The new EU-US Privacy Shield, covering transatlantic exchanges of personal data for commercial purposes, went into effect in July 2016. Although this is a critical issue, many companies are not aware of the implications it has for them. What steps do companies need to take when transferring data from Europe to the US?
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
We outline the proposed changes in the EU General Data Protection Regulation (GDPR) and its effect on the privacy of US-EU Data transfers.
Access the complete webinar on how the EU GDPR will affect your business https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page.html?asset=J68IQUDK-565
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
To watch the full on-demand webinar recording please visit: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html
As the scope of EU law extends its reach globally, we are also seeing greater international regulatory co-operation. Whether it’s the FTC, the FCC or European DPAs - global privacy regulators are taking steps to prioritize and address top concerns that affect everyone on a global scale.
In this on-demand webinar the speakers will:
• Review the latest case law and enforcement actions from the last 12 months
• Address the impact of the rise of activism and the role of individuals like Max Schrems who have forced legal changes
• Provide their perspectives on future outcomes and how to keep your company out of the regulatory spotlight
Register to watch this on-demand webinar now to to learn how to keep your company out of the regulatory spotlight: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
Webinar to understand the new EU-US Privacy Shield Framework which replaces the EU-US Safe harbor framework followed by a demo of the TRUSTe EU data privacy transfer assessment.
Visit https://info.truste.com/WB-2016-02-10-Insight-Series-Privacy-Shield_RegPage-On-Demand_Recording.html to view the complete webinar.
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
We outline the proposed changes in the EU General Data Protection Regulation (GDPR) and its effect on the privacy of US-EU Data transfers.
Access the complete webinar on how the EU GDPR will affect your business https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page.html?asset=J68IQUDK-565
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
To watch the full on-demand webinar recording please visit: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html
As the scope of EU law extends its reach globally, we are also seeing greater international regulatory co-operation. Whether it’s the FTC, the FCC or European DPAs - global privacy regulators are taking steps to prioritize and address top concerns that affect everyone on a global scale.
In this on-demand webinar the speakers will:
• Review the latest case law and enforcement actions from the last 12 months
• Address the impact of the rise of activism and the role of individuals like Max Schrems who have forced legal changes
• Provide their perspectives on future outcomes and how to keep your company out of the regulatory spotlight
Register to watch this on-demand webinar now to to learn how to keep your company out of the regulatory spotlight: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
Webinar to understand the new EU-US Privacy Shield Framework which replaces the EU-US Safe harbor framework followed by a demo of the TRUSTe EU data privacy transfer assessment.
Visit https://info.truste.com/WB-2016-02-10-Insight-Series-Privacy-Shield_RegPage-On-Demand_Recording.html to view the complete webinar.
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...TrustArc
With the recent CJEU ruling on the invalidity of Safe Harbor, companies should focus on Interoperable Privacy Frameworks to tackle cross border data transfers with a BCR (Binding Corporate Rules) platform.
Watch the complete webinar on how APEC, CBPR & BCR should come together for global interoperability https://info.truste.com/On-Demand-Webinar-Reg-Page-V3.html?asset=XCPH8VUG-586
The GDPR: What About Data Stored or Transmitted Outside the EU?TAG Alliances
The General Data Protection Regulation (GDPR): What About Data Stored or Transmitted Outside the EU? Written by: Rutger Ketting of Nysingh advocaten-notarissen N.V. (Apeldoorn, The Netherlands - TAGLaw).
What is the new data protection regulation GDPR and why should you care? Jesp...Exove
What is the new data protection regulation GDPR and why should you care? by Jesper Nevalainen, Bird & Bird
Exove and Bird & Bird seminar on Nov 23rd 2016: "GDPR - Practical Effects on Digital Business - juridical, technical, and customer point of view"
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
EU General Data Protection Regulation - Update 2017Cliff Ashcroft
This free Lasa webinar looks at why data protection is important in a digital world, and what practical things charities and civil society organisations can do to prepare for when the EU General Data Protection Regulations come into force in May 2018.
It is vital charities use the next 12 months to understand their new responsibilities and put the required processes in place.
Our webinar gives you the opportunity to ensure you are prepared for what’s to come by putting your #GDPR questions to our data protection expert and published author, Paul Ticher.
Lasa does lots more charity tech help and advice - find out more at: Twitter: @lasaict
Acknowledgements:
Lasa actively promotes and supports the Way Ahead – Civil Society at the Heart of London. See www.citybridgetrust.org.uk/publications/way-ahead/
This webinar is supported by the City of London Corporation's charity, City Bridge Trust. www.citybridgetrust.org.uk
[Webinar Slides] Privacy Shield is Here – What You Need to KnowTrustArc
To read more about Privacy Shield visit: https://www.truste.com/business-products/dpm-services/eu-privacy-shield/
To schedule a consultation to learn more about TRUSTe EU–U.S. Privacy Shield Solutions visit: https://www.truste.com/about-truste/contact-us/?id=Web-PrivacyShield-LearnMoreFloat-Form_LP_v2
Watch the full on-demand webinar recording accompanying these slides by visiting: https://info.truste.com/privacy-shield-what-you-need-to-know-webinar.html
The new Privacy Shield Framework has been formally adopted after months of rigorous EU regulatory review and the Department of Commerce is expected to start taking submissions in August. What does this mean for companies looking to comply with the new Framework?
Register NOW to watch the on-demand webinar immediately as it will:
1. Take you through the detailed changes from the previous Safe Harbor Framework
2. Explain how you can prepare for the additional requirements and scrutiny
3. Review the changes that include: new privacy policy disclosures; accountability for onward transfers; greater monitoring and regulatory enforcement; enhanced dispute resolution and detailed audit trail documentation and reporting.
Make sure to register NOW to watch the on-demand webinar at: https://info.truste.com/privacy-shield-what-you-need-to-know-webinar.html
To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
GDPR (EU 2016/679) and NIS are intended to strengthen data protection for people in the EU, replacing Directive 95/46/EC. Learn how HyTrust can help with compliance.
With GDPR on the horizon, businesses are expressing concerns over the pressures to prepare ahead of the 25th May. However, the process of compliance needn’t be so overwhelming...
EU US Privacy Shield vs. GDPR Infographic from TRUSTeTrustArc
Infographic that compares the timelines and compliance of EU-US Privacy Shield and EU General Data Protection Regulation (GDPR) framework.
Visit https://www.truste.com/business-products/eu-privacy-shield/ to make your business EU US privacy shield regulation compliant.
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
This webinar provides an overview of:
- The regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Risk management and the GDPR
- Legal requirement for a DPIA
- Why and how to conduct a data flow mapping exercise
- What are the challenges?
- What is an information flow?
- The questions to ask
- Data flow mapping techniques.
A recording of this webinar is available here:
https://youtu.be/EZFgrmzmPYE
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Data breaches
- Notification rules
- Supervisory authorities
- EU Data Protection Board
View the webinar here: https://www.youtube.com/watch?v=eww0D_y6Hfo
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Security of personal data
- Data protection officer
View the webinar here: https://www.youtube.com/watch?v=u285y9hhgOo
The New Privacy Shield for Trans-Atlantic Data - Is the Shield Better, Differ...Mark Aldrich
This presentation provided an overview of the proposed Privacy Shield to ease the transfer of personal information of EU citizens to the US for processing as a response to the European Court of Justice opinion invalidating its predecessor, the U.S. - EU Safe Harbor. The presentation examined the new standards, procedural requirements and compliance obligations of US companies and the new dispute resolution mechanisms available to EU citizens.
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...TrustArc
With the recent CJEU ruling on the invalidity of Safe Harbor, companies should focus on Interoperable Privacy Frameworks to tackle cross border data transfers with a BCR (Binding Corporate Rules) platform.
Watch the complete webinar on how APEC, CBPR & BCR should come together for global interoperability https://info.truste.com/On-Demand-Webinar-Reg-Page-V3.html?asset=XCPH8VUG-586
The GDPR: What About Data Stored or Transmitted Outside the EU?TAG Alliances
The General Data Protection Regulation (GDPR): What About Data Stored or Transmitted Outside the EU? Written by: Rutger Ketting of Nysingh advocaten-notarissen N.V. (Apeldoorn, The Netherlands - TAGLaw).
What is the new data protection regulation GDPR and why should you care? Jesp...Exove
What is the new data protection regulation GDPR and why should you care? by Jesper Nevalainen, Bird & Bird
Exove and Bird & Bird seminar on Nov 23rd 2016: "GDPR - Practical Effects on Digital Business - juridical, technical, and customer point of view"
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
EU General Data Protection Regulation - Update 2017Cliff Ashcroft
This free Lasa webinar looks at why data protection is important in a digital world, and what practical things charities and civil society organisations can do to prepare for when the EU General Data Protection Regulations come into force in May 2018.
It is vital charities use the next 12 months to understand their new responsibilities and put the required processes in place.
Our webinar gives you the opportunity to ensure you are prepared for what’s to come by putting your #GDPR questions to our data protection expert and published author, Paul Ticher.
Lasa does lots more charity tech help and advice - find out more at: Twitter: @lasaict
Acknowledgements:
Lasa actively promotes and supports the Way Ahead – Civil Society at the Heart of London. See www.citybridgetrust.org.uk/publications/way-ahead/
This webinar is supported by the City of London Corporation's charity, City Bridge Trust. www.citybridgetrust.org.uk
[Webinar Slides] Privacy Shield is Here – What You Need to KnowTrustArc
To read more about Privacy Shield visit: https://www.truste.com/business-products/dpm-services/eu-privacy-shield/
To schedule a consultation to learn more about TRUSTe EU–U.S. Privacy Shield Solutions visit: https://www.truste.com/about-truste/contact-us/?id=Web-PrivacyShield-LearnMoreFloat-Form_LP_v2
Watch the full on-demand webinar recording accompanying these slides by visiting: https://info.truste.com/privacy-shield-what-you-need-to-know-webinar.html
The new Privacy Shield Framework has been formally adopted after months of rigorous EU regulatory review and the Department of Commerce is expected to start taking submissions in August. What does this mean for companies looking to comply with the new Framework?
Register NOW to watch the on-demand webinar immediately as it will:
1. Take you through the detailed changes from the previous Safe Harbor Framework
2. Explain how you can prepare for the additional requirements and scrutiny
3. Review the changes that include: new privacy policy disclosures; accountability for onward transfers; greater monitoring and regulatory enforcement; enhanced dispute resolution and detailed audit trail documentation and reporting.
Make sure to register NOW to watch the on-demand webinar at: https://info.truste.com/privacy-shield-what-you-need-to-know-webinar.html
To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
GDPR (EU 2016/679) and NIS are intended to strengthen data protection for people in the EU, replacing Directive 95/46/EC. Learn how HyTrust can help with compliance.
With GDPR on the horizon, businesses are expressing concerns over the pressures to prepare ahead of the 25th May. However, the process of compliance needn’t be so overwhelming...
EU US Privacy Shield vs. GDPR Infographic from TRUSTeTrustArc
Infographic that compares the timelines and compliance of EU-US Privacy Shield and EU General Data Protection Regulation (GDPR) framework.
Visit https://www.truste.com/business-products/eu-privacy-shield/ to make your business EU US privacy shield regulation compliant.
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
This webinar provides an overview of:
- The regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Risk management and the GDPR
- Legal requirement for a DPIA
- Why and how to conduct a data flow mapping exercise
- What are the challenges?
- What is an information flow?
- The questions to ask
- Data flow mapping techniques.
A recording of this webinar is available here:
https://youtu.be/EZFgrmzmPYE
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Data breaches
- Notification rules
- Supervisory authorities
- EU Data Protection Board
View the webinar here: https://www.youtube.com/watch?v=eww0D_y6Hfo
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Security of personal data
- Data protection officer
View the webinar here: https://www.youtube.com/watch?v=u285y9hhgOo
The New Privacy Shield for Trans-Atlantic Data - Is the Shield Better, Differ...Mark Aldrich
This presentation provided an overview of the proposed Privacy Shield to ease the transfer of personal information of EU citizens to the US for processing as a response to the European Court of Justice opinion invalidating its predecessor, the U.S. - EU Safe Harbor. The presentation examined the new standards, procedural requirements and compliance obligations of US companies and the new dispute resolution mechanisms available to EU citizens.
The EU recently issued a decision of adequacy regarding the newly developed EU-U.S. Privacy Shield program. U.S. companies can sign up beginning August 1, 2016, and will receive certain advantages if they sign up before October 1. Should you join? What are the benefits? What are the downsides? This timely eLunch walked companies through the pros and cons of participating in the Privacy Shield program and provided step-by-step guidance on how to join.
¿Te gustaría aumentar tus beneficios entre un 25 y un 95%?
A continuación vamos a ver las herramientas necesarias para que consigas aumentar la fidelidad de tus clientes y hacer que éstos inviertan más dinero en tu centro de estética por más tiempo.
High Availability (HA) Explained - second editionMaciej Lasyk
I gave this talk at one of the biggest Linux conferences in Poland: 11 Liux Session that took place in Wrocław on 5/6-04-2014. It was a lightning talk covering subject of High Availability solutions, architecture, planning and deploying.
In view of the U.S. approval process for biosimilars, companies are gearing up to either produce their own biosimilar products, or to defend against their entry onto the market. While the Biologics Price Competition and Innovation Act (BPCIA) spells out many of the requirements, the pathway for approval is complicated. Our panel of experts discuss the features of the BPCIA and how it operates for both approved biologics as well as biosimilar entrants. They also make some predictions on its impact for life science companies.
The webinar is 60 minutes, complete with Q&A.
With the Court of Justice of the EU (CJEU) disavowing the US-EU Safe Harbor Framework, TRUSTe outlines the alternatives to comply with the EU Data Protection Directive for international data transfers and on what to expect in US-EU Safe Harbor Framework 2.0.
Access the complete webinar to anticipate the updated US-EU Safe Harbor Framework https://info.truste.com/lp/truste/On-Demand-109-Webinar-Reg-Page.html?asset=JEUYE80N-572
The State of Sales & Marketing at the 50 Fastest-Growing B2B CompaniesDrift
Google the phrase sales and marketing advice and you'll be met with more than 90 million results.
With so many different theories, opinions, and strategies on sales and marketing to sort through, it can be hard to separate the good advice from the bad. And when faced with contradictory ideas, who do you believe?
Do you side with the sales and marketing influencer from this company over here who's telling you to do x, or the consultant from that company over there who's telling you to do y?
We recently teamed up with Mattermark to take a different approach to understanding sales and marketing best practices. Instead of simply listening to what companies were saying about sales and marketing, we looked into what companies were actually doing.
And more specifically, we looked at the 50 fastest-growing B2B companies in the U.S. to see what we could learn.
Effective Dashboard Design: Why Your Baby is UglyAaron Hursman
Effective dashboard design delivers on the promise of targeted, accessible, and actionable information for organizations looking to maximize their profits. Through good, bad, and very ugly examples, you will learn about practical design techniques and challenges that dashboard designers face today.
[Presented on SXSW Interactive 2010]
Design Principles of Excel Dashboards & ReportsWiley
Get yourself into a dashboard state of mine with these best practices for Excel dashboards and reports.
Content from Excel Dashboards & Reports For Dummies by Michael Alexander. Learn more: http://bit.ly/FDExcelDashboards
and
SalesForce.com For Dummies by Tom Wong, Liz Kao, Matt Kaufma. Learn more: http://bit.ly/ForDummiesSF
How to run system administrator recruitment process? By creating platform based on open source parts in just 2 nights! I gave this talk in Poland / Kraków OWASP chapter meeting on 17th October 2013 at our local Google for Entrepreneurs site. It's focused on security and also shows how to create recruitment process in CTF / challenge way.
This story covers mostly security details of this whole platform. There's great chance, that I will give another talk about this system but this time focusing on technical details. Stay tuned ;)
An immersive workshop at General Assembly, SF. I typically teach this workshop at General Assembly, San Francisco. To see a list of my upcoming classes, visit https://generalassemb.ly/instructors/seth-familian/4813
I also teach this workshop as a private lunch-and-learn or half-day immersive session for corporate clients. To learn more about pricing and availability, please contact me at http://familian1.com
3 Things Every Sales Team Needs to Be Thinking About in 2017Drift
Thinking about your sales team's goals for 2017? Drift's VP of Sales shares 3 things you can do to improve conversion rates and drive more revenue.
Read the full story on the Drift blog here: http://blog.drift.com/sales-team-tips
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
A new transatlantic data transfer framework is changing the way U.S. companies handle, transfer and store data from EU citizens.
Now, American companies face stronger obligations to protect this data, and if your company handles or wants to handle personal data from the EU, it will have to prove it meets the requirements of Privacy Shield.
If the idea of understanding and complying with Privacy Shield seems overwhelming, or you just want to learn more about it, we’re here to help.
In this deck we cover:
• How Privacy Shield differs from Safe Harbor
• The 2 options you have to prove you’re compliant
• The principles of Privacy Shield, and more
USA and Europe (EU) do have a different way of looking into privacy. This PPT is about who is responsible and what kind of rules are in place. This is a A Medved Consultants LLC Presentation. This may not be considered as a legal advice.
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Brian Miller, Solicitor
In a more detailed look at data protection, Vicki Bowles takes a look at the new draft EU Data Protection Regulation, disclosure and BYOD (Bring Your Own Device).
Brian Miller then covers ISO certification, how to check whether your vendor’s systems are secure, how US Safe Harbor worked in practice, how it will do so with the new Privacy Shield and the various certification/accreditation systems for cloud computing vendors.
Data Privacy vs. National Security post Safe HarborGayle Gorvett
Recent Developments in Transatlantic Data Privacy regulation including adoption of Privacy Shield, GDPR and increasing requests for data access for National Security
Ipswitch and cordery on the road " All you need to know about GDPR but are t...Sébastien Roques
In October we organised an event in Amsterdam with our partner Scos and Jonathan Armstrong where we covered the changes on GDPR and challenges ahead for businesses.
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxPECB
ISO/IEC 27701 and EU-U.S. Privacy Regulations: What’s next?
Nowadays, several privacy frameworks have been developed in order to make it easier for organizations to comply with the ongoing privacy laws and regulations. Hence, ISO/IEC 27701 helps individuals to better understand data privacy and how this standard relates to the EU-U.S privacy regulations.
Amongst others, the webinar covers:
• ISO/IEC 27701
• How ISO/IEC 27701 helps to better understand data privacy
• EU-U.S privacy regulations
• How does ISO/IEC 27701 relate to EU-U.S privacy regulations
Presenters:
Jeffrey Zeskind
Jeffrey Zeskind has over 40 years of experience in compliance, audit, and development of systems, processes, and audits. He is a certified Health Care Information Security and Privacy Practitioner, an ISO/IEC 27701:2019 Lead Auditor, ISO/IEC 27001:2013 Lead Auditor, ISO 9001:2015 Lead Auditor, ISO 13485:2016 Lead Auditor, ISO/IEC 20000-1:2018 Lead Auditor, ISO 22301:2019 Lead Auditor, and a Six Sigma Master Black Belt specializing in cross-functional process analyses with additional certifications in Risk Management, Lean, and Total Quality Management.
Jeffrey has served as an HIPAA Chief Privacy Officer, GDPR Data Protection Officer, Director of Compliance Services, systems auditor, and compliance auditor relative to HIPAA, HITECH, FERPA, GDPR, DPA, PIPEDA, Part 11, and state information privacy laws. He has consulted with government, quasi-government, EHRs, group health plans, clearinghouses, healthcare entities (hospitals, telehealth, at-home providers, medical and dental practices, research, mobile medicine, & clinics), pharma, aviation, accounting, insurance, utilities, universities, medical schools, adult daycare, automotive, medical device, law, finance, IT, and PBMs. Jeffrey has been the lead auditor for dozens of privacy-security, EHR system-portal, compliance, and accessibility audits. He has consulted on more than 100 merger, acquisition, and divestiture transactions. Jeffrey has authored and presented more than 35 role-sensitive learning modules and has served as an evaluator for others.
Alexandru Gheorghe
Alex is a lawyer with 15 years of experience, passionate about online businesses and especially e-commerce. He is certified as a Data Protection Officer (2018) and a Cybersecurity Program Implementation Manager (ISO 27032) - 2020 by PECB. Alex is also certified as an Expert in Legal Design after obtaining a certification from Legal Creatives in 2021.
Alex founded a successful Data Privacy Consultancy company in 2017, offering privacy advice and support to internationally-owned companies both in Romania and within the European Union.
In his professional career, he has gone through several commercial merger experiences and was implicated directly in the due-diligence pre-merger procedures and has an extensive overall 11 years of e-commerce legal experience working with several web-shops and e-commerce startups across Europe.
Understand what GDPR is and how it affects US companies.
- Take the 3-Question Test to see if it really applies to you
- Follow a 4-part framework for updating your privacy policy
- Learn why your CRM may be a problem
- Get a full checklist on how to become compliant today
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...TrustArc
In July 2020, the Court of Justice of the European Union invalidated the Privacy Shield agreement between the European Union and the United States because it did not offer protection essentially equivalent to the EU data protection standards.
After nearly two years of uncertainty, on March 25, 2022, the European Commission and the United States announced that they have agreed in principle on a new Trans-Atlantic Data Privacy Framework. This deal will foster transatlantic data flows and rebuild the data protection bridge between the EU and the US.
What does the Trans-Atlantic Data Privacy Framework change for your company? What are your alternative data transfer options?
This webinar will review:
- The key components and next steps to adopting the Trans-Atlantic Data Privacy Framework
- The reasons to stay or leave the Privacy Shield program
- How to manage and mitigate your transatlantic data transfer risks
Similar to EU-US Privacy Shield - Safe Harbor Replacement (20)
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
StarCompliance is a leading firm specializing in the recovery of stolen cryptocurrency. Our comprehensive services are designed to assist individuals and organizations in navigating the complex process of fraud reporting, investigation, and fund recovery. We combine cutting-edge technology with expert legal support to provide a robust solution for victims of crypto theft.
Our Services Include:
Reporting to Tracking Authorities:
We immediately notify all relevant centralized exchanges (CEX), decentralized exchanges (DEX), and wallet providers about the stolen cryptocurrency. This ensures that the stolen assets are flagged as scam transactions, making it impossible for the thief to use them.
Assistance with Filing Police Reports:
We guide you through the process of filing a valid police report. Our support team provides detailed instructions on which police department to contact and helps you complete the necessary paperwork within the critical 72-hour window.
Launching the Refund Process:
Our team of experienced lawyers can initiate lawsuits on your behalf and represent you in various jurisdictions around the world. They work diligently to recover your stolen funds and ensure that justice is served.
At StarCompliance, we understand the urgency and stress involved in dealing with cryptocurrency theft. Our dedicated team works quickly and efficiently to provide you with the support and expertise needed to recover your assets. Trust us to be your partner in navigating the complexities of the crypto world and safeguarding your investments.
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
Adjusting primitives for graph : SHORT REPORT / NOTES
EU-US Privacy Shield - Safe Harbor Replacement
1. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,
an independently owned and managed member of Baker Tilly International.
Privacy Shield: What you
need to know
German American Chamber of Commerce
of the Midwest, Inc.
Nick Graham
Partner
Dentons UK
Jan Hertzberg
Director
Baker Tilly
2. • European Commission of the European Union (EU) and the US
Department of Commerce reached agreement on a new pact
for data transfers (February 2, 2016)
• “Safe Harbor” agreement was invalidated after the European
Court of Justice found that the US had violated the privacy of
its citizens
• Privacy Shield imposes:
− Stronger obligations on US companies to protect the personal data of EU
citizens
− Stronger monitoring, oversight and enforcement of the agreement
− Limitations and oversight on US government access to data
− US privacy office established to handle complaints of EU citizens
− Annual review of US commitments and performance against the Privacy
Shield agreement
Setting the Scene
2
3. Privacy Rules (current and future)
Privacy Shield
Securing Personally Identifiable Information (PII)
Wrap-up and takeaways
Q&A
Agenda
3
4. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,
an independently owned and managed member of Baker Tilly International.
Privacy Rules:
Current Landscape
5. EU versus US – Treatment of Privacy
European US
Privacy is a human right Privacy is a consumer
protection issue
"Personal Data" "PII" (Personally Identifiable
Information)
No processing of personal
information is the default
The commercial use of
personal information is
acceptable as the default
• Cultural conflicts: e-discovery/litigation 5
6. Current German Legal Structure deriving
from EU Directive
Each of the other 27 EU
member states have similar
data protection regimes.
Comparable data protection
laws also apply outside the
EU (e.g. Russia).
EU Data Protection Directive
1995
6
7. When do the rules apply?
The EU rules apply when there is:
− processing
− of personal data
− by a data controller
− established in the EU (in the context of that establishment) or
(where the data controller is established outside of the EEA) using
equipment in the EU.
7
8. Controllers and Processors
Data Controller:
A person who determines the purposes and means of the processing of
personal data
Data Processor:
A person who processes personal data on behalf of the data controller
ABC KGaA
(Data Controller)
Employee
(Data Subject)
Microsoft
(Data Processor) 8
9. You will be required to:
• Comply with the Data Protection Principles
• Comply with the Rights of Data Subjects
• Notify its data processing to certain regulators
• Take the Consequences if it fails to comply
What does it mean if EU rules apply?
9
10. • Transparency: privacy policies and notices
• Comply: with one of the conditions for processing (e.g. consent/necessary to
perform a contract)
• Purpose limitation: only use personal data for specified and lawful
purposes; no incompatible purposes
• Proportionality: personal data to be adequate, relevant and not excessive
• Accuracy: personal data to be accurate/kept up-to-date
• Retention: personal data not to be retained for longer than necessary
• Individual rights: to access, correct and object as well as claim
compensation
• Security: appropriate measures to protect data required
• Exports: no transfers of personal data outside of the EEA without adequate
protection
Data Protection Principles
10
11. • Regulators can fine us
• Regulators may also have the ability to:
− issue an information notice
− issue an enforcement notice
− seek to bring criminal proceedings
• Compensation
• Bad publicity and reputational harm
• Personal liability for individuals who violate the rules
What happens if we get it wrong?
11
12. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,
an independently owned and managed member of Baker Tilly International.
Privacy Rules:
Changing Landscape
13. EU Data Protection Regulation
• Scope: EEA, overseas and processors
• Model: "one stop shop"
• Governance: DPO and "privacy office;" refresh
policies and procedures; training; audit
• Privacy by design
• Privacy by default
IN FORCE FROM 25 MAY 2018
13
14. EU Data Protection Regulation
• Enhanced rights and duties of transparency and proportionality
• Data breach notification: to be a legal requirement
• Penalties: fines of up to 4% of annual worldwide revenue or EUR 20 million
(USD 22.6 million)
• Risk control: new "principle of accountability." This requires "control
framework" of polices, procedures, training and audit to manage and mitigate
global privacy risk.
14
15. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,
an independently owned and managed member of Baker Tilly International.
EU-US Privacy Shield
16. Max Schrems complaint against
Facebook
Safe Harbor declared invalid 6 October 2015
Explore alternative transfer tools
Privacy Shield
Safe Harbor: The Case
16
17. Privacy Shield: The 7 Principles
• Notice
• Choice
• Accountability for onward transfer
• Security
• Data Integrity and Purpose Limitation
• Access
• Recourse, Enforcement and Liability
17
18. Old World: Safe Harbor New World : Privacy Shield
"Essentially
equivalent"
• Annual self-certification
• Notice
• Choice
• Onward Transfer
• Security
• Data Integrity / Purpose
Limitation
• Access
• Much more detailed privacy notices
• Onward transfer accountability:
• Agreement with Controllers
• Liability for Processor non-
compliance
Remedies /
individual
Redress
• Federal Trade Commission
Complaint
• Private dispute resolution
• Direct complaint - 45 days response
• ADR / DP Panel
• DP Authority complaints
• DoC Complaints
• Binding arbitration / Privacy Shield Panel
• Ombudsman for National Security
queries
Oversight • Federal Trade Commission
(but no control over public
authorities)
• Foreign Intelligence Services
Court - ex parte proceedings
• Proactive DoC investigation and extra
resource
• Name & shame for removal
• Release of Privacy Shield sections of
compliance reports
• Annual verification
• DP Authorities (especially HR data)
• Ombudsman: all US transfers
• Annual review of Privacy Shield
• Privacy Shield may be suspended
Safe Harbor v Privacy Shield
18
19. • Who can apply?
• Effective: Aug 1, 2016
• 9 month grace period on vendor contract review (if signed up by
Sept 30, 2016)
• Who have signed up?
Privacy Shield: Implementation
19
20. Put in place governance - who will own Privacy Shield?
Update notices to data subjects and create Privacy Shield
Privacy Policy
Set-up procedures to enable customers to opt-out, access
their personal information and the ability to correct, amend
or delete the data
Establish an annual compliance review
Set up a complaint handling process
Choose independent dispute resolution body
Update contracts with vendors/suppliers
Privacy Shield: Checklist for applying
20
21. Upsides
• Provides "adequate protection"
• Stepping stone for BCRs
• Less cumbersome contract
negotiations
Privacy Shield: Upsides and Downsides
Downsides
• Only transfers to the US
• Regulatory scrutiny
• Upgrade to policies/procedures
• FTC enforcement risk
• Annual verification
• Court challenge 21
23. • Consent from individuals - dubious validity
• Model Clauses - "snap shot" only, so require refreshing
• Binding Corporate Rules - Platinum standard; control framework
Alternative Data Transfer Options?
23
24. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,
an independently owned and managed member of Baker Tilly International.
Securing Personally
Identifiable Information (PII)
25. Society Has Become Highly Digital
Hyper-Connectivity
Hyper-Mobility
Highly Sophisticated
Adversaries
Hyper-Sociability
Cyber-Physical “Things”
26. Physical Cyber “Things”
Smart fridge
can track what it stores,
alerting when products
expire, & even add items to
smartphone shopping list
Sources: Forbes, Vice, Cisco IBSG, University of Michigan, ABC News, Qmed, Network World
Security cameras & systems
can be remotely armed &
checked, get alerts or review
your security feeds from
any location
Lighting systems
can be controlled using a
smartphone app or via the web, as
can fans, hot tubs, water pumps,
thermostats, even door openers
Personal medical devices
can be implantable or
external & allow remote
monitoring / treatment
Today’s cars
are computer-guided and
wirelessly connected via Bluetooth,
GPS, radio protocols
F-35 fighter jet
has a highly advanced computerized
logistics system designed to minimize
repair and re-equipping turnaround
times by monitoring the plane’s status
and pre-emptively making service
decisions so that ground crews are
ready to go before the plane even lands
Smart TVs
connect to the Internet for web
browsing, image sharing, gaming,
or watching streaming video
28. Strategies must be Intelligence-Driven
Business Lines
Require AGILITY and fast time
to market to meet business
goals and customer demand
Cyber-Threats
Require us to have MATURE
prevention, detection and
recovery controls to keep pace
Employees
Strive for excellence and are
interested in how and where they
WORK.
Shareholders
Require we protect revenue
to enable GROWTH
Customers
Place TRUST in us and demand we
are careful stewards of their data and
transactions
Regulators
Expect we provide evidence
of a STRONG information
security program
Client and
29. Strategies must also be Comprehensive
NETWORKS
Are monitored 24x7
IDENTITY & ACCESS
Is appropriate based
on job role
INDUSTRY &
PARTNERSHIPS
Provide actionable cost-
effective threat and risk
intelligence
DATA &
INFORMATION
Is secure at rest
and in transit
APPLICATIONS
Are secure in development
and production
CUSTOMERS & CLIENTS
Are educated on cyber-risks and
their role protecting their devices
Eight Security Ecosystem
Components
ANTICIPATE
emerging threats & risks
ENABLE
business growth while protecting existing revenue
SAFEGUARD
Information & assets
THIRD PARTIES
& VENDORS
Control parity is risk-based and
protections are appropriate
DEVICES
Are secure and patched
regularly to keep
secure over time
30. Information Security Program
Developed, documented, approved, and implemented security
program. Includes the following:
– Risk Assessment and treatment
– Security policy
– Organization of information security
– Asset management
– Human resources security
– Physical and environmental security
– Communications and operations management
– Access control
– Information systems acquisition, development, and maintenance
– Business continuity management
– Compliance
Security for Privacy Requirements
30
31. Logical Access Controls
Access to personal information is restricted by procedures that address
the following:
– Authorizing and registering internal personnel
– Identifying & authenticating internal personnel
– Changes and updating access profiles
– Granting permissions for access to IT infrastructure components and
personal information
– Preventing individuals from accessing anything other than their own or
sensitive information
– Limiting access to personal information only to authorized internal
personnel
– Restricting logical access to offline storage, backup data, systems and
media
– Restricting access to system configurations, superuser functionality,
master passwords, powerful utilities, and security devices
– Preventing the introduction of viruses, and malicious code
Security for Privacy Requirements (Cont.)
31
32. Physical Access Controls
• Restricted to personal information in any form (including the
components of the entity’s system(s) that contain or protect
personal information).
• Examples include:
− Theft
− Espionage
− Dumpster diving
− Social engineering (including phishing)
− Shoulder “surfing”
Security for Privacy Requirements (Cont.)
32
33. Environmental Safeguards
• Personal information, in all forms, is protected against accidental
disclosure due to natural disasters and environmental hazards
Security for Privacy Requirements (Cont.)
33
34. Transmitted Personal Information
• Personal information is protected when transmitted by mail or other
physical means such as:
− Emailing data from one person to another
− Faxing data from one person to another
− Updating or editing database information
− Storing data on USB drives, CDs, floppy disks (called “removable
media”)
− Storing data on a computer hard drive or networked drive (called “fixed
media”)
− Deleting information from fixed or removable media
− Scanning of a document and emailing to yourself
• Personal information collected and transmitted over the Internet is
protected by deploying industry-standard encryption technology for
transferring and receiving personal information
Security for Privacy Requirements (Cont.)
34
35. Personal Information on Portable Media
• Personal information stored on portable media or devices is
protected from unauthorized access.
Security for Privacy Requirements (Cont.)
35
36. Centralized Device Management
Automatically register user to devices and implements policies
• Low System overhead and limited support staff required
Manage Multiple Device Types and Brands
• Leverages existing investment
Provide Forensic Level Auditing
File level blocking by type and name
Manage Devices off the network
Remote Kill of Devices
Device Coverage:
Optical Products - CD/DVD
USB Flash Drives
External Hard Disk Drives
Multiple Authentication Methods
Password (hardware rules)
Biometric + Password
Validated Encryption
Security for Privacy Requirements (Cont.)
36
37. Testing Security Safeguards
• Test of the effectiveness of the key administrative, technical, and
physical safeguards protecting personal information are conducted
at least annually.
Security Risk Assessment
• Understand all information systems at a granular level
• Determine what assets really matter (crown jewels)
• Translate and align to business objectives and priorities
• A clear definition of risk tolerance levels is required
• The assessment must be unique to the company and its industry
• The process must be iterative and dynamic to adopt to constant
change
• Standard frameworks improve effectiveness (e.g., NIST, ISO)
Security for Privacy Criteria (Cont.)
37
38. NIST Cybersecurity Framework
Framework
Categories
Asset Management
Business Environment
Governance
Risk Assessment
Risk Management
Strategy
Access Control
Awareness and Training
Data Security
Information Protection Processes
Maintenance
Protective Technology
Anomalies and Events
Security Continuous
Monitoring
Response Planning
Detection Processes
Communications
Analysis
Mitigation
Improvements
Recovery Planning
Improvements
Communications
39. • Know your data (mapping)
• Check EU compliance
• Implement PIA
• Implement data transfer solution
• Understand the risks based on the agreement
• Evaluate and Implement data transfer solution
• Conduct a Security Assessment
• Closely Monitor developments
Wrap-up and Takeaways
39