GDPR News Center News for 10-26-2018

GDPR compliance with Power BI data

Ninja GDPR Compliance 2018 for WordPress by NinjaTeam

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Websites that collect data on citizens in European Union countries will need to comply with strict new rules around protecting customer data by May 25, 2018. That’s why Ninja GDPR Compliance 2018 WordPress Plugin was born to give you the best solution regarding this new law for your site. If you use forms like Contact 7 to collect user’s data, you need GDPR compliance. If you use MailChimp or other addon to save users’ data, you need this GDPR compliance. 

If you use any communication service like live chat or support help desk for your site visitors, you need this compliance. WordPress website owners It doesn’t whether you sell on your website or not, or even if you don’t collect any data. Request Data ArchiveCollect Data access requests and automatically inform admin. Forget me formCreate a form for users to request for their stored data to be deleted and automatically notify website admin. Data RectificationAllow users to request their stored data to be rectified. 

Data Breach NotificationNotify data breach to all users as required by law. Added: EU Traffic – Added: Email notification to admin when user request forget, data access, data rectification – Added: Notification when click Accept button shortcode – Improved: Set default value for options – Improved: Added more strings to translate – Fixed: Cache conflict – Fixed: Some small CSS and bugs. 

Keywords: [“data”,”users”,”site”]
Source: https://codecanyon.net/item/gdpr-visual-builder-drag-and-drop-to-build-gdpr-compliance-wordpress-plugin/21936402

GDPR Compliance Hunter

The EU General Data Protection Regulation is the most comprehensive change to EU data privacy law in decades. For EUR residents, the regulation aims to increase their control over their personal data. For businesses, the GDPR becomes a unifying regulation across the EU. On the 25th of May, the GDPR took effect and replaced the 1995 Data Protection Directive. The GDPR regulation applies to any EU residents’ data, regardless of where the processor or controller is located. 

As a data controller, under Article 28 of the GDPR, you need a a data processing addendum signed with your processors. How Hunter is complying with the GDPR. Even though the GDPR only applies to data from EU residents, we took the decision to apply broadly the requirement of the regulation. We’re taking the security of the data we manage very seriously. Our processing is done exclusively in the EU. 

We store and process all our data exclusively in the EU. We even store our off-site backups within the EU. Log retention. The GDPR gives the right to any user to download any data that he provides to a service. We think this is a great idea and Hunter has always made it possible for user to download their data. 

Our applications heavily pseudonymise data to ensure the privacy of data subjects. If a data subject wishes to speed up the removal of any in our index, we offer a simple an efficient way to claim email addresses. 

Keywords: [“Data”,”GDPR”,”any”]
Source: https://hunter.io/gdpr

EUGDPR – Information Portal

The regulation will fundamentally reshape the way in which data is handled across every sector, from healthcare to banking and beyond. After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. It was enforced on 25 May 2018 – and organisations that are not compliant could now face heavy fines. This website is a resource to educate organisations about the main elements of the General Data Protection Regulation and help them become GDPR compliant. The guidance offered across this website will ensure that companies have effective data rights management strategies enforced. 

Reshape the way organizations across the region approach data privacy. GDPR reshapes the way in which sectors manage data, as well as redefines the roles for key leaders in businesses, from CIOs to CMOs. CIOs must ensure that they have watertight consent management processes in place, whilst CMOs require effective data rights management systems to ensure they don’t lose their most valuable asset – data. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site. 

Keywords: [“data”,”GDPR”,”way”]
Source: https://eugdpr.org/

13 GDPR Compliance Tools ????????

GDPR is a data protection regulation that governs how websites store and the retain personal data of EU citizens. In what can best be described as this decade’s Y2K moment, it went into effect on May 25th.If you’re running a website, project, or startup with users in the European Union, you’ll need to comply with their new data privacy regulation. Iubenda’s GDPR toolkit is an all-in-one solution for your compliance needs. Cookie banners, consent management, and internal privacy tools. Siftery’s GDPR Checker helps you check your SaaS vendors for compliance, so that your user’s personal data is protected everywhere. 

Algolia’s GDPR search tool organizes all of the regulations in one place. This GDPR Form is the easiest way to accept personal data requests. ECOMPLY.io is a guided task management tool for your compliance sprints. The Ultimate GDPR Quiz will teach you how to get compliant in seconds. These GDPR Compliant Badges will look stunning on your site. 

Finally, the GDPR Hall of Shame is a running list of GDPR fails. Protect yourself: see the full list of 13 GDPR Tools on Product Hunt. 

Keywords: [“GDPR”,”data”,”privacy”]
Source: https://blog.producthunt.com/13-gdpr-compliance-tools-886f644c251b

GDPR News Center News for 10-16-2018

Official Statement: EU GDPR Compliance

The protection of private information is fundamental to the trust Zoom users have given us when choosing our service. Zoom’s products now feature an explicit consent mechanism for EU users. Users that are detected via IP address as coming from a EU member state, upon their first visit to the zoom. Us website, will be presented with a cookie-pop up box that allows cookie preferences to be set. These cookie preferences can also be changed at any time in the future by visiting the cookie preferences link at the footer of any page on our website. 

EU users can opt-in to communications from Zoom when registering for Zoom-hosted webinars or downloading whitepapers from our website. We have appointed a Data Protection Officer, Kari Zeni, who is an expert on GDPR compliance topics. Zoom has entered into Data Protection Agreements with our vendors to ensure that the privacy and security of our customer data is protected. Zoom’s DPA has been thoroughly vetted to comply with all GDPR and other privacy and security-related requirements, has been drafted to clearly and accurately describe the manner in which Zoom consistently provides its service to all of its customers, and is consistent with the security program on which Zoom’s annual SOC2 third-party audit is premised. To be more transparent and have developed a cookie policy that describes the purpose of the cookies that Zoom uses. 

In addition to the privacy training that all Zoom employees receive during on-boarding and annually thereafter, employees with roles that are customer facing have been trained on GDPR and how it impacts their roles. GDPR empowers data subjects with certain rights to help assure the privacy and protection of their personal data. 

Keywords: [“Zoom”,”cookie”,”users”]
Source: https://support.zoom.us/hc/en-us/articles/360000126326-Official-Statement-EU-GDPR-Compliance

General Data Protection Regulation Compliance

On May 25, 2018, the General Data Protection Regulation replaced the Data Protection Directive that had been law across the European Union for the past 20 years. GDPR impacts any business that operates or collects data in or from Europe. We see GDPR as affording us yet another opportunity to continue our tradition of protecting and giving you more control over both your organizational and personal data. Multiple data centers to guarantee a secure and highly available service at scale. Our new Privacy Basics page gives you a snapshot of how we handle personal information and data, while the page design makes it easy for you to find the exact areas of our policies that concern you. 

We also offer various options on data processing terms for customers, depending on the plan or package you have selected. If you’ve purchased your plan via our website, you can access our data processing addendum here. We empower all of our customers to control their data through their account. As long as your account is active, you have full control over the specific types of data, and length of time you hold such data. We honour all deletions from an account, and all account data which has been expunged by you is permanently deleted from our back-ups within 90 days. 

We’re aware that many of our customers with EU users and EU affiliates would prefer that their data be hosted in the EU. To address this, we are actively engaged in building a data centre in the EU. Updates on when this data storage option will be available for customers will be provided through our website. Manage your company’s data with advanced security and control, so you can enable your teams to share and collaborate safely. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.surveymonkey.com/mp/gdpr/

GDPR for Microsoft Dynamics 365

Microsoft Dynamics 365 is committed to helping our customers meet their GDPR requirements. In this topic, you will find information and several resources to help you understand how Microsoft Dynamics supports the GDPR, and how we provide the information and tools that our customers need in order to define and support their GDPR obligations. The following white papers provide an overview of the GDPR for Dynamics 365 applications and services. What GDPR means for your business applications: the IDC analyst’s view. The GDPR grants individuals certain rights in connection with the processing of their personal data. 

DSRs on the Service Trust Portal – You can find information about what the GDPR requires of controllers and processors when you respond to DSRs, and how Microsoft enables you to do so. Compliance Manager is a cross-Microsoft cloud services solution that is designed to help organizations meet complex compliance obligations like the GDPR. It does real-time risk assessment that reflects your compliance posture against data protection regulations when you use Microsoft cloud services. Hear from Microsoft about how we support the GDPR, and learn how we are helping our Microsoft Dynamics customers support their GDPR requirements. Hear from Microsoft about the GDPR, what it means to our customers, and what it means to us as a corporation. 

Microsoft’s commitment to GDPR, privacy and putting customers in control of their own data, May 21, 2018, Julie Brill – Corporate Vice President and Deputy General Counsel, Microsoft. Essential Dynamics 365 resources to help you with GDPR compliance, May 14, 2018. Get deeper knowledge about Microsoft, the GDPR, and our own GDPR journey. 

Keywords: [“GDPR”,”compliance”,”Microsoft”]
Source: https://docs.microsoft.com/en-us/dynamics365/get-started/gdpr/

GDPR News Center News for 09-01-2018

GDPR

The GDPR arose, in large part, as a holistic way to update existing, disparate, and sometimes-conflicting laws and regulations across the EU and to strengthen the protection of individuals’ personal data, in light of the rapidly-evolving technological landscape, increased interconnectivity and globalization, and more elaborate international transfers of personal data. The GDPR generally replaces the legacy mix of national data protection laws that are currently in place with a single, comprehensive law, which is directly enforceable in each EU member countries. 

Keywords: [“data”,”personal”,”GDPR”]
Source: https://www.fuze.com/GDPR

GDPR

As of May 25, every organization that does business in the EU will have to meet new data protection rules, or pay a steep fine. Compliance requires precise knowledge of the data you store and process, and the right data management policy across your organization. Software AG equips you with the means to quickly set up the knowledge base and process framework you need for achieving compliance by offering everything in one solution: business process analysis, enterprise architecture management, IT portfolio management and planning, and GRC practices. 

Keywords: [“management”,”process”,”data”]
Source: https://www.softwareag.com/corporate/innovation/gdpr/default.html

GDPR Design: GDPR Solutions To Help Companies Comply

GDPR Design has developed a series of low cost, cloud-based solutions to help SME businesses comply with GDPR and the data privacy laws. We are providing knowledge, experience and ongoing consultancy to help companies develop their data processes to benefit their business objectives. Using our experience of the SME market, our understanding of compliance and knowledge of online applications, we are focused on removing the headache and ongoing challenges of GDPR, allowing organisations to focus on what they do best – their core business services. 

Keywords: [“GDPR”,”business”,”ongoing”]
Source: https://gdpr.design

Privacy, Security and Information Law Fieldfisher

Vera Jourová, the European Union Commissioner for Justice, Consumers and Gender Equality, rounded off a recent three-day visit to the US in September with a speech at Berkeley School of Law on the current state of online privacy and consumer protection. Members of our Silicon Valley Privacy and Security team were there in person to hear Mrs Jourová address various topics, including the first joint annual review of Privacy Shield, the progress made for GDPR readiness to date and the ongoing issues of online hate speech and radicalisation. 

Keywords: [“privacy”,”online”,”speech”]
Source: http://privacylawblog.fieldfisher.com/tags/gdpr

We can assist you with the challenges of GDPR

As of 25 May 2018, the new EU data protection regulation GDPR will enter into force and replace the current laws on the processing of personal data. It will lead to a stricter law with respect to how companies and organisations can store, use and process collected personal data. The GDPR will affect all businesses and could have both cost and legal consequenses for your company. We can help you control the challenges of the GDPR. We can provide solutions that both handles and takes advantage of the new regulatory framework. 

Keywords: [“GDPR”,”data”,”both”]
Source: https://www.profitbase.com/gdpr/?lang=en

GDPR made searchable by Algolia. Chapters, articles and recitals easily readable

This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. 

Keywords: [“data”,”personal”,”persons”]
Source: https://gdpr.algolia.com/?ref=producthunt

GDPR360

Chances are you’ve heard of GDPR and that you’re comfortable that you’re addressing the challenges or you’re not quite sure how it affects you and what you need to do. GDPR is the new data protection framework that applies to any EU-based company that processes personal data and any company based outside the EU if it offers goods or services to EU data subjects or monitors their behaviour. For UK-based companies the new Data Protection Bill is currently being read in Parliament and this will bring the GDPR into UK law. 

Keywords: [“data”,”company”,”GDPR”]
Source: https://www.gdpr360.com

Unroll.Me To Stop Serving EU Users As GDPR Looms 05/07/2018

Me, the free email unsubscribe, will stop serving European users two days before the General Data Protection Regulation is scheduled to take effect. According to reports, the company could change this policy in the future. It apparently has decided that it cannot comply with GDPR, which takes effect on May 25. Last year, following a New York Times report on Unroll. Me’s data practices and the sale of Lyft data to Uber, the company was hit with a class-action lawsuit, alleging that it had violated the federal wiretap law. 

Keywords: [“users”,”Data”,”Slice”]
Source: https://www.mediapost.com/publications/article/318847/unrollme-to…

Download the GDPR eBook

Not to mention the 72 hour report window for security breaches. Undoubtedly, the most important message now is PREPARE WELL. It’s common knowledge that GDPR compliance prep requires hiring a Data Protection officer(DPO). Though he/she will be primarily responsible for the compliance process, the GDPR will affect every department throughout the entire organization. Read the InfoGov GDPR Basics eBook to find the answers to those questions and more as the EU GDPR implementation date draws nearer. 

Keywords: [“GDPR”,”questions”,”compliance”]
Source: https://www.infogovbasics.com/gdpr-basics-ebook

GDPR info centre

Even though the UK will turn its back on the EU in 2019, nothing will stop this law. It’s going ahead. Let’s be clear, GDPR will change everything about how you store, manage and process data for your staff. It has executives at multinationals feeling nervous, let alone employers at SMEs. The legal eagles at BrightHR came together with the data analysts and the software developers and, well, everyone, to explain GDPR in simple terms and offer guidance on what you need to do-starting today. 

Keywords: [“GDPR”,”data”,”let”]
Source: https://www.brighthr.com/gdpr

GDPR News Center News for 08-13-2018

Analytics Platform

The General Data Protection Regulation is a regulation which strengthen and unify data protection for all individuals within the European Union. If you are processing personal data, you need to inform users at the point of the data collection with a clear privacy notice. The reasons why you are processing the personal data. If a visitor asks you to get access to her or his personal data, you have the responsibility to check her/his identity. Inform the data subject that you have properly deleted their personal data and ask for confirmation that they received your message. 

If you are presented with a request to rectify the data of a data subject, we recommend you to use the right to erasure instead. If for a specific reason you really need to exercise this right and you self host your Matomo, the only way is to access the Matomo database. A user has the right to ask to get a copy of their personal data. Send the data to the data subject if you are sure about their identity and ask them to confirm that they received it. A user has to be able to object to the processing of their personal data. 

Inform your visitors through a clear privacy notice whenever you’re collecting personal data. Make your team aware that you are using Matomo Analytics and what data is being collected by your analytics platform. Include Matomo in your data privacy impact assessment, if applicable. 

Keywords: [“data”,”Matomo”,”personal”]
Source: https://matomo.org/docs/gdpr

Worried about GDPR? Just build radically private software

On May 25, the European Union will begin enforcing the General Data Protection Regulation, which requires companies to behave responsibly in their collection and management of personal data. While the general consensus agrees on the need for data privacy, only some companies have shifted away from speed and growth at all costs toward building software that respects user privacy. Acquire data progressively and only when you genuinely need it. Only collect data you have a need for and only do it when you have the need for it. Clearly state what you’ll be using the data for and how that benefits users. 

Radically private software means that if users don’t give informed consent, you can’t use their data at all. No more UI tricks like the button to give consent is big and red, while the button to withhold data is small and gray. Make opting out easy – and let users change their minds and take their data with them. A regulation requires banks to make customer account data available in easy-to-use formats so they can change banks more seamlessly. Enabling this sort of data portability is important in radically private software. 

It’s almost always possible to de-anonymize the data and trace individuals within it, so removing classic personal data such as names, addresses, and phone numbers is not enough. Communicate clearly with users about steps you’ll take if a data breach occurs. 

Keywords: [“Data”,”users”,”consent”]
Source: https://venturebeat.com/2018/05/06/worried-about-gdpr-just-build…

GDPR Compliance Solutions & Services

The primary objectives of the GDPR are to give people more control over their personal data, to help protect personal data from the risk of loss, and to unify regulatory privacy and data requirements within the EU. It is vital that any organization who conducts business in the EU understands the overall design of the GDPR and why preparing their technology and processes now for this new legislation is so critical. Today’s technology is much different than it was 20 years ago. No one could have predicted how the Internet, smartphones and the widespread use of social media applications such as Facebook and Twitter could have global implications. As a Regulation, the GDPR enacts a uniform data security law across the EU. 

Each EU country will no longer need to pass their own legislation for data security; the GDPR will be the guiding law. EU countries can still regulate certain types of data such as health data. If you are currently doing business in the EU, you may already have privacy processes and procedures in place. To ensure that your business is GDPR compliant, it is essential that you review your consent policies and procedures to verify that these meet the new higher standards. PossibleNOW and our sister company, CompliancePoint, can help you determine your preparedness and then recommend appropriate solutions and services. 

Keywords: [“Data”,”GDPR”,”Regulation”]
Source: http://www.possiblenow.com/gdpr-compliance-solutions-services.asp

Free-to-play game Loadout ending service in wake of GDPR regulation

The developer behind Loadout, a free-to-play title for PC and PlayStation 4, has announced that it will be shutting the game down for good later this month following issues with rising costs and new regulations in the EU. In a public post to the game’s community, the Edge of Reality team said that the upcoming General Data Protection Regulation guidelines for the European Union delivered one of the final blows the game, noting that the dev simply lacks the resources to update Loadout in a way that would make it GDPR compliant. GDPR regulation deals with how personal data is handled, particularly when that data is being exported outside of the EU. Though the regulations were adopted in 2016, GDPR is due to become enforceable after its two-year transition period ends on May 25, 2018. Loadout is just the latest game to shut down following the updated data protection regulations. 

Loadout’s developer notes that GDPR isn’t solely responsible for the team’s decision to shut down the game. The team notes that costs to keep the game up and running have been increasing, while Loadout’s revenue has been staying flat. The dev notes that the cloud-based service that the game was built on has also announced that it is ending service, possibly as a result of GDPR as well, and porting Loadout to a different service would be far too costly. 

Keywords: [“GDPR”,”game”,”Loadout”]
Source: http://www.gamasutra.com/view/news/317760

GDPR News Center News for 07-18-2018

How the GDPR will disrupt Google and Facebook

Google and Facebook will be disrupted by the new European data protection rules that are due to apply in May 2018. Google and Facebook will be unable to use the personal data they hold for advertising purposes without user permission. When one uses Google or Facebook.com one willingly discloses personal data. The application of the GDPR will prevent them from using these personal data for any further purpose unless the user permits. A business cannot, for example, collect more data for a purpose than it needs and then retroactively ask to use those data for additional purposes. 

In addition to the opt-out notice, users also have to be told of their right to object at any time to the use of their data for direct marketing. Operating these under the GDPR would require not only that a user consents to Google’s use of data for advertising targeting purposes, but to the many other companies such as DMPs, DSPs, and so forth processing these data too. Download PDF. The Facebook Audience Network is scored four because it requires the processing of personal data from Facebook users to target them on other websites. WhatsApp advertising is also scored four on the scale because it will be necessary for users to give their consent for their personal data on WhatsApp to be processed for purposes unrelated to WhatsApp functionality on Facebook properties other than WhatsApp. 

Farther down the scale, at two, is Facebook’s Newsfeed, which may be able to use an opt-out approach to get some users to permit the processing of these personal data. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC OJ L119/1. Who is collecting the data, and how to contact them or their European representative. 

Keywords: [“data”,”Google”,”users”]
Source: https://pagefair.com/blog/2017/gdpr_risk_to_the_duopoly

GDPR Statement

Specifically with our Cloud offering, SysAid guarantees continued compliance with applicable GDPR regulations as a data processor. We are fully committed to enable, and assist in any way, our customers, the data controllers, with complete control of their private data, in order for them to meet their GDPR obligations. We have addressed GDPR data protection requirements that are applicable to data processors and will continue to be vigilant, to ensure we handle any developing requirements. Our ability to fulfill our commitments as a data processor to our customers, the data controllers, is a part of our compliance with GDPR where data controllers are using SysAid to process personal data. We regularly review our Information Security Policy and related work plans to ensure that they take into account all requirements, confirming we’re fulfilling our obligations to GDPR as a data processor. 

In line with GDPR, appropriate measures are assessed in terms of a variety of factors including the sensitivity of the data, the risks to individuals associated with any security breach, state of the art technologies, and the nature of the processing. Our customers can choose for their environments to be processed within an EU Data Center. The European Union data protection authorities known as the Article 29 Working Party has approved the AWS Data Processing Agreement, assuring customers that it meets the high standards of EU data protection laws. We have prepared guidance for our customers on how to respond to and act on their customer queries and requests regarding GDPR Data Subject Rights. Action:Within the User Management Tool, an administrator can select end users and find all of the structured data for that user. 

Action: The User Management Tool can be used to export the end user’s structured data to Excel or PDF format. Action:Deleting an end user deletes the user’s structured data. 

Keywords: [“Data”,”customer”,”User”]
Source: https://www.sysaid.com/gdpr-statement

GDPR CBT

We cannot guarantee that the App will work as expected in all circumstances and on all platforms. The texts provided in this App are for information purposes only. The App does not collect any of your personal information. We have produced this app to enhance public awareness of some of the highlights of Data Protection Reform due to EU General Data Protection Regulation 2016. As well a number of activities that, an organisation can start as part of their GDPR readiness. 

EU GDPR READINESS CONSIDERATIONS CBT App:.Current time line for EU GDPR enforcement is set for 25 May 2018.Therefore it would be prudent for organisations to assess their GDPR readiness, in assessing organisational readiness particular attention should be paid to the right’s of the individual and the obligations on data controllers in terms of transparency of their activities in relation to personal data and the organisation’s ability to define and embed effective agile operational practices and processes to drive key strategic corporate initiatives in terms of compliance with GDPR. This CBT is a summary of three areas that an organisation should assess their operational effectiveness based on core GDPR requirements. The following link is a demonstration of the App on the Youtube: https://youtu. This App summarises some of the key elements of the European Union’s General Data Protection Regulation in terms of a set of question and answers. The App contains 50 questions and corresponding answers. 

It is designed so as to enhance awareness of EU GDPR text. The App contains 50 multiple choice questions and answers. It is designed to enhance awareness of EU GDPR as well as supporting guidance provided by Article 29 working party in relation to EU GDPR. Note that Article 29 working party is an independent European advisory body on data protection & privacy. 

Keywords: [“GDPR”,”App”,”Data”]
Source: https://sites.google.com/site/eugdprcbt

GDPR News Center News for 07-12-2018

GDPR summary: How will your data be affected?

With less than a month to go until the GDPR compliance rules come into force, never has the regulations – a set of frameworks designed to help people take back control of their data – been more needed. Despite being set up to manage how businesses handle data, the General Data Protection Regulation. If you ever share personal data with another person or company, GDPR will play a role in how that data is used. The EU’s General Data Protection Regulation is the result of four years of work by the EU to bring data-protection legislation into line with new, previously unforeseen ways that data is now used. Currently, the UK relies on the Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive, but this will be superseded by the new legislation. 

First, the EU wants to give people more control over how their personal data is used, bearing in mind that many companies such as Facebook and Google swap access to people’s data for use of their services. Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents. If processors are involved in a data breach, they’re far more liable under GDPR than they were under the Data Protection Act. Pseudonymised personal data may also be subject to GDPR rules, depending on how easy or hard it is to identify whose data it is. The GDPR requires that controllers and processors must be transparent about how they collect data, what they do with it, and how they process it, and must be clear in explaining these things to you. 

If you take recently issued fines issued by the ICO, which has a maximum penalty of £500,000, and scale them up under GDPR, you can see how much tougher the penalties for getting data protection wrong will soon become. Lawyers believe the UK is likely to adopt equivalent legislation to the GDPR following Brexit, so UK companies using EU data can continue to do so legally. 

Keywords: [“data”,”GDPR”,”how”]
Source: http://www.alphr.com/technology/1006415/gdpr-data-protection-compliance-2018

Weighing GDPR Risks For Google And Facebook

The European Union’s General Data Protection Regulation goes into effect next month, and analysts are weighing the implications for the two leading digital ad platforms, Facebook and Google. The potential GDPR risks range from fines for non-compliance to falling revenue due to a reduced ability to target users with ads. In a note this week, Bank of America Merrill Lynch analyst Justin Post outlined the potential GDPR risks to all internet firms. Whenever companies collect data on their users, they must clearly state what the data will be used for, obtain consent to collect it, and make it easy for users to opt out of having their data collected. They must obtain consent for each individual purpose of data collection, and it must be clear to users how their data will be used. 

Hood told Post that he hasn’t seen many examples of how companies are intending to obtain the consent of their users, but he did warn that the impact on digital ad revenues could be as high as 20% to 30% in the EU, depending on the platform. According to Post, the GDPR risks are the greatest for programmatic advertising because it will be difficult to convince users to give their consent to use their data for targeted ads. Two key platforms that are expected to be impacted the most are DoubleClick, which is operated by Google, and Facebook Audience Network. Based on Hood’s estimate of impact to digital revenues, he estimates that GDPR could have a negative impact of 2% to 3% on Facebook’s and Google’s total ad revenues. The BAML analyst also believes that Facebook and Google are in good positions as far as gaining user consent because of the size of their networks and the value they provide to users. 

Deutsche Bank analyst Lloyd Walmsley also spoke with an expert about the GDPR risks recently. Still, he doesn’t believe Facebook will see much impact to its revenues, and he doesn’t expect the company to have any problems targeting users with ads, despite the concerns others have. 

Keywords: [“users”,”Data”,”impact”]
Source: https://www.valuewalk.com/2018/04/gdpr-risks-google-facebook

GDPR Made Easy by GDPR123

On 25 May 2018, the General Data Protection Regulation will be enforced across Europe, including the UK. Currently the UK relies on the Data Protection Act 1998 to control how personal information is used by organisations, business, or the Government, but this will be superseded by the new legislation. GDPR introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It will affect any business worldwide holding personal data on customers, prospects or employees based within the EU, so organisations need to be preparing for the change now. If businesses ignore this law, they can be fined up to €20m or 4% of their global annual turnover – so the price of non-compliance could be very costly! 

The GDPR requires organisations to create and maintain plans to protect personal data that they collect, store and use, follow defined procedures and plans in the event of a data breach, regularly evaluate their security practices, and document evidence of their compliance. Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act, so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. There are new elements and significant enhancements, so you will have to do some things for the first time and some things differently to be compliant with the GDPR. The Deadline is Coming. With the May 25th. 

deadline looming, it is essential to plan your approach to GDPR compliance now and to gain ‘buy in’ from key people in your organisation. You may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. In a large or complex business this could have significant budgetary, IT, personnel, governance and communications implications. 

Keywords: [“GDPR”,”Data”,”organisation”]
Source: https://www.gdpr123.com

GDPR News Center News for 05-29-2018

GDPR Compliance – The steps that I take to prepare

Commentary: GDPR: Will It Transform U.S. Corporate Titans?

GDPR will codify data protection rules for all companies that collect data from EU citizens while greatly expanding individuals’ control over how and when their personal data is collected and used. If even a single EU citizen visits the website of a company based anywhere in the world and data is collected on that individual, that company must comply with GDPR or risk severe penalization. Under the new rules, these companies will need to be much more specific about how they will use data and get permission for these specific uses. In the U.S. especially, where many companies are built on their ability to capture, sell, or leverage data to target individuals, the new regulations-which grant individuals the right to have their information deleted from databases under various circumstances-will force businesses of all sizes and kinds to dramatically rethink their data practices. 

With member nations ramping up their enforcement capabilities as we speak, it is becoming clear that all companies, not just the industry giants, could be targeted. Facing a new regulatory minefield, U.S.-based companies have a narrow window of time to assess their capabilities and vulnerabilities and address areas of concern. Companies will no longer be able to rely on the fine print and must have privacy policies that are clear and consumer-friendly. EU citizens will now have the right to know what information a company has gathered on them. GDPR extends this right much further, requiring companies to delete even non-publicly shared data under a variety of circumstances. 

If the user asks to be forgotten and then a month later gets an email solicitation from that company, they can file a complaint. Because there is no history to study, all companies must start from square one. Many companies are waiting for the first shoe to drop in order to react. 

Keywords: [“company”,”Data”,”GDPR”]
Source: http://fortune.com/2018/02/06/gdpr-general-data-protection-regulation-eu-compliance/

How Europe’s GDPR Will Mean Your Data Belongs to You: QuickTake

The European Union is introducing tougher rules for how data collectors gather and use its citizens’ information, and lets consumers control their own data. Starting May 25, all 28 EU nations will be applying the General Data Protection Regulation, which sets new standards for any holder of sensitive data, from Amazon to your local government council. These rules will apply to any company that collects the personal data of EU residents. Consumers will have the right to retrieve their data and give it to another business. If a firm is smaller than 250 but is collecting large quantities of sensitive data, it will also need a DPO. 

If there’s a data breach, electronic data collectors will have to notify authorities within 72 hours and will have to alert customers in a timely manner if the breach poses a risk to them. So situations like Uber’s attempts to cover up of its 2016 data hack, or the slow release of information on Yahoo’s massive breach in 2013 will now be punishable with huge fines. In cases of negligence or violating the conditions of consent and infringing on data subject rights, the fines can go as high as $24.8 million, or 4 percent of annual worldwide revenue, whichever is higher. They’ll have free access to the data that’s been collected on them and more information on how it’s being used. Data will be destroyed when it is no longer needed for the original task. 

To request access to their data, consumers will contact the data controller or controllers, whose contact info must be provided to consumers whenever information is collected. Because consumers will own their data, eventually they may be able to trade things like gift certificates from Zara in exchange for their shopping histories with J. Crew.8. They’ll need to make sure that the data they’ve collected adheres to new protocols. 

Keywords: [“data”,”collect”,”information”]
Source: https://www.bloomberg.com/news/articles/2018-03-20/how-europe-s-gdpr-will-mean-your-data-belongs-to-you-quicktake

A flaw-by-flaw guide to Facebook’s new GDPR privacy changes – TechCrunch

The new privacy change and terms of service consent flow will appear starting this week to European users, though they’ll be able to dismiss it for now – although the May 25th GDPR compliance deadline Facebook vowed to uphold in Europe is looming. Facebook says it will roll out the changes and consent flow globally over the coming weeks and months with some slight regional differences. Facebook brought a group of reporters to the new Building 23 at its Menlo Park headquarters to preview the changes today. Feedback was heavily critical as journalists grilled Facebook’s deputy chief privacy officer Rob Sherman. Questions centered around how Facebook makes accepting the updates much easier than reviewing or changing them, but Sherman stuck to talking points about how important it was to give users choice and information. 

Trouble at each step of Facebook’s privacy consent flow. Facebook’s consent flow starts well enough with the screen above offering a solid overview of why it’s making changes for GDPR and what you’ll be reviewing. A major concern that’s arisen in the wake of Zuckerberg’s testimonies is how Facebook uses data collected about you from around the web to target users with ads and optimize its service. Facebook recently rewrote its terms of service and data use policy to be more explicit and easy to read. It didn’t make any significant changes other than noting the policy now applies to its subsidiaries like Instagram and Messenger. 

To keep all users abreast of their privacy settings, Facebook has redesigned its Privacy Shortcuts in a colorful format that sticks out from the rest of the site. Overall, it seems like Facebook is complying with the letter of GDPR law, but with questionable spirit. When asked to clear a higher bar for privacy, Facebook delved into design tricks to keep from losing our data. 

Keywords: [“Facebook”,”users”,”data”]
Source: https://techcrunch.com/2018/04/17/facebook-gdpr-changes/

GDPR News Center News for 05-27-2018

Google Analytics and GDPR Changes

Update on Privacy and GDPR Compliance

Respecting users’ privacy and ensuring a safe experience on Disqus. Now, with the General Data Protection Regulation set to take effect, on May 25th, we want to share an update on our work to comply with new regulations and ensure that users and publishers who use Disqus can continue to do so with confidence. With these updates, we intend to improve the experience for users on Disqus, rather than simply check off boxes for compliance. Although GDPR applies exclusively to data collected from persons located in the European Union, our plans focus on network-wide improvements and new functionalities for all users on Disqus. Currently, users with Disqus accounts can update their settings to. 

When a user is in Privacy Mode, Disqus will not collect or process any personal data, as defined by GDPR. In cases where we do not have a lawful basis for processing personal data we will apply Privacy Mode to requests from IP addresses associated with an EU country. Today, users can delete their Disqus account by following the instructions found at this link: Delete My Disqus Account. As part of our updates, we will implement new procedures to obtain consent, where needed, from Disqus users located in the EU for the collection of personal data both for processing by Disqus and, where applicable, third parties. What publishers should know and how these updates will impact them: In most all cases, unless a publisher integrates Disqus with their own user management system through Single Sign-On, users sign-up and login to comment through Disqus. 

We require publishers who use SSO to obtain consent from users for the collection and processing of their data, including by Disqus for posting comments. Disqus only obtains consent from users for the collection and processing of data necessary for the use of Disqus. As part of our compliance updates, we will no longer use unique identifiers for analytics or any other purposes for users in Privacy Mode. 

Keywords: [“Disqus”,”users”,”publish”]
Source: https://blog.disqus.com/update-on-privacy-and-gdpr-compliance

Why the GDPR email deluge, and can I ignore it?

GDPR, which stands for General Data Protection Regulation, has been described as the biggest overhaul of online privacy since the birth of the internet. It is designed to give all EU citizens the right to know what data is stored on them and to have it deleted, plus protect them from privacy and data breaches. The new rules bolster the requirement for explicit and informed consent before data is processed. Typically, individuals are being asked to give explicit permission for the company to continue emailing them and holding their data. The European Union’s new stronger, unified data protection laws, the General Data Protection Regulation, will come into force on 25 May 2018, after more than six years in the making. 

The new laws govern the processing and storage of EU citizens’ data, both that given to and observed by companies about people, whether or not the company has operations in the EU. They state that data protection should be both by design and default in any operation. To ensure companies comply, GDPR also gives data regulators the power to fine up to €20m or 4% of annual global turnover, which is several orders of magnitude larger than previous possible fines. Data breaches must be reported within 72 hours to a data regulator, and affected individuals must be notified unless the data stolen is unreadable, ie strongly encrypted. The General Data Protection Regulation restricts the way businesses collect, store and move people’s personal data. 

It applies to all companies that process the personal data of people located within the EU. Personal data includes your name, photo, email address, IP address, bank details, posts on a social networking site, medical information, biometric data and sexual orientation. Under GDPR, people get expanded rights to obtain the data a company has collected about them. If a company has a data breach, it must be reported to the relevant authority within 72 hours. 

Keywords: [“Data”,”company”,”email”]
Source: https://www.theguardian.com/money/2018/may/12/why-the-gdpr-email-deluge-and-can-i-ignore-it

Workplace and GDPR – Workplace Stories

Many of the principles build upon the current data protection rules in place within the EU. But GDPR also places some new requirements on companies. GDPR expands current data protection law and also adds some new requirements. Workplace Premium customers act as data controllers and appoint Facebook as a data processor under the Workplace agreement. In Workplace Standard, Facebook is the data controller and is responsible for the processing of Workplace Standard users’ data. 

We understand that GDPR requires Workplace Premium customers to engage data processors with appropriate safeguards to ensure an appropriate level of protection for personal data. GDPR requires Workplace Premium customers to engage data processors who can provide an appropriate level of security to meet the requirements set out in the new regulations. GDPR applies to all EU data subjects so will apply to all companies and organizations who have EU citizens as part of their business or organization. GDPR will apply to all companies processing the personal data of subjects residing in the European Union, regardless of the company’s location. The data processing addendum will ensure that you can continue to use Workplace in compliance with GDPR by providing the undertakings which we, as the data processor, must provide you with under Article 28(3). 

In relation to user rights specifically, you as the data controller are responsible for compliance with your GDPR obligations. Access: Admins are able to use the Workplace APIs in order to provide access to personal data held about any user, should you receive a subject access request and to port this data if required. We have certified Workplace Premium under Privacy Shield for these required data transfers outside of the EU. Security and data privacy are principal concerns of Workplace as noted and explained in our information on Security on Workplace and Trust Center. 

Keywords: [“Data”,”Workplace”,”GDPR”]
Source: https://workplaceblog.fb.com/news/workplace-and-gdpr/