GDPR News Center News for 10-21-2018

What do you do about General Data Protection Regulation?

We have adjusted our Terms of service to reflect this. Privacy and security are critical to everything we do. Mapping of security & privacy measures – Done CAIQ. Data store mapping – Done. Storage of customer’s DPO and security contacts – Done. 

Notification of customers about changes in conditions and DPA – Done. Algolia is also SOC2 Type 2 audited organization and complies with all the Security, Availability and Confidentiality requirements. We value your privacy, and we’ll do everything we can to protect it. Find out how to delete your personal data or how to delete your user’s data. Your data primarily stays in regions where you decide your data to reside. 

Logs of search queries and operations can be processed outside of the EU but always stay in a system respecting privacy and security. We comply with GDPR with our Community/Free plans as well. 

Keywords: [“Data”,”security”,”service”]
Source: https://www.algolia.com/doc/faq/security-privacy/gdpr/

Accellion Secure File Sharing Platform

Businesses must be able to find their European customers’ personally identifiable information and show who has access to the data, what they’re doing with it, and who they’re sharing it with to achieve GDPR compliance. The Accellion secure file sharing and governance platform provides this level of visibility and control to help businesses demonstrate GDPR compliance. Encryption key ownership – you decide when to rotate. Audit trail to connected on-prem and cloud content sources. Detailed reports allow for data analysis down to the file level. 

Full traceability of all content right up to delivery. Know and demonstrate which files have passed or failed AV, DLP and ATP scans. Comprehensive audit logs show data has been delivered and/or deleted. Automatically remove content upon project completion. 

Keywords: [“content”,”file”,”data”]
Source: https://www.accellion.com/platform/governance/gdpr-compliance/

GDPR Compliance

Inform: Review your vendor list and get comfortable with how data flows across your business, what type of personal data you collect and who has access. If JotForm is one of your vendors, and you have determined that you need a DPA in place with Jotfrom, our GDPR compliant DPA is available for download and signature at the link above. Assess: Undertake a risk assessment within your business and identify any gaps that need to be filled in order to meet GDPR compliance. Plan: Get in touch with us to understand how our products can help meet your compliance needs, and develop an action plan that is mindful of the May 25, 2018 deadline. Act: Implement your GDPR compliance program and make GDPR compliance an ongoing discipline. 

Keywords: [“compliance”,”GDPR”,”need”]
Source: https://www.jotform.com/gdpr-compliance/

GDPR Compliance

Inform: Review your vendor list and get comfortable with how data flows across your business, what type of personal data you collect and who has access. If JotForm is one of your vendors, and you have determined that you need a DPA in place with Jotfrom, our GDPR compliant DPA is available for download and signature at the link above. Assess: Undertake a risk assessment within your business and identify any gaps that need to be filled in order to meet GDPR compliance. Plan: Get in touch with us to understand how our products can help meet your compliance needs, and develop an action plan that is mindful of the May 25, 2018 deadline. Act: Implement your GDPR compliance program and make GDPR compliance an ongoing discipline. 

Keywords: [“compliance”,”GDPR”,”need”]
Source: https://www.jotform.com/gdpr-compliance/

How the Next-Generation Security Platform Contributes to GDPR Compliance

The General Data Protection Regulation is the European Union’s forthcoming personal data protection law. In May 2018, the GDPR will replace the 1995 Data Protection Directive, significantly changing the rules surrounding protection of personal data of EU residents. The Palo Alto Networks Next-Generation Security Platform can help with organisations’ security and data protection efforts related to GDPR compliance by assisting in securing personal data at the application, network and endpoint level, as well as in the cloud. It can also assist in understanding what data was compromised in the unfortunate instance of a breach, but first and foremost it will help organisations prevent data breaches from happening at all. 

Keywords: [“Data”,”Protection”,”personal”]
Source: https://www.paloaltonetworks.com/resources/whitepapers/gdpr-compliance-next-generation-security-platform

How the Next-Generation Security Platform Contributes to GDPR Compliance

The General Data Protection Regulation is the European Union’s forthcoming personal data protection law. In May 2018, the GDPR will replace the 1995 Data Protection Directive, significantly changing the rules surrounding protection of personal data of EU residents. The Palo Alto Networks Next-Generation Security Platform can help with organisations’ security and data protection efforts related to GDPR compliance by assisting in securing personal data at the application, network and endpoint level, as well as in the cloud. It can also assist in understanding what data was compromised in the unfortunate instance of a breach, but first and foremost it will help organisations prevent data breaches from happening at all. 

Keywords: [“Data”,”Protection”,”personal”]
Source: https://www.paloaltonetworks.com/resources/whitepapers/gdpr-compliance-next-generation-security-platform

Working toward GDPR compliance

Compliance doesn’t have to be a scary word – even when facing the multifaceted challenges of meeting the European Union’s May 2018 deadline for its General Data Protection Regulation. SAS conducted a global GDPR survey among 340 business executives from multiple industries. Based on the results of that survey, this e-book delves into the biggest opportunities and challenges organizations face on the road to GDPR compliance. How to get started on the best path to compliance, based on advice from industry experts. How to turn this compliance challenge into a competitive advantage. 

How your peers are preparing across a variety of industries. An end-to-end approach that can help guide your journey to GDPR compliance. 

Keywords: [“Compliance”,”How”,”industry”]
Source: https://www.sas.com/en_us/whitepapers/gdpr-compliance-109048.html

GDPR News Center News for 04-03-2018

Countdown to GDPR

Here’s a brief refresher: The GDPR is an EU regulation meant to harmonize the patchwork of data protection laws in Europe. The GDPR repeals and replaces not just the current EU data protection directive, but also the Byzantine system of privacy legislation that each EU member state enacted under that directive. A Partnership of Responsibilities for GDPR. When it comes to GDPR compliance, Workday and our customers both have responsibilities: our customers as data controllers, and Workday as a data processor. To quote from the official GDPR FAQ page, “A controller is the entity that determines the purposes, conditions, and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.” Below we provide some highlights about the protections Workday provides in its role as the data processor, and the tools we offer our customers to meet their responsibilities as data controllers. Workday has already taken steps to update the data processing terms we offer our customers to meet GDPR requirements. Cross-border data flows: The GDPR continues to allow the flow of personal data across country borders, and includes provisions ensuring existing data transfer mechanisms remain valid going forward. Workday’s customers have a choice of GDPR-compliant data transfer mechanisms for personal data transfers outside the European Economic Area to Workday. Privacy impact assessments: The GDPR requires PIAs for many types of data processing. Security breaches: The GDPR introduces new notification rules for any security breaches that lead to the loss, destruction, or unauthorized access of personal data. In addition to Workday’s own compliance obligations under the GDPR as a processor of customers’ personal data, Workday also assists our customers in meeting their obligations under the GDPR in a variety of ways. Data purging: To support customers’ compliance with the Right to be Forgotten, Workday offers a wide range of purging functionality. With the Purge Person Data feature, customers can select the population of ex-employees whose data is to be removed. Activity logging: To help customers protect personal data against security threats, Workday logs activity for each account. Independent audits of Workday’s controls and processes: Customers can reference and rely on the procedures performed by our independent auditors as part of the SOC and ISO procedures to demonstrate GDPR compliance.

Keywords: [“Data”,”customer”,”Workday”]
Source: https://blogs.workday.com/countdown-to-gdpr

GDPR Explained: What are the Technical Security Requirements?

The upcoming GDPR will bring substantial changes to how organizations process personal data. Every time we buy a product online, pay our taxes or use a service, we have to hand over some of our personal data. Clearly, cyber theft of the data exposes us to significant personal risks. Data Subject RightsTo be informed about processing of the personal data, to have access to the data, to be forgotten, to be notified about a data breach, and so on. The rights along with privacy principles dictate the implementation of security controls and managing personal data lifecycle. Privacy PrinciplesCompanies should implement in their systems such privacy principles as integrity and confidentiality, accountability and compliance, data minimization and others by design and default. Data Protection Impact AssessmentDPIA includes such tasks as identification of data flows, evaluation of security controls, assessing effects of a presumed data breach and mitigating privacy risks. They mention 4 classes of the measures:the pseudonymization and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. Data Breach NotificationOrganizations shall monitor access to personal data and effectiveness of security controls in order to detect data breaches in their systems. If a data breach is likely to result in a risk to the rights of natural persons, the organization shall notify supervisor authority. Once an IT system is identified to be in the scope of GDPR, we shall assess data processes of the system. That means to identify personal data processed in the system, find users having access to the data, evaluate security controls, and identify risks to data subjects in case of the data breach. The second step is mitigating identified risks: restrict access to personal data, implement security controls, and configure blocking and erasing rules for personal data. We have to monitor access to personal data, detect ongoing cyberattacks, and prepare incident response plans. It’s noteworthy, that GDPR in many different ways requires monitoring access to the data and effectiveness of security controls.

Keywords: [“data”,”personal”,”security”]
Source: https://erpscan.com/…/blog/gdpr-explained-security-requirements

iland Secure Cloud Hosting Services

Iland has taken an aggressive risk-based approach utilizing ISO 27001, SOC2, BS 10012:2017 and CSA standards to ensure proper governance and management of risk and security for all data collection and processing. Customers of iland are encouraged to review all iland third-party auditor findings as well as details of our GDPR and other compliance programs. With the rigor of Risk, Privacy and Security it is easy to lose sight of the goal of delivering services. Iland has identified the need to ensure that the structure of the GDPR program does not adversely affect the service offerings by ensuring that one of the pillars of the GDPR program is Service Management. ISO 20000 is a global standard that describes the requirements for an information technology service management system. Using the ISO 20000 and SSAE 16/18 SOC2 standards iland maintains visibility into its ability to deliver services in accordance with contractual requirements and once again validates this through external third-party audits. The third pillar of the iland GDPR program is the usage of standardized frameworks. This allows for the repeatable and documented output from the elements that compose services offered by iland. The ITIL framework is designed to standardize the selection, planning, delivery and support of IT services to a business. The goal is to improve efficiency and achieve predictable service levels. Within the usage of these frameworks Risk, Privacy and Security are incorporated, as an example, privacy by design has been incorporated into the Agile framework at all levels and is actively overseen by the iland GDPR program office. The same efforts occur around ITIL activities to ensure that process and policies conform to the requirements of GDPR. Legal/Governance. Finally, to validate and oversee GDPR program activities, Legal and Governance which covers contractual formulation of Controller/Processor agreements, the use of Model Contract Clauses,, EU/US Privacy shield and Binding Corporate Rules for internal iland data are managed. This pillar of the GDPR program also ensures that Controller oversight, through the use of logging, audit artifact generation and customer performed audits is managed, giving customers a dedicated resource to interface with. This segment of the program also employees the Data Protection Officer to provide linkage between the customer’s DPO and the iland DPO to manage Data Subject Requests as well as breach processes and notifications.

Keywords: [“Iland”,”service”,”GDPR”]
Source: https://www.iland.com/solutions/gdpr

GDPR News Center News for 03-14-2018

But Will It Help or Harm Your Recruiting? > Recruiting News and Views @ RecruitingDaily

Even though their fears may be justified with its hefty, non-compliance fines, GDPR will undeniably bring candidate privacy and the candidate experience to a whole new level – a game changer for personal data processing. Consent is one of the fundamental aspects of GDPR. Recruiting agencies and HR managers will now need to obtain consent from their candidates for every usage of their personal data. Recruiters will need to request consent from every candidate in an easily accessible and intelligible form, a form that will contain the purpose of processing the candidate’s data. Scooping data personal data from social media will not cut it either. Under GDPR, you are required to ask for explicit consent, clarify how you will use individual candidate’s data, and make sure that the data remains secure. You should enable candidates to access and review their data anytime the like, ask for updates of their data, and even allow for full erasure upon request. Candidates will have the “Right to be forgotten or right to erasure,” meaning that candidates can request for their data to be erased when it is no longer necessary for the original purpose. The candidate could reach out to a recruiter in some other location, and that recruiter will not be able to find any information in the ATS. I am also interested in the situation when a candidate will ask a company to erase all the data that company has secured. The GDPR demands that each candidate has the right to transfer their data anywhere the prefer. Data portability can surely be turned into a recruiting benefit. Through GDPR compliance, your agency becomes ready to receive portable data transferred from a competitor, giving you the data histories of your new candidates so you can better serve them from the start of your new relationship. As a recruiter, you may be forced to create data assets that enable data portability; however, whatever technical methods you choose to use, the result will be a more agile and future-proof system. Check out how your company is storing candidate personal data and ensure that the methods being used are ironclad. Data security should be taken with the utmost importance because a slight slip could spell doom. It can quickly get tricky in a larger recruiting establishment where a great deal personal data is handled in many complex ways. Recruiters, as personal data controllers and processors, will need to take bold steps to maintain compliance with the GDPR. If you excel in GDPR, you will reap the resulting benefits from empowering your candidates, seeking only data that is needed directly from the source, and leveraging it to build better, long-term relationships through better recruiting.

Keywords: [“Data”,”candidate”,”GDPR”]
Source: http://recruitingdaily.com/gdpr-coming-will-help-harm-recruiting

GDPR FAQ’s for Fund Managers

JD Supra provides users with access to its legal industry publishing services through its website as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement. JD Supra collects users’ names, companies, titles, e-mail address and industry. JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra. If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed. Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the “Opt-out of future email” option in the email they receive from JD Supra or in their JD Supra account management screen. JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: comply with applicable laws; respond to governmental inquiries or requests; comply with valid legal process; protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; permit us to pursue available remedies or limit the damages that we may sustain; and enforce our Terms & Conditions of Use. This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Keywords: [“website”,”Service”,”information”]
Source: https://www.jdsupra.com/legalnews/gdpr-faq-s-for-fund-managers-91686