GDPR comes into force on 25 May. That is a fact. Unfortunately a lot of the other information circulating about GDPR should be categorised as "fake news". A flurry of "GDPR experts" - some of them helpful, others compounding the confusion - have surfaced over the last year.
It is time to separate fact from fiction. If the misinformation goes unchecked, you risk losing on business opportunities to the competition. This presentation will debunk the most common myths and set the record straight.
The document provides an overview of the key requirements of the General Data Protection Regulation (GDPR) and practical guidance for marketers on becoming compliant. It outlines four key GDPR requirements: consent, security and protection, access, and erasure. It then details various "Do's and Don'ts" for marketers regarding analytics, newsletters, data storage, and more. The document emphasizes getting clear consent, having a withdrawal mechanism, documenting breaches, and establishing data processing agreements with vendors.
Six Key Components to Achieving GDPR Security RequirementsJeff Katanick
The document discusses six key components for organizations to achieve General Data Protection Regulation (GDPR) cyber security requirements: 1) data governance, 2) data classification, 3) data discovery, 4) data access, 5) data handling, and 6) data protection. It provides an overview of GDPR and its requirements, as well as how the consulting firm Optiv can help organizations develop a strategic roadmap to meet compliance.
The document discusses responsible disclosure of security vulnerabilities found by researchers. It provides statistics on known data breaches versus prevented breaches in 2014 and 2015. It notes that responsible disclosure success rates have been higher but the number of records affected is much lower. The document recommends best practices for security researchers conducting responsible disclosure, including finding the appropriate contact, being clear on goals, making a good impression, carefully qualifying issues, avoiding demands or threats, and using clear writing.
The Top Data Privacy Trends to Watch For in 2022TrustArc
This webinar discusses the top data privacy trends to watch for in 2022, including new regulations, the role of privacy leaders, privacy as a strategic priority, privacy and cybersecurity, and data strategies and artificial intelligence. The webinar features speakers from TrustArc and LogMeIn and is recorded for later viewing. Attendees are invited to submit questions during the event.
What does GDPR laws mean for Australian businessesiFactory Digital
Chances are that you’ve noticed a deluge of emails and app updates all centred around privacy updates. It’s not that every company on Earth has simultaneously grown very concerned about the issue. Instead, it’s to make sure that they meet the requirements for GDPR compliance.
https://ifactory.com.au/news/what-does-gdpr-laws-mean-australian-businesses
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Jean-Michel Franco
The document discusses how to enact data subject access rights under the General Data Protection Regulation (GDPR) using data services and data management. It notes that the top three challenges for GDPR compliance are consent management, the right to be forgotten, and data portability. It then presents a use case of how a company called ACME can personalize customer experience in a GDPR-compliant way by creating a GDPR data hub to find customer opt-in data, propagate that data across systems, and deliver data subject access rights like access, erasure, and portability through a customer portal. The document argues this approach can help companies achieve GDPR compliance while gaining business, IT, and risk benefits.
The document discusses how Microsoft helps organizations comply with the General Data Protection Regulation (GDPR) which takes effect in May 2018. It outlines key aspects of the GDPR including enhanced privacy rights for individuals, increased duty to protect data, mandatory breach reporting, and significant penalties for noncompliance. It describes how Microsoft's cloud services, products, contracts, and commitments help customers meet the four key steps to compliance: identifying personal data and where it resides, governing how data is used and accessed, establishing security controls, and keeping required documentation. The document promotes Microsoft Office 365 and its features for data loss prevention, advanced data governance, eDiscovery, audit logs, and other capabilities to help achieve compliance.
The document provides an overview of the key requirements of the General Data Protection Regulation (GDPR) and practical guidance for marketers on becoming compliant. It outlines four key GDPR requirements: consent, security and protection, access, and erasure. It then details various "Do's and Don'ts" for marketers regarding analytics, newsletters, data storage, and more. The document emphasizes getting clear consent, having a withdrawal mechanism, documenting breaches, and establishing data processing agreements with vendors.
Six Key Components to Achieving GDPR Security RequirementsJeff Katanick
The document discusses six key components for organizations to achieve General Data Protection Regulation (GDPR) cyber security requirements: 1) data governance, 2) data classification, 3) data discovery, 4) data access, 5) data handling, and 6) data protection. It provides an overview of GDPR and its requirements, as well as how the consulting firm Optiv can help organizations develop a strategic roadmap to meet compliance.
The document discusses responsible disclosure of security vulnerabilities found by researchers. It provides statistics on known data breaches versus prevented breaches in 2014 and 2015. It notes that responsible disclosure success rates have been higher but the number of records affected is much lower. The document recommends best practices for security researchers conducting responsible disclosure, including finding the appropriate contact, being clear on goals, making a good impression, carefully qualifying issues, avoiding demands or threats, and using clear writing.
The Top Data Privacy Trends to Watch For in 2022TrustArc
This webinar discusses the top data privacy trends to watch for in 2022, including new regulations, the role of privacy leaders, privacy as a strategic priority, privacy and cybersecurity, and data strategies and artificial intelligence. The webinar features speakers from TrustArc and LogMeIn and is recorded for later viewing. Attendees are invited to submit questions during the event.
What does GDPR laws mean for Australian businessesiFactory Digital
Chances are that you’ve noticed a deluge of emails and app updates all centred around privacy updates. It’s not that every company on Earth has simultaneously grown very concerned about the issue. Instead, it’s to make sure that they meet the requirements for GDPR compliance.
https://ifactory.com.au/news/what-does-gdpr-laws-mean-australian-businesses
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Jean-Michel Franco
The document discusses how to enact data subject access rights under the General Data Protection Regulation (GDPR) using data services and data management. It notes that the top three challenges for GDPR compliance are consent management, the right to be forgotten, and data portability. It then presents a use case of how a company called ACME can personalize customer experience in a GDPR-compliant way by creating a GDPR data hub to find customer opt-in data, propagate that data across systems, and deliver data subject access rights like access, erasure, and portability through a customer portal. The document argues this approach can help companies achieve GDPR compliance while gaining business, IT, and risk benefits.
The document discusses how Microsoft helps organizations comply with the General Data Protection Regulation (GDPR) which takes effect in May 2018. It outlines key aspects of the GDPR including enhanced privacy rights for individuals, increased duty to protect data, mandatory breach reporting, and significant penalties for noncompliance. It describes how Microsoft's cloud services, products, contracts, and commitments help customers meet the four key steps to compliance: identifying personal data and where it resides, governing how data is used and accessed, establishing security controls, and keeping required documentation. The document promotes Microsoft Office 365 and its features for data loss prevention, advanced data governance, eDiscovery, audit logs, and other capabilities to help achieve compliance.
ROI of Privacy: Building a Case for Investment [Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.truste.com/roi-of-privacy-webinar.html
When building a case for privacy investment, privacy pros need to arm themselves with as many ROI metrics of their privacy program as possible. How to get those metrics and how to present them (whether they tie to direct or indirect dollars) is an art form that everyone can work on perfecting.
IAPP and TRUSTe collaborated in the on-demand webinar to discuss the recently published IAPP report, “Getting to the ROI of Privacy”, which offers some persuasive reasons a solid privacy program is worth paying for. Emily Leach, CIPP/US IAPP’s Knowledge Manager were joined by privacy leaders to share their key insights.
To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...TrustArc
Watch the webinar on-demand: https://info.trustarc.com/benchmarking-gdpr-compliance-webinar.html
Register now to watch this on-demand webinar to learn:
- How companies are approaching the GDPR
- Where they are prioritizing their effort
- How much they expect to spend
- These benchmarks can help you position your own program internally and build a case for further investment.
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
Who Will Make the Grade?
With less than one year to go before the GDPR is enforced across Europe, how has the industry responded to the GDPR requirements and how many companies will make the grade by May 2018? Recent TrustArc research conducted by Dimensional Research found that over 61% of companies have not even started their GDPR Compliance programs. Of those that had started - the three challenges cited most by the privacy professionals surveyed were difficult to maintain and update privacy programs (57%), lack of appropriate tools and technology (56%), and lack of internal resources (54%).
The document discusses how cybersecurity is changing, with governments reacting to increased cyber threats and attacks. It notes several examples of recent cyber incidents and attacks both internationally and closer to home. The document examines what governments and suppliers are doing in response and questions where security needs to go next.
The General Data Protection Regulation (GDPR) is the biggest overhaul of EU data protection law in over twenty years. Here are 10 reasons why you should turn to NetApp to ensure you are GDPR compliant. For more information, visit https://www.netapp.com/us/info/gdpr.aspx.
Nadia Kosak Astrid
Siteimprove
Partner Manager
The deadline for GDPR compliance is May 25, 2018. Are you an eZ Platform editor? Are you ready for GDPR? Learn how to use the Siteimprove plugin for eZ Platform to support your GDPR compliance process.
Privacy Shield: What to expect by the end of 2021TrustArc
This webinar recording will discuss expectations for Privacy Shield by the end of 2021, including an update on current negotiations and the Privacy Shield framework. Speakers from TrustArc will cover whether organizations should stay in or leave the Privacy Shield, alternative data transfer options, and expectations for next year. Time will be allotted at the end for questions.
The webinar will provide an overview of how the digital privacy landscape is shifting from third-party to first-party control. Speakers from TrustArc will discuss this industry change, how TrustArc is adapting its products, and preview its next generation of consent and preference management tools. Attendees can submit questions during the presentation.
Data Privacy laws around the world have levied stringent obligations on the way businesses are required to handle sensitive data. Non-compliance to these obligations will have severe consequences and penalties, especially in case of a security breach. Organizations looking to achieve GDPR compliance need to map their data flow to assess privacy risks. GDPR Data Mapping is the process of determining the type of data processed and the way they are processed. This helps determine the risk exposure of your company and systems or applications that are highly exposed to threats.
GDPR Data Subject Rights - What You Need to KnowPiwik PRO
The General Data Protection Regulation (GDPR) comes into effect on May 25th 2018 and introduces a list of data subjects’ rights to protect internet users. Learn how data controllers can ensure these rights and avoid severe fines.
The infographic was created by the experts from Piwik PRO.
Demonstrating Compliance & the Role of Certification Under the GDPR [Webinar ...TrustArc
Watch the webinar on-demand: https://info.trustarc.com/demonstrating-compliance-certification-role-gdpr-webinar.html
The role of certification in GDPR compliance and broader global interoperability of privacy frameworks
The EU GDPR creates a new compliance standard – demonstrable accountability. As companies respond increasingly requests from partners to confirm their GDPR compliance status, many are looking for the best way to do this. Articles 42-43 of the GDPR includes provision for Certification bodies to assess compliance and in certain instances issue an EU Data Protection Seal.
What are the requirements for certification, how will these programs be operated and how soon will they be available to companies?
Watch this webinar on-demand as our speakers:
- Review the legal framework
- Discuss the role of certification in GDPR compliance and broader global interoperability of privacy frameworks
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
General Data Protection Regulation: Where are we now?Leigh Hill
The compliance deadline for General Data Protection Regulation (GDPR) is approaching fast, so what operational changes should you be prioritising now and how can you implement data management to support these changes? Also, what are the most complex issues outstanding, are more problems expected to emerge once GDPR is in action, and how can these issues be resolved? The webinar will delve into the complexities of GDPR and come up with some solutions for compliance.
Listen to the webinar to find out about:
-Industry progress on GDPR
-Outstanding challenges
-Best practice approaches
-Technology solutions
-Regulatory conflicts
This document summarizes key aspects of the EU General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It notes the global reach of the law, expanded definitions of personal data, increased individual rights, and roles and responsibilities of data controllers and processors. Statistics are presented on European companies' readiness, including that only 34% of EU websites and 67% of German websites are compliant. The document outlines actions required to comply with individual rights requests, security breach notifications, regulatory audits, and includes a checklist for compliance steps.
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.trustarc.com/profiling-big-data-consent-gdpr-webinar.html
Required Changes around Profiling & Consent for GDPR Compliance
Some of the most closely followed areas of the GDPR negotiations concerned profiling and consent. Profiling, as defined in Articles 4 & 22, is one of the new provisions in the Regulation which could have a significant impact on businesses seeking to use targeted marketing and other analytics for business growth. Consent remains a legal basis for processing but it’s been restricted under the GDPR and must be “freely given, specific, informed and unambiguous.” There is lots of discussion and privacy scare stories around these two areas alone.
Watch this webinar on-demand where we examine:
- the details of the profiling and consent requirements in the GDPR to help determine what is and isn’t in scope for profiling
- where you can and can’t rely on consent
- what solutions are available and how privacy leaders can work with their business and marketing teams to ensure compliance
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
1) The new GDPR laws taking effect in May 2018 will give users more control over their personal data and require businesses to be more transparent in how they collect and use personal data.
2) All businesses that collect any personal data, whether small or large, will need to be compliant with GDPR by May 25, 2018. Non-compliance can result in fines of up to 20 million euros or 4% of global turnover.
3) Businesses need to audit what personal data they hold, where it was collected from, who they share it with, obtain user consent for data use, update their privacy policies and marketing practices, and be prepared to respond to data breaches within 72 hours to be compliant with
CWIN17 New-York / earning the currency of trustCapgemini
This document discusses trends in cybersecurity and outlines Capgemini's cybersecurity portfolio. It notes that only 29% of organizations have strong data privacy policies and security frameworks in place. It also discusses evolving risks like regulatory pressure, digital transformation trends, and increasingly sophisticated cyber attacks. The document outlines Capgemini's managed security operations center (SOC) services and deployment options. It provides an overview of the upcoming GDPR regulations and principles of security and privacy, emphasizing the importance of trust, data governance, and monitoring cyber risks in real-time.
We take a look at the risks of non-compliance when it comes to GDPR and what can be done to assist your own compliance through the use of GDPR365 software.
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.trustarc.com/best-practices-for-managing-individual-rights-under-gdpr-webinar.html
Insights and best practices for managing individual rights under the GDPR.
The GDPR introduces new individual rights for consumers such as the right of deletion, rectification and data portability - and non-compliance can lead to the highest level of fines. Many regulators are planning consumer campaigns that are likely to increase awareness and action on these new data subject access rights once the GDPR comes into effect on May 25th. What are your obligations? What volume of requests should a company prepare for? What best practices and tools are available to support these new requirements?
This on-demand webinar will provide insights and best practices for managing individual rights under the GDPR.
#trustarcGDPRevents
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
The document discusses the new General Data Protection Regulation (GDPR) which takes effect in May 2018 and gives EU citizens rights over their personal data. It notes that personal data is increasingly being lost, stolen, sold without consent, and used for criminal purposes. The GDPR gives individuals the rights to access their data, request data transfers or deletions, see data about their children, and have inaccurate data corrected. Companies need policies to demonstrate explicit consent for data collection and use, understand what data they hold and how it is managed, securely delete unneeded data, and be prepared to comply with the GDPR by its effective date.
The document discusses where organizations should be in preparing for the General Data Protection Regulation (GDPR) which takes effect in May 2018. It raises questions that organizations should consider such as engaging stakeholders to fund compliance, understanding the data being stored and its purposes, ensuring all breaches can be detected and reported, clarifying accountability, and maintaining momentum through and beyond the 2018 deadline. The document emphasizes that organizations need to understand their data, have accountable processes, and view GDPR as an opportunity to improve customer relationships and trust through appropriate data management.
ROI of Privacy: Building a Case for Investment [Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.truste.com/roi-of-privacy-webinar.html
When building a case for privacy investment, privacy pros need to arm themselves with as many ROI metrics of their privacy program as possible. How to get those metrics and how to present them (whether they tie to direct or indirect dollars) is an art form that everyone can work on perfecting.
IAPP and TRUSTe collaborated in the on-demand webinar to discuss the recently published IAPP report, “Getting to the ROI of Privacy”, which offers some persuasive reasons a solid privacy program is worth paying for. Emily Leach, CIPP/US IAPP’s Knowledge Manager were joined by privacy leaders to share their key insights.
To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/
Benchmarking Your GDPR Compliance: Will You Make the Grade? [TrustArc Webinar...TrustArc
Watch the webinar on-demand: https://info.trustarc.com/benchmarking-gdpr-compliance-webinar.html
Register now to watch this on-demand webinar to learn:
- How companies are approaching the GDPR
- Where they are prioritizing their effort
- How much they expect to spend
- These benchmarks can help you position your own program internally and build a case for further investment.
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
Who Will Make the Grade?
With less than one year to go before the GDPR is enforced across Europe, how has the industry responded to the GDPR requirements and how many companies will make the grade by May 2018? Recent TrustArc research conducted by Dimensional Research found that over 61% of companies have not even started their GDPR Compliance programs. Of those that had started - the three challenges cited most by the privacy professionals surveyed were difficult to maintain and update privacy programs (57%), lack of appropriate tools and technology (56%), and lack of internal resources (54%).
The document discusses how cybersecurity is changing, with governments reacting to increased cyber threats and attacks. It notes several examples of recent cyber incidents and attacks both internationally and closer to home. The document examines what governments and suppliers are doing in response and questions where security needs to go next.
The General Data Protection Regulation (GDPR) is the biggest overhaul of EU data protection law in over twenty years. Here are 10 reasons why you should turn to NetApp to ensure you are GDPR compliant. For more information, visit https://www.netapp.com/us/info/gdpr.aspx.
Nadia Kosak Astrid
Siteimprove
Partner Manager
The deadline for GDPR compliance is May 25, 2018. Are you an eZ Platform editor? Are you ready for GDPR? Learn how to use the Siteimprove plugin for eZ Platform to support your GDPR compliance process.
Privacy Shield: What to expect by the end of 2021TrustArc
This webinar recording will discuss expectations for Privacy Shield by the end of 2021, including an update on current negotiations and the Privacy Shield framework. Speakers from TrustArc will cover whether organizations should stay in or leave the Privacy Shield, alternative data transfer options, and expectations for next year. Time will be allotted at the end for questions.
The webinar will provide an overview of how the digital privacy landscape is shifting from third-party to first-party control. Speakers from TrustArc will discuss this industry change, how TrustArc is adapting its products, and preview its next generation of consent and preference management tools. Attendees can submit questions during the presentation.
Data Privacy laws around the world have levied stringent obligations on the way businesses are required to handle sensitive data. Non-compliance to these obligations will have severe consequences and penalties, especially in case of a security breach. Organizations looking to achieve GDPR compliance need to map their data flow to assess privacy risks. GDPR Data Mapping is the process of determining the type of data processed and the way they are processed. This helps determine the risk exposure of your company and systems or applications that are highly exposed to threats.
GDPR Data Subject Rights - What You Need to KnowPiwik PRO
The General Data Protection Regulation (GDPR) comes into effect on May 25th 2018 and introduces a list of data subjects’ rights to protect internet users. Learn how data controllers can ensure these rights and avoid severe fines.
The infographic was created by the experts from Piwik PRO.
Demonstrating Compliance & the Role of Certification Under the GDPR [Webinar ...TrustArc
Watch the webinar on-demand: https://info.trustarc.com/demonstrating-compliance-certification-role-gdpr-webinar.html
The role of certification in GDPR compliance and broader global interoperability of privacy frameworks
The EU GDPR creates a new compliance standard – demonstrable accountability. As companies respond increasingly requests from partners to confirm their GDPR compliance status, many are looking for the best way to do this. Articles 42-43 of the GDPR includes provision for Certification bodies to assess compliance and in certain instances issue an EU Data Protection Seal.
What are the requirements for certification, how will these programs be operated and how soon will they be available to companies?
Watch this webinar on-demand as our speakers:
- Review the legal framework
- Discuss the role of certification in GDPR compliance and broader global interoperability of privacy frameworks
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
General Data Protection Regulation: Where are we now?Leigh Hill
The compliance deadline for General Data Protection Regulation (GDPR) is approaching fast, so what operational changes should you be prioritising now and how can you implement data management to support these changes? Also, what are the most complex issues outstanding, are more problems expected to emerge once GDPR is in action, and how can these issues be resolved? The webinar will delve into the complexities of GDPR and come up with some solutions for compliance.
Listen to the webinar to find out about:
-Industry progress on GDPR
-Outstanding challenges
-Best practice approaches
-Technology solutions
-Regulatory conflicts
This document summarizes key aspects of the EU General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It notes the global reach of the law, expanded definitions of personal data, increased individual rights, and roles and responsibilities of data controllers and processors. Statistics are presented on European companies' readiness, including that only 34% of EU websites and 67% of German websites are compliant. The document outlines actions required to comply with individual rights requests, security breach notifications, regulatory audits, and includes a checklist for compliance steps.
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.trustarc.com/profiling-big-data-consent-gdpr-webinar.html
Required Changes around Profiling & Consent for GDPR Compliance
Some of the most closely followed areas of the GDPR negotiations concerned profiling and consent. Profiling, as defined in Articles 4 & 22, is one of the new provisions in the Regulation which could have a significant impact on businesses seeking to use targeted marketing and other analytics for business growth. Consent remains a legal basis for processing but it’s been restricted under the GDPR and must be “freely given, specific, informed and unambiguous.” There is lots of discussion and privacy scare stories around these two areas alone.
Watch this webinar on-demand where we examine:
- the details of the profiling and consent requirements in the GDPR to help determine what is and isn’t in scope for profiling
- where you can and can’t rely on consent
- what solutions are available and how privacy leaders can work with their business and marketing teams to ensure compliance
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
1) The new GDPR laws taking effect in May 2018 will give users more control over their personal data and require businesses to be more transparent in how they collect and use personal data.
2) All businesses that collect any personal data, whether small or large, will need to be compliant with GDPR by May 25, 2018. Non-compliance can result in fines of up to 20 million euros or 4% of global turnover.
3) Businesses need to audit what personal data they hold, where it was collected from, who they share it with, obtain user consent for data use, update their privacy policies and marketing practices, and be prepared to respond to data breaches within 72 hours to be compliant with
CWIN17 New-York / earning the currency of trustCapgemini
This document discusses trends in cybersecurity and outlines Capgemini's cybersecurity portfolio. It notes that only 29% of organizations have strong data privacy policies and security frameworks in place. It also discusses evolving risks like regulatory pressure, digital transformation trends, and increasingly sophisticated cyber attacks. The document outlines Capgemini's managed security operations center (SOC) services and deployment options. It provides an overview of the upcoming GDPR regulations and principles of security and privacy, emphasizing the importance of trust, data governance, and monitoring cyber risks in real-time.
We take a look at the risks of non-compliance when it comes to GDPR and what can be done to assist your own compliance through the use of GDPR365 software.
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.trustarc.com/best-practices-for-managing-individual-rights-under-gdpr-webinar.html
Insights and best practices for managing individual rights under the GDPR.
The GDPR introduces new individual rights for consumers such as the right of deletion, rectification and data portability - and non-compliance can lead to the highest level of fines. Many regulators are planning consumer campaigns that are likely to increase awareness and action on these new data subject access rights once the GDPR comes into effect on May 25th. What are your obligations? What volume of requests should a company prepare for? What best practices and tools are available to support these new requirements?
This on-demand webinar will provide insights and best practices for managing individual rights under the GDPR.
#trustarcGDPRevents
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
The document discusses the new General Data Protection Regulation (GDPR) which takes effect in May 2018 and gives EU citizens rights over their personal data. It notes that personal data is increasingly being lost, stolen, sold without consent, and used for criminal purposes. The GDPR gives individuals the rights to access their data, request data transfers or deletions, see data about their children, and have inaccurate data corrected. Companies need policies to demonstrate explicit consent for data collection and use, understand what data they hold and how it is managed, securely delete unneeded data, and be prepared to comply with the GDPR by its effective date.
The document discusses where organizations should be in preparing for the General Data Protection Regulation (GDPR) which takes effect in May 2018. It raises questions that organizations should consider such as engaging stakeholders to fund compliance, understanding the data being stored and its purposes, ensuring all breaches can be detected and reported, clarifying accountability, and maintaining momentum through and beyond the 2018 deadline. The document emphasizes that organizations need to understand their data, have accountable processes, and view GDPR as an opportunity to improve customer relationships and trust through appropriate data management.
The document discusses preparations for the General Data Protection Regulation (GDPR) which takes effect in May 2018. It provides an overview of key GDPR requirements such as conducting privacy impact assessments, obtaining explicit consent, data breach notification, and appointing a Data Protection Officer. The presentation recommends organizations undertake a data discovery and gap analysis to assess compliance needs. Penalties for non-compliance under GDPR are also highlighted.
How will GDPR affect your business - Marketing Fox & Birkett LongLouise Owens
This document summarizes a seminar on post-GDPR marketing. It began with an overview of creating a marketing strategy, including evaluating current efforts, setting objectives, developing a strategy, implementing a plan, and measuring results. Building an audience was discussed, emphasizing growing a database organically and using a CRM. Marketing automation was introduced as a way to automate marketing actions like email workflows. The seminar concluded by offering attendees a discounted marketing strategy workshop.
This webinar covered how to prepare for the General Data Protection Regulation (GDPR) which goes into effect in May 2018. It discussed assessing the impact on your organization, capturing consent, cookie usage, marketing communications, systems impacts, and individual rights. The webinar encouraged attendees to prepare by auditing their databases, updating processes around consent and privacy policies, and ensuring their marketing technology stack is compliant. Additional resources on GDPR preparation were provided.
Due to the evolution of personalized, data-driven digital marketing, companies now have infinite amounts of personally identifiable information (PII) about their customers; and this stockpile of information continues to grow—at an exponential rate. In fact, according to the Pew Research Center, the volume of business data worldwide—across all industries—doubles every 1.2 years.
But how should you use this treasure trove of data? And at what point does the information known about your consumers—and the ways you use this information—risk consumer privacy? Is there such thing as too much data?
Attend this webinar to learn:
• What your responsibilities are in today’s ‘big data universe’
• How to use your data and meet compliance laws
• Tips for integrating data across channels and platforms
• How to implement the principles of ‘Privacy by Design’
[Srijan Wednesday Webinars] Is Your Business Ready for GDPRSrijan Technologies
The document provides an overview of the General Data Protection Regulation (GDPR) which takes effect in May 2018. It defines key terms like personal data and data controllers. The GDPR aims to strengthen data protection for EU individuals and unify laws across EU members. It impacts any business that collects or processes personal data of EU individuals. Companies must obtain proper consent to use personal data and only keep data for specified purposes. Non-compliance can result in large fines. The GDPR changes how marketing departments can collect and use customer data.
The document provides an overview of the General Data Protection Regulation (GDPR) that will replace existing European Union data protection laws in May 2018. It discusses key aspects of GDPR compliance including strict privacy principles, increased individual rights over personal data, heavy penalties for non-compliance, and the requirement for some businesses to appoint a Data Protection Officer. The document also examines effects of GDPR on marketing to businesses and provides recommendations for steps businesses should take to prepare for GDPR requirements.
This document provides an overview of the General Data Protection Regulation (GDPR) and recommendations for businesses to prepare for its implementation. Some key points:
- GDPR applies to any business established in the EU or offering goods/services to EU residents and takes full effect on May 25, 2018. Non-compliance could result in fines up to 20 million euros.
- Businesses need to designate a data protection officer, map their data flows, determine the legal basis for processing personal data, and update processes for responding to access and erasure requests.
- Preparing for GDPR involves training staff, being transparent about data use, implementing privacy by design, and having processes to address data breaches. Proper preparation will
An overview of the key facts about the GDPR and what businesses need to do before the legislation goes live in May 2018. Originally delivered at an event in September 2017 by Carswell Gould (a marketing communications agency) and Moore Blatch (a law firm) and in collaboration with Sofigate (an IT consultancy).
The EU’s GDPR is the first major overall of data privacy requirements in the EU since the 1990s and is effective May 25, 2018. The GDPR is more than a regulation; it is a way of integrating data privacy and information security into day-to-day operations. This session will use case studies to bring alive the key issues to be addressed and best practices to address them whether in the EU or not.
Learning Objectives:
1: Understand that the GDPR contains significant food for thought.
2: Learn how organizations can build on previous compliance and policy efforts.
3: Understand why doing business in Europe post-GPDR requires planning and privacy initiatives.
(Source: RSA Conference USA 2018)
Guidance on complying with the new EU GDPR regulation. A look at GDPR definitions, what it entails and a roadmap to start your journey on compliance as well as some handy WordPress GDPR links to plugins.
The Event Marketer's Checklist for GDPR ComplianceSplash
GDPR compliance is on. Our Senior Director of Demand Gen and the President of Heinz Marketing break down the minimum (and surprisingly simple) ways to be compliant. We’ve laid out a 10 item checklist for event marketers, paired with examples from our GDPR strategy. Want to watch the full webinar? Check it out here: https://splashthat.com/webinars/gdpr-checklist-event-marketers
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 3
• Data protection by design
• Securing personal data
• Reporting data breaches
SMS and GDPR - what you need to know to be compliantEsendex
These slides accompanied a webinar hosted on 11th April, 2018, in which the question of 'can I continue to text my customers after GDPR becomes effective' was answered. We cover off the lawful bases for communicating with customers, prospects and ex-customers; privacy policy changes; data controllers and data processors, and your responsibilities as one or the other of these. We then explore the path Esendex is taking to GDPR-compliance, effectively using ourselves as the case study for this presentation.
One of the most important aspects of GDPR compliance is your Privacy Policy.
The GDPR has increased requirements for Privacy Policies, as well as for getting consent for your Policy terms. Learn more in this informative presentation.
Read our related blog post here: https://termsfeed.com/blog/gdpr-privacy-policy/
A Day in the Life of a GDPR Breach - September 2017: France Splunk
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Splunk's own Mathieu Dessus and Elizabeth Davies explore the future scenario.
Data privacy awareness is on the rise. Users become more and more concerned with how online service providers collect and protect their personal information. And so should you. Discover how to balance the risks and benefits of collecting data in the age of customer centricity.
Build applications with generative AI on Google CloudMárton Kodok
We will explore Vertex AI - Model Garden powered experiences, we are going to learn more about the integration of these generative AI APIs. We are going to see in action what the Gemini family of generative models are for developers to build and deploy AI-driven applications. Vertex AI includes a suite of foundation models, these are referred to as the PaLM and Gemini family of generative ai models, and they come in different versions. We are going to cover how to use via API to: - execute prompts in text and chat - cover multimodal use cases with image prompts. - finetune and distill to improve knowledge domains - run function calls with foundation models to optimize them for specific tasks. At the end of the session, developers will understand how to innovate with generative AI and develop apps using the generative ai industry trends.
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data LakeWalaa Eldin Moustafa
Dynamic policy enforcement is becoming an increasingly important topic in today’s world where data privacy and compliance is a top priority for companies, individuals, and regulators alike. In these slides, we discuss how LinkedIn implements a powerful dynamic policy enforcement engine, called ViewShift, and integrates it within its data lake. We show the query engine architecture and how catalog implementations can automatically route table resolutions to compliance-enforcing SQL views. Such views have a set of very interesting properties: (1) They are auto-generated from declarative data annotations. (2) They respect user-level consent and preferences (3) They are context-aware, encoding a different set of transformations for different use cases (4) They are portable; while the SQL logic is only implemented in one SQL dialect, it is accessible in all engines.
#SQL #Views #Privacy #Compliance #DataLake
4. Wetherspoons just deleted its entire
customer email database - on purpose
And said it will stop sending all email
newsletters
July 2017
5. Myth #1
You won’t be able to send
marketing emails anymore or will
have to delete your database
6. Wetherspoons just deleted its entire
customer email database - on purpose
And said it will stop sending all email
newsletters
July 2017
7. “We felt, on balance, that we would
rather not hold even email addresses
for customers.
The less customer information we
have, which now is almost none, then
the less risk associated with data.”
9. Wetherspoons just deleted its entire
customer email database - on purpose
And said it will stop sending all email
newsletters
July 2017
10. What we did at VinciWorks
● Verify your legal basis (consent, legitimate interest)
● Delete worst contacts
● Honor unsubscribes with your life
● Monitor unsubscribe rates
● Deliver phenomenal value
14. Conditions for processing data
The person gave
explicit consent
To fulfil or prepare
a contract
There is a legal
obligation
(excluding a contract)
To save
someone’s life or
in a medical
situation
To carry out a
public function
There is some other legitimate
interest
(excluding public authorities)
1 2 3
4 5 6
15. Myth #3
Most staff don’t need to care
or worry about GDPR / It’s
something for your Data
Protection Officer to worry
about
16. What we did at VinciWorks
● Conduct a DPIA with all staff
● Update employment contracts
● Update internal rules and policies
● Train all staff on the basics of GDPR
● Create a culture of sensitivity to users
21. Wetherspoons just deleted its entire
customer email database - on purpose
And said it will stop sending all email
newsletters
July 2017
22. VinciWorks and subject access requests
● Create a portal where people can fill out a form
● Stick to the timelines
● Automate what you can
● Build trust
● Create value
23. Myth #5
You’ll be fined 4% of global turnover for your first offence
Good Morning everyone.
Today I was going to dispel 10 GDPR myths but VinciWorks ran a GDPR webinar yesterday and we had over 800 registrations and over 500 attendees and we captured some great data that I really want to share with you today.
So I am going to brighten your day and dispel only 4 or 5 key myths, share what we learned yesterday and probably commit professional suicide by telling you why I think GDPR is actually good for business.
And even if you think I have gone nuts this presentation might at least give some of you sound bytes to help you better sell GDPR to the Board and get a bigger budget or help you get some buy in from Marketing and Sales to do what you ask of them.
Like others here this morning, I’ve been in the compliance business for a long time and I’ve seen the cycle before: Anti money laundering, anti-bribery, sanctions, diversity, tax evasion, modern slavery and now GDPR. A new regulations are announced and what happens?
The scaremongering begins, the ambulance chasers come out and a whole new breed of consultants start telling us to take action, spend money and do stuff they don’t really know we need to do.
Well if you are still in panic - Relax
This is a result poll from our Webinar yesterday. Only 2% said they were Fully Prepared and almost 40% said they hadn’t prepared at all. So feel proud or relieved – whatever works for you.
So let's get right to it with Myth number 1.You won't be able to send marketing emails anymore or you will have to delete your entire database.
Rubbish Right? Well it seems that someone gave JD Wetherspoons this advice and they followed it.
Wetherspoons is a UK national chain of pubs that is publicly listed with over £1.6 billion in revenue.
Now have some sympathy for Wetherspoon because in June 2015 they got hacked and had over 650,000 customers records stolen. So once bitten twice shy – right.
Well in July 2017 Wetherspoon deleted its entire user database including around 500,000 email addresses and said it will no longer send email newsletters to anyone.
What was their rational?
A Wetherspoons spokesman said: “We felt, on balance, that we would rather not hold even email addresses for customers. The less customer information we have, which now is almost none, then the less risk associated with data.”
Well its true that the best way to take no risk is to do nothing - but for most of us communicating with our clients and prospects via email is a critical part of our marketing strategy and its justified.
The ROI per dollar spent on email marketing is nearly double the next best option - SEO. So if Wetherspoon is going to stop all email marketing but still market online they are going to have to double their marketing budget to achieve that same ROI.
Now I am not saying Wetherspoon were wrong – they are a successful company that knows their business. As I am sure are all of you.
So this is an interesting poll result from yesterday’s webinar – half the people haven’t decided and around 25% are going to ask for consent – and yes around 4% intend deleting what they have.
The truth is that no one will have a complete understanding of the regulations until they are tested and that’s going to take some time.
We at VinciWorks have no greater insight that the rest of you but I thought it might give you food for thought if shared with you how we at VinciWorks responded to these myths remembering that every business is different.
You may have well have valid bases for processing personal data and take a very different approach to us.
First, which you all must do. We took advice. Then we started with a Data Audit. It took time and effort to look at all the personal data we hold including both internal employee data and external prospect and client data.
1. With the external data we did an assessment and started deleting the worst or ‘weakest contacts’. These were contacts that had never opened any of our emails, never clicked on a link or had never engaged directly with us. We determined that by their inaction they had clearly signaled that they were not receiving value from us, they hadn’t consented and when we got real we recognized that there was almost zero likelihood that they would ever actually buy anything from us – so why keep this personal data .
We also assumed that they were the most likely to report us for data breaches, whether we committed one or not. So we did a Witherspoon and dumped it.
Interestingly we found that many of these weakest contacts had gmail.com or hotmail.com addresses.
2. Next we made sure we had an iron-clad process for managing unsubscribe requests. We absolutely didn't want to be sending emails to anyone that didn’t want to receive them – why would we? For sure THEY WILL NEVER BUY.
3. Another thing we started to more closely was to monitor our unsubscribe rates. Our typical unsubscribe rate is less than 0.5% and we learned that an increase to over 1.5% meant there was a problem and it was probably us who was doing something wrong.
4. And finally and most importantly we re-focused on delivering exceptional value from our marketing
We only communicate information that is of significant value to our customers. Its expensive to create great content and it takes time to get your head around giving away such high quality content away - for free. But it works. Give it away and get rich!
Most importantly it works in terms of generating great leads, up-sales and renewals and what is really cool is that from a GDPR perspective no one ever complains about receiving amazing value.
We don't do any telemarketing nor any cold calls.
All of our growth today is driven by delivering a constant flow of high value content.
The internet shifted the power in the buying decision from Seller to the Buyer.
We never know when the buyer is actually ready to buy
But by constantly delivering relevant high value content we hope to retain some level of ‘mindshare’, create a level of trust and
by so doing, hope be asked to sit at the table when the buyer is ready to buy.
GDPR has helped us purify our policies and impose processes that drive our growth.
You can’t store personal data.
There are lawyers and others in the room who can discuss this with much more authority than me but rest assured it is more than a myth, it is a lie.
Touching on just 3 conditions - what is true is that in order to process personal data, the data controller must have a lawful basis on which he can rely.
The most obvious is contractual - we provide compliance and risk management software to companies but we also offer compliance training to around 100,000 individual lawyers and accountants including some of you here is Cyprus – thank you! We have a contract with agreed Terms & Conditions and that contract gives us a lawful basis to process the related personal data.
Next is Consent. It’s common sense. Did the consent to you sending him stuff? We were nervous about asking for consent but then we realised we were more afraid of creating a detractor as opposed to a promotor. And so if people are not engaging with us we should assume they don’t consent - its safe and it’s right. It honours the individual and his or her rights.
.
I think the legitimate interest condition is most interesting because it allows for a lot of discretion particularly as to what is reasonable.
Bottom line we don’t want to fight with anyone. If we end up going to court no one wins and either way we lose the customer.
Your DPO may be the person you have “tasked” with achieving GDPR compliance. But GDPR is about people, it is about your customers and out your employees.
And in many organisations the DPO has never actually spoken to a customer
And unless your DPO is also your head of HR, do you want them having sensitive conversations about personal data with your staff? I didn’t.
Think about who in your organisation has access to or deals with ‘information’ relating to an identifiable person.
This includes a person’s name, identification number, location or online identifier such as email address.
In our company it was the HR Team, Office Manager, Finance Team, Marketing Team and yes, the Sales Team – everyone dealing with our prospects or customers. That is almost everyone.
So we decided all these people needed to take ownership and responsibility for the protection of data.
They will be the ones that cause us to breach the regulations, negatively impact the reputation of our business and ultimately lose our clients.
Our first step, was to complete a limited Data Protection Impact Analysis – we didn’t feel we were obligated to do this.
We don’t believe there is a high risk of us impacting on the rights and freedoms of a large number of individuals
but we are in the Risk and Compliance Management business.
So we undertook a Risk Identification process. We looked at the data we had and assessed if there was low, medium or high risk of a breach occurring.
We learned what most companies are learning:
We needed to review all staff employment contracts: we needed to reference the employees GDPR rights in their contracts and at the same time tell them what their obligations are as employees
We needed to and review and update our Terms & Conditions and many of our other policies and internal rules.
We also needed to ensure that some time would be taken at the launch of every new project to evaluate the project in the context of GDPR.
However what we really needed to do was to make data sensitivity an integrated part of the VinciWorks corporate culture
Same was as we are doing around harassment, diversity, bribery and risk in general.
This requires behavioural change and that requires good governance, great communication and consistent and ongoing training.
We were lucky because VinciWorks creates great online compliance training
So we deployed GDPR training to all staff
Training doesn’t have to be long, boring or difficult but it does need to be tailored to an individual’s role
Your team need to understand what GDPR is from their perspective within the context of their specific job role.
Another poll from yesterday’s seminar…A much more even spread around DPIA Data Protection Impact Analysis
Myth #3 You will swamped with data access request
Very quick on this. Subject access requests are not new. They have been around in the UK since the Data Protection Act in 1998 and in Cyprus since 2001.
The only difference is that now they are free instead of costing £10.
I would like a show of hands, how many people have ever processed a subject access request? Well you are in good company:
Swamped? I don’t think so
That said, we really liked the Guidelines on Transparency issued by the Data Protection Working Party.
So we thought it would be important for businesses to demonstrate our transparency and availability to our own staff and to our broader community of customers and prospects.
At VinciWorks we sell workflow tools that make it really easy to create online forms, approval workflows and registers. And so we are using this tool to create a simple online portal that is accessible internally and externally to our entire community. It contains one page or form which is a Subject Access Request form. If someone submits a request it alerts the DPO by email and sends the request into a mailbox which is supported by a workflow that helps ensure the appropriate person responds to the request within the required timelines.
Is this essential? Is it regulated? Probably not. But it relieves the DPO from some of the more arduous tasks and we see this as an opportunity to demonstrate to our community that we care, that we are open and available - and we are not doing the same thing in regard to whistleblowing, harassment, complaints, gifts and GDPR breaches.
It’s a headline grabbing threat designed to leave you shaking at your keyboard, fearful that one wrong keystroke will siphon off €20m, or 4% of turnover, whichever hurts the most. Typical maximum fines that can be levied under current data protection laws in Europe is peanuts in comparison, £500,000.
If the Regulators applied the maximum fines then some of the biggest fines would balloon under GDPR rules. TalkTalk’s 2016 fine of £400,000 would become nearly £60m
However GDPR is not about fines. The ICO has made clear that maximum fines will not become the norm, nor will examples be made of big brands for minor infringements. As they’ve said, they prefer the carrot to the stick. The UK ICO’s record stands to reason. In 2016/17, the regulator dealt with over 17,000 cases. Only 16 resulted in a fine. I am not certain but from the research I did do it seems the ratio and certainly number and amount of the fines have been much lower here in Cyprus.
There seems nothing to suggest that this will change under GDPR. The regulator has a range of tools available on a tiered basis, starting with ordering audits, issuing warnings and reprimands, demanding compliance and launching investigations. GDPR, is focused on getting data protection right for citizens, not fining businesses to within an inch of their profit margin.
So my time is almost up.
Let’s summarise: Of course GDPR is about the regulations but I hope I have made the point that GDPR can also be seen as an outcome of the shift in focus to Customer Success and Customer Care.
As customers we know that. As customers we all get massively upset when we gets spammed, we get angry when we unsubscribe and then keep getting emailed and then we go ballistic when those telemarketing guys call us during dinner.
Well if we as businesses want to create customer loyalty then surely GDPR simply becomes the benchmark minimum standard for caring about our customers’ data.
In today’s global networked marketplace the Customer is constantly asking themselves why they should buy from us. And so attracting and keeping a client is only partially derived from the quality of the products and services we sell but is probably equally if not more derived from the relationship they feel they have with the company. And like all relationships it is built on trust, value and respect.
Clearly we all need to achieve regulatory compliance and all the people presenting here today are here to help.
VinciWorks can help in many ways around training and data collation, analysis and reporting but it is my belief and experience that if you apply common sense and focus on the three pillars of customer success - trust, value and respect then GDPR compliance becomes easy and obvious –
GDPR compliance will actually enhance the quality of your offering, your relationships and ultimately your bottom line.
We have set up a portal with a comprehensive GDPR resources at vinciworks.com/GDPR including links to training, policies, templates, guides, assessments and bunch of other stuff all freely available to you. Take our your phones and take a quick look now. Enjoy and thank you.
Have a great day.
We have set up a portal with a comprehensive GDPR resources at vinciworks.com/GDPR including links to training, policies, templates, guides, assessments and bunch of other stuff all freely available to you. Thank you and have a great day.