries

Vanderbilt Industries are committed to full compliance with the European General Data Protection Regulations as introduced in May 2018. The new EU General Data Protection Regulation comes into force on 25 May 2018 and will impact every organization that holds or processes personal data. We place a top priority on protecting and managing personal data by accepted standards, including ISO9001 and ISO14001. 2.A) Product guides to support compliance for users of our on-premise and cloud security products and services that help customers to understand and prepare for GDPR. B) Develop compliance plans and build a stronger platform for the future by taking control of their data. Where our solutions are deployed and sit within an end customer’s IT infrastructure, they are protected by and under their own IT Information Security and Data Protection compliance controls and their processes of data processing. 

Upon completion of our analysis of the data protection requirements for Vanderbilt on-premise security solutions, we can confirm that Vanderbilt does not enter or maintain any data on these systems, and therefore is not the Data controller or Data processor. We do however want to support our customers who will be required to supply statements and to include Vanderbilt systems within the data protection and processing agreements. This information will include data cleansing and subject access reports to specific data retrieval and disposal tools. All customers are responsible for personal and transactional data located in Vanderbilt security systems, and requests to delete, rectify, transfer, access, or restrict the processing of data. Where Vanderbilt hosts cloud solutions, we shall comply with this position statement and the provisions of GDPR and the forthcoming regional Data Protection Acts within the countries we conduct business. 

Upon completion of our analysis of the data protection requirements for Vanderbilt cloud security solutions, we can confirm that SPC Connect and ACT365 do store information on users of the system, and for these products, Vanderbilt is therefore considered the Data controller or Data processor. We have completed internal audits to ensure we are working to comply with requirements and have worked with external bodies to prepare data protection statements for these products. 

Keywords: [“Data”,”security”,”Vanderbilt”]
Source: https://vanderbiltindustries.com/gdpr-compliance

GDPR

Its purpose is to support privacy as a fundamental human right and therefore give EU residents rights over how their personal data is processed or otherwise used. The GDPR defines personal data as ‘… any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’. The GDPR notes that online identifiers can constitute personal data. To the extent you collect EU residents’ personal data, GDPR requires you to comply with its terms by May 25, 2018. 

Right of access: You, or your customer, can ask us what personal data is being processed, why and where. Right to restrict processing: If you, or your customer, believe your personal data is inaccurate or collected unlawfully, you may request limited use of your personal data. Right to object: If you, or your customer, decide that you no longer wish to allow your data to be included in our analytics or for us to provide personalized marketing content at any time, you may contact us to request removal of this data. Usually, bluehost is a controller in relation to the personal data that you provide to us as a customer. From May 25th, we will not publish the personal data of domain name registrants located in the EU in the WHOIS. 

This is to ensure our WHOIS output is compliant with the GDPR. However, access to personal data of domain name registrants may be granted when such access is necessary for technical reasons such as for the facilitation of transfers, or for law enforcement when it is legally entitled to such access. Our TOS require you to lawfully obtain and process all personal data appropriately. MySQL dump of tables only no data I would like to dump the Table Structure for my MySQL Database, but none of the data. Clean up WordPress Meta Data This article will explain how to clean up meta data in a WordPress database. 

Keywords: [“Data”,”personal”,”GDPR”]
Source: https://my.bluehost.com/hosting/help/gdpr

GDPR News Center News for 10-23-2018

Box GDPR Compliance

With the General Data Protection Regulation just around the corner, we’re committed to being GDPR-ready by May 25, 2018, so that our customers can use Box with GDPR compliance in mind. At Box, we meet the highest bars possible for data privacy, as well as support organizations using Box while meeting data privacy obligations across the globe. With Box, every company – regardless of location or data privacy obligations – can work as one. 

Keywords: [“Box”,”Data”,”privacy”]
Source: https://www.box.com/gdpr

» Organisations

The General Data Protection Regulation very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities. 

Keywords: [“Data”,”personal”,”how”]
Source: http://gdprandyou.ie/organisations/

General Data Protection Regulation Consulting & Compliance Services

Create a pragmatic roadmap and facilitate data compliance by evaluating current security practices against GDPR requirements. GDPR consulting tailors appropriate security measures to your organization’s requirements. Avoid new vulnerabilities with ongoing security testing, assessments and exercises. Implement security controls and processes to patch gaps and help to maintain a GDPR-compliant security posture. 

Keywords: [“security”,”GDPR”,”requirements”]
Source: https://www.secureworks.com/services/security-consulting/controls-compliance/gdpr

Protect Personal Data on Your Website

Manually searching for data across your digital presence is a tedious task. With Siteimprove GDPR, you save that time by automatically locating the personal data you handle online-think names, ID numbers, cookies, and more. Now you have the power to pinpoint and remove that data across your website, minimizing the risk of fines and other legal consequences on your way to GDPR compliance. 

Keywords: [“data”,”across”,”GDPR”]
Source: https://siteimprove.com/en-us/gdpr/

Data Protection and Complying with GDPR Laws

It’s no longer just about finding and securing data: it’s about proactively capturing the full context of data, classifying what level of security is needed, establishing and adhering to the necessary controls, and implementing ongoing best practices to ensure data is managed safely and successfully. Collibra provides the necessary foundation for any successful cyber security program. 

Keywords: [“data”,”Collibra”,”security”]
Source: https://www.collibra.com/data-governance/data-protection/

EU General Data Protection Regulation

FastSpring is compliant with the EU General Protection Regulation. Our ecommerce platform is capable of conducting business with all EU-based customers online store. FastSpring complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. 

Keywords: [“FastSpring”]
Source: https://fastspring.com/gdpr/

GDPR Compliance and Elasticsearch

Mike joined Elastic in 2016 from Prelert, where he’d been VP of Products for Prelert’s machine learning technology. Mike’s focus at Elastic is to help users and customers succeed with security-related applications of the Elastic Stack. Starting his career as an ASIC designer, Mike has led the development of SIEM, network IPS, DDoS Defense, and network monitoring solutions. 

Keywords: [“Elastic”,”Mike”,”network”]
Source: https://www.elastic.co/webinars/gdpr-compliance-and-elasticsearch

GDPR Compliance and Elasticsearch

Mike joined Elastic in 2016 from Prelert, where he’d been VP of Products for Prelert’s machine learning technology. Mike’s focus at Elastic is to help users and customers succeed with security-related applications of the Elastic Stack. Starting his career as an ASIC designer, Mike has led the development of SIEM, network IPS, DDoS Defense, and network monitoring solutions. 

Keywords: [“Elastic”,”Mike”,”network”]
Source: https://www.elastic.co/webinars/gdpr-compliance-and-elasticsearch

Data Mapping May Be the Hardest Part of GDPR Compliance

K Royal is in the business of making sure companies are compliant with the European Union’s General Data Protection Regulation. As senior director of privacy at compliance and security company TrustArc Inc., she helps organizations bridge the gap between knowing they must fully follow the GDPR, and actually crossing the finish line. 

Keywords: [“company”]
Source: https://www.law.com/corpcounsel/2018/08/15/data-mapping-may-be-the-hardest-part-of-gdpr-compliance/

Data Mapping May Be the Hardest Part of GDPR Compliance

K Royal is in the business of making sure companies are compliant with the European Union’s General Data Protection Regulation. As senior director of privacy at compliance and security company TrustArc Inc., she helps organizations bridge the gap between knowing they must fully follow the GDPR, and actually crossing the finish line. 

Keywords: [“company”]
Source: https://www.law.com/corpcounsel/2018/08/15/data-mapping-may-be-the-hardest-part-of-gdpr-compliance/

eBay Inc.

The General Data Protection Regulation is a comprehensive update to existing European Union laws that goes into effect on May 25, 2018. The GDPR was designed to harmonize data privacy laws across Europe, to protect and empower all EU resident’s data privacy and to reshape the way organizations across the region approach data privacy. 

Keywords: [“Data”,”privacy”,”across”]
Source: https://www.ebayinc.com/our-company/privacy-center/gdpr/

Analytics Platform

Matomo GDPR services We offer solutions and services to help you have a Matomo configuration ready for GDPR compliance. As the world leaders when it comes to privacy and customer data, we are looking forward to providing you support for our analytics platform which helps you achieve GDPR compliance easily. 

Keywords: [“GDPR”,”compliance”,”help”]
Source: https://matomo.org/gdpr/

General Data Protection Regulation

The General Data Protection Regulation, the world’s most expansive data privacy law, takes effect May 25, 2018. Any group that processes the personal data of European residents must comply with the new law. Non-compliance can result in fines up to €20million or 4% of annual turnover, whichever is higher. 

Keywords: [“Data”,”law”]
Source: https://www.veritas.com/gdpr

GDPR Compliance in 5 minutes

General Data Protection Regulation has created a wealth of uncertainty around compliance for marketers. This 5 minute summary explains the core principals for GPDR, what it means for inbound and outbound marketing and how to make web forms compliant. 

Keywords: [“marketers”]
Source: https://www.youtube.com/watch?v=cBRUYUheTTs

GDPR Compliance in 5 minutes

General Data Protection Regulation has created a wealth of uncertainty around compliance for marketers. This 5 minute summary explains the core principals for GPDR, what it means for inbound and outbound marketing and how to make web forms compliant. 

Keywords: [“marketers”]
Source: https://www.youtube.com/watch?v=cBRUYUheTTs

GDPR News Center News for 10-21-2018

What do you do about General Data Protection Regulation?

We have adjusted our Terms of service to reflect this. Privacy and security are critical to everything we do. Mapping of security & privacy measures – Done CAIQ. Data store mapping – Done. Storage of customer’s DPO and security contacts – Done. 

Notification of customers about changes in conditions and DPA – Done. Algolia is also SOC2 Type 2 audited organization and complies with all the Security, Availability and Confidentiality requirements. We value your privacy, and we’ll do everything we can to protect it. Find out how to delete your personal data or how to delete your user’s data. Your data primarily stays in regions where you decide your data to reside. 

Logs of search queries and operations can be processed outside of the EU but always stay in a system respecting privacy and security. We comply with GDPR with our Community/Free plans as well. 

Keywords: [“Data”,”security”,”service”]
Source: https://www.algolia.com/doc/faq/security-privacy/gdpr/

Accellion Secure File Sharing Platform

Businesses must be able to find their European customers’ personally identifiable information and show who has access to the data, what they’re doing with it, and who they’re sharing it with to achieve GDPR compliance. The Accellion secure file sharing and governance platform provides this level of visibility and control to help businesses demonstrate GDPR compliance. Encryption key ownership – you decide when to rotate. Audit trail to connected on-prem and cloud content sources. Detailed reports allow for data analysis down to the file level. 

Full traceability of all content right up to delivery. Know and demonstrate which files have passed or failed AV, DLP and ATP scans. Comprehensive audit logs show data has been delivered and/or deleted. Automatically remove content upon project completion. 

Keywords: [“content”,”file”,”data”]
Source: https://www.accellion.com/platform/governance/gdpr-compliance/

GDPR Compliance

Inform: Review your vendor list and get comfortable with how data flows across your business, what type of personal data you collect and who has access. If JotForm is one of your vendors, and you have determined that you need a DPA in place with Jotfrom, our GDPR compliant DPA is available for download and signature at the link above. Assess: Undertake a risk assessment within your business and identify any gaps that need to be filled in order to meet GDPR compliance. Plan: Get in touch with us to understand how our products can help meet your compliance needs, and develop an action plan that is mindful of the May 25, 2018 deadline. Act: Implement your GDPR compliance program and make GDPR compliance an ongoing discipline. 

Keywords: [“compliance”,”GDPR”,”need”]
Source: https://www.jotform.com/gdpr-compliance/

GDPR Compliance

Inform: Review your vendor list and get comfortable with how data flows across your business, what type of personal data you collect and who has access. If JotForm is one of your vendors, and you have determined that you need a DPA in place with Jotfrom, our GDPR compliant DPA is available for download and signature at the link above. Assess: Undertake a risk assessment within your business and identify any gaps that need to be filled in order to meet GDPR compliance. Plan: Get in touch with us to understand how our products can help meet your compliance needs, and develop an action plan that is mindful of the May 25, 2018 deadline. Act: Implement your GDPR compliance program and make GDPR compliance an ongoing discipline. 

Keywords: [“compliance”,”GDPR”,”need”]
Source: https://www.jotform.com/gdpr-compliance/

How the Next-Generation Security Platform Contributes to GDPR Compliance

The General Data Protection Regulation is the European Union’s forthcoming personal data protection law. In May 2018, the GDPR will replace the 1995 Data Protection Directive, significantly changing the rules surrounding protection of personal data of EU residents. The Palo Alto Networks Next-Generation Security Platform can help with organisations’ security and data protection efforts related to GDPR compliance by assisting in securing personal data at the application, network and endpoint level, as well as in the cloud. It can also assist in understanding what data was compromised in the unfortunate instance of a breach, but first and foremost it will help organisations prevent data breaches from happening at all. 

Keywords: [“Data”,”Protection”,”personal”]
Source: https://www.paloaltonetworks.com/resources/whitepapers/gdpr-compliance-next-generation-security-platform

How the Next-Generation Security Platform Contributes to GDPR Compliance

The General Data Protection Regulation is the European Union’s forthcoming personal data protection law. In May 2018, the GDPR will replace the 1995 Data Protection Directive, significantly changing the rules surrounding protection of personal data of EU residents. The Palo Alto Networks Next-Generation Security Platform can help with organisations’ security and data protection efforts related to GDPR compliance by assisting in securing personal data at the application, network and endpoint level, as well as in the cloud. It can also assist in understanding what data was compromised in the unfortunate instance of a breach, but first and foremost it will help organisations prevent data breaches from happening at all. 

Keywords: [“Data”,”Protection”,”personal”]
Source: https://www.paloaltonetworks.com/resources/whitepapers/gdpr-compliance-next-generation-security-platform

Working toward GDPR compliance

Compliance doesn’t have to be a scary word – even when facing the multifaceted challenges of meeting the European Union’s May 2018 deadline for its General Data Protection Regulation. SAS conducted a global GDPR survey among 340 business executives from multiple industries. Based on the results of that survey, this e-book delves into the biggest opportunities and challenges organizations face on the road to GDPR compliance. How to get started on the best path to compliance, based on advice from industry experts. How to turn this compliance challenge into a competitive advantage. 

How your peers are preparing across a variety of industries. An end-to-end approach that can help guide your journey to GDPR compliance. 

Keywords: [“Compliance”,”How”,”industry”]
Source: https://www.sas.com/en_us/whitepapers/gdpr-compliance-109048.html

GDPR News Center News for 08-31-2018

GDPR Resources

On this page we’ve put together a set of resources about GDPR. We’re doing this so that those in the charity sector – and interested parties outside it – can learn about the practices by which the sector complies with these regulations. We begin with some general information on GDPR. We follow with the ways GDPR relates to fundraising, and then prospect research. We have a section listing resources on privacy impact assessments. 

We hope this list of resources is useful – if you have any questions or comments for us relating to GDPR, or any recommended resources, please get in touch. 

Keywords: [“GDPR”,”resources”,”any”]
Source: https://factary.com/gdpr-resources

Fix it Fast: Apply GDPR to Your Company in 10 Simple Steps: Amazon.co.uk: Patrick O’Kane, Kristy Grant-Hart: 9780993478857: Books

Very clear and easy to read – hard to understand why the ICO can’t produce guidelines as good as this, but anyway!My approach was to read 10 pages at time, then go and action it all and come back to the next 10 pages. You use it, it needs to be practical, as everyone’s GDPR implementation will be unique. The book has spaces for making notes in the book, but that isn’t my style – I prefer a digital approach. My only niggle is that there is not an online companion to this book, where you can login and do just that. I’m still giving this 5 stars, because the clarity of the content is worth the price alone. 

Keywords: [“book”,”pages”,”approach”]
Source: https://www.amazon.co.uk/GDPR-Apply-Company-Simple-Steps/dp/0993478859

A Guide to Help You Prepare for GDPR Compliance, Free Download

The General Data Protection Regulation protects the personal data of EU citizens. If your company handles the personal data of EU citizens, regardless of where you are based in the world, you’ll need to take some important steps to ensure that data is correctly controlled, processed, maintained, retained, and secured. With penalties as steep as €20,000,000 or 4% of your annual gross revenue, this should be a top priority for your team in 2017. It might be daunting, but we’ve pulled together some resources to help you prepare. Get the GDPR Toolkit, and be well on your way to having GDPR confidence. 

Keywords: [“Data”,”GDPR”,”personal”]
Source: https://information.rapid7.com/gdpr-toolkit-2.html

Our solutions

Encrypted storage – often referred to as ‘data at rest’ – is most commonly used to encrypt an entire disk, drive or device. This type of encryption becomes effective only once the system is stopped, the drive ejected or the encryption key blocked. Encrypted content – also referred to as granular encryption – means, typically, encrypting files or text at the application level. The most common example is email encryption, where the message format must remain intact for the email client application to be able to handle it, but the text body of the email is encrypted along with any attachments. 

Keywords: [“encrypt”,”encryption”,”email”]
Source: https://www.eset.com/uk/gdpr

Inbox Pros

Our privacy consultants can work with you to conduct the entire GDPR review process – including a risk analysis, level of effort analysis, and a prioritized GDPR project plan. For each gap, you’ll then need to identify specific remediation actions and estimate Levels of Effort – Low, Medium, and High. We map out the gaps and make sure each group is compliant with the GDPR. By investing the time up front to perform the proper analysis and planning, you can be confident that you will efficiently and effectively mitigate risk while meeting your company’s business objectives. 

Keywords: [“GDPR”,”analysis”,”risk”]
Source: https://inboxpros.com/gdpr

General Data Protection Regulation

With the General Data Protection Regulation 2016/679), the European Parliament, the Council and the European Commission intend to strengthen and unify data protection and privacy for individuals within the European Union. When the law takes effect in May 2018, it will trigger significant changes to how global brands approach online marketing, data protection and privacy policies. It’s important to note that the new legislation also addresses the export of personal data outside the EU – effectively extending its application to any business with even a single customer in Europe. 

Keywords: [“Data”,”Protection”,”European”]
Source: https://www.gigya.com/topic/gdpr

Data Catalog GDPR Compliant Solutions by Waterline Data

Organizations that fail to comply could be fined up to a maximum of €20,000,000 or 4 percent of annual global revenue, whichever is higher. Most organizations don’t have this information documented, and gathering it across a distributed data estate without some level of automation is next to impossible. Waterline provides the only solution that directly addresses the challenges presented by GDPR with software that automatically discovers data subject to GDPR; generates reports on the status of your GDPR compliant and non-compliant data; and makes it easy to secure GDPR data. 

Keywords: [“data”,”GDPR”,”Challenge”]
Source: https://www.waterlinedata.com/gdpr-compliance-solution

General Data Protection Regulation

Manage and implement security program practices on premises and in the cloud, such as risk assessment and mitigation, incident identification, escalation, response, forensics and resolution, personnel roles and responsibilities. Measure, document, and communicate program effectiveness to stakeholders. Monitor security operations and intelligence: monitor, detect, respond to and mitigate threats. Manage and implement security program practices such as risk assessment, roles and responsibilities, program effectiveness. Govern data incident response and forensics practices. 

Keywords: [“program”,”practices”,”security”]
Source: https://www.ibm.com/security/data-security/gdpr

GDPR Compliance for Small Businesses

SecurityMetrics PIIscan is a data discovery tools that assists with GDPR requirements by discovering unencrypted Personally Identifiable Information. PIIscan searches computer systems, hard drives, and attached storage devices for unencrypted PII. Once PIIscan has discovered unencrypted PII, a report is generated that displays where the data is located. This makes it easy to securely delete or encrypt this data and reduce your organization’s risk. By using PIIscan, you will also save time by not having to manually search for unencrypted PII on your systems. 

Keywords: [“unencrypted”,”PIIscan”,”PII”]
Source: https://www.securitymetrics.com/gdpr-defense

GDPR News Center News for 08-23-2018

GDPR by Wizuda

The General Data Protection Regulation 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for EU citizens. The GDPR aims to give EU citizens back control and transparency over their personal data, how it is used, by whom and for what purpose. Under the GDPR, personal data must be processed lawfully, fairly and in a transparent manner. As the GDPR is a regulation, it is legally binding; if you’re not compliant with the regulation then you’re breaking the law. It builds on the previous Data Protection Acts bringing more relevance to the technologies of today, in a world where data has become one of the most valuable assets of organisations. 

It comes into force on the 25th of May 2018 at which time businesses who do not comply may face significant fines of up to €20m or 4% of global annual turnover, whichever is greater. 

Keywords: [“Data”,”Regulation”,”GDPR”]
Source: https://wizuda.com/gdpr

General data protection regulation, GDPR

GDPR puts increased emphasis on data collection best practices, data controller transparency, and consumer choice – all of which play a meaningful role in the customer experience. With an eye toward customer experience, you may want to think about how the following GDPR principles affect your business efforts. Reduce unnecessary data collectionTake stock of the data you’re collecting. Provide the required notice for data collectionReview and update your current privacy notices, policies, and any information provided at data collection points. Remove unique identifiersConsider when to make some data anonymous or pseudonymous to help minimize compliance obligations and the risk of data and privacy breaches and claims. 

Fulfill data access and delete requestsUnderstand how your customer will reach out to you to make data access or delete requests. Know how to define internal data retention and deletion policies and procedures. 

Keywords: [“data”,”how”,”customer”]
Source: https://www.adobe.com/privacy/general-data-protection-regulation.html

Get GDPR compliant with Dynamics NAV – Dynamics NAV Team Blog

On May 25, 2018, a European privacy law is due to take effect that sets a new global bar for privacy rights, security, and compliance. The General Data Protection Regulation is fundamentally about protecting and enabling the privacy rights of individuals. The GDPR establishes strict privacy requirements governing how you manage and protect personal data while respecting individual choice-no matter where data is sent, processed, or stored. As mentioned in an earlier blog post, Microsoft is dedicated to helping our partners and customers meet the requirements of the GDPR. By May 2018, Dynamics NAV 2018, Dynamics NAV 2017, Dynamics NAV 2016, and Dynamcis NAV 2015 will be updated with tools to help you get GDPR compliant. 

The March cumulative updates have just been made available and provide the first round of updates for you. We have prepared a Dynamics NAV whitepaper that will help you prepare for compliance. 

Keywords: [“NAV”,”Dynamics”,”privacy”]
Source: https://blogs.msdn.microsoft.com/nav/2018/03/07/get-gdpr-compliant…

Protect passwords, IT accounts, privacy

As organizations race to adopt a DevSecOps model, eliminating security gaps in the DevOps environment and keeping user credentials secure are a top priority. Typical DevOps vulnerabilities include, embedded credentials in application environments, stored credentials in popular repositories, or shared private keys and credentials for fast access to source code. Join Thycotic Product Manager Dan Ritch as he explains how you can help assure proper credential security for your DevOps team with an automated privileged access solution. How to optimize your team’s DevOp’s environment to increase security without hindering their development and deployment schedules. An automated approach to remove hardcoded passwords and meet compliance without impacting workflow. 

How to integrate PAM security across each tool in the DevOps toolchain. PLUS: One lucky attendee will win a $50 Amazon gift card at the end of the webinar! 

Keywords: [“DevOps”,”credential”,”security”]
Source: https://thycotic.com/solutions/gdpr-compliance

GDPR Logger

Christian is the man with the ideas and the architect behind the GDPR Logger. From the beginning the GDPR Logger is designed by Christian who continually devices smart new features that ensures the solution is cutting edge software. John is the developer behind the GDPR Logger and has been a part of the team form the beginning where he developed the engine. John is a true wizard that can create all the features our IT Architect thinks up. Kuno develops the UI parts of the GDPR Logger and ensure that everything is presentable. 

With his usual patentability he helps to ensure that the GDPR Logger looks as it should. The always happy Tom is, apart from being a member of the board, the man that creates our partner canal. Tom is a master of Excel and always up for a cup of coffee to create some business. GDPR Logger for Notes & Domino ensures that you are ready when the new Personal Data Regulation becomes enforceable. 

Keywords: [“Logger”,”GDPR”,”ensure”]
Source: https://gdpr-logger.com

Home

The new GDPR regulations are just weeks away and as the biggest shake-up in data protection regulation in decades, preparations are well underway at businesses up and down the country. Our conference has been designed to doublecheck your strategy against expert opinion to ensure you are on the right track to compliance. The GDPR is raising the bar to a higher standard for consent as well as making it easy for people to withdraw their consent. Don’t be fooled into thinking this is about marketing alone, GDPR affects every aspect of your business. This event explores some of the detail through the eyes of compliance specialists, marketing gurus and data protection experts. 

With the Information Commissioner’s Office providing its updated guidance in December ahead of the implementation of the regulations in May 2018, our conference is perfectly timed so you can be confident your business is compliant. 

Keywords: [“GDPR”,”dealer”,”data”]
Source: https://amgdprconference.am-online.com

GDPR News Center News for 08-20-2018

GDPR documents list

Mark Lee FCA is a strategic adviser to sole practitioner accountants who want more success but don’t like the pushy and salesy advice they get elsewhere. He does not claim to be an expert on GDPR but he has produced a list of the key documents we will all need to prepare to evidence that we are taking the law seriously – even if we are simply sole practitioners with no staff and no marketing email lists. The list is taken from a practical guide that Mark was commissioned to produce for ICPA. That guide is also now available free of charge to Mark’s contacts too. If you want a copy of the list and the practical guide simply complete the form below. 

This will also opt you into allowing Mark to email you occasionally and to receiving Mark’s weekly email containing tips, tricks and advice for accountants in practice. You can opt out of these by un-ticking the boxes below. NB: This approach is currently permissible but will be outlawed by GDPR as of 25 May 2018. After that date you will need to specifically opt-in to receive such further emails. This is just one of the many changes being introduced by GDPR.. 

Keywords: [“Mark”,”email”,”list”]
Source: http://bookmarklee.co.uk/gdpr-documents-list

GDPR For Governors

The Essential Guide to GDPR for School Governors is here for you. If you attended the training event at Walsall College on 15th February 2018, then you will have been given an overview of the GDPR regulations and the next steps. As promised, I enclose below the information and documents referred to in the session. As the process develops we will keep you informed of changes and additional things which emerge between now and the end of May 2018. This should be given to all Governors, so that they understand the concept and the broad issues. 

A More detailed overview of GDPR. For those who love the detail and for your GDPR Governor link. Make sure that you go through this with the member of staff designated to be the person responsible for GDPR. https://docs. This has been checked and approved by lawyers, and is passed to you on that basis. 

Be sure that its not just a cut and paste exercise and that you make sure that you embed and check the processes that are described here, so that they can be seen working. Remember that this is legislation that you need to comply with and not some paper exercise. 

Keywords: [“GDPR”,”sure”,”Governor”]
Source: https://walsall-governors.mykajabi.com/pages/gdpr

GDPR Resource Center

SolarWinds® MSP has made data security central to its business since its inception. Risk Intelligence can scan any network and help to assess the personally identifiable information located throughout the network. This can be particularly helpful for data-mapping exercises and prioritizing your security efforts. With the threat of ransomware and cyberattacks, businesses can’t afford to lose individuals’ data. SolarWinds® Backup is designed to provide fast backup, rapid recovery, and secure storage, all via a hybrid cloud architecture. 

Mail Assure™ provides strong email security and encryption to help you manage this channel. It includes an email archive, so you always have access to customers’ emails in the event you need to answer a request. SolarWinds RMM gives you the tools you need to run your IT operation in a single web-based dashboard. It includes integrated risk intelligence, like antivirus, web protection and content filtering, mail protection, user permission controls, logs, and hybrid cloud backup and recovery. We have remote monitoring and management available both via SaaS or on-premises delivery. 

Keywords: [“SolarWinds”,”security”,”email”]
Source: https://www.solarwindsmsp.com/resources/gdpr

General Data Protection Regulation

The changes that GDPR will bring will replace the Data Protection Act 1998 as the primary piece of legislation on data protection, and the UK government has confirmed that the decision to leave the EU will not affect the commencement of these changes. The UK Data Protection Bill will update and modernise data protection law in the UK in line with the GDPR. With stronger emphasis on accountability, transparency and with the issue of fines and charities’ reputations on the line, it is essential that GDPR is on the agenda and that senior managers as well are aware of their responsibilities as data controllers. Data protection covers everyone about whom you keep personal data. The law requires organisations to comply with eight principles for data protection. 

Every organisation should have a written policy and procedure that is specific to their own context about how they handle personal data and enact the privacy principles. Online Learning offer: NICVA has partnered with Legal-Island to offer its member organisations cost-effective online training on the General Data Protection Regulation. 

Keywords: [“Data”,”Protection”,”organisation”]
Source: http://www.nicva.org/gdpr

Willows Consulting Ireland

The data controller is ultimately responsible for the protection of personal data they store. GDPR covers all and only personal data held in your organisation and with your 3rd party data processors. There are instances where Data Controllers can be held personally responsible for data breaches. Personal information being passed or coming into the possession of an unauthorised data processor or subprocessor. Passing of personal data to into a non GDPR compliant country. 

Passing of personal data to a third party without the knowledge of the data subject. Do not create more personal data while performing the request. Withdrawal of permission to process personal data after an ecommerce transaction. Flag the data in your databases as not to be used in marketing reports or data mining. Notify the Subject that you have received their request and flagged their data to be excluded from further data processing. 

Request for personal data in a portable transferable format. Depending on the scale and type of breach the Data Commissioners office may stop you from processing data until they investigate the breach further. 

Keywords: [“data”,”personal”,”information”]
Source: https://www.willows-consulting.com/gdpr-for-ecommerce

GDPR News Center News for 08-14-2018

Cracking the Programmer’s Interview Code

I’ve NEVER had to do a coding interview and I make really good money so it isn’t that I’m working for minimum wage. The best interview I’ve ever had is from the guy I currently work under. Now, if I ever did run into an interview where they wanted me to write code on a whiteboard, I’d probably pseudo code it out and explain that I’m a huge fan of Intellisense, particularly ReSharper, and Google and that I rely heavily on those two to get the syntax right. If you want a guy who can write code in notepad, I’m probably not the guy you’re looking for. In all my interviews, as a candidate, I’ve walked out having learned something new from a coding challenge. 

I think you missed out on one really critical component of white boarding code challenges. Once we’ve established that they aren’t lying on their resume about their experience, we can be pretty sure they’ve actually written code. A white board coding interview might be a way of getting at this information. Second, unless you state up front that you are only looking for pseudo code and how the candidate thinks, the candidate is going to stress over syntax. If the Interview only lasted 10 minutes, that would be a bad sign too. 

The way he talked about coding told me that he could code. You’ll get bonus points if you can walk into the interview already knowing what the pain points are so you can address them. 

Keywords: [“code”,”Interview”,”want”]
Source: https://blog.dmbcllc.com/gdpr-killed-the-blog

Understanding GDPR

Any company with personal data about customers who live in the European Union, including the UK. And by data I mean a person’s name, email, phone, address – stuff that identifies them. Availability – You need to treat your customer data like you would any of your business assets; you must keep it up-to-date, secure, and available for review if someone requests it. Right to be forgotten – Customers can, under certain circumstances. Data portability – Customers can ask for their personal data information to be supplied to them. 

They can send that data to other companies if they choose to. As you might guess from these first three hghlights, it’s critical to have your customer data clearly, cleanly and corrected structured. It must be clear WHY the user is being asked for their personal data and WHAT it will be used for. Responsibility – There are massive fines for breaches of the GDPR legislation – up to 4% of a company’s global annual turnover. To help avoid that sticky situation, you’ll be required to appoint a Data Protection Officer if you are part of a large company. 

The DPO will oversee all GDPR requirements and be the point of contact with regulators. It also allows them to ask for their data to be removed from a company database. For workplaces, it formalizes data processes, giving the opportunity to embed an all-hands security mentality. 

Keywords: [“data”,”GDPR”,”company”]
Source: https://blog.papercut.com/understanding-gdpr-in-under-3-minutes

Ready for GDPR? Oracle Marketing Cloud gets you there!

Built on established and widely accepted privacy principles such as purpose limitation, lawfulness, transparency, integrity and confidentiality, the GDPR strengthens existing privacy and security requirements, including requirements for notice & consent, technical and operational security measures, and cross-border data flow mechanisms. Companies must implement an appropriate level of security, encompassing both technical and organizational security controls, to prevent data loss, information leaks, or other unauthorized data processing operations. The GDPR encourages companies to incorporate encryption, incident management, and network & system integrity, availability and resilience requirements into their security program. Companies have to inform their regulators and/or the impacted individuals without undue delay after becoming aware that their data has been subject to a data breach. Companies will be expected to document and maintain records of their security practices, to audit the effectiveness of their security program, and to take corrective measures where appropriate. 

If you would like to learn more about some of the requirements particularly relevant for marketers, please review our GDPR for Marketers whitepaper with more information about the native Data Privacy & Security features provided across the Oracle Marketing Cloud. 

Keywords: [“security”,”data”,”Companies”]
Source: https://www.oracle.com/marketingcloud/about/events/gdpr.html

GDPR News

On this date, May 25th, in the year 2018, something called the General Data Protection Regulation will go into effect. I have written about the far-reaching privacy and cybersecurity impacts of this regulation here. Bear in mind that GDPR is a set of rules governing the privacy and security of personal data that is being implemented by the European Commission, but applies to many companies located OUTSIDE the European Union. For a start, GDPR gives data protection, and recourse for abuse or exposure of sensitive personal information, to residents of Europe, not just European citizens. Even if you’re in Idaho, selling motorcycle accessories via a website hosted in Chicago, and some of your current or former customers or prospects live in the EU, you could still be affected. 

If that sounds like no big deal, I assume you know where all of your customer and marketing data resides, and you have an easy way to look people up and remove them. That’s not even getting into questions of when and with whom you may have shared the data without the data subject’s explicit consent. So let’s say you have names and email addresses of people who have registered on your site as shoppers but you have assumed they would also like to know about motorcycling events and therefore shared their details with event organizers without explicit permission. 

Keywords: [“Data”,”GDPR”,”company”]
Source: http://www.gdprnews.com

GDPR News Center News for 07-13-2018

General Data Protection Regulation

With the General Data Protection Regulation due to take effect on 25th May 2018, we’re very active in our GDPR readiness preparations. We’re working closely with our data partners to ensure that the data we source will be GDPR compliant. Consent has traditionally been relied upon for data sharing, but together with our data partners, we have explored, and are in the process of, implementing other lawful bases for processing. Our team of qualified Data Protection Practitioners are focused on ensuring all tasks are in play, and that they continue to progress. Becoming GDPR compliant Capture personal data at registration Verify data up front, with an audit trail Use the right data across all processes Regularly cleanse your data and stay compliant We can help you Process your data fairly, lawfully and transparently. 

The principle of data minimisation states that organisations should only process the personal data that is needed to achieve its processing purposes. You need to take every reasonable step to ensure that personal data that’s inaccurate is erased or rectified immediately. We can help you meet your data retention obligations with our product enhancements, that are planned to support the ‘right to be forgotten’ – under which individuals have the right to erase their personal data, in some cases sooner than the end of the maximum retention period. You need to ensure that personal data you collect is kept secure against external threats such as hackers, and internal threats such as poorly trained employees. Personal data must be processed in a way that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 

The principle of accountability seeks to guarantee the enforcement of the Data Protection Principles. You need to be able to demonstrate compliance with the Data Protection Principles. 

Keywords: [“data”,”personal”,”ensure”]
Source: https://www.gbgplc.com/what-we-do/supporting-gdpr

EU General Data Protection Regulation Compliance

Use InsightVM to conduct a thorough vulnerability assessment of risks across vulnerabilities, configurations, and controls, and prioritize risks for remediation based on threat exposure and business impact. Article 32: Test the effectiveness of your security measures. Simulate real-world attacks by penetration testing your defenses and evaluate the effectiveness of security measures at protecting personal data with Metasploit. Integrating Metasploit with InsightVM enables you to validate the exploitability of vulnerabilities in Metasploit and automatically prioritize for remediation in InsightVM. Penetration testing services give you an attacker’s perspective of your eco-system, providing you with an understanding of how and where you are most vulnerable to security breaches and data exfiltration. 

Article 32: Assess applications for vulnerabilities. Use InsightAppSec, our Dynamic Application Security Testing solution, to dynamically scan your web, mobile, and cloud applications for vulnerabilities, and generate interactive reports for remediation. Rapid7’s Incident Response Program Development service will help you determine the people, process, and technology necessary to ensure your organization can move with speed and purpose in the event of an incident. Articles 33 and 34: Monitor user behavior, detect attackers earlier, and investigate security incidents faster. Leverage user behavior analytics to detect security incidents and accelerate investigations with instant user context, endpoint interrogation, and advanced search capabilities. 

Articles 33 and 34: Incident Response that doesn’t sleep. Rapid7’s Managed Detection and Response service can provide you with round-the-clock monitoring and incident response assistance. Early detection results in faster mitigation, which could make the difference between needing to report a data breach and having the ability to prevent attackers from reaching highly-coveted personal data. 

Keywords: [“Incident”,”security”,”data”]
Source: https://www.rapid7.com/solutions/compliance/gdpr

Kickstart your GDPR program

The role of Data Discovery in General Data Protection Regulation compliance is the essential first step to building a successful GDPR program, but it’s one that many companies are struggling to take. Companies are faced with terabytes or petabytes of data spread throughout their organization – and beyond – and don’t clearly know what personal data they hold or where it is. Data Discovery has become the first essential – and highly pressing – step to building an effective GDP compliance program. I’m not going to spend too much time covering all the benefits of Data Discovery as we’ve created a short Data Discovery eBook where you can learn everything you need to know. Data discovery tools have metadata classification capabilities to automatically identify the data then classify and tag it using categories you define such as type of data, data owner, type of processing, levels of security, etc. 

While there are many Data Discovery tools available today, GDPR compliance requires more than intelligent discovery tools and technology. It delivers a comprehensive consulting-led solution to help you understand where you currently have sensitive data and the actions you need to take to begin managing all personal data to meet GDPR requirements. The service delivers a combination of OpenText consultants and advanced data discovery tools to help identify the personal data risks in your repositories and data stores. The GDPR Discovery and Analysis Service will enable you to: Automatically identify personal data, tuned to GDPR definitions, within file stores, repositories and email. Deliver specific, valid samples of and metrics about personal data currently stored in non-compliant data stores. 

Our Data Discovery Service ensures you have an understanding of exactly what personal data is held, where it is stored and how it is being used. It will help you build an effective GDPR program by putting you in control of your sensitive data. 

Keywords: [“Data”,”GDPR”,”Discovery”]
Source: https://blogs.opentext.com/kickstart-gdpr-program

GDPR News Center News for 07-09-2018

A Publisher’s Guide To GDPR

With Europe’s General Data Protection Regulation set to take effect in a few short months, smart publishers are leaving nothing to chance. Because of their access to first-party consumer data, publishers in particular need to prove to their clients – and their clients’ agencies – that they’re taking the appropriate steps to comply, or risk losing that business. Bottom line: Publishers should finalize their partner contracts before May. Because GDPR assigns responsibility for compliance to every member of the supply chain, publishers shouldn’t risk their first-party audience relationships due to a sloppy data partner or ad tech vendor. Definitions: Contracts should be updated to reflect the new terminology in use under GDPR, such as the expanded definition of personal data. 

Collaboration: Third parties must help enable controllers to honor the rights of data subjects under GDPR. Security: Vendors will need to guarantee that the processing methodologies they use are secure and compliant and that anyone involved in the processing of personal data is committed to confidentiality. Because shoring up contracts is a ton of work, publishers should work with an independent accounting firm to help audit their partners’ data privacy practices to ensure full compliance. Consent is one of the main legal bases for processing data under GDPR, and consumers must be told exactly what’s going to be done with their data before they can give informed consent. Publishers generally rely on their exchange partners to manage data leakage. 

Contracts with demand-side and supply-side platforms usually include clauses that restrict the usage of bid-stream data. GDPR’s transparency principles mean people must be able to easily learn who has their personal data and what those parties are going to do with it, he said. The potential for data leakage is yet another motivator for publishers to shore up their supply chain. Companies like Mezzobit provide tools that help publishers manage their data collection tags. 

Keywords: [“Data”,”publisher”,”GDPR”]
Source: https://adexchanger.com/privacy/publishers-guide-gdpr

Symplicity

The GDPR will strengthen the security and privacy of individuals’ data in the European Union. The regulations are meant to empower individuals and change the way that organizations treat data privacy. The GDPR will replace the EU Data Protection Directive, otherwise known as Directive 95/46/EC. Symplicity is happy to announce that Symplicity and Symplicity products will comply with the GDPR on the enforcement date of May 25th, 2018. We’re excited to comply with the GDPR because it raises security, privacy, and data protection standards. 

According to the GDPR, processing data means any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc. A bank collects the data of its clients when the client opens an account, but it is another organization that stores the data produced by the bank. It’s important to note that controllers and processors have different responsibilities under the EU GDPR. A university that is using a Symplicity product would be the controller, since it is entering the student data into the system, and Symplicity would be the processor, since Symplicity is storing the data for the university. Under Symplicity policies, Symplicity university clients own their data. 

Data processed lawfully, fairly, and in a transparent manner. This means you may need to assign roles or responsibilities for data protection and conduct the appropriate data protection impact assessment and/or risk mitigation plan to establish controls and processes to ensure the necessary data protection measures are in place. As an example of our commitment to maintaining robust security and data protection practices, Symplicity is certified to be compliant with the ISO 27001 standard, which is a framework for Information Security Management. Symplicity is committed to working with our EU clients to maintain compliance with Symplicity’s obligations as a data processor, and assisting our clients in achieving their GDPR compliance requirements. 

Keywords: [“data”,”GDPR”,”Symplicity”]
Source: https://www.symplicity.com/gdpr

Certification Europe

After 4 years of research and debate on April 14th, 2016 The EU Parliament finally approved the long awaited General Data Protection Regulation. The biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of individuals residing in the European Union, regardless of the company’s location. Certifications are a new feature of formal EU GDPR data protection law. The Regulation expressly recognises certifications from approved and accredited certification bodies as acceptable mechanisms for demonstrating compliance. Certifications can be scalable and there are choices available, depending on the size and nature of the organisation. 

Certification schemes serve as useful declarations of assurance for consumers interested in engaging with commercial entities that adhere to desired principles and practices. Certification Europe is an established authority on Information and Cyber Security frameworks and certifications. Certification Europe is an accredited certification body and will seek to become accredited as a data protection certification provider with the relevant national authorities as the GDPR certification program is developed. ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personal data and in particular, it specifies controls within ISO/IEC 27001, taking into consideration the regulatory requirements for the protection of personal data. ISO 27001 certification is suitable for any organisation, large or small, and in any sector. 

The standard is also very applicable for organisations which manage high volumes of data or information on behalf of other organisations such as data centres and IT outsourcing companies. Cyber Essentials is a cyber security certification scheme that offers a sound foundation of basic IT security controls that all types of organisations can implement and potentially build upon. 

Keywords: [“Certification”,”Data”,”security”]
Source: https://www.certificationeurope.com/insights/eu-gdpr

GDPR News Center News for 07-07-2018

GDPR summary: Why encryption, other measures are a must

Many are saying that the GDPR will bring about a massive overhaul of the EU’s current data protection regulatory landscape. One of the areas where I expect significant change in the next few years is data security, particularly the increased adoption of data pseudonymisation and data encryption best practices. Firstly, the GDPR requires businesses to implement technical and organizational measures to provide appropriate protection to the personal data they hold. When determining such security measures businesses must take into account the nature, scope, context and purposes of their use of personal data. Measures to ensure resilience of systems and services processing data. 

In short, with the introduction of the GDPR, encryption and other security measures are established as data protection standards responsible organizations are expected to utilize or face the consequences. The GDPR will introduce a name-and-shame mechanism whereby businesses will have to notify the data protection authority if there is a security incident that affects the integrity, confidentiality or security of the personal data that they hold. If the breach is likely to result in discrimination, identity theft or fraud, financial loss, damage to reputation, or other significant economic or social disadvantages for data subjects, businesses will have to notify the breach to the affected data subject. Importantly, no notification to the data subjects will be required if businesses have implemented appropriate technical and organizational security measures in respect of the data that were affected by the breach. Prior to the breach taking place, the data were rendered unintelligible, for example by means of encryption, businesses will not have to notify the data subjects of the breach. 

So to summarize our GDPR summary, based on the above I expect that in the coming years data security will be high on the agendas of many a board of directors. On the back of that, I expect that data pseudonymisation and data encryption will become standard best practices in Europe and beyond. 

Keywords: [“data”,”GDPR”,”security”]
Source: https://blog.gemalto.com/security/2016/04/25/gdpr-summary…

France: Accelerated GDPR bill “limited in scope”

The Ministry of Justice published, on 13 December 2017, a draft law to amend Act No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties in light of the General Data Protection Regulation 2016/679) as well as the Data Protection Directive with Respect to Law Enforcement 2016/680). As has been the case with several other Member States’ draft GDPR bills, the Draft Law seeks to take advantage of various derogations permitted under the GDPR, in particular in relation to the data processing of national identification numbers, processing of genetic or biometric data and data breach notification. Until] the Government makes all these changes by ordinance [] French citizens will need to read the GDPR and the Act together to determine which legislative provisions are applicable. Simultaneous to the publication of the Draft Law, CNIL published its assessment. In particular, CNIL welcomed the use of national derogations in relation to health data, as well as the fact that the Draft Law clarified the scope of its supervisory powers. 

CNIL did highlight that it regretted that its proposals to adapt CNIL’s procedures to enable it to cope with the increase in activity related to the Draft Law had not been retained. CNIL noted the late timetable for the examination and publication of the Draft Law as well as related future ordinances. The Digital Republic Act 2016 introduced this right and provides that information as to the exercise of this right must be communicated to French data subjects with all the other compulsory preliminary information. The GDPR does not provide for this, nor for a right to Member States to add compulsory information to the lists in Articles 13 and 14, since this would go against the unification of data protection law in the EU and the harmonisation of the common market. It will be interesting to see whether the Government withdraws this new right to comply with the GDPR or prefers to leave this discrepancy, and risk being subject to sanctions by the Court of Justice of the European Union. 

Keywords: [“Data”,”law”,”draft”]
Source: https://www.dataguidance.com/france-gdpr-bill

Why are publishers unhappy with Google’s GDPR proposal?

Major publishing groups air concerns about Google’s proposed GDPR strategy. Four major publisher trade groups have said that Google’s GDPR compliance plan will force media companies to shoulder an unfair burden in terms of ensuring the regulation is adhered to from 25 May. Publishers address Pichai. In an open letter to CEO Sundar Pichai published on 30 April, the four trade associations criticised the scale of work they would need to do in order to continue using Google’s advertising services in the EU, as well as the effect the plans would have on adtech vendors themselves. Members of the group read as a ‘who’s who’ of digital media outlets – The New York Times, Bloomberg, Reuters and AP are just a handful of titles, publishers and agencies represented by the groups. 

The groups criticised the timing of Google’s announcement of its GDPR plans in March. Google outlined its plans on its AdWords blog on 22 March and it is this same proposal that publishers believe burdens the media with the bulk of compliance responsibilities. In essence, Google says publishers themselves are responsible for obtaining consent from EU visitors if Google ads are served on their sites. The publishers will also have to share that data with the tech giant, which will apparently use it to test algorithms, improve UX and ensure ad forecasting accuracy. Liability for GDPR violations will also reside with the publishers. 

Many people believe that Google’s dominance in the online ecosystem allows them to dictate the terms of GDPR to suit its existing business model, but only intervention from GDPR regulators themselves is likely to enforce any change from the company itself. Google views itself as a data controller, which determines the means and purposes for processing the personal data, while media firms want it to identify as a data processor in certain situations. While publishers that are unhappy with the proposals from Google could move to other services, the latter’s network is unmatched in terms of size and scope, with more revenue opportunities. 

Keywords: [“publisher”,”Google”,”GDPR”]
Source: https://www.siliconrepublic.com/enterprise/google-gdpr-publishers