On 31 January 2020, the United Kingdom left the European Union. For the first time since its creation, a member state has decided to leave the common market, and for now, it is uncertain what the future holds for current privacy legislation. The new relationship between the UK and the EU will be negotiated in the course of this year, with the agreed transition period ending on 31 December. During this period, GDPR will apply as if nothing has changed. But what will happen after?
This webinar will discuss the following topics:
-What does Brexit mean from a data protection perspective?
-What does it mean for the UK itself and for the position of the Information Commissioner’s Office?
-What will be the impact of Brexit for data flows to and from the remaining 27 EU Member States and the countries of the European Economic Area?
-And will there be any impact on the UK-US data flows?
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
If the UK leaves the EU and EEA, will it be "adequate" for data transfers from the EU? Evidemnce suggests not, especially following the passing of the IP Act and the Tele2/Watson CJEU decision.
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...MediaPost
General Data Protection Regulation (“GDPR”) kicks in next year, and brands will be expected to comply with these consumer privacy rules. In this session, Claire Stockill, Solicitor at Irwin Mitchell LLP will explain what these rules mean for B2C email marketers. The presentation will explore the effects GDPR will have on consent, the need for increased transparency, fines associated with non-compliance and a look at the results of a recent YouGov survey on GDPR readiness.
Disclosure, Exposure and the "Right to be Forgotten" After Google SpainDavid Erdos
*** N.B. For full working paper see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3505921 ***
This paper argues that Google’s essentially blanket and unsafeguarded dissemination to webmasters of URLs deindexed under the Google Spain judgment involves the disclosure of the claimant’s personal data, cannot be justified either on the purported basis of their consent or that this is legally required but instead seriously infringes European data protection standards. Disclosure of this data would only be compatible with the initially contextually sensitive context of collection where it was (i) reasonably necessary and explicitly limited to the purposes of checking the legality of the initial decision and/or bona fide research and (ii) was subject to effective safeguards that prevented any unauthorised repurposing or other use. Strict necessity thresholds would need to apply where disclosure involved special category data or was subject to reasoned objection by a data subject and international transfers would require appropriate safeguards as provided by the European Commission’s standard contractual clauses. Disclosing identifiable data on removals to end users would directly and fundamentally undermine a data subject’s rights and, therefore, ipso facto violate purpose limitation and legality, irrespective of a data subject claims rights in data protection, defamation or civil privacy. The public’s legitimate interests in receiving information on personal data removals should be secured through safeguarded scientific research that the search engines should facilitate and promote.
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
European Data Protection and Social NetworkingDavid Erdos
These slides explore significant issues arising under data protection for both users and platforms as a result of the publication of third party personal data on such sites. Although the GDPR’s new wording of the household exemption could potentially exclude non-intrusive processing (e.g. sharing innocuous pictures taken in public), the Court of Justice of the EU (CJEU) is increasingly insistent that users acquire responsibilities when the publish such data to an indeterminate number. In principle, most EU Data Protection Authorities (DPAs) accept this although others including the UK and Irish have been very resistant. Many users could therefore have weighty data protection obligations here, although if contributing to a collective public debate they may be covered by the journalistic/special expression derogation and in any case there is a need for a balance with freedom of expression. CJEU ʻjoint controllerʼ case law also points to social networking sites have their own duties here, a proposition which has been backed by Working Party, the UK DPA and the UK courts. Whilst the e-Commerce ʻhostʼ shield should significantly limit ex ante responsibility here, this must be tempered by the ʻduty of careʼ which is inherent in being a ʻcontrollerʼ under data protection. In sum, data protection in principle remains central to the regulation of ʻonline harmsʼ here although ensuring effective and well-balanced regulation in practice remains a formidable challenge.
See further:
“Intermediary Publishers and European data protection: Delimiting the ambit of responsibility for third-party rights through a synthetic interpretation of the EU acquis”, International Journal of Law and Information Technology (Vol. 26(3), pp. 189-225) (2018) - https://academic.oup.com/ijlit/article/26/3/189/5033541
“Beyond ʻHaving a Domesticʼ? Regulatory Interpretation of European Data Protection Law and Individual Publication”, Computer Law and Security Review (Vol. 33 (3), pp. 275-297) (2017) - Pre-print https://www.repository.cam.ac.uk/handle/1810/263883
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
If the UK leaves the EU and EEA, will it be "adequate" for data transfers from the EU? Evidemnce suggests not, especially following the passing of the IP Act and the Tele2/Watson CJEU decision.
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...MediaPost
General Data Protection Regulation (“GDPR”) kicks in next year, and brands will be expected to comply with these consumer privacy rules. In this session, Claire Stockill, Solicitor at Irwin Mitchell LLP will explain what these rules mean for B2C email marketers. The presentation will explore the effects GDPR will have on consent, the need for increased transparency, fines associated with non-compliance and a look at the results of a recent YouGov survey on GDPR readiness.
Disclosure, Exposure and the "Right to be Forgotten" After Google SpainDavid Erdos
*** N.B. For full working paper see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3505921 ***
This paper argues that Google’s essentially blanket and unsafeguarded dissemination to webmasters of URLs deindexed under the Google Spain judgment involves the disclosure of the claimant’s personal data, cannot be justified either on the purported basis of their consent or that this is legally required but instead seriously infringes European data protection standards. Disclosure of this data would only be compatible with the initially contextually sensitive context of collection where it was (i) reasonably necessary and explicitly limited to the purposes of checking the legality of the initial decision and/or bona fide research and (ii) was subject to effective safeguards that prevented any unauthorised repurposing or other use. Strict necessity thresholds would need to apply where disclosure involved special category data or was subject to reasoned objection by a data subject and international transfers would require appropriate safeguards as provided by the European Commission’s standard contractual clauses. Disclosing identifiable data on removals to end users would directly and fundamentally undermine a data subject’s rights and, therefore, ipso facto violate purpose limitation and legality, irrespective of a data subject claims rights in data protection, defamation or civil privacy. The public’s legitimate interests in receiving information on personal data removals should be secured through safeguarded scientific research that the search engines should facilitate and promote.
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
European Data Protection and Social NetworkingDavid Erdos
These slides explore significant issues arising under data protection for both users and platforms as a result of the publication of third party personal data on such sites. Although the GDPR’s new wording of the household exemption could potentially exclude non-intrusive processing (e.g. sharing innocuous pictures taken in public), the Court of Justice of the EU (CJEU) is increasingly insistent that users acquire responsibilities when the publish such data to an indeterminate number. In principle, most EU Data Protection Authorities (DPAs) accept this although others including the UK and Irish have been very resistant. Many users could therefore have weighty data protection obligations here, although if contributing to a collective public debate they may be covered by the journalistic/special expression derogation and in any case there is a need for a balance with freedom of expression. CJEU ʻjoint controllerʼ case law also points to social networking sites have their own duties here, a proposition which has been backed by Working Party, the UK DPA and the UK courts. Whilst the e-Commerce ʻhostʼ shield should significantly limit ex ante responsibility here, this must be tempered by the ʻduty of careʼ which is inherent in being a ʻcontrollerʼ under data protection. In sum, data protection in principle remains central to the regulation of ʻonline harmsʼ here although ensuring effective and well-balanced regulation in practice remains a formidable challenge.
See further:
“Intermediary Publishers and European data protection: Delimiting the ambit of responsibility for third-party rights through a synthetic interpretation of the EU acquis”, International Journal of Law and Information Technology (Vol. 26(3), pp. 189-225) (2018) - https://academic.oup.com/ijlit/article/26/3/189/5033541
“Beyond ʻHaving a Domesticʼ? Regulatory Interpretation of European Data Protection Law and Individual Publication”, Computer Law and Security Review (Vol. 33 (3), pp. 275-297) (2017) - Pre-print https://www.repository.cam.ac.uk/handle/1810/263883
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Data Protection and Academic Research: The New GDPR FrameworkDavid Erdos
These slides provide an overview of the new data protection framework for academic research under the GDPR, situating this within the broader context of ethical review. After outlining the broad scope and default duties of the GDPR, the slides look at the critical issue of distinguishing processing for “academic purposes” - common in humanities and social studies – from processing only for “research” – common in the biomedical and other “hard” sciences. Whilst the former is subject to wide and liberal derogations akin to journalism, the latter is subject to mandatory safeguards and limited (and often further safeguarded) derogations. The implications of all this for ensuring lawful processing is outlined focusing on purposes specification, transparency, legal vires, data export and discipline duties as regards processors and co-controllers. It is finally noted that article 23 of the GDPR could permit further flexibility in future through secondary legislation.
The UK and EU Personal Data Regime After Brexit: Another Switzerland?David Erdos
These slides provide an overview of the personal data relationship between the UK and EU after Brexit. Under the Trade and Cooperation Agreement, the UK will have the closest connection with the EU here outside the European Economic Area and Switzerland. This is especially clear in the area of justice and security where there is very extensive provision for data exchange based on common standards. However, in the general area of data protection the framework only points to mutual adequacy. Even with the evolving formulation of this as “essential equivalence”, significant flexibility is retained and this may ultimately result in more substantive divergence than EU-Switzerland given the UK’s more distinct data protection approach. Common bona fide implementation of the Council of Europe’s Data Protection Convention 108+ may provide a good lodestar in the medium term and I very tentatively map out what this may could mean for default standards in the UK related to sensitive data and integrity and also specific substantive restrictions to ensure a more graduated approach and reconciliation with other competing rights.
Data Protection and Journalism: The Changing LandscapeDavid Erdos
These slides provide an overview of the changing landscape for data protection and journalism in decade or so since the Leveson Inquiry. As well as detailing the core public interest and incompatibility tests, they look at developments in case law, at the ICO and under the GDPR and DPA 2018. They are intended to provide background to the ICO consultation on a data protection and journalism code of practice which runs until 10 January 2022.
Comparing EU and Council of Europe Data Protection Standards in the Context o...David Erdos
In the event of Brexit, the UK will leave the EU Charter, the GDPR and related EU instruments. It will, however, remain committed not only to achieving EU ‘adequacy’ standard but doing this within the framework of Council of Europe’s Data Protection Convention 108+. These slides therefore explore the commonalities and contrasts between EU DP and Convention 108+. Both have a similar scope and common principles. However, Convention 108+'s transparency and sensitive data rules are considerably less stringent and there are many fewer compulsory controller discipline provisions. Whilst only modest change should be expected initially as the UK will essentially replicate the GDPR in the short-term, this less prescriptive and more flexible approach is likely to exert an influence on UK data protection should Brexit happen.
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
We outline the proposed changes in the EU General Data Protection Regulation (GDPR) and its effect on the privacy of US-EU Data transfers.
Access the complete webinar on how the EU GDPR will affect your business https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page.html?asset=J68IQUDK-565
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
Reconciling Humanities and Social Science Research With Data ProtectionDavid Erdos
Humanities and social science research contribute enormously to collective public knowledge and discussion. Such activity will almost invariably involve the processing of personal information and will, therefore, trigger the application of EU data protection law including the forthcoming General Data Protection Regulation (GDPR). This presentation argues that the GDPR’s default provisions – especially as regards the presumption of consent for sensitive data, data subject notification rules and strict discipline provisions – pose an acute threat to such activity. Moreover, whilst the research derogations (Art. 89) ameliorate a few of the issues, they are principally designed for work based on a highly structured, predetermined and largely fiduciary model such as is common in bio-medicine. As recognised by a wide variety of research organizations during debate on the GDPR (including the Wellcome Trust and UK Economic and Social Research Council), given that social/humanities scholarship is intrinsically linked to public knowledge and discussion, it should in fact benefit not just from these research derogations but also from the more permissive (but not absolute) derogations for free speech. The GDPR now recognises this but granting free speech protection for “academic expression” alongside that of journalism, literature and art (Art. 85 (2)). (N.B. These slides are based on a talk given at the University of Hong Kong “Positioning Privacy and Transparency in Data-intensive Research and Data-drive Regulation” on 8 November 2016).
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
This is the presentation from the class I taught at the University of Toronto Faculty of Information Sciences graduate school - a major challenge to capture the concepts in less than 3 hours!
"The EU General Data Protection Regulation: GDPR" - workshop held by Beatrice Masserini (Studio Cassinis, Italy) at the TRA Annual Meeting 2018 in Athens
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
There are some interesting developments in the world of case law. With so much focus on the CCPA enforcement date implications, many may have forgotten about the forthcoming decision in the Schrems II case, which could decide the fate of the Standard Contractual Clauses and the Privacy Shield for data transfers from Europe to the United States and elsewhere.
At the same time, the European Commission is working on the evaluation of all EU adequacy decisions and encouraging various countries to update their data protection laws. As to cookies, the Planet-49 case last year put clear boundaries around the issue of cookie consent. What has happened with this ruling of the European Court of Justice and how does it impact cookie compliance around the world?
Join us as we discuss the various international cross-border data transfer updates and how to navigate the potential significant changes.
This webinar will review:
-Implications of the Schrems II case decision
-The status of Privacy Shield and next steps
-European Commission adequacy re-assessment
-EDPB Guidelines on Consent and the revised IAB Framework updates
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Data Protection and Academic Research: The New GDPR FrameworkDavid Erdos
These slides provide an overview of the new data protection framework for academic research under the GDPR, situating this within the broader context of ethical review. After outlining the broad scope and default duties of the GDPR, the slides look at the critical issue of distinguishing processing for “academic purposes” - common in humanities and social studies – from processing only for “research” – common in the biomedical and other “hard” sciences. Whilst the former is subject to wide and liberal derogations akin to journalism, the latter is subject to mandatory safeguards and limited (and often further safeguarded) derogations. The implications of all this for ensuring lawful processing is outlined focusing on purposes specification, transparency, legal vires, data export and discipline duties as regards processors and co-controllers. It is finally noted that article 23 of the GDPR could permit further flexibility in future through secondary legislation.
The UK and EU Personal Data Regime After Brexit: Another Switzerland?David Erdos
These slides provide an overview of the personal data relationship between the UK and EU after Brexit. Under the Trade and Cooperation Agreement, the UK will have the closest connection with the EU here outside the European Economic Area and Switzerland. This is especially clear in the area of justice and security where there is very extensive provision for data exchange based on common standards. However, in the general area of data protection the framework only points to mutual adequacy. Even with the evolving formulation of this as “essential equivalence”, significant flexibility is retained and this may ultimately result in more substantive divergence than EU-Switzerland given the UK’s more distinct data protection approach. Common bona fide implementation of the Council of Europe’s Data Protection Convention 108+ may provide a good lodestar in the medium term and I very tentatively map out what this may could mean for default standards in the UK related to sensitive data and integrity and also specific substantive restrictions to ensure a more graduated approach and reconciliation with other competing rights.
Data Protection and Journalism: The Changing LandscapeDavid Erdos
These slides provide an overview of the changing landscape for data protection and journalism in decade or so since the Leveson Inquiry. As well as detailing the core public interest and incompatibility tests, they look at developments in case law, at the ICO and under the GDPR and DPA 2018. They are intended to provide background to the ICO consultation on a data protection and journalism code of practice which runs until 10 January 2022.
Comparing EU and Council of Europe Data Protection Standards in the Context o...David Erdos
In the event of Brexit, the UK will leave the EU Charter, the GDPR and related EU instruments. It will, however, remain committed not only to achieving EU ‘adequacy’ standard but doing this within the framework of Council of Europe’s Data Protection Convention 108+. These slides therefore explore the commonalities and contrasts between EU DP and Convention 108+. Both have a similar scope and common principles. However, Convention 108+'s transparency and sensitive data rules are considerably less stringent and there are many fewer compulsory controller discipline provisions. Whilst only modest change should be expected initially as the UK will essentially replicate the GDPR in the short-term, this less prescriptive and more flexible approach is likely to exert an influence on UK data protection should Brexit happen.
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
We outline the proposed changes in the EU General Data Protection Regulation (GDPR) and its effect on the privacy of US-EU Data transfers.
Access the complete webinar on how the EU GDPR will affect your business https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page.html?asset=J68IQUDK-565
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
Reconciling Humanities and Social Science Research With Data ProtectionDavid Erdos
Humanities and social science research contribute enormously to collective public knowledge and discussion. Such activity will almost invariably involve the processing of personal information and will, therefore, trigger the application of EU data protection law including the forthcoming General Data Protection Regulation (GDPR). This presentation argues that the GDPR’s default provisions – especially as regards the presumption of consent for sensitive data, data subject notification rules and strict discipline provisions – pose an acute threat to such activity. Moreover, whilst the research derogations (Art. 89) ameliorate a few of the issues, they are principally designed for work based on a highly structured, predetermined and largely fiduciary model such as is common in bio-medicine. As recognised by a wide variety of research organizations during debate on the GDPR (including the Wellcome Trust and UK Economic and Social Research Council), given that social/humanities scholarship is intrinsically linked to public knowledge and discussion, it should in fact benefit not just from these research derogations but also from the more permissive (but not absolute) derogations for free speech. The GDPR now recognises this but granting free speech protection for “academic expression” alongside that of journalism, literature and art (Art. 85 (2)). (N.B. These slides are based on a talk given at the University of Hong Kong “Positioning Privacy and Transparency in Data-intensive Research and Data-drive Regulation” on 8 November 2016).
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
This is the presentation from the class I taught at the University of Toronto Faculty of Information Sciences graduate school - a major challenge to capture the concepts in less than 3 hours!
"The EU General Data Protection Regulation: GDPR" - workshop held by Beatrice Masserini (Studio Cassinis, Italy) at the TRA Annual Meeting 2018 in Athens
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
There are some interesting developments in the world of case law. With so much focus on the CCPA enforcement date implications, many may have forgotten about the forthcoming decision in the Schrems II case, which could decide the fate of the Standard Contractual Clauses and the Privacy Shield for data transfers from Europe to the United States and elsewhere.
At the same time, the European Commission is working on the evaluation of all EU adequacy decisions and encouraging various countries to update their data protection laws. As to cookies, the Planet-49 case last year put clear boundaries around the issue of cookie consent. What has happened with this ruling of the European Court of Justice and how does it impact cookie compliance around the world?
Join us as we discuss the various international cross-border data transfer updates and how to navigate the potential significant changes.
This webinar will review:
-Implications of the Schrems II case decision
-The status of Privacy Shield and next steps
-European Commission adequacy re-assessment
-EDPB Guidelines on Consent and the revised IAB Framework updates
How To Do Data Transfers Between EU-US in 2023TrustArc
Since March 2022, businesses in the EU and U.S. have been waiting for an adequacy decision on the revamped Privacy Shield data transfer agreement, the U.S.-EU Data Transfer Framework Executive Order. The agreement would allow Europeans’ data to flow to the U.S. once again, after a long two years since Schrems II overturned Privacy Shield.
Yet the European Data Protection Board (EDPB) and European Parliament announced that the U.S.-EU Data Transfer Framework Executive Order is insufficient and does not provide adequate safeguards in March 2023.
What does this mean for businesses that have been in cross-border data transfer limbo since Schrems II? Is it possible to do data transfers between the EU and the US?
This webinar reviews:
- Where does the EU-U.S. Data Transfer Framework stand today?
- What adequate safeguards are currently missing from the framework in the eyes of the EDPB and European Parliament?
- How SCCs can be used for cross-border data transfers
- Risk mitigation for international data transfers
On January 1 2021, the UK formally and effectively left the European Union. As a result, the EU GDPR no longer applies in the UK. Currently, the UK DPA 2018 sets out the data protection framework in the UK.
Are you UK-DPA compliant? What are some of the expected data protection reforms from UK authorities?
Join our panel in this webinar as we explore the current rules on transfers of personal data between the UK and the EU and how your company can comply.
This webinar will review:
- What the Brexit changes in terms of data privacy
- The main differences between the UK-DPA and the EU-GDPR
- How to become compliant in both the EU and the UK
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
Before 25 May, 2020, the European Commission will present the first official evaluation of the GDPR, two years after the entry into application of the new regulation. The European Data Protection Board has given their view, as have the EU Member States. During this webinar, we will discuss the first lessons learned from the GDPR, including from the private sector.
In addition, as is custom during the quarterly updates, we will provide you with an overview of the new guidelines from the European Data Protection Board and enforcement action from the various supervisory authorities. In addition, we will take a look beyond the European Union’s borders at what is happening in the Middle East and Africa.
This webinar will review:
- The lessons learned in the first two years the GDPR has been in effect;
- The guidelines of the European Data Protection Board;
- The enforcement of the GDPR at national and European level;
- Data protection developments in Africa and the Middle East;
- How TrustArc can support you stay up-to-date on data protection and privacy compliance in the EMEA region.
"As most companies had to urgently adapt to remote working and a challenging business environment during the pandemic, there was little room to prepare for the transition period ending on 31st December 2020. With the UK highly likely to be considered, at least for a time, as a third country for data protection purposes, what steps do companies need to take in the coming months to ensure their data flows are lawful from 1st January 2021?• Background to the UK data protection status post-transition• What is needed to continue to do business in the EU• What is needed to safeguard data flows between the EU and the UK and with other countries• Potential consequences of the Schrems II case on the UK"
Data Privacy vs. National Security post Safe HarborGayle Gorvett
Recent Developments in Transatlantic Data Privacy regulation including adoption of Privacy Shield, GDPR and increasing requests for data access for National Security
With GDPR on the horizon, businesses are expressing concerns over the pressures to prepare ahead of the 25th May. However, the process of compliance needn’t be so overwhelming...
mHealth Israel_Brexit Update for MedTech_Feb 2019Levi Shapiro
Presentation by Simon Marks, Head of Hi-Tech practice, ERM Law Firm, about Brexit Update for MedTech, Feb 5, 2019. Includes Advantages of Doing Business in the UK, Brexit update, Timeline, What’s next? The Withdrawal Agreement, No Deal, Contingency Planning, Implications for Manufacturers and Importers
How will your business be affected and what you can do to stay ahead of the n...Carrenza
Topics covered include:
Key highlights of the new GDPR (General Data Protection Regulation)
Who is affected
‘Privacy Shield’ proposals versus US-EU Safe Harbour framework
Timeline for implementation and enforcement of GDPR
What should you be doing to prepare for the new legislation
Speaker line up
Martin Hoskins, Associate Director at Grant Thornton UK LLP
Matthew McGrory, Managing Director at Carrenza Ltd
A business that is not GDPR compliant by May 2018 may face a fine of 4% of its annual turnover
Reasons to attend
This session delivered in partnership with Grant Thornton will give you the knowledge on how to ensure compliance with GDPR and avoid penalties and highlight what companies can do now in light of the new legislation; what types of cascade effects there will be on operations and businesses; the impact of the privacy shield; and further discussion on what Brexit means for the GDPR.
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
In today's digital world, trust is key to customer relationships, but keeping it is a huge challenge. Customers are well-informed and empowered, quick to change brands if their trust is broken, even if it costs them more. This puts a lot of pressure on organizations to handle trust and safety issues with great care and transparency.
The challenge, however, is real. Fragmented solutions have left privacy, legal, and security teams in a perpetual cycle of catch-up, struggling to update privacy notices, manage customer data rights, and answer lengthy security questionnaires—all while trying to prove ROI to the business. It's a thankless job, filled with repetition, tedious tasks, and constant interdepartmental coordination. Combine this with fast regulatory changes and the quick evolution of AI, and it becomes overwhelming.
Join this webinar to learn more about TrustArc's new innovative solution Trust Center, the only unified, no-code online hub for trust and safety information built for privacy, security, compliance, and legal teams. Trust Center streamlines your path to compliance, shortens the pre-sales cycle, and reduces both legal and regulatory risks, saving time, effort, and cost.
This webinar will review:
- Why companies are building unified Trust Centers for a robust privacy program.
- How unified Trust Centers streamline sales cycles, ensure regulatory compliance, and reduce operational bottlenecks.
- How compliance, legal, security, GRC, and privacy teams benefit from a unified Trust Center in terms of needs, pains, and outcomes.
- How TrustArc Trust Center saves time and work while reducing legal, reputational, and compliance risk by effectively managing policies, notices, terms, and disclosures, and providing real-time updates on subprocessors.
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data.
Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery.
You'll learn how to:
- Effortlessly maintain a comprehensive, up-to-date data inventory
- Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning
- Simplify compliance by leveraging Privya's integration with TrustArc
- Implement proven strategies to mitigate third-party risks
Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly.
How will data privacy evolve in the US in 2024? How to stay compliant?
Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements.
This webinar will review:
- The essential aspects of each state's privacy landscape and the latest updates
- Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence
- Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
Want to win over both existing and potential customers? Show them you value their privacy rights. And make opting in or out of targeted services and marketing a breeze. Businesses build trust by giving consumers control over their personal information. When you prioritize privacy, everyone wins!
How to accelerate the setup and management of complex cookie activities while ensuring compliance with privacy laws in all countries you operate in? How to use consumer trust as a competitive advantage?
In this webinar, you will learn:
- How to solve the challenge of identifying customers and respecting their choices across devices and browsers
- How to ensure a frictionless consent choice experience for your customers
- How to manage different and evolving cookie requirements and always stay compliant with data privacy laws
- What is Trustworthy AI and why it is important
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
Google announced it will phase out the use of third-party cookies on Chrome in 2024. Since Chrome has a market share of 65% of browser users, this practice will affect most businesses and cookie marketing.
As a marketer, how can you adapt to this significant change? How will you need to change your practices in the way you do business online in order to reach your target audience and drive revenue success?
In this webinar, you will learn how to prepare your organization for Google’s third-party phase-out and ensure marketing success.
This webinar will review:
- What to keep in mind about the latest cookie phase-out and what is coming
- What you need to know about the laws and regulations around cookies
- How to explore new privacy-friendly approaches to engage with your audience
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
There’s no question the AI wave is here to stay. Regulators, organizations and consumers are all dealing with the acceleration of AI adoption in different ways.
Regulators are rushing to create and pass standards and laws like the EU AI Act, NIST AI RMP and OECD AI Principles to guide how organizations can and should adopt transparent, accountable AI practices to protect consumer privacy. For consumers, despite acknowledgement around the increasing value of AI, 60% of consumers say they have lost trust in how AI is used by organizations. And organization are left in the middle trying to keep up with regulations, drive AI adoption in their business process and products, and maintain consumer trust.
Introducing two innovative solutions designed to help organizations navigate the shifting AI landscape:
- TRUSTe Responsible AI Certification - The first AI certification designed for data protection and privacy. Crafted by a team with 10,000+ privacy certifications issued, this framework integrated industry standards and emerging laws for responsible AI governance.
- NymityAI - Your personalized privacy legal navigator to help you learn the law faster and easier - with confidence.
Join us on this webinar to learn how to establish responsible AI governance and instill trust in your partners, consumers, and customers around AI use and privacy data protection.
This webinar will review:
- How TRUSTe’s Responsible AI Certification will help you demonstrate accountable AI data governance that is fair, transparent and secure
- How to save time and work smarter in understanding regulatory obligations, including AI
- How to operationalize and deploy AI governance best practices in your organization
Unlock the definitive guide to managing your online tracking technology vendors effectively. This webinar delves into a comprehensive and actionable set of best practices that every organization needs. From meticulous website scans to in-depth contract reviews, from precise consent categorization to harmonizing diverse frameworks, our checklist ensures you cover all the crucial touchpoints. Equip yourself with this essential framework and confidently navigate the complex landscape of online tracking compliance, using our step-by-step roadmap as your trusted reference.
Join our panel of experts in the webinar as they equip you with the knowledge and strategies for navigating vendor relationships under CPRA.
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
In a healthcare landscape where data flows are constant, and patient trust is paramount, it’s critical to understand and implement adequate data security and privacy practices. Start navigating the importance of privacy in healthcare for 2023 and beyond. Remembering that privacy is more than just checking a box is essential.
To better understand how to measure privacy in a healthcare setting correctly, healthcare leaders must understand how to grow and maintain privacy programs effectively and have insights into their privacy methods.
Whether you are wondering what data privacy is or already know, this webinar will help you better understand the importance of privacy in protecting you and your clients.
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
Artificial Intelligence (AI) has emerged as a transformative force in various industries, from healthcare to finance and beyond. While AI offers incredible opportunities, it also raises ethical, legal, and social challenges that must be addressed. To navigate this complex landscape in the world of privacy, it is crucial to conduct comprehensive Privacy Impact Assessments (PIAs).
Conducting PIAs in this dynamic and evolving world of AI has brought new challenges to the privacy world. With AI increasingly being integrated into different areas of our lives, understanding the intersection between AI and PIAs is essential for any organization to ensure they are privacy forward.
Take advantage of this opportunity to gain a comprehensive understanding of AI impact assessments and their role in shaping the future of AI. In this insightful webinar, our experts will explore the power of Privacy Impact Assessments (PIAs) in ensuring responsible AI development and deployment.
In this webinar, some key topics that will be covered include:
- Introduction to AI PIAs
- PIAs demystified (why they are essential in the context of AI)
- Explore the evolving legal and regulatory landscape governing AI and privacy, including GDPR, CCPA, and other international standards
- Best practices for conducting effective PIAs in AI projects
- Future outlooks for AI and PIAs
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
Organizations rely heavily on third-party vendors and partners to enhance operational efficiency and deliver innovative solutions in today's interconnected digital landscape. However, this increased reliance on third parties also introduces a complex web of security and privacy risks that can have far-reaching consequences for organizations' data, reputation, and compliance.
Join us for an insightful and informative webinar as we delve into mitigating third-party risks. This webinar will provide essential strategies and best practices to ensure robust security and privacy measures when collaborating with external entities.
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
As privacy and data protection regulations evolve rapidly, organizations opera
ting in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in Iowa, Indiana, Montana, Tennessee, Texas, Florida, and Oregon, it is essential to understand what their unique data protection regulations will require clearly.
Discover how to stay compliant and safeguard customer data as our panelists decode state-specific privacy laws, share best practices, and discuss data security risk management. Prepare your organization for the future with insights into emerging trends.
Our panelists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements.
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
Just over a year ago, on 21 April 2022, seven economies, including Canada, Japan, the Republic of Korea, the Philippines, Singapore, Taiwan, and the USA, announced the launch of the Global CBPR Forum. Since then, Australia and Mexico have joined the Forum, marking a significant stride towards a global approach to data privacy cooperation.
In this highly anticipated webinar, we explore the background, the future direction, and assess the potential business case for companies considering certification under the new Global CBPR System. As an Associate Member of the Forum, the UK has demonstrated a keen interest in joining this innovative system, making it the first country outside the APEC region to express such intent.
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
Hooray! The long-awaited EU-U.S. and Swiss-U.S. Data Privacy Frameworks are officially adequate! Now what?
Well, now the real work begins for companies who want to join (or re-join!) into one of the premier international privacy standards. As the White House shared, transatlantic data flows are critical to enabling the $7.1 trillion EU-U.S. economic relationship. With the EU-US Data Privacy Framework in effect, businesses will have the ability to transfer personal data from the EU to the U.S. in compliance with GDPR and EU law.
Join our panel of experts for an interactive discussion about all things DPF. Be sure to bring your questions to the session because we will be ready to answer them!
We'll answer these questions and more:
- Why is the EU-US DPF important to the international community and businesses?
- What are the benefits of DPF verification?
- How do I get started with DPF?
- How can I get verified or certified quickly?
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
Back in 2020, GPC was introduced in the CCPA as a way to help keep consumer information safe by allowing users to opt-out with a single click rather than manually selecting each opt-out. However, the recent CCPA regulations create greater obligations for certain companies, specifically those that can identify known users and those that provide loyalty programs. Being unprepared for the new Global Privacy Control (GPC) obligations under the CPRA can open your company to risk.
Prepare your business for compliance with GPC and other browser signals.
Join the TrustArc privacy experts to learn:
- What is GPC & why is it important
- How does GPC impact your business and your customers under the new CCPA regulations?
- How to operationalize GPC requirements using software for your business
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
Privacy Enhancing Technologies (PETs) comprise a range of tools that mitigate the risks associated with the collection of data. These technologies offer various functionalities, which help uphold data governance choices, foster data collaboration, and enhance accountability.
As privacy regulations continue to evolve, organizations are increasingly turning to Privacy Enhancing Technologies (PETs) to protect personal data while enabling data-driven business decisions. In this webinar, we will explore the benefits of PETs, how they are used, and why they are critical for enhancing privacy.
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
As privacy concerns continue to grow, businesses are under increased pressure to demonstrate their commitment to protecting personal data. Privacy certifications are emerging as a way for organizations to demonstrate they are taking privacy seriously and following best practices.
Whether you are a small business or a large corporation, understanding the value of privacy certifications and how they can help you demonstrate your commitment to protecting personal data is important.
Learn the importance of how privacy certifications can unlock business value and help you stay ahead of the competition in today's privacy-conscious landscape.
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
The California Age-Appropriate Design Code Act (CAADCA) was signed into law by Governor Gavin Newsom in September 2022. Starting on July 1, 2024, the bill will mandate businesses providing online services or features that are "likely to be accessed by children" take certain measures, such as conducting a data protection impact assessment.
In this webinar, experts explore the intersection between CAADCA and existing children's privacy laws, and provide guidance on how companies, especially those in the gaming and child data handling app industries, can achieve compliance well in advance of the effective date.
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
Discover how organizational priorities and strategic approaches to data security and privacy are developing across the globe. Gain a deeper understanding of how your organization's privacy program compares to those of your peers and learn about the emerging trends that will shape the future of privacy.
Hear insights from more than 1,500 global privacy professionals and business executives. Our 4th Annual Global Privacy Benchmarks Survey presents a comprehensive analysis of the progress made by privacy programs in the past year, the expansion of privacy teams, and the most pressing privacy challenges faced by organizations.
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
Artificial Intelligence (AI) is increasingly being used to make decisions that impact individuals and society as a whole. As the use of AI continues to grow, there is a need to establish guidelines and regulations to ensure that it is being used responsibly and ethically.
In October 2022, the White House Office of Science and Technology Policy (OSTP) published a Blueprint for an AI Bill of Rights (“Blueprint”), which shared a nonbinding roadmap for the responsible use of artificial intelligence (AI). In this webinar, we will examine the key principles that underpin the bill, such as transparency, accountability, and fairness, and discuss how they can help ensure that the use of AI aligns with the values and rights of individuals.
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
It’s no secret that consumers are more skeptical than ever before of how organizations are using their personal data, thanks in large part of high-profile data breaches and growing awareness of just how much information exists about us online. Over the past few years, we’ve watched privacy regulators attempt to protect consumer rights by creating laws like GDPR, CCPA and LGPD aimed at corraling how organizations deal with customer data.
Undoubtedly, most customers are more likely to be loyal to a company they trust. They are also more likely to purchase additional products and services and recommend a company they trust.
Join the TrustArc experts on this webinar as they explore how to build consumer trust and loyalty by delivering a compliant digital experience to meet the ever-evolving regulatory requirements surrounding consumer rights.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Brexit Data Protection Update: The EU, US and UK Perspective
1. Thank you for joining the webinar Brexit Data Protection
Update
• We will be starting a couple minutes after the hour
• This webinar will be recorded and the recording and slides sent out
later today
• Please use the GoToWebinar control panel on the right hand side
to submit any questions for the speakers
1
5. Outline
● Brexit: the current state of play
● What will happen next?
○ In the UK itself
○ EU – UK / UK – EU relations
○ EU – US / US – UK relations
● How to prepare for the various scenarios?
● Q&A
7. EU28 > EU27
● 31 January 2020 (midnight CET)
The United Kingdom has left the European
Union.
●
----
● Transition Period
----
● 31 December 2020 (midnight CET)
End of the transition period*
* Extension possible by joint EU – UK decision before 1 July 2020,
but ruled out by the European Union (Withdrawal Agreement) Act 2020.
8. Transition Period
Revised Political Declaration (19 October 2019) – Part I, Section I – B. Data Protection
8. In view of the importance of data flows and exchanges across the future relationship, the Parties are
committed to ensuring a high level of personal data protection to facilitate such flows between them.
9. The Union's data protection rules provide for a framework allowing the European Commission to
recognise a third country's data protection standards as providing an adequate level of protection,
thereby facilitating transfers of personal data to that third country. On the basis of this framework, the
European Commission will start the assessments with respect to the United Kingdom as soon as
possible after the United Kingdom's withdrawal, endeavouring to adopt decisions by the end of 2020,
if the applicable conditions are met. Noting that the United Kingdom will be establishing its own
international transfer regime, the United Kingdom will in the same timeframe take steps to ensure
the comparable facilitation of transfers of personal data to the Union, if the applicable conditions
are met. The future relationship will not affect the Parties' autonomy over their respective personal data
protection rules.
10. In this context, the Parties should also make arrangements for appropriate cooperation between
regulators.
10. UK Data Protection Act 2018
● GOAL 1:
○ Harmonise UK privacy law with GDPR – the “APPLIED EU GDPR”
○ Search “DPA Keeling schedule for the amended GDPR”
○ Repeal/alter some UK laws to align
● GOAL 2:
○ Harmonise UK law enforcement law with EU Law Enforcement Directive
● GOAL 3:
○ EU law cannot touch national security, so sets up privacy regime for UK security
services
● GOAL 4:
○ Set up UK supervisory Body as ICO
○ Powers and criminal offences
11. UK Data Protection Act 2018
Passed 24th May 2018: It is the current UK law, enacts the “applied EU GDPR”
DPA
18
Part 1
Schedules
Part 7
Part 6
Part 5
Part 4
Part 3
Part 2
Preliminary
1-18
Preliminary
supplement final
provisions
ICO Enforcement
Information
Commissioner
Intelligence
Service
Processing
Law
Enforcement
Processing
General Processing
GDPR etc.
12. The Data Protection, Privacy and Electronic
Communications (Amendments etc) (EU Exit) Regulations
2019 S.I.419
● The EU’s GDPR has been amended into a new “UK-GDPR” (United Kingdom General Data
Protection Regulation) that took effect on January 31, 2020.
● The Data Protection Act 2018 has been amended to be read in conjunction with the new
UK-GDPR instead of the EU GDPR.
● The current ”EU GDPR” will apply to the UK in the transition period lasting from January
31, 2020 until December 31, 2020 (unless further extensions are agreed upon between the
UK and EU).
● It is likely that the UK government will move to consolidate the two amended laws (UK-
GDPR and DPA2018) into one, comprehensive piece of data protection law at a later point.
● https://www.legislation.gov.uk/uksi/2019/419/pdfs/uksiem_20190419_en.pdf
13. UK Data Protection Act 2018 - Criminal Offences (Personal!)
● Unlawfully obtaining, or disclosing, personal data without the consent of the data controller
● To retain personal data without the consent of the data controller
● The re-identification of de-identified personal data without consent of the data controller
● To require an individual to exercise their subject access rights to gain their personal information
in relation to their employment or for a contract for services or the provision of goods and
services
● Alteration of personal data to prevent disclosure to data subject
● Obstructing the Commissioner in inspecting personal data to discharge an international
obligation.
● Making a disclosure prohibited by the Regulation of Investigatory Powers Act 2016.
● ICO or ICO staff disclosing information obtained in the course of their role (which is not available
to the public).
● False statement made in response to an ICO information notice.
● Intentional obstruction of a warrant, or failure without reasonable excuse to assist in the
execution of a warrant.
● Not undertaking notification to the ICO when required (monetary penalty)
14. Brexit Impact on Data Protection
Now the UK has left the European Union:
● NOW: It stays a member of the Council of Europe;
○ It is still subject to the European Convention on Human Rights and the European
Court of Human Rights
○ It has signed Modernized Convention 108+ and is duty-bound to implement it
● NOW: ICO no longer an EU supervisory authority;
○ BCRs/Ad hoc clauses reapproved,
○ Do you need a new lead EU SA?
● NOW: It retains the “EU/UK GDPR” under the DPA 2018 – very similar laws to EU apply
● 31 Dec 2020: Review EU and UK representatives if no UK or EU establishment
● 31 Dec 2020: It may become a third party country, so no longer automatically adequate
for data transfers, will be applying for adequacy… Achievable? Time gap?
● Future: Any new ePrivacy Regulation will likely not apply in the UK,
○ current 2003 PECR applies.
● Future: It could diverge further from this however in the future…
17. Brexit Impact on EU - UK Data Flows
31 January 2020
Brexit with a Deal
Until
31 December 2020
Transition Period
Deal?
EU-UK Adequacy
Decision*
Data flows continue
unobstructed
No Deal?
UK becomes third
country
Data transfers
require transfer
mechanism
* A mutual adequacy decision is required to ensure the free flow of data from and to the UK and EU
Onward Transfers
Onward Transfers
18. EU-UK Mutual Adequacy Decision
● European Commission may decide that a third country ensures an adequate level of
protection (also possible for a territory, sector or international organisation) (Art. 45(1)
GDPR).
● Obligation for European Commission to monitor functioning of adequacy decisions:
○ Periodic review at least every four years (Art. 45(3) GDPR);
○ EC may repeal, amend or suspend decisions (Art. 45(5) GDPR).
● Negotiating Guidelines (adopted 25 February 2020): “The envisaged partnership should
affirm the Parties’ commitment to ensuring a high level of personal data protection, and fully
respect the Union’s personal data protection rules, including the Union’s decision-making
process as regards adequacy decisions”.
● UK Government still needs to announce criteria to assess third country adequacy.
19. EU-UK Mutual Adequacy Decision
The term adequate level of protection must be understood as requiring the third
country in fact to ensure, by reason of its domestic law or its international commitments, a level of
protection of fundamental rights and freedoms that is essentially equivalent to that guaranteed
within the European Union (Schrems, §73).
During the assessment ALL relevant legislation needs to be assessed, including laws interfering
with the fundamental right to data protection. An interference is only allowed under four
guarantees:
A. Processing should be based on clear, precise and accessible rules
B. Necessity and proportionality with regard to the legitimate objectives pursued need to be
demonstrated
C. An independent oversight mechanism should exist
D. Effective remedies need to be available to the individual
Source: WP237 - Working Document 01/2016 on the
justification of interferences with the fundamental
rights to privacy and data protection through surveillance
measures when transferring
personal data (European Essential Guarantees)
21. Privacy Shield
Guidance from US Department of Commerce
● Privacy Shield will continue to apply to the UK during the transition period
without change
● From 31 December 2020:
○ a Privacy Shield organization must update its public commitment to
comply with the Privacy Shield to include the UK.
○ organizations must maintain a current Privacy Shield certification,
recertifying annually as required by the Framework.
22. Steps to Take Now
22
• Review your EU “lead authority”1
• Review data transfers in/out of UK and onwards2
• Review legal basis for transfers3
• Review need for EU or UK representatives4
• Review risk (regulators have stated not an
enforcement priority in short term)5
• Amend privacy notices & records of processing6
7 • Amend breach notification protocols
23. Q&A
Ask your questions via the GoToWebinar Control Panel
TrustArc
PAUL
BREITBARTH
Director
EU Policy & Strategy
TrustArc
JOSH
HARRIS
Director
International
Regulatory Affairs
TrustArc
RALPH
O’BRIEN
Principal Consultant,
EU