EU GDPR Lesson 1 - What is the GDPR? Why do we need it?
EU GDPR Lesson 2 - Data Protection by Design and by Default
EU GDPR Lesson 3 - The Right To Be Forgotten
EU GDPR Lesson 4 - Who Does the EU GDPR Apply?
EU GDPR Lesson 5 - What Happens if I Don’t Comply with the EU GDPR?
EU GDPR Lesson 6 - Next Steps - How to Get There?
Over the past few years of monitoring the development of the EU General Data Protection Regulation (GDPR) and its effects on technology, we’ve distilled the parts of the regulation that most affect your business into this practical guide.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
Do You Have a Roadmap for EU GDPR Compliance?
Description : The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.
Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?
Webcast URL : https://www.brighttalk.com/webcast/14723/259741
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
Do You Have a Roadmap for EU GDPR Compliance?
Description : The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.
Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?
Webcast URL : https://www.brighttalk.com/webcast/14723/259741
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
Cognizant business consulting the impacts of gdpraudrey miguel
In May 2018, GDPR (Global Data Protection Regulation) will come into force in Europe. Conventional wisdom is that GDPR will cause significant legal changes for many organizations and result in yet another regulatory-driven upheaval in technology. But is this an accurate assessment of the likely impact?
The European Union General Data Protection Regulation (“EU-GDPR”) will come into effect on May, 25th. Your company may think it does not have to worry about this because you are located in the United States, and you may be wrong. If your company processes or holds personal data for a person residing in a European Union country, your company will have to comply.
"The EU General Data Protection Regulation: GDPR" - workshop held by Beatrice Masserini (Studio Cassinis, Italy) at the TRA Annual Meeting 2018 in Athens
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
This presentation covers what you as a business owner need to do in order to be ready and compliant for GDPR. It shows you all of the different lawful basis that you can use for processing personal data, so that you do not have to rely on consent.
Marketing data management | The new way to think about your dataLaurence
Organisations are at a place where opportunity beckons but, all too often, the gesture is obscured by the confusion that surrounds data compliance. Instead of seeing the benefits that can be found in the regulations, such as the General Data Protection Regulation (GDPR), that are being introduced, companies take a retracted view that turns inward, seeing only where these policies cause hindrance rather than the value they can add.
Our yearly INFOMAGAZINE features technical articles and covers the latest technology advancements, innovative projects, new products, service capabilities, business news and market developments covering all aspects of the IT protection, optimization and control.
In this issue we are FOCUSING ON GDPR COMPLIANCE, new technologies such us protection against cryptolocker, advanced threats, monitoring and optimization tools, cryptography trends and many more… all missing pieces of puzzle in user’s IT and idea to offer partners and costumers new technologies for successful planning.
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed
to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
This guide will educate you on what GDPR is, who it applies to and what you should do about it in seven steps. As you read through, make some notes about who you feel should be responsible for each step so you can get the ball rolling with each team member.
Disclosure, Exposure and the "Right to be Forgotten" After Google SpainDavid Erdos
*** N.B. For full working paper see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3505921 ***
This paper argues that Google’s essentially blanket and unsafeguarded dissemination to webmasters of URLs deindexed under the Google Spain judgment involves the disclosure of the claimant’s personal data, cannot be justified either on the purported basis of their consent or that this is legally required but instead seriously infringes European data protection standards. Disclosure of this data would only be compatible with the initially contextually sensitive context of collection where it was (i) reasonably necessary and explicitly limited to the purposes of checking the legality of the initial decision and/or bona fide research and (ii) was subject to effective safeguards that prevented any unauthorised repurposing or other use. Strict necessity thresholds would need to apply where disclosure involved special category data or was subject to reasoned objection by a data subject and international transfers would require appropriate safeguards as provided by the European Commission’s standard contractual clauses. Disclosing identifiable data on removals to end users would directly and fundamentally undermine a data subject’s rights and, therefore, ipso facto violate purpose limitation and legality, irrespective of a data subject claims rights in data protection, defamation or civil privacy. The public’s legitimate interests in receiving information on personal data removals should be secured through safeguarded scientific research that the search engines should facilitate and promote.
If the UK leaves the EU and EEA, will it be "adequate" for data transfers from the EU? Evidemnce suggests not, especially following the passing of the IP Act and the Tele2/Watson CJEU decision.
This presentation reviews GDPR at a high level, and presents the core philosophy behind GDPR as well as the key concepts and key elements to consider in your data protection program.
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
Cognizant business consulting the impacts of gdpraudrey miguel
In May 2018, GDPR (Global Data Protection Regulation) will come into force in Europe. Conventional wisdom is that GDPR will cause significant legal changes for many organizations and result in yet another regulatory-driven upheaval in technology. But is this an accurate assessment of the likely impact?
The European Union General Data Protection Regulation (“EU-GDPR”) will come into effect on May, 25th. Your company may think it does not have to worry about this because you are located in the United States, and you may be wrong. If your company processes or holds personal data for a person residing in a European Union country, your company will have to comply.
"The EU General Data Protection Regulation: GDPR" - workshop held by Beatrice Masserini (Studio Cassinis, Italy) at the TRA Annual Meeting 2018 in Athens
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
This presentation covers what you as a business owner need to do in order to be ready and compliant for GDPR. It shows you all of the different lawful basis that you can use for processing personal data, so that you do not have to rely on consent.
Marketing data management | The new way to think about your dataLaurence
Organisations are at a place where opportunity beckons but, all too often, the gesture is obscured by the confusion that surrounds data compliance. Instead of seeing the benefits that can be found in the regulations, such as the General Data Protection Regulation (GDPR), that are being introduced, companies take a retracted view that turns inward, seeing only where these policies cause hindrance rather than the value they can add.
Our yearly INFOMAGAZINE features technical articles and covers the latest technology advancements, innovative projects, new products, service capabilities, business news and market developments covering all aspects of the IT protection, optimization and control.
In this issue we are FOCUSING ON GDPR COMPLIANCE, new technologies such us protection against cryptolocker, advanced threats, monitoring and optimization tools, cryptography trends and many more… all missing pieces of puzzle in user’s IT and idea to offer partners and costumers new technologies for successful planning.
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed
to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
This guide will educate you on what GDPR is, who it applies to and what you should do about it in seven steps. As you read through, make some notes about who you feel should be responsible for each step so you can get the ball rolling with each team member.
Disclosure, Exposure and the "Right to be Forgotten" After Google SpainDavid Erdos
*** N.B. For full working paper see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3505921 ***
This paper argues that Google’s essentially blanket and unsafeguarded dissemination to webmasters of URLs deindexed under the Google Spain judgment involves the disclosure of the claimant’s personal data, cannot be justified either on the purported basis of their consent or that this is legally required but instead seriously infringes European data protection standards. Disclosure of this data would only be compatible with the initially contextually sensitive context of collection where it was (i) reasonably necessary and explicitly limited to the purposes of checking the legality of the initial decision and/or bona fide research and (ii) was subject to effective safeguards that prevented any unauthorised repurposing or other use. Strict necessity thresholds would need to apply where disclosure involved special category data or was subject to reasoned objection by a data subject and international transfers would require appropriate safeguards as provided by the European Commission’s standard contractual clauses. Disclosing identifiable data on removals to end users would directly and fundamentally undermine a data subject’s rights and, therefore, ipso facto violate purpose limitation and legality, irrespective of a data subject claims rights in data protection, defamation or civil privacy. The public’s legitimate interests in receiving information on personal data removals should be secured through safeguarded scientific research that the search engines should facilitate and promote.
If the UK leaves the EU and EEA, will it be "adequate" for data transfers from the EU? Evidemnce suggests not, especially following the passing of the IP Act and the Tele2/Watson CJEU decision.
This presentation reviews GDPR at a high level, and presents the core philosophy behind GDPR as well as the key concepts and key elements to consider in your data protection program.
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
A brief outline of the challenges that could be face by financial institutions with the implementation of the GDPR and recommendations to mitigate them
The European Union will introduce the new General Data Protection Regulation for implementation May 2018. This makes it a legal requirement on all businesses owners to comply with the new regulations or face heavy fines. This will still apply to UK companies after Brexit.
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation is designed to update the current legislation which was drafted in a time that was in technology terms, prehistoric.
The Data Protection Directive, drafted back in 1995, harks back to a time when data processing was more about filing
cabinets than data rack enclosures. It’s time to evolve.
“The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way that organisations handle, protect and use the personal data of EU individuals.
Organisations of all sizes, across all industries, and geographies that process personal data of EU residents need to take steps now to comply with the new EU General Data Protection Regulation by 2018, to satisfy management fiduciary duties
and avoid potentially costly penalties.”
Marketer’s Guide to GDPR & Data Privacy Download Guide.
Get to Know Your Visitors the Right Way. Why Compliance Matters?
Companies may well have to invest considerable time and money integrating GDPR compliance into operational procedures.
This is because the EU has designed financial sanctions, so as to make GDPR non-compliance costly - up to €20 million or 4% of the global annual turnover
(whichever is higher).
Discover all you need to know about GDPR & Data Privacy. Check out our Hub to access articles, guides, checklists & more » https://www.visitor-analytics.io/en/resources/gdpr-and-data-privacy/
The EU, together with subordinate national data protection agencies, have ramped up enforcement efforts in recent years.
Severe Financial Penalties
Total GDPR fines have grown from $179 million to $1.2 billion
between January 2021 and January 2022 - a sevenfold increase.
GDPR Explained - A Quick Guide for US BusinessesJessica Clark
The US has many different privacy laws. But now there is another law to wade through: GDPR. Although the GDPR mainly affects those living within the European Union (EU), it is important that US businesses pay attention too.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
2. 3
INDEX
EU GDPR Lesson 1 4
What is the GDPR? Why do we need it?
EU GDPR Lesson 2 8
Data Protection by Design and by Default
EU GDPR Lesson 3 12
The Right To Be Forgotten
EU GDPR Lesson 4 14
Who Does the EU GDPR Apply To?
EU GDPR Lesson 5 16
What Happens if I Don’t Comply with the EU GDPR?
EU GDPR Lesson 6 18
Next Steps - How to Get There?
Over the past few years of monitoring the development of the
EU General Data Protection Regulation (GDPR) and its effects on
technology, we’ve distilled the parts of the regulation that most
affect your business into this practical guide.
Your Risk Assessment report will outline problem areas, prioritize risk, and
give you concrete steps to take to improve your data security.
www.varonis.com
FIND THEFIND THE
3
Get in Touch:
US: +1-877-292-8767 UK: +0-800-756-9784 INTL: +1-646-706-7336
www.varonis.com
3. 5
EU GDPR LESSON 1
What is the GDPR? Why do we need it?
GDPR concisely summarized by Wikipedia:
The General Data Protection Regulation
(GDPR) (Regulation (EU) 2016/679) is
a Regulation by which the European
Commission intends to strengthen and
unify data protection for individuals within
the European Union (EU). It also addresses
export of personal data outside the EU.
The new GDPR is an evolution of the EU’s
existing data rules, the Data Protection Directive
(DPD). It addresses many of the shortcomings in
the DPD: adding requirements for documenting
IT procedures, performing risk assessments
under certain conditions, notifying the consumer
and authorities when there is a breach, as well as
strengthening rules for data minimization.
It’s important to note that the EU GDPR
covers personal data, or as it is called in the
US, personally identifiable information (PII).
Think names, addresses, phone numbers,
account numbers, and more recently email
and IP addresses.
One way to describe the GDPR is that it simply
legislates a lot of common sense data security
ideas, especially from the Privacy by Design
school of thought: minimize collection of
personal data, delete personal data that’s no
longer necessary, restrict access, and secure
data through its entire lifecycle.
4. 7
Privacy by Design – Privacy by Design (PbD) has
always played a part in EU data regulations. But
with the new law, its principles of minimizing data
collection and retention and gaining consent
from consumers when processing data are more
explicitly formalized.
Data Protection Impact Assessments (DPIA)
– When certain data associated with subjects
is to be processed, companies will have to
first analyze the risks to their privacy. This is
another new requirement in the regulation.
Right to Erasure and To Be
Forgotten – There’s been a long standing
requirement in the DPD allowing consumers to
request that their data be deleted. The GDPR
extends this right to include data published on the
web. This is the still controversial right to stay out
of the public view and “be forgotten”.
Extraterritoriality – The new principle of extraterritoriality in
the GDPR says that even if a company doesn’t have a physical
presence in the EU but collects data about EU data subjects
— for example, through a web site—then all the requirements
of GDPR are in effect. In other
words, the new law will extend
outside the EU. This will especially
affect e-commerce companies and
other cloud businesses.
Breach notification – A new requirement not
in the existing DPD is that companies will have
to notify data authorities within 72 hours after a
breach of personal data has been discovered.
Data subjects will also have to be notified but
only if the data poses a “high risk to their rights
and freedoms”.
Fines – The GDPR has a tiered penalty structure that will
take a large bite out of offender’s funds. More serious
infringements can merit a fine of up to 4% of a company’s
global revenue. This can include violations of basic
principles related to data security — especially PbD
principles. A lesser fine of up to 2% of global revenue — still
enormous — can be issued if company records are not in
order or a supervising authority and
data subjects are not notified
after a breach. This makes
breach notification
oversights a serious
and expensive offense.
What are the new requirements? What are the new requirements?
Risk
Assessment
Overall, the message
for companies that fall
under the GDPR is that awareness of your data—
where is sensitive data stored, who’s accessing it,
and who should be accessing it—will now become
even more critical.
5. 9
Data Protection by Design and by Default
Privacy by Design (PbD) is a well-intentioned set of
principles to get the C-suite to take consumer data
privacy and security more seriously. Overall, PbD is a
good idea and you should try to abide by it.
But with the General Data Protection Regulation
(GDPR), it’s more than that: it’s the law if you do
business in the EU zone!
PbD has sensible guidelines and practices concerning
consumer access to their data, and making privacy
policies open and transparent. These are not
controversial ideas, except if you are, ahem, a large
Internet company that collects lots of consumer data.
And PbD also dispenses good general advice on data
security that can be summarized in one word: minimize.
Minimize collection of consumer data,
minimize who you share the data
with, and minimize how long you
keep it. Less is more: less data
for the hacker to take, means a
more secure environment.
The new GDPR has direct,
practical implications. Just as an
example, consider the impact it
will have on web-based marketing.
Businesses are always trying to get
information about their customers and looking to bring
in new leads using the full digital arsenal — web, email,
mobile. And when given half a chance, marketers always
want more data —age, income, postal code, last book
read, favourite ice cream, favourite food, etc. — even for
the simplest consumer interaction.
EU GDPR LESSON 2
6. 11
What the EU GDPR says is that marketers should
limit data to the purpose for which
it is being collected—do I
really need postal codes or
favourite books? — and
not to retain the data
beyond the point where
it’s no longer relevant.
So the data points
you collected from
that web campaign
over five years ago —
maybe containing 5000
email addresses along with
favourite pet names — and now
lives in a spreadsheet no one ever
looks at. Well, you should find it and delete it.
If a hacker gets hold of it, and uses it for
phishing purposes, you’ve created a security risk
for your customers.
Plus, if the local EU authority can trace the breach
back to your company, you can face heavy fines.
SO CAN BIG DATA AND PRIVACY LIVE TOGETHER
HAPPILY EVER AFTER? PRIVACY BY DESIGN
(PBD) SAYS YES – WITH JUST A FEW BASIC STEPS,
YOU CAN ACHIEVE THE PBD VISION:
PbD is referenced heavily in Article 25 of the GDPR, and
in many other places in the new regulation.
It’s not too much of a stretch to say that if you implement
PbD, you’re well on your way to mastering the GDPR.
Minimize data collected
(especially PII) from consumers
Do not retain personal data
beyond its original purpose
Give consumers access and
ownership of their data
7. 13
This means that in the case of a social media service that
publishes personal data of a subscriber to the Web, they would
have to remove not only the initial information, but also contact
other web sites that may have copied the information. This
would not be an easy process!
What if the data controller gives the personal data to
other third-parties, say a cloud-based service for storage
or processing?
The long arm of the EU regulations still apply: as data
processors, the cloud service will also have to erase the
personal data when asked to by the controller.
Translation: the consumer or data subject can request to erase
the data held by companies at any time. In the EU,
the data belongs to the people!
The Right To Be Forgotten
The controversial “right to be forgotten” is now law in the EU.
For most companies, this is really a right for consumers to
erase their data.
The GDPR has strengthened the DPD’s existing rules on deletion
and then adds the right to be forgotten. There’s now language that
would force the controller to take reasonable steps to inform third-
parties of a request to have information deleted.
Discussed in Article 17 of the proposed GDPR, it states that “The
data subject shall have the right to obtain from the controller the
erasure of personal data concerning him or her without undue
delay and the controller shall have the obligation to erase personal
data without undue delay where ... the personal data are no longer
necessary in relation to the purposes for which they were collected
or otherwise processed; ... the data subject withdraws consent
on which the processing is based ... the controller has made the
personal data public and is obliged ... to erase the personal data”.
EU GDPR LESSON 3
8. 15
EU GDPR LESSON 4
Who Does the EU GDPR Apply To?
One of the more complex issues with the new GDPR is what’s being
called “extraterritoriality.” As proposed by EU Parliament, the GDPR will
apply to any data transferred outside the EU zone.
So under these new rules, if a US company collects data from EU
citizens, it would be under the same legal obligations as though the
company had headquarters in say France, UK, or Germany — even
though they don’t have any servers or offices there!
Legal experts note this may not be that easy to enforce, but if a large
enough multinational breaks one of the rules — such as the GDPR’s new
strict breach notification requirement — our guesstimate is that the EU
regulators will likely target it.
Obviously, extraterritoriality is particularly relevant to core web services
such as search, social networking, e-commerce, companies that allow
you to rent apartments online, etc.
You can map these to your own favourite apps to figure out who would
be affected.
SHIFTING MEANINGS
Under the old rules in the Data Protection
Directive (DPD), there was some wiggle room
that allowed data collectors to escape having
to follow the regulations. A common practice
was for service or app providers to keep their data
processing outside the EU.
The idea was that if the main processing and servers weren’t
located in the EU zone, then the rules didn’t apply.
Companies such as Google, Facebook, and other social
networking companies were following this approach.
NOT SO FAST!
Google was famously making this argument when a Spanish
DPA asked it to remove a listing in a search result.
The case eventually made its way to the EU’s
highest court, the ECJ, which ruled against
Google last year.
The long arm of EU law prevailed: the specific
search listing was removed.
Ultimately, the GDPR applies to EU based
companies and companies that collect data of EU citizens,
regardless of a physical presence in the EU.
The GDPR will apply to any data
transferred outside the EU zone.
9. 17
What Happens if I Don’t Comply
with the EU GDPR?
The GDPR has a tiered penalty structure that will
take a large bite out of offender’s funds – and
the EU GDPR rules apply to both data controllers
and processors, that is “the cloud”… therefore
huge cloud providers are not off the hook when it
comes to GDPR enforcement.
EU GDPR LESSON 5
Non-compliance results in fines of up to 4% of
global revenue.
This can include violations of basic principles related to
data security — especially PbD principles. A company can
be fined up to 2% of global revenue for not having their
records in order (article 30), not notifying the supervising
authority and data subject about a breach (articles 33, 34),
or not conducting impact assessments (article 33).
And keep in mind – the GDPR breach notification requires
more than just saying you have had an incident. You’ll
have to include categories of data, records touched, and
approximate number of data subjects affected. And this
means you’ll need some detailed intelligence on what the
hackers and insiders were doing.
More serious infringements merit up to a 4% fine. This
includes violations of basic principles related to data
security (article 5) and conditions for consumer consent
(article 7) — these are essentially violations of the core
Privacy by Design concepts of the law.
One way the GDPR is hoping to keep everything in
line? By requiring companies to have a Data Protection
Officer (DPO). The DPO is supposed to be responsible
for creating access controls, reducing risk, ensuring
compliance, responding to requests, reporting breaches
within 72 hours, and even creating a good data
security policy.
10. 19
EU GDPR LESSON 6
Next Steps - How to Get There?
Let’s break down some of the challenges in the
new GDPR and how to address them:
GDPR Article What does it mean How to address it
Article 25: Data
Protection by Design
and By Default
Embrace accountability
and privacy by design as a
business culture.
Safely remediate access
controls to least privilege.
Article 30: Records of
Processing Activities
Implement technical
and organizational
measures to properly
process personal data.
Create asset register
of sensitive files; Understand
who has access; know
who is accessing it; know
when data can and should
be deleted.
Article 17: Right to
Erasure and “to be
forgotten”
Be able to discover and
target specific data and
automate removal.
Find it, flag it, remove it.
GDPR Article What does it mean How to address it
Article 32: Security of
Processing
Ensure least privilege
access; implement
accountability via
data owners; Provide
reports that policies and
processes are in place
and successful.
Automate and impose least
privileges through entitlement
reviews and proactively
enforced ethical walls.
Article 33: Notification of
personal data breach to
the supervisory authority
Prevent and alert on
data breach activity; have
an incidence response
plan in place.
Detect abnormal data
breach activity, policy
violations and real-time
alert on it as it happens.
Article 35: Data
Protection Impact
Assessment
Quantify data protection
risk profiles.
Conduct regular quantified
data risk assessments.
11. 21
Data classification – Know where personal
data is stored on your system, especially
in unstructured formats in documents,
presentations, and spreadsheets. This is
critical for both protecting the data and also
following through on requests to correct and
erase personal data.
Metadata – With its requirements for limiting data
retention, you’ll need basic information on when
the data was collected, why it was
collected, and its purpose. Personal
data residing in IT systems should be
periodically reviewed to see whether
it needs to be saved for the future.
Governance – With data security
by design and default the law,
companies should focus on data governance
basics. For unstructured data, this should include
understanding who is accessing personal
data in the corporate file system, who
should be authorized to access, and limiting
file permission based on employees’ actual
roles – i.e., role-based access controls.
EU GDPR LESSON 6
PII
Monitoring – The breach notification requirement
places a new burden on data controllers. Under
the GDPR, the IT security mantra should “always
be monitoring”. You’ll need to spot
unusual access patterns against
files containing personal
data, and promptly report
an exposure to the
local data authority.
Failure to do so can
lead to enormous
fines, particularly for
multinationals with large
global revenues.
Varonis helps organizations of all sizes with
GDPR projects. Our software suite automates
what would otherwise be an extremely arduous
and time-consuming task. Take advantage of our
free GDPR readiness assessment today to avoid
any non-compliance issues down the road.
So what should you focus on to meet the
EU General Data Protection Regulation?
12. 23
Get your free GDPR
Readiness Assessment
Our team will do all the heavy-lifting for you:
setup, configuration, and analysis with concrete
steps to improve your General Data Protection
Regulation compliance.
YOUR DEDICATED ENGINEER WILL HELP YOU:
• Identify in-scope GDPR data
• Find and revoke excessive access to personal information
• Audit user activity and detect risky behaviour / ransomware
• Identify and prioritize gaps in GDPR compliance
Schedule your assessment!
About Varonis
Varonis is a leading provider of software solutions that
protect data from insider threats and cyberattacks.
Through an innovative software platform, Varonis
allows organizations to analyse, secure, manage,
and migrate their volumes of unstructured data.
Varonis specializes in file and email systems that store
valuable spreadsheets, word processing documents,
presentations, audio and video files, emails, and text.
This rapidly growing data often contains an enterprise’s
financial information, product plans, strategic initiatives,
intellectual property, and confidential employee,
customer or patient records. IT and business personnel
deploy Varonis software for a variety of use cases,
including data security, governance and compliance,
user behaviour analytics, archiving, search, and file
synchronization and sharing.
DETECT PREVENT SUSTAIN
Get in Touch:
US: +1-877-292-8767 UK: +0-800-756-9784 INTL: +1-646-706-7336
info.varonis.com/gdpr-risk-assessment
13. Varonis Headquarters
1250 Broadway, 29th Floor
New York, NY, USA 10001
US: +1-877-292-8767
UK: +0-800-756-9784
INTL: +1-646-706-7336
www.varonis.com