Cloud computing presents legal, regulatory, and compliance concerns for financial institutions in Hungary. While cloud computing has significant business potential, the technology is ahead of legal regulations. There is no specific Hungarian or EU legislation governing cloud computing. Additionally, Hungarian authorities like the HFSA and DPA have provided little guidance. For financial institutions to utilize cloud computing would require addressing issues like data protection laws, regulatory uncertainty around cloud computing qualifying as outsourcing, and other basic contractual questions.
1) The document discusses restrictions on transferring personal data outside of the EU under current EU law and how companies are increasingly using Binding Corporate Rules (BCRs) to manage cross-border data transfers and ensure privacy compliance.
2) BCRs allow companies to streamline privacy policies and processes globally while providing flexibility. They create trust within companies and with consumers.
3) Most current cross-border data transfer options under EU law have limitations, while BCRs offer a comprehensive solution as they are expressly acknowledged as a valid transfer method under the upcoming EU General Data Protection Regulation.
This document provides a summary of a presentation on data protection law and the proposed EU Data Protection Regulation. Key points from the proposed regulation discussed include expanded definitions of personal data, the requirement for explicit consent, the right to be forgotten, increased accountability and security breach notification requirements, more sanctions for non-compliance, and the direct coverage of data processors. Impacts on practices like profiling, use of IP addresses and cookies, and responding to access requests are also covered. The presentation provides timelines for the regulation and discusses lobbying efforts regarding the proposals.
The document discusses the EU General Data Protection Regulation (GDPR), which took effect in May 2018. It provides the following key points:
- The GDPR replaced the previous EU data protection directive and directly applies across all EU member states. It aims to give individuals more control over their personal data.
- Key aspects of the GDPR include expanded territorial reach, requirements for data protection officers, increased accountability and privacy by design principles, strengthened rights for data subjects, and larger maximum fines for noncompliance.
- Companies need to review their data processing activities, legal bases for processing, consent mechanisms, security, breach response plans, and privacy notices to ensure compliance with the extensive new obligations and standards introduced by the GD
Presentation on GDPR which is not technical, nor product specific, focusing on manufacturing industry and providing a non expert view on what the regulation is all about.
Targeted to Senior Management who has a direct responsibility on the treatment (direct or indirect) of personal data.
PSI in Europe – The Road(s) Ahead! Action plan 3: Legal, business and other i...Michael Fanning
This document summarizes a meeting about public sector information (PSI) in Europe and the road ahead. Various actors were discussed in the legal and business information sectors regarding PSI re-use. For legal information, some reported growth in revenues from PSI re-use in the hundreds of percent, while service providers saw revenues double since 2002. However, most PSI holders offer legislative information for free online, but most re-users source it from web portals only occasionally and many were dissatisfied. For business information, annual financial statements were discussed and initiatives for business register interoperability. Harmonizing company law and electronic filing, not re-use, were identified as the main drivers of change. Other PSI discussed
This document summarizes a presentation on developments of the GDPR since its commencement. It discusses current problems with the GDPR including determining which laws apply, risks for service providers like liability for compensation, and potential claims for compensation. It also covers issues like joint liability, risks of warning letters from competitors, interactions between GDPR and copyright law, and the future development of privacy regulations.
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
The document discusses the challenges facing public sector organizations in the EU in adopting cloud solutions due to concerns over privacy and data protection. Recent legal changes like the invalidation of the Safe Harbor agreement and the passage of CISA in the US have increased worries that personal data of EU citizens could be accessed by US intelligence agencies. The upcoming GDPR will also broaden the definition of personal data and increase responsibilities of organizations. To address these risks, the document proposes a "franchise" model where a local EU entity acts as the data processor and is contractually separated from the non-EU cloud provider to ensure data remains outside of US jurisdiction.
1) The document discusses restrictions on transferring personal data outside of the EU under current EU law and how companies are increasingly using Binding Corporate Rules (BCRs) to manage cross-border data transfers and ensure privacy compliance.
2) BCRs allow companies to streamline privacy policies and processes globally while providing flexibility. They create trust within companies and with consumers.
3) Most current cross-border data transfer options under EU law have limitations, while BCRs offer a comprehensive solution as they are expressly acknowledged as a valid transfer method under the upcoming EU General Data Protection Regulation.
This document provides a summary of a presentation on data protection law and the proposed EU Data Protection Regulation. Key points from the proposed regulation discussed include expanded definitions of personal data, the requirement for explicit consent, the right to be forgotten, increased accountability and security breach notification requirements, more sanctions for non-compliance, and the direct coverage of data processors. Impacts on practices like profiling, use of IP addresses and cookies, and responding to access requests are also covered. The presentation provides timelines for the regulation and discusses lobbying efforts regarding the proposals.
The document discusses the EU General Data Protection Regulation (GDPR), which took effect in May 2018. It provides the following key points:
- The GDPR replaced the previous EU data protection directive and directly applies across all EU member states. It aims to give individuals more control over their personal data.
- Key aspects of the GDPR include expanded territorial reach, requirements for data protection officers, increased accountability and privacy by design principles, strengthened rights for data subjects, and larger maximum fines for noncompliance.
- Companies need to review their data processing activities, legal bases for processing, consent mechanisms, security, breach response plans, and privacy notices to ensure compliance with the extensive new obligations and standards introduced by the GD
Presentation on GDPR which is not technical, nor product specific, focusing on manufacturing industry and providing a non expert view on what the regulation is all about.
Targeted to Senior Management who has a direct responsibility on the treatment (direct or indirect) of personal data.
PSI in Europe – The Road(s) Ahead! Action plan 3: Legal, business and other i...Michael Fanning
This document summarizes a meeting about public sector information (PSI) in Europe and the road ahead. Various actors were discussed in the legal and business information sectors regarding PSI re-use. For legal information, some reported growth in revenues from PSI re-use in the hundreds of percent, while service providers saw revenues double since 2002. However, most PSI holders offer legislative information for free online, but most re-users source it from web portals only occasionally and many were dissatisfied. For business information, annual financial statements were discussed and initiatives for business register interoperability. Harmonizing company law and electronic filing, not re-use, were identified as the main drivers of change. Other PSI discussed
This document summarizes a presentation on developments of the GDPR since its commencement. It discusses current problems with the GDPR including determining which laws apply, risks for service providers like liability for compensation, and potential claims for compensation. It also covers issues like joint liability, risks of warning letters from competitors, interactions between GDPR and copyright law, and the future development of privacy regulations.
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
The document discusses the challenges facing public sector organizations in the EU in adopting cloud solutions due to concerns over privacy and data protection. Recent legal changes like the invalidation of the Safe Harbor agreement and the passage of CISA in the US have increased worries that personal data of EU citizens could be accessed by US intelligence agencies. The upcoming GDPR will also broaden the definition of personal data and increase responsibilities of organizations. To address these risks, the document proposes a "franchise" model where a local EU entity acts as the data processor and is contractually separated from the non-EU cloud provider to ensure data remains outside of US jurisdiction.
This document summarizes key points from a presentation about proposed changes to the EU's Data Protection Regulation. It discusses expanded definitions and new requirements for consent, data breaches, subject access requests and more. Consent would need to be explicit under the new rules. IP addresses and cookies may be defined as personal data, affecting digital marketing. Data subjects could request deletion of data. Organizations would face stricter security rules and larger fines for noncompliance. The impact on direct marketing could be significant.
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Dr. Donald Macfarlane
The document discusses how Britain's decision to exit the EU makes compliance with the General Data Protection Regulation (GDPR) even more important for businesses. The GDPR will apply from May 2018 and regulates how personal data of EU citizens is handled. It creates unified data protection across EU countries and non-compliance can result in large fines. The Brexit vote occurred after the GDPR was published, so businesses processing EU citizens' data will still need to comply with the GDPR whether they operate inside or outside the EU. The document provides examples of best practices for complying with GDPR rights like access, rectification, erasure, and outlines how understanding where data resides is crucial.
EU General Data Protection: Implications for Smart Meteringnuances
This presentation provides the reader with an insight into the politics of EU Data protection as well as an overview of the key stakeholders. We focus on the implication for the smart metering industry.
Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...Kevin O'Shea
Together with my (future) partner, Peter Imse, these are the slides for our June 2011 CLE presented in conjunction with the First American Title Insurance Company. The topics in these slides were revisited in my June 2014 presentation (Avoiding Technical Fouls:Selected Ethical Issues in Advertising, Social Media, and Cloud Computing). Nevertheless, there is some interesting data in this presentation that does not appear in my June 2014 slides.
This document discusses data privacy and protection. It provides insights from internal and external experts on this topic. It addresses issues like how new European guidelines will affect information managers and what IT teams need to know about data retention. Specific topics covered include the safe harbour ruling between European and US data privacy laws, defining personal data and retention policies, and how new data privacy laws impact records managers and what IT needs to know.
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
This second output of the GIG focuses on the definition of Personal Data under the GDPR, explaining how it will affect companies in the online advertising space.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Technology’s role in data protection – the missing link in GDPR transformationat MicroFocus Italy ❖✔
This document discusses the role of technology in data protection and GDPR compliance. It argues that technology has historically been both the cause of data protection issues as well as the solution, but technologies have not always been designed with data protection in mind. The GDPR will require organizations to critically examine their technologies and ensure they have the capabilities needed to comply with principles like data minimization, individual rights to access and erasure, and security. Organizations need to understand how personal data flows through their systems and assess technology risks in order to design systems that protect privacy by default. Failure to address technology issues could lead to regulatory fines and litigation under the GDPR.
Data theft rules and regulations things you should know (pt.1)Faidepro
The IT Act appears to be adequate in regards to data theft, it is insufficient in addressing the minute technical intricacies involved in such a crime, leaving gaps in the law and allowing the perpetrators to get away with it. Since this problem affects more than one country and has international implications, we have briefed the countries that have such law and how it works; Which will be covered in two parts.
1) Binding Corporate Rules (BCRs) provide a framework for companies to legally transfer personal data within a corporate group across borders in compliance with EU data privacy laws. Several large payment companies have already implemented BCRs.
2) The EU's upcoming General Data Protection Regulation will significantly strengthen data privacy laws and compliance obligations. Companies can prepare by implementing BCRs, which establish robust privacy governance policies, procedures, and accountability.
3) BCRs help companies streamline privacy practices, demonstrate compliance, and facilitate legal data transfers both within and outside the EU. An increasing number of companies are pursuing BCR approval from European data protection authorities.
This document provides an overview of the General Data Protection Regulation (GDPR). It discusses what personal data is, the rights to privacy and data protection under the GDPR and European law. It explains that the GDPR applies broadly to any company that processes personal data of EU residents, regardless of location. Companies have obligations around obtaining permission for data processing, providing transparency around data usage, implementing security measures, and designating a data protection officer if required. The GDPR aims to better protect privacy and give individuals more control over their personal data.
The document discusses key priorities for boards to consider regarding implementation of the General Data Protection Regulation (GDPR). It provides an overview of the new requirements under GDPR, including expanded individual data rights for EU citizens, increased fines for noncompliance, and broader territorial scope. The document advises boards to ensure proper oversight of their organization's GDPR compliance programs, including regular reporting on status, audits, investigations and market developments. Directors could face liability for failing to oversee GDPR compliance risks.
This document summarizes a webinar discussing guidance on transatlantic data transfers after the Schrems ruling. The webinar covered the background of the Schrems case and ruling, statements from the Article 29 Working Party and various data protection authorities, developments regarding Safe Harbor 2.0, and recommendations for businesses to audit their data transfer practices and implement alternative transfer mechanisms like standard contractual clauses.
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
No Man is an Island: The Battle for Data PrivacyKate Chan
The document discusses upcoming changes to data protection legislation in Europe and the implications for companies. The EU General Data Protection Regulation (GDPR) will replace the 1995 Data Protection Directive in May 2018, imposing stricter rules around data collection, use, and transfers. It also discusses the replacement of the invalidated US-EU Safe Harbor agreement with the new EU-US Privacy Shield framework and the uncertainty caused by Brexit. The implications are that companies will need to devote more resources to data compliance and mobile ediscovery solutions may help address issues around cross-border data transfers and GDPR requirements.
Copyright law revision on both sides of the AtlanticMark Seeley
The document discusses ongoing discussions around copyright law reforms in both the European Union and United States to address the digital environment. In Brussels, the focus is on creating a digital single market in Europe, while in Washington the discussions center around more specific initiatives like modernizing the Copyright Office. Both regions agree more needs to be done to protect copyrighted works online and improve enforcement. Differences include the EU's focus on harmonizing exceptions across countries and issues around digital research, while the US does not have the same harmonization concerns.
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
KYS - Instead of surprises know your suppliers (Compliance Series)IgorMate
This document discusses the importance of know your supplier (KYS) compliance. It notes that not properly knowing suppliers can lead to surprises like bribery, conflicts of interest, or asset misappropriation, with financial, reputational, and even criminal consequences. An effective KYS system aims to prevent and discover misconduct, mitigate risks, and realize better prices/services. It should define who to check, the checking methods, and integrate with other compliance areas.
Building a bridge to CPA firm of the futureCPA.com
What does the power of smart business mean for CPAs and their clients? In this era of change for the profession, digital transformation, globalization and other forces in play, this is one of the most challenging and exciting times to pursue a career as an accountant. Erik Asgeirsson, president and CEO of CPA.com, will discuss aspects of the changing technology landscape, the challenge of staying relevant and the great opportunities that lie ahead for those who embrace technology and specialization. He will be joined by a panel of tech-savvy firm leaders who will offer insight into how they developed smart business strategies and advanced their role as trusted advisers to clients.
This document summarizes key points from a presentation about proposed changes to the EU's Data Protection Regulation. It discusses expanded definitions and new requirements for consent, data breaches, subject access requests and more. Consent would need to be explicit under the new rules. IP addresses and cookies may be defined as personal data, affecting digital marketing. Data subjects could request deletion of data. Organizations would face stricter security rules and larger fines for noncompliance. The impact on direct marketing could be significant.
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Dr. Donald Macfarlane
The document discusses how Britain's decision to exit the EU makes compliance with the General Data Protection Regulation (GDPR) even more important for businesses. The GDPR will apply from May 2018 and regulates how personal data of EU citizens is handled. It creates unified data protection across EU countries and non-compliance can result in large fines. The Brexit vote occurred after the GDPR was published, so businesses processing EU citizens' data will still need to comply with the GDPR whether they operate inside or outside the EU. The document provides examples of best practices for complying with GDPR rights like access, rectification, erasure, and outlines how understanding where data resides is crucial.
EU General Data Protection: Implications for Smart Meteringnuances
This presentation provides the reader with an insight into the politics of EU Data protection as well as an overview of the key stakeholders. We focus on the implication for the smart metering industry.
Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...Kevin O'Shea
Together with my (future) partner, Peter Imse, these are the slides for our June 2011 CLE presented in conjunction with the First American Title Insurance Company. The topics in these slides were revisited in my June 2014 presentation (Avoiding Technical Fouls:Selected Ethical Issues in Advertising, Social Media, and Cloud Computing). Nevertheless, there is some interesting data in this presentation that does not appear in my June 2014 slides.
This document discusses data privacy and protection. It provides insights from internal and external experts on this topic. It addresses issues like how new European guidelines will affect information managers and what IT teams need to know about data retention. Specific topics covered include the safe harbour ruling between European and US data privacy laws, defining personal data and retention policies, and how new data privacy laws impact records managers and what IT needs to know.
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
This second output of the GIG focuses on the definition of Personal Data under the GDPR, explaining how it will affect companies in the online advertising space.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Technology’s role in data protection – the missing link in GDPR transformationat MicroFocus Italy ❖✔
This document discusses the role of technology in data protection and GDPR compliance. It argues that technology has historically been both the cause of data protection issues as well as the solution, but technologies have not always been designed with data protection in mind. The GDPR will require organizations to critically examine their technologies and ensure they have the capabilities needed to comply with principles like data minimization, individual rights to access and erasure, and security. Organizations need to understand how personal data flows through their systems and assess technology risks in order to design systems that protect privacy by default. Failure to address technology issues could lead to regulatory fines and litigation under the GDPR.
Data theft rules and regulations things you should know (pt.1)Faidepro
The IT Act appears to be adequate in regards to data theft, it is insufficient in addressing the minute technical intricacies involved in such a crime, leaving gaps in the law and allowing the perpetrators to get away with it. Since this problem affects more than one country and has international implications, we have briefed the countries that have such law and how it works; Which will be covered in two parts.
1) Binding Corporate Rules (BCRs) provide a framework for companies to legally transfer personal data within a corporate group across borders in compliance with EU data privacy laws. Several large payment companies have already implemented BCRs.
2) The EU's upcoming General Data Protection Regulation will significantly strengthen data privacy laws and compliance obligations. Companies can prepare by implementing BCRs, which establish robust privacy governance policies, procedures, and accountability.
3) BCRs help companies streamline privacy practices, demonstrate compliance, and facilitate legal data transfers both within and outside the EU. An increasing number of companies are pursuing BCR approval from European data protection authorities.
This document provides an overview of the General Data Protection Regulation (GDPR). It discusses what personal data is, the rights to privacy and data protection under the GDPR and European law. It explains that the GDPR applies broadly to any company that processes personal data of EU residents, regardless of location. Companies have obligations around obtaining permission for data processing, providing transparency around data usage, implementing security measures, and designating a data protection officer if required. The GDPR aims to better protect privacy and give individuals more control over their personal data.
The document discusses key priorities for boards to consider regarding implementation of the General Data Protection Regulation (GDPR). It provides an overview of the new requirements under GDPR, including expanded individual data rights for EU citizens, increased fines for noncompliance, and broader territorial scope. The document advises boards to ensure proper oversight of their organization's GDPR compliance programs, including regular reporting on status, audits, investigations and market developments. Directors could face liability for failing to oversee GDPR compliance risks.
This document summarizes a webinar discussing guidance on transatlantic data transfers after the Schrems ruling. The webinar covered the background of the Schrems case and ruling, statements from the Article 29 Working Party and various data protection authorities, developments regarding Safe Harbor 2.0, and recommendations for businesses to audit their data transfer practices and implement alternative transfer mechanisms like standard contractual clauses.
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
No Man is an Island: The Battle for Data PrivacyKate Chan
The document discusses upcoming changes to data protection legislation in Europe and the implications for companies. The EU General Data Protection Regulation (GDPR) will replace the 1995 Data Protection Directive in May 2018, imposing stricter rules around data collection, use, and transfers. It also discusses the replacement of the invalidated US-EU Safe Harbor agreement with the new EU-US Privacy Shield framework and the uncertainty caused by Brexit. The implications are that companies will need to devote more resources to data compliance and mobile ediscovery solutions may help address issues around cross-border data transfers and GDPR requirements.
Copyright law revision on both sides of the AtlanticMark Seeley
The document discusses ongoing discussions around copyright law reforms in both the European Union and United States to address the digital environment. In Brussels, the focus is on creating a digital single market in Europe, while in Washington the discussions center around more specific initiatives like modernizing the Copyright Office. Both regions agree more needs to be done to protect copyrighted works online and improve enforcement. Differences include the EU's focus on harmonizing exceptions across countries and issues around digital research, while the US does not have the same harmonization concerns.
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
KYS - Instead of surprises know your suppliers (Compliance Series)IgorMate
This document discusses the importance of know your supplier (KYS) compliance. It notes that not properly knowing suppliers can lead to surprises like bribery, conflicts of interest, or asset misappropriation, with financial, reputational, and even criminal consequences. An effective KYS system aims to prevent and discover misconduct, mitigate risks, and realize better prices/services. It should define who to check, the checking methods, and integrate with other compliance areas.
Building a bridge to CPA firm of the futureCPA.com
What does the power of smart business mean for CPAs and their clients? In this era of change for the profession, digital transformation, globalization and other forces in play, this is one of the most challenging and exciting times to pursue a career as an accountant. Erik Asgeirsson, president and CEO of CPA.com, will discuss aspects of the changing technology landscape, the challenge of staying relevant and the great opportunities that lie ahead for those who embrace technology and specialization. He will be joined by a panel of tech-savvy firm leaders who will offer insight into how they developed smart business strategies and advanced their role as trusted advisers to clients.
This document summarizes a panel discussion at the Aria Resort and Casino in Las Vegas on June 9, 2014 about strategic options for accounting firms. The panel, moderated by Erik Asgeirsson, President and CEO of CPA.com, discussed whether firms should offer high-end strategic advisory services or high-volume, low-cost accounting. They covered trends driving changes like cloud computing. Panelists Nicole Ksiazek and Steve Chaney shared their models of focusing on niche verticals and technology platforms like Bill.com or Xero. Firms must choose solutions, staffing strategies, and pricing models to stay relevant in this evolving landscape.
This document discusses how CPAs can become "digital CPAs" by embracing technology and innovation. It defines a digital CPA as having evolved from a transactional model to using technology to build digital workflows and standardize processes, and ultimately becoming a trusted business advisor operating in a digital capacity. It emphasizes that becoming digital is a mindset, not just a skillset, and involves developing a vision, evaluating processes for improvement, researching available tools, and consistently reevaluating options. CPAs are encouraged to think strategically and not plan purely operationally, and to seek additional resources on becoming future-ready.
This document provides a tutorial on VBScript syntax and features. It begins with an overview of VBScript, including its history, uses, and advantages. It then covers VBScript syntax elements like whitespace, formatting, comments, and reserved words. Multiple code examples are provided to demonstrate different syntax structures. The tutorial also introduces basic VBScript programming concepts like variables, operators, decisions, loops, and functions.
The future ready cpa are you ready for the challenge - PICPA Leadership Con...CPA.com
Increasing complexity in the future will continue to challenge individual CPAs, their firms and
their clients. CPA.com has partnered with the Institute for Global Futures in an effort to understand
the current state of the profession relative to being “future ready”. Come and learn how
to better anticipate change and adapt faster. Better preparedness to meet the challenges of the
future is critical to tomorrow’s success.
En enero de este año, la Comisión Europea reveló un borrador de su Reglamento de Protección de Datos Europea para reemplazar la anterior Directiva de Protección de Datos.
Securing data in the cloud: A challenge for UK Law FirmsCloudMask inc.
Authorities including the UK Information Commissioner, the Solicitors Regulation Authority
(SRA) and the Council of Bars and Law Societies of Europe (CCBE) are establishing
requirements which are conflicting with the main foundation of cloud computing and in
many cases making it impossible to implement
This document discusses some of the key legal issues related to cloud computing. It covers 3 areas: 1) personal data protection laws which cloud computing exposes issues with due to reduced user control and complex application of laws across borders, 2) contracting issues where cloud contracts often limit liability to levels below potential risks and include other problematic clauses, and 3) liability for illegal data where cloud providers need to balance storage protections with processing activities and respond to takedown notices. Compliance with various regulations is also challenging for cloud services.
This document discusses regulatory issues related to moving data centers to Romania. It outlines key considerations under Romanian law regarding applicable data protection law, data security requirements, and compliance with law enforcement disclosure requests. Specifically, it notes that Romanian data protection law applies to non-EU entities with equipment in Romania, and that data security must be ensured through both contractual and factual safeguards. It also describes the Romanian authorities that can request access to data and issues around challenging such requests.
From the FinTech Webinar Series. Explores:
1. Recent Federal Cybersecurity Developments: Executive Order, NIST Standards, Information-Sharing, Legislation
2. Privacy and Security Issues in Cloud Computing Contracts
3. International Privacy and Transferring Data Across Borders
4. Mobile Devices and Mobile Apps
5. Workplace and Corporate Governance Developments
6. The FTC’s New Rules Concerning Children’s Privacy
The document provides an overview of the key aspects of the new EU General Data Protection Regulation (GDPR) which takes effect in May 2018. It discusses some of the major changes and implications of the GDPR compared to previous data protection laws. Specifically, it notes that the GDPR has tighter definitions, will have direct effect across EU members, requires express consent for data processing, gives individuals more rights over their personal data, mandates reporting data breaches, and imposes much heavier penalties for non-compliance. It also summarizes some of the major implications of the GDPR for businesses, such as applying to all vendors, needing to respond to personal data requests promptly, and diverting resources to deal with more information requests.
Cloud Computing a leading and getting widely adopted technology in industry, unveils some unprecedented challenges to security of company’s resources such as capital and knowledge based assets. Hither to no much attention has been paid by the governments and there is neither any universal standard adopted, nor any breakthrough to take up these challenges. Traditional contracts and licensing agreements may not provide adequate legal resources and remedies normally associated with the layers of protection for corporations. Intellectual Property, Foreign Direct Investments (FDI) and corporate governance issues have to be fully explored and practiced in domestic and international markets. So this paper discusses the need of establishment of Law and judicial framework of policies to the services embedding cloud computing technology, besides this it also addresses legal issues and existing policies adopted by different countries.
Data Protection in the EU | babelforce Insightbabelforce
https://www.babelforce.com
The Insight will go through the essential factors for EU business and data protection, focusing on a business process which is often affected: call recording.
This document discusses 10 common myths regarding compliance with the EU's General Data Protection Regulation (GDPR), which takes effect in May 2018. It aims to clarify misunderstandings about GDPR requirements.
The first myth addressed is that GDPR compliance is a one-time project like preparing for Y2K, but GDPR actually requires ongoing processes. The second myth is that no one will be fined, but regulators are likely to target large firms to set examples and fines could be up to 4% of revenue. The third myth is that all noncompliance will result in the maximum 4% fine, but fines will depend on factors like severity of the violation.
TRUST. IP and Technology Update - IT Audit Toolkit for CIOs and General Couns...Jan Lindberg
Planning the right strategy to survive third-party licence audits is essential to minimizing your expenses that arise out of third-party audits. In this article, we aim to provide experiences from recent IT disputes from the customer’s or target company’s perspective, as well as tools for handling different technology licensing related breach of contract and copyright infringement claims after licence audits.
First presented on April 4, 2018 at Deconomy event in Seoul, South Korea. Based on a previous presentation on the same topic at the Smart Cloud event held on September 21, 2016 also in Seoul.
This presentation discusses issues relating to cloud service contracts for municipalities. It notes that moving to cloud services requires focusing on contracting strategy and terms and conditions, as legal issues are complex. While some issues are traditional like outsourcing, cloud computing introduces new unique challenges. Key areas to focus on in contracts include governing law, data availability, intellectual property, privacy, termination, and exit strategies. The presentation provides examples of boilerplate contract language and issues to consider for negotiation to adequately protect a municipality's interests and manage risks of cloud computing arrangements.
Legal Challenges in Contracting for Cloud ServicesLou Milrad
This presentation discusses issues relating to cloud service contracts for municipalities. It notes that moving to cloud services requires focusing on contracting strategy and terms and conditions, as legal issues are complex. While some issues are traditional like outsourcing, cloud introduces new unique challenges. Key areas to focus on in contracts include governing law, data availability, intellectual property, privacy, termination, and exit strategies. The presentation provides examples of boilerplate contract language and issues to consider for these areas in negotiating cloud contracts.
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
This document provides an overview of the legal and ethical framework for the WITDOM project, which involves processing personal data in untrusted cloud environments. It discusses key European data protection and cybersecurity legislation and their application to new computing environments. Specifically, it examines the 1995 EU Data Protection Directive, the proposed General Data Protection Regulation, and the 2013 Network and Information Security Directive. It also assesses ethical guidelines to support human values like privacy, security and justice. The document identifies legal issues, principles and potential requirements or barriers to managing and protecting personal data in untrusted domains.
Impact of GDPR on the pre dominant business model for digital economiesEquiGov Institute
A brief description of the impact the General Data Protection Regulation (GDPR) could have on the proposed move towards a digital economy, especially for the Caribbean
How Does the ePrivacy Regulation and General Data ProtectionShield
Check out this slide to learn about ePrivacy regulation and General Data Protection Regulation. Is their implication brings more challenges to financial industries and Communications Compliance? Go through this slide for full info or visit this link: https://bit.ly/3nxlwLW
The document provides an agenda for a conference on cloud computing. It discusses:
1) Financial perspectives on cloud computing from Morgan Hill, focusing on understanding real IT costs.
2) Legal and security considerations for cloud computing from Taylor Wessing, including issues around data location, security, retention, and contractual terms.
3) The technology behind Amazon Web Services' cloud platform, including its scalable and reliable infrastructure services.
It emphasizes the importance of understanding an organization's real IT costs in order to evaluate potential cost savings from cloud computing solutions. Legal and practical security issues also need clear consideration to safely utilize cloud services.
Similar to Cloud computing in Hungarian financial industry 2013 (20)
2. Executive Summary
This review is to outline the key legal, regulatory and compliance concerns to be taken care of in
course of making business decisions on the subject matter.
As starting point, it is acknowledged that there is an extremely strong business potential of applying
cloud computing solutions (also) in the financial industry.
All the three areas, namely legal, regulatory and compliance have their authorities regarding the
question.
As per the details, services (contracts) are to be analyzed from the points of view of (i) general
commercial contracting, (ii) regulatory compliance and (iii) data protection compliance.
When aiming to explore and to mitigate various risks and so to drive the project towards legal
feasibility, the following findings has been found as key ones. On Cloud Computing as such there is no
Hungarian (or European) legislation in force (or even in the tube). Furthermore, while (since (only)
July, 2012) there is a basic guidance of the EU on Cloud Computing, there is no effective guidance or
even orientation from the respective Hungarian authorities (the HFSA and the DPA).
As a conclusion, we may state that from legal, regulatory and compliance point of view, banks, along
moderate risks, may (target to) enter into an Cloud Computing contract, but only subject to several
key assumptions and conditions.
3. Top strategic technology
Cloud Computing
has been identified
as one the top
strategic technology
which is going to
re-shape the world
in this decade.
(Gartner*)
*http://www.gartner.com/it/page.jsp?id=1454221
4. The issue
Technology of Cloud Computing is a forerunner being also (recently) ahead of legal
regulations.
In the EU/EEA law is more stringent (restrictive) in the field of personal data protection than
in the US.
5. The Pro and the Cons
The Pro
Cloud Computing offers enormous space (in double sense) that supports companies overall workflow
and management with state of the art, secure and cost effective hosted services.
The Cons
Decision on introduction of Cloud Computing solutions shall necessary be backed by answers to several
concerns – besides the IT/bank security ones, also from legal, regulatory and compliance point of view.
legal
EU and Hungarian personal data protection requirements
basic contractual issues
special issues raised by E-Discovery (regarding any litigation in the US)
regulatory
whether cloud computing qualifies and therefore controlled by HFSA as outsourcing
compliance
alignment with bank’s internal / Group corporate governance
ensuring control of Cloud Computing services by Compliance Department as well as by internal
and external auditors
6. The issues – Data protection (i)
Asynchrony of technological and legal developments
Technology of Cloud Computing is predominantly provided by US service providers whose homeland
law is far less restrictive in the field of personal data protection than EU/EEA law. In both jurisdictions
there is a lack of definite legislation on Cloud Computing (so far) that, while seems not to be a burden
in the US, raises concerns in the EU. This way, besides being a forerunner in technology, Cloud
Computing is also well ahead of legal and regulatory developments.
Self-regulatory efforts
The industry itself is fairly proactive in self-regulatory. Their organization, the Cloud Security Alliance
admits* that „specialized compliance requirements for highly regulated industries should be
considered and must address during requirements identification stage. Some regulatory requirements
specify controls that are difficult or impossible to achieve in certain cloud services types.”
* https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf (pp48)
7. The issues – Data protection (ii)
Developing EU regulatory environment
While the EU is recently working on the unified European data protection legislation (that will be a
form of a regulation, i.e. automatically compulsory for the member states), the legislation in force is
the so called Data Protection Directive 95/46/EC (the „Data Protection Directive”). This, firstly does
not cover cloud computing and, secondly, being a directive, allows national legislations to defer.
Despite of lack of legislation in force, the EU actively deals with the issue, albeit still in regulatory
drafting phase. Further to the Commission Decision of 5 February 2010 on the standard contractual
clauses for the transfer of personal data to processors established in third countries*(the „EU Model
Clauses”), on the cloud computing itself the EU has issued so far only an opinion: Article 29 Data
Protection Working Party Opinion 05/2012 on Cloud Computing** (the „EU Opinion”) on July 1st 2012
(!). Clearly, the three month old opinion has no practice yet. However since being welcome by the
industry, following its „rules” may result a kind of a compliance regarding the area of protection of
customer personal data.
One striking requirement of the EU Opinion that it refers to and reinforces Article 4 of Data Protection
Directive stating that applicable law of such contracts shall be thereof the country in which the data
controller (in our case the Banks) is established (i.e. Hungary).
* http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF
**http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-
recommendation/files/2012/wp196_en.pdf
8. The issues – Data protection (iii)
Uncertain Hungarian regulatory environment
This above highlighted European regulatory background results, that
(i) due to the option of deferring, Hungarian national legislation (in force) is, in theory, stricter than the
average European member state regulations, and
(ii) that is more problematic, the Hungarian Data Protection Authority (DPA) strikingly avoids the
subject of cloud computing. No precedent decisions, no guidance, even no participation in the public
debate, if there were no question at all.
Due to this evident retreat, even industry players, being active in dialogue on European level, do not
approach the Hungarian authorities for guidance, whatsoever. As we have been advised, unlike doing
it regarding other national data protection authorities where they acquired positive feedbacks*,
Supplier has not approached the Hungarian DPA yet.
Best practice
Irrespectively from the non-existence of definite legal requirements, Banks, as market leading in
Hungary shall take into consideration that „front-runner companies are highly committed to
protecting data, particularly customer information.” (PWC 2012 Global State of Information Security
Survey)**
* Supplier provided us with these confirmatory letters of several national data protection authorities
* * http://www.pwc.com/gx/en/information-security-survey (pp13)
9. The issues – Regulatory (i)
Cloud computing is a way of outsourcing
Applying cloud computing services, unquestionably qualifies as outsourcing. Accordingly, Cloud
Computing service contract shall comply with the respective requirements of the Hungarian Banking
Act.
HFSA (Hungarian Financial Supervisory Authority) Approach
HFSA, unlike the DPA, already did, although a very minor step towards guiding and orienting the
market in this respect. On July 18, 2012 it issued the 4/2012 HFSA Management Circular* (the HFSA
Circular”). Unfortunately, HFSA commitment to regulate and so to promote the financial industry in
this respect seems to be apparent, since the paper is simply the translation of communication of US
Federal Financial Institutions Examination Council (the „FFIEC”) on Outsourced Cloud Computing*
(the „FFIEC Statement”).
The FFIEC Statement and the HFSA Circular instead of aligning better the regulatory landscape with
the nature of cloud based solutions, disappointingly, advocate application of current regulations in
their existing form and imply that the cloud vendors will have to adapt and align their solutions to the
legacy regulatory environment. This basically means that authorities identify cloud computing as an
outsourced activity.
* http://www.pszaf.hu/akadalymentes/data/cms2364896/vezkorlev_4_2012.pdf
** http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_OutsourcingTechnologyServices.pdf
10. The issues – Regulatory (ii)
One of the key questions: can on spot regulatory audit be redeemed?
Hungarian Banking Act requires that outsourced services be, subject to a respective request or
general need, audited on spot by the HFSA (and also by the company and its auditors). A par
excellence key question of outsourcing (that HFSA does not address) is the on spot audit. Due to
the nature of the technology this cannot be ensured. Accordingly, cloud service contracts cannot be
in full compliance with the letter of the law of the current legislation in force.
The Statement/Circular call financial institutions to run a due diligence prior to contracting to ensure
that the provider will meet all the requirements. Once this due diligence is performed by an
independent third party, further to their initial audit they, from time to time, could be engaged with
operation audit as well. The report thereon, subject to the willingness of HFSA, could redeem the on
spot audit. However, recently, we are not aware of (we have not been advised either by Supplier on)
the existence of such third parties whom report could be used as kind of a certification, whatsoever
for this purposes.
HFSA surely will scrutinize the proposed cloud computing contracts as outsourced services and
banks will have to have robust arguments to make HFSA to buy in. Here we have to note that
Supplier has not yet approached HFSA (like they have not accomplished it regarding DPA) to seek
any preliminary guidance, opinion, whatsoever.
11. The issues – Other legal questions
Basic contractual issues
At early stage of the projects, prior having the strategic decision (based upon the IT/bank security and
legal concerns) drafts of multiple contracts being provided with by Supplier are regularly not analyzed
in their details .
However, we shall refer to that, due to the basic requirement of the EU, all contracts should be
governed by laws of Hungary.
Contracts governed by non-Hungarian laws shall be checked and confirmed by lawyers of the
respective jurisdiction(s).
Potential special requirements regarding E-discovery
If the bank is involved in litigations in the US, and would like to apply Cloud Computing services
regarding any banking system, it may raise questions regarding the so called E-discovery in US court
procedures. Any special obligations of the bank thereupon shall be checked and confirmed by US
litigation lawyers.
12. Conclusions
It is our conclusion that Banks, still taking moderate legal and regulatory risks, may (target to)
enter into an „Cloud Contract” subject to the key assumptions and conditions as follows:
contracts be governed by laws of Hungary
Supplier to represent and warrant that the service complies with the Hungarian data
protection legislation and complies with the requirements of Section 3.4 of EU Opinion
each sub-service provider of Supplier shall be contracted under EU Model Clauses or in Safe
Harbor (certified by independent auditor); Supplier shall ensure that Banks be entitled to
instruct sub-service providers directly, should it be the case
Supplier to deliver independent certification or the Bank and the Supplier mutually to
approach HFSA for preliminary guidance/clearance stating that Supplier/the services comply
with the requirements of Hungarian Banking Act regarding outsourcing (apart form on spot
audit)
Supplier to undertake to indemnify the Bank should it suffer any damages due to non-
compliance and the Bank shall be entitled to terminate with immediate effect the entire
agreement, should Banks/Supplier fail to obtain clearance from HFSA and DPA
The bank is to consider to engage external legal advisers for counseling regarding contracts
governed non-Hungarian law(s) and, subject to developments on the above conditions, for
providing the bank with a double check regarding regulatory compliance of the services
13. Dr. Igor Máté
Head of Business Legal Services
MKB Bank
https://www.linkedin.com/in/igormate