GDPR News Center News for 10-18-2018

Chargebee’s GDPR Commitment

The EU’s General Data Protection Regulation was a much-needed push to bring them to the center. The core of Chargebee’s internal operations underpins protecting the personal data of our customers. Create a data retention policy and have an automated process in place to adhere to the same – Completed. Chargebee recognizes its responsibilities as a data controller towards its customers. Detailed out below are all the steps we have taken towards fulfilling all legal obligations under GDPR, as a data controller. 

Data Categorization and Analysis We have carried out a detailed data mapping exercise to track the flow of personal data through our systems. Data Retention We have established an automated data retention mechanism. The only data retained by us will be that which is needed from a compliance and legal standpoint, like invoices, subscription information, audit logs, etc… This is a conscious effort on our part to avoid storing and processing any customer data beyond the necessary period. We have a data processing addendum for our customers, that incorporates our GDPR principles. 

In addition to making Chargebee GDPR compliant, we wanted to help our customers leverage Chargebee to become GDPR compliant as well, without having to break a sweat. We have charted out a plan that will help merchants handle their customers’ PII data when a customer cancels their subscription with the merchant. While this is only the first step towards our commitment to help you handle the requirements of data privacy and protection, we are continuing to explore other features in the context of GDPR and data security. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.chargebee.com/security/gdpr

Chargebee’s GDPR Commitment

The EU’s General Data Protection Regulation was a much-needed push to bring them to the center. The core of Chargebee’s internal operations underpins protecting the personal data of our customers. Create a data retention policy and have an automated process in place to adhere to the same – Completed. Chargebee recognizes its responsibilities as a data controller towards its customers. Detailed out below are all the steps we have taken towards fulfilling all legal obligations under GDPR, as a data controller. 

Data Categorization and Analysis We have carried out a detailed data mapping exercise to track the flow of personal data through our systems. Data Retention We have established an automated data retention mechanism. The only data retained by us will be that which is needed from a compliance and legal standpoint, like invoices, subscription information, audit logs, etc… This is a conscious effort on our part to avoid storing and processing any customer data beyond the necessary period. We have a data processing addendum for our customers, that incorporates our GDPR principles. 

In addition to making Chargebee GDPR compliant, we wanted to help our customers leverage Chargebee to become GDPR compliant as well, without having to break a sweat. We have charted out a plan that will help merchants handle their customers’ PII data when a customer cancels their subscription with the merchant. While this is only the first step towards our commitment to help you handle the requirements of data privacy and protection, we are continuing to explore other features in the context of GDPR and data security. 

Keywords: [“Data”,”customer”,”GDPR”]
Source: https://www.chargebee.com/security/gdpr

The Ultimate Guide to WordPress and GDPR Compliance

We have received dozens of emails from users asking us to explain GDPR in plain English and share tips on how to make your WordPress site GDPR compliant. Yes, as of WordPress 4.9.6, the WordPress core software is GDPR compliant. WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site. Here’s a step by step guide on how to add a GDPR comment privacy checkbox in your WordPress theme. 

Depending on which WordPress plugins you are using on your website, you would need to act accordingly to make sure that your website is GDPR compliant. WPForms, the contact form plugin we use on WPBeginner, has added several GDPR enhancements to make it easy for you to add a GDPR consent field, disable user cookies, disable user IP collection, and disable entries with a single click. If you’re using WooCommerce, the most popular eCommerce plugin for WordPress, then you need to make sure your website is in compliance with GDPR. The WooCommerce team has prepared a comprehensive guide for store owners to help them be GDPR compliant. There are several WordPress plugins that can help automate some aspects of GDPR compliance for you. 

Beware of any WordPress plugin that claims to offer 100% GDPR compliance. We will continue to monitor the plugin ecosystem to see if any other WordPress plugin stands out and offer substantial GDPR compliance features. We hope this article helped you learn about WordPress and GDPR compliance. 

Keywords: [“GDPR”,”Data”,”WordPress”]
Source: https://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know/

The Ultimate Guide to WordPress and GDPR Compliance

We have received dozens of emails from users asking us to explain GDPR in plain English and share tips on how to make your WordPress site GDPR compliant. Yes, as of WordPress 4.9.6, the WordPress core software is GDPR compliant. WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site. Here’s a step by step guide on how to add a GDPR comment privacy checkbox in your WordPress theme. 

Depending on which WordPress plugins you are using on your website, you would need to act accordingly to make sure that your website is GDPR compliant. WPForms, the contact form plugin we use on WPBeginner, has added several GDPR enhancements to make it easy for you to add a GDPR consent field, disable user cookies, disable user IP collection, and disable entries with a single click. If you’re using WooCommerce, the most popular eCommerce plugin for WordPress, then you need to make sure your website is in compliance with GDPR. The WooCommerce team has prepared a comprehensive guide for store owners to help them be GDPR compliant. There are several WordPress plugins that can help automate some aspects of GDPR compliance for you. 

Beware of any WordPress plugin that claims to offer 100% GDPR compliance. We will continue to monitor the plugin ecosystem to see if any other WordPress plugin stands out and offer substantial GDPR compliance features. We hope this article helped you learn about WordPress and GDPR compliance. 

Keywords: [“GDPR”,”Data”,”WordPress”]
Source: https://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know/

GDPR News Center News for 08-11-2018

GDPR: A Game Changer Is Coming for Cryptocurrency

The EU has finally come out with an approved framework for how corporations should handle user data. Trust me when I say there is an enormous storm coming. There are many important rules companies must follow starting from June 2018, that will actively protect customers against corporations data theft and abuse. Each user has the right to be forgotten, meaning, all user data should be able to get permanently deleted. It does seem simple when you own your own infrastructure, but due to one of the most important properties of blockchain technology being its immutability, you can already see the problem bubbling up. 

Any platform that uses a distributed ledger to store user data is, by all means, screwed. So if you have invested in a project, own a project or are generally interested in better understanding how this market will evolve, please do pay attention to the following: storing any user data on any public distributed ledger is half-way to a really, really, really unpleasantly expensive outcome. Let me underline this again: it means a big no-no to storing any user data on a ledger from where that data cannot be deleted. Other key changes can be followed without compromising the concept of immutable distributed ledger technology. If you want a more in-depth understanding of how this problem could be avoided see this one. 

In short, you would have to consider off-chain storing of data; this is, centralized servers. Learning is the only way you’ll ever feel safe. 

Keywords: [“data”,”user”,”Any”]
Source: https://www.ccn.com/gdpr-a-game-changer-is-coming-for-cryptocurrency

GDPR WP

The EU General Data Protection Regulation will be in full force from 25th of May 2018. We aim to provide plugin developers with a simple solution to GDPR validate their plugin and offer Website Administrators the overview and tools to handle the administrative tasks involved with being GDPR compliant. Our solution is being implemented into WordPress Core as a set of hook and filters, and offer a way for you to point to where personal data is handled and stored by your plugin. Using the WordPress GDPR hooks and filters, will allow you to easily help WordPress identify and handle any Personal Identifiable Information handled within a WordPress install comprised of multiple plugins. This way, we can offer a centralized set of tools within WordPress. 

We are building the GDPR compliance tools, to help websites accomplish the Right to Access, Right to be forgotten, and Breach Notification functionality that every WordPress site must have, no matter the combination of plugins that handle user identifiable data. Sit tight – it’s being actively developed into an upcoming WordPress update. GDPR states that if a website collects, store or use any data related to an EU citizen. You must comply with the following:- Tell the user: who you are, why you collect the data, for how long and who receives it. Let users access their data, and take it with them. 

See this nice infographic from the European Commission. Not following these guidelines will eventually result in a fine. 

Keywords: [“WordPress”,”data”,”plugin”]
Source: https://www.gdprwp.com

Consentcheq

The ConsentCheq GDPR Compliance Development Kit is a fully integrated set of software tools, cloud API and dashboard services, and model compliance forms that enable an enterprise to very swiftly build, test and optimize the numerous user interactions that are required under the EU General Data Protection Regulation. These interoperable tools can be used by corporate IT or consultants to rapidly prototype and field test different user flows to discover the optimal flow for user experience and retention. Large enterprises that plan to build and deploy in-house GDPR solutions use the ConsentCheq CDK as a ‘gap’ solution that saves months of precious time before GDPR enforcement begins. For all other enterprises that are seeking a rock-solid GDPR compliance solution, the ConsentCheq CDK has been designed for scalability, able to handle hundreds of millions of transactions per day due to its use of the global Amazon AWS cloud backend. ConsentCheq CDK is a product of PrivacyCheq – an industry leader with innovative privacy enhancing technology solutions covering mobile, desktop and IoT devices, providing cloud-based privacy disclosure, regulatory & legal compliance services to a worldwide audience of mobile app and game publishers, website operators, and consumer products manufacturers. 

PrivacyCheq offers a variety of cloud services that facilitate compliance with GDPR, COPPA, CASL, PIPEDA, PECR and other worldwide privacy regulations. 

Keywords: [“Compliance”,”GDPR”,”ConsentCheq”]
Source: http://www.consentcheq.com

Cyber Essentials and GDPR – IASME

The GDPR, or General Data Protection Regulations, are new EU regulations which will make the current Data Protection regulations much stronger. The GDPR comes into force in May 2018 and, if breached, could result in a fine of up to 4% of global turnover. The regulations will still affect UK organisations despite Brexit. The UK government and the Information Commissioners Office have indicated that, even if they don’t continue with GDPR after Brexit, they will be looking for something equally as robust. If you are processing the information of EU nationals or trading across the EU, then you will need to abide by its regulations. 

Every organisation processing personal data must carry out safeguards against loss, theft and unauthorised access. Respect for privacy, security of data and awareness of breaches will be key. If that breach is potentially of high privacy risk, then affected individuals should also be advised of the data breach. This is a significant change to the current Data Protection regime in the UK. The definition of personal data has been extended and includes anything that could be used to identify an individual. 

This includes, for example, genetic data and even IP addresses. The GDPR will be more robust in its protection of data than anything we have previously seen and businesses will be more accountable. More detailed information can be found on the Information Commissioners Office website. 

Keywords: [“Data”,”Regulations”,”GDPR”]
Source: https://www.iasme.co.uk/cyber-essentials-and-gdpr

GDPR News Center News for 07-25-2018

A Resource Guide to Compliance for 2018

The general data protection regulation comes into force May 25th, 2018. Increased Scope – The new legislation clearly lays out specific types of protected data such as name, address, ID numbers, Web location, IP address, cookie data and RFID tags. Health, genetic, biometric, ethnic, political views and sexual orientation data are also covered. Companies in the United States processing data for U.K. or French customers must abide by GDPR regulations. 

WP sites must be reviewed and amended to ensure all data collection follows consent policies. Plugins: Site owners are ultimately responsible for the data collection and storage methods of any plugins or third-party software used, meaning it’s critical to audit existing plugin libraries and address anything that needs clarification before May 25th – there’s a WP GDRP Compliance plugin available through WordPress to help identify key issues. The Case for Consent – While consent is critical under the new legislation, it’s not the only lawful ground for processing data, creating confusion among organizations. If you have an existing contract with individuals or must process data to meet legal requirements, consent may not be required. Age Limits – Initial drafts of the GDPR set the EU age limit for choosing to hand over personal data at 13. 

With protecting children’s data as a priority for this new legislation, WordPress sites must be diligent in obeying local age limit regulations and keep an eye on potential revisions. New Technologies – Article 35 of the GDPR lays out the need to asses the risk of new technologies for processing and storing data on the risk to personal information. The new legislation comes with significant impact for data collection, informed consent and direct user control over personal data. 

Keywords: [“data”,”GDPR”,”WordPress”]
Source: https://pagely.com/blog/gdpr-wordpress-2018-resources

What Should Software Engineers Know about GDPR?

A software designer should try to find ways to avoid being a data processor, and still be able to do the work. Your data subjects should be able to verify, correct, export, move, and erase their data as easily as they gave it to you in the first place. If the team members that build the software have access to actual personal data while building it, they become data processors and liable to the same sanctions and responsibilities. After any data breach, whether by an internal or external party, the first thing you need to do is find forensics that can show which users are affected and which data were accessed. If a data breach happens, it can only affect data that was actually in the targeted system at that point. 

Many systems continue to collect all data but never clean it up, even when the data becomes obsolete. It’s worth mentioning that anonymization and pseudonymization mechanisms can help you with things like test data or analysis data. You might already have a general-policy document that explains the rules, but I’ve seen many software designers start to create a grid of data columns in which they can state GDPR classification. The most important thing to get right is the one-stop shop where data subjects can exercise their rights, leading to a process that identifies and validates the request and then to mechanisms that erase or export that data. Most software projects do not require exposure to actual PII data, and this is definitely the recommended path to take – but it might require new skills and tools. 

No, a data subject is not supposed to get everything connected to their identity when they request an export of their data. Take care of transparency, data security, and legal basis, and do not collect more data than you need and you should be fine. 

Keywords: [“data”,”GDPR”,”system”]
Source: https://www.infoq.com/articles/gdpr-for-software-devs

Getting Ready for the GDPR

If your business is based in the European Union or you have customers or contacts in the EU, then you have probably heard of the General Data Protection Regulation by now. In this article, we’re going to cover a few things to keep in mind as GDPR approaches and provide you with the resources you need to learn more. It will regulate the treatment and use of personal data belonging to EU citizens. EU-based businesses, as well as anyone processing the personal data of EU citizens, will likely be affected by the GDPR. If you ever collect, record, store, use, or erase personal data from customers or contacts in the EU, the GDPR should be on your radar. 

Here at MailChimp, we’ve been reviewing and updating our internal data processes and systems to make sure we’re ready by May. And soon, we’ll be releasing an updated version of our Data Processing Agreement to allow our customers to continue to lawfully transfer EU personal data to MailChimp when the GDPR goes into effect. Our preparation efforts are ongoing and will continue into next year. We’re committed to achieving compliance with the GDPR, and we want to help our customers do the same. How to prepare your business for the GDPR. 

If your business is preparing for the GDPR, we know that it takes a lot of time and effort. The guide includes an overview of the new law, details on how MailChimp is preparing for it, and information about how to make sure your use of MailChimp is compliant. An article that outlines the tools we’re building to help you prepare for the GDPR. This post was updated on March 6, 2018 to include a link to our newest GDPR article. Please note that this post and the guide are for informational purposes only, and should not be considered legal advice. 

Keywords: [“GDPR”,”Data”,”prepare”]
Source: https://blog.mailchimp.com/getting-ready-for-the-gdpr