This document provides guidance for companies outside the EU on complying with the General Data Protection Regulation (GDPR). It discusses how the GDPR applies extraterritorially to non-EU companies that offer goods/services to or monitor EU citizens. It outlines key GDPR concepts like personal data, data controllers, processors, and consent requirements. It recommends companies inventory all data storage locations, review contracts, and assess if a Data Protection Officer is required. It also covers data breach notification timelines and potential fines for noncompliance.
The engaging white paper delivers the core facts you need to understand the fundamental nature of the GDPR regulations and what it means for your business and the management of its data.
GDPR is the new EU regulation governing personal data security that applies to all companies doing business in the EU. It grants EU citizens rights to access and delete their personal data. Non-compliance can result in fines of up to 4% of global revenues. All companies that collect or use personal data of EU citizens must comply, including companies outside of Europe. Financial institutions will have additional requirements such as being able to delete personal data upon request and keeping auditable records of all documents containing personal data. Centralized control of GDPR compliance is recommended given the large potential fines for non-compliance.
GDPR is the new EU regulation governing personal data security that applies to all companies doing business in the EU. It grants EU citizens rights to access and delete their personal data. Non-compliance can result in fines of up to 4% of global revenues. All companies that collect or use personal data of EU citizens must comply with GDPR regulations around data access, storage, and deletion. Financial institutions will face additional challenges around tracking documents containing personal data and being able to delete data upon request.
The General Data Protection Regulation (GDPR) is an EU law that sets guidelines for collecting and processing personal information from individuals in the European Union. It aims to give citizens control over their personal data and unify data protection within the EU. The GDPR takes effect on May 25, 2018 and replaces the 1995 Data Protection Directive. It applies to any organization worldwide that collects data on EU citizens. Non-compliance can result in fines of up to 20 million euros or 4% of annual global turnover.
GDPR- Get the facts and prepare your businessMark Baker
The GDPR will become law on May 25, 2018 and requires any organization that collects or processes personal data from EU citizens to comply with new privacy regulations. It mandates breach reporting within 72 hours of discovery and fines of up to 20 million euros for noncompliance. It also introduces the principle of "data protection by design" which requires privacy to be built into new systems and processes from the start. To prepare, organizations need to review technologies and processes for breach detection and reporting, and make privacy protections a fundamental part of their operations and systems.
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
Cognizant business consulting the impacts of gdpraudrey miguel
GDPR will fundamentally change the approach to personal data protection in Europe beginning in May 2018. It aims to give individuals greater control over their personal data and places more responsibility on organizations to demonstrate appropriate consent and data usage. While Swiss law already protects personal data, recent updates to Switzerland's Federal Act on Data Protection are intended to closely align it with GDPR. Organizations need to start implementing programs now to assess their compliance and address new requirements around data usage, security, individual rights and oversight.
The document provides an overview of the key aspects of the new EU General Data Protection Regulation (GDPR) which takes effect in May 2018. It discusses some of the major changes and implications of the GDPR compared to previous data protection laws. Specifically, it notes that the GDPR has tighter definitions, will have direct effect across EU members, requires express consent for data processing, gives individuals more rights over their personal data, mandates reporting data breaches, and imposes much heavier penalties for non-compliance. It also summarizes some of the major implications of the GDPR for businesses, such as applying to all vendors, needing to respond to personal data requests promptly, and diverting resources to deal with more information requests.
The engaging white paper delivers the core facts you need to understand the fundamental nature of the GDPR regulations and what it means for your business and the management of its data.
GDPR is the new EU regulation governing personal data security that applies to all companies doing business in the EU. It grants EU citizens rights to access and delete their personal data. Non-compliance can result in fines of up to 4% of global revenues. All companies that collect or use personal data of EU citizens must comply, including companies outside of Europe. Financial institutions will have additional requirements such as being able to delete personal data upon request and keeping auditable records of all documents containing personal data. Centralized control of GDPR compliance is recommended given the large potential fines for non-compliance.
GDPR is the new EU regulation governing personal data security that applies to all companies doing business in the EU. It grants EU citizens rights to access and delete their personal data. Non-compliance can result in fines of up to 4% of global revenues. All companies that collect or use personal data of EU citizens must comply with GDPR regulations around data access, storage, and deletion. Financial institutions will face additional challenges around tracking documents containing personal data and being able to delete data upon request.
The General Data Protection Regulation (GDPR) is an EU law that sets guidelines for collecting and processing personal information from individuals in the European Union. It aims to give citizens control over their personal data and unify data protection within the EU. The GDPR takes effect on May 25, 2018 and replaces the 1995 Data Protection Directive. It applies to any organization worldwide that collects data on EU citizens. Non-compliance can result in fines of up to 20 million euros or 4% of annual global turnover.
GDPR- Get the facts and prepare your businessMark Baker
The GDPR will become law on May 25, 2018 and requires any organization that collects or processes personal data from EU citizens to comply with new privacy regulations. It mandates breach reporting within 72 hours of discovery and fines of up to 20 million euros for noncompliance. It also introduces the principle of "data protection by design" which requires privacy to be built into new systems and processes from the start. To prepare, organizations need to review technologies and processes for breach detection and reporting, and make privacy protections a fundamental part of their operations and systems.
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
Cognizant business consulting the impacts of gdpraudrey miguel
GDPR will fundamentally change the approach to personal data protection in Europe beginning in May 2018. It aims to give individuals greater control over their personal data and places more responsibility on organizations to demonstrate appropriate consent and data usage. While Swiss law already protects personal data, recent updates to Switzerland's Federal Act on Data Protection are intended to closely align it with GDPR. Organizations need to start implementing programs now to assess their compliance and address new requirements around data usage, security, individual rights and oversight.
The document provides an overview of the key aspects of the new EU General Data Protection Regulation (GDPR) which takes effect in May 2018. It discusses some of the major changes and implications of the GDPR compared to previous data protection laws. Specifically, it notes that the GDPR has tighter definitions, will have direct effect across EU members, requires express consent for data processing, gives individuals more rights over their personal data, mandates reporting data breaches, and imposes much heavier penalties for non-compliance. It also summarizes some of the major implications of the GDPR for businesses, such as applying to all vendors, needing to respond to personal data requests promptly, and diverting resources to deal with more information requests.
EU GDPR(general data protection regulation)RAKESH S
The document discusses the key aspects and requirements of the European Union's General Data Protection Regulation (GDPR) which takes effect in May 2018. It overviews the goals of the GDPR to give citizens control over their personal data and simplify regulations for international business. Some key points covered include territorial scope and application to non-EU organizations, data subject rights, security breach notification requirements, appointing a data protection officer, and strategies for implementing GDPR compliance.
The document discusses the EU General Data Protection Regulation (GDPR), which took effect in May 2018. It provides the following key points:
- The GDPR replaced the previous EU data protection directive and directly applies across all EU member states. It aims to give individuals more control over their personal data.
- Key aspects of the GDPR include expanded territorial reach, requirements for data protection officers, increased accountability and privacy by design principles, strengthened rights for data subjects, and larger maximum fines for noncompliance.
- Companies need to review their data processing activities, legal bases for processing, consent mechanisms, security, breach response plans, and privacy notices to ensure compliance with the extensive new obligations and standards introduced by the GD
Presentation on GDPR which is not technical, nor product specific, focusing on manufacturing industry and providing a non expert view on what the regulation is all about.
Targeted to Senior Management who has a direct responsibility on the treatment (direct or indirect) of personal data.
On 25 May 2018, the EU’s General Data Protection Regulation
(GDPR) came into effect and applies to all businesses – regardless of size - operating in the U.K., as well as all businesses outside the EU that collect or process the data of EU citizens and residents.
The purpose of this document is threefold:
1: Introduce the GDPR and highlight key pieces of the legislation
that should be front-of-mind for business owners
2: Lay out a path for businesses to follow to ensure compliance
by May 2018
3: Address questions put forward by businesses that completed
our GDPR survey
This document discusses data privacy and protection. It provides insights from internal and external experts on this topic. It addresses issues like how new European guidelines will affect information managers and what IT teams need to know about data retention. Specific topics covered include the safe harbour ruling between European and US data privacy laws, defining personal data and retention policies, and how new data privacy laws impact records managers and what IT needs to know.
Data protection for Lend.io - legal analysis by Bird and BirdCoadec
New EU data protection rules are coming, with the General Data Protection Regulation likely to be agreed in the next few months. It will have a massive impact on digital businesses
To bring this rather dry subject to life, Coadec working together with techUK has commissioned a leading data protection law firm to look at what current drafts of the new law would mean for a fintech startup we invented, Lend.io.
The General Data Protection Regulation (GDPR) is a regulation scheduled to be enacted on May 25, 2018. It is designed to protect the privacy and rights of EU citizens, no matter where they are in the world. These slides cover the basics of these regulations and how you can make sure you are EU compliant.
As a follow up to our recent GDPR event, we have compiled a few frequently asked questions and answers to help you further understand what is expected when GDPR is introduced on the 25th May 2018.
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
This second output of the GIG focuses on the definition of Personal Data under the GDPR, explaining how it will affect companies in the online advertising space.
EU GDPR Lesson 1 - What is the GDPR? Why do we need it?
EU GDPR Lesson 2 - Data Protection by Design and by Default
EU GDPR Lesson 3 - The Right To Be Forgotten
EU GDPR Lesson 4 - Who Does the EU GDPR Apply?
EU GDPR Lesson 5 - What Happens if I Don’t Comply with the EU GDPR?
EU GDPR Lesson 6 - Next Steps - How to Get There?
Over the past few years of monitoring the development of the EU General Data Protection Regulation (GDPR) and its effects on technology, we’ve distilled the parts of the regulation that most affect your business into this practical guide.
Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...YogeshIJTSRD
In the era of big data, the contradiction between e commerce platform and consumers is becoming more and more serious with the popularization of the Internet. Consumer personal data is not protected, and the platform takes advantage of the advances in big data to capture consumer data and generate revenue. The purpose of this paper is to clarify the responsibility to protect for e commerce platforms. Inform consumers of their obligations and protect their rights and interests. Resolving data privacy disputes between e commerce platforms and consumers. For the phenomenon of consumer data leakage, the platform has no clear protection mechanism, consumers themselves in the use of the process, their own lack of protection awareness. And there are a few problems with that. The main content of this paper is to protect the rights and interests of consumers from the point of view of consumers, to improve the relevant legal provisions, to ease the contradictions between consumers and e commerce platform. To protect consumers’ data rights and interests from three aspects First, to perfect the platforms privacy protection regulations and preventive measures to avoid risks, and to minimize the risks after data leakage. Second, to enhance consumers’ awareness of protecting their own data rights and interests, we should cooperate with the data protection of e commerce platform and find an effective way when privacy data is violated. Third, from the governments point of view, monitoring the use of e commerce platform data. Protecting consumer data from a legal perspective. The platform, the consumer, the network supervises the department tripartite coordination, establishes the complete legal safeguard system, promotes the data information economy the development. Changjun Wu | Defeng Li "Research on Electronic Commerce Platform Consumer Data Rights and Legal Protection" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-5 , August 2021, URL: https://www.ijtsrd.com/papers/ijtsrd44954.pdf Paper URL: https://www.ijtsrd.com/management/law-and-management/44954/research-on-electronic-commerce-platform-consumer-data-rights-and-legal-protection/changjun-wu
A simple, beautiful guide to understanding GDPR (General Data Protection Regulation).
All businesses in the UK and EU need to comply with GDPR by the 25th of May 2018 or risk hefty fines.
Use this free, visual guide to understand how you need to comply.
We'll be looking at what your customers' rights are, privacy by design, breach notifications, data security and more.
Finally, we'll give you a GDPR action checklist so you can take right steps to comply with the legislation in time.
The document discusses the ripple effects of the EU's General Data Protection Regulation (GDPR) in North America and analyzes upcoming data privacy laws like the California Consumer Privacy Act (CCPA) and proposed Consumer Data Protection Act (CDPA). It outlines key aspects of the GDPR, CCPA, and CDPA like their territorial scope, definitions of personal data, organizations and operations covered, individual rights, and penalties for noncompliance. While the CCPA goes into effect in 2020, the CDPA remains a draft bill. The document also notes challenges that laws like the CCPA face from large companies.
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Dr. Donald Macfarlane
The document discusses how Britain's decision to exit the EU makes compliance with the General Data Protection Regulation (GDPR) even more important for businesses. The GDPR will apply from May 2018 and regulates how personal data of EU citizens is handled. It creates unified data protection across EU countries and non-compliance can result in large fines. The Brexit vote occurred after the GDPR was published, so businesses processing EU citizens' data will still need to comply with the GDPR whether they operate inside or outside the EU. The document provides examples of best practices for complying with GDPR rights like access, rectification, erasure, and outlines how understanding where data resides is crucial.
The General Data Protection Regulation (GDPR) is a new EU data protection law that takes effect in May 2018. It places greater obligations on organizations to protect personal data and privacy. The GDPR expands the definition of personal data, increases requirements for consent and transparency, strengthens individual rights, and imposes tougher fines for non-compliance. Businesses need to review their data protection practices, identify any risks, and make changes to policies and procedures to ensure compliance with the new law. Failure to comply could result in significant fines of up to 4% of global revenue.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
The document discusses the General Data Protection Regulation (GDPR) which regulates how companies handle personal data of EU citizens. It provides an overview of GDPR including key events leading to its adoption and how it strengthens data protection rights. It highlights some notable differences between GDPR and the previous UK Data Protection Act. The document also outlines an approach for companies to become GDPR compliant including conducting a data assessment, updating policies and processes, and appointing a data protection officer if needed. It notes both the penalties for non-compliance and opportunities that GDPR presents organizations.
The 2013 Cost of Data Breach Study: France found that the average cost of a data breach in France increased from €122 per lost or stolen record in 2011 to €127 per record in 2012. The total average organizational cost of a data breach also rose over this period, from €2.55 million to €2.86 million. Malicious attacks were the most common cause of breaches, accounting for 42% of cases. Lost business costs, which include customer churn, increased sharply from €0.78 million in 2011 to €1.19 million in 2012. Certain organizational factors like having an incident response plan in place were found to lower the costs of a breach.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
A brief outline of the challenges that could be face by financial institutions with the implementation of the GDPR and recommendations to mitigate them
"If we're leaving the EU, does GDPR even matter?" And other FAQsTech Data
As the GDPR looms, Microsoft and Tech Data help to clear the fog for your business by answering your burning questions surrounding this intimidating regulatory change.
EU GDPR(general data protection regulation)RAKESH S
The document discusses the key aspects and requirements of the European Union's General Data Protection Regulation (GDPR) which takes effect in May 2018. It overviews the goals of the GDPR to give citizens control over their personal data and simplify regulations for international business. Some key points covered include territorial scope and application to non-EU organizations, data subject rights, security breach notification requirements, appointing a data protection officer, and strategies for implementing GDPR compliance.
The document discusses the EU General Data Protection Regulation (GDPR), which took effect in May 2018. It provides the following key points:
- The GDPR replaced the previous EU data protection directive and directly applies across all EU member states. It aims to give individuals more control over their personal data.
- Key aspects of the GDPR include expanded territorial reach, requirements for data protection officers, increased accountability and privacy by design principles, strengthened rights for data subjects, and larger maximum fines for noncompliance.
- Companies need to review their data processing activities, legal bases for processing, consent mechanisms, security, breach response plans, and privacy notices to ensure compliance with the extensive new obligations and standards introduced by the GD
Presentation on GDPR which is not technical, nor product specific, focusing on manufacturing industry and providing a non expert view on what the regulation is all about.
Targeted to Senior Management who has a direct responsibility on the treatment (direct or indirect) of personal data.
On 25 May 2018, the EU’s General Data Protection Regulation
(GDPR) came into effect and applies to all businesses – regardless of size - operating in the U.K., as well as all businesses outside the EU that collect or process the data of EU citizens and residents.
The purpose of this document is threefold:
1: Introduce the GDPR and highlight key pieces of the legislation
that should be front-of-mind for business owners
2: Lay out a path for businesses to follow to ensure compliance
by May 2018
3: Address questions put forward by businesses that completed
our GDPR survey
This document discusses data privacy and protection. It provides insights from internal and external experts on this topic. It addresses issues like how new European guidelines will affect information managers and what IT teams need to know about data retention. Specific topics covered include the safe harbour ruling between European and US data privacy laws, defining personal data and retention policies, and how new data privacy laws impact records managers and what IT needs to know.
Data protection for Lend.io - legal analysis by Bird and BirdCoadec
New EU data protection rules are coming, with the General Data Protection Regulation likely to be agreed in the next few months. It will have a massive impact on digital businesses
To bring this rather dry subject to life, Coadec working together with techUK has commissioned a leading data protection law firm to look at what current drafts of the new law would mean for a fintech startup we invented, Lend.io.
The General Data Protection Regulation (GDPR) is a regulation scheduled to be enacted on May 25, 2018. It is designed to protect the privacy and rights of EU citizens, no matter where they are in the world. These slides cover the basics of these regulations and how you can make sure you are EU compliant.
As a follow up to our recent GDPR event, we have compiled a few frequently asked questions and answers to help you further understand what is expected when GDPR is introduced on the 25th May 2018.
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
This second output of the GIG focuses on the definition of Personal Data under the GDPR, explaining how it will affect companies in the online advertising space.
EU GDPR Lesson 1 - What is the GDPR? Why do we need it?
EU GDPR Lesson 2 - Data Protection by Design and by Default
EU GDPR Lesson 3 - The Right To Be Forgotten
EU GDPR Lesson 4 - Who Does the EU GDPR Apply?
EU GDPR Lesson 5 - What Happens if I Don’t Comply with the EU GDPR?
EU GDPR Lesson 6 - Next Steps - How to Get There?
Over the past few years of monitoring the development of the EU General Data Protection Regulation (GDPR) and its effects on technology, we’ve distilled the parts of the regulation that most affect your business into this practical guide.
Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...YogeshIJTSRD
In the era of big data, the contradiction between e commerce platform and consumers is becoming more and more serious with the popularization of the Internet. Consumer personal data is not protected, and the platform takes advantage of the advances in big data to capture consumer data and generate revenue. The purpose of this paper is to clarify the responsibility to protect for e commerce platforms. Inform consumers of their obligations and protect their rights and interests. Resolving data privacy disputes between e commerce platforms and consumers. For the phenomenon of consumer data leakage, the platform has no clear protection mechanism, consumers themselves in the use of the process, their own lack of protection awareness. And there are a few problems with that. The main content of this paper is to protect the rights and interests of consumers from the point of view of consumers, to improve the relevant legal provisions, to ease the contradictions between consumers and e commerce platform. To protect consumers’ data rights and interests from three aspects First, to perfect the platforms privacy protection regulations and preventive measures to avoid risks, and to minimize the risks after data leakage. Second, to enhance consumers’ awareness of protecting their own data rights and interests, we should cooperate with the data protection of e commerce platform and find an effective way when privacy data is violated. Third, from the governments point of view, monitoring the use of e commerce platform data. Protecting consumer data from a legal perspective. The platform, the consumer, the network supervises the department tripartite coordination, establishes the complete legal safeguard system, promotes the data information economy the development. Changjun Wu | Defeng Li "Research on Electronic Commerce Platform Consumer Data Rights and Legal Protection" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-5 , August 2021, URL: https://www.ijtsrd.com/papers/ijtsrd44954.pdf Paper URL: https://www.ijtsrd.com/management/law-and-management/44954/research-on-electronic-commerce-platform-consumer-data-rights-and-legal-protection/changjun-wu
A simple, beautiful guide to understanding GDPR (General Data Protection Regulation).
All businesses in the UK and EU need to comply with GDPR by the 25th of May 2018 or risk hefty fines.
Use this free, visual guide to understand how you need to comply.
We'll be looking at what your customers' rights are, privacy by design, breach notifications, data security and more.
Finally, we'll give you a GDPR action checklist so you can take right steps to comply with the legislation in time.
The document discusses the ripple effects of the EU's General Data Protection Regulation (GDPR) in North America and analyzes upcoming data privacy laws like the California Consumer Privacy Act (CCPA) and proposed Consumer Data Protection Act (CDPA). It outlines key aspects of the GDPR, CCPA, and CDPA like their territorial scope, definitions of personal data, organizations and operations covered, individual rights, and penalties for noncompliance. While the CCPA goes into effect in 2020, the CDPA remains a draft bill. The document also notes challenges that laws like the CCPA face from large companies.
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Dr. Donald Macfarlane
The document discusses how Britain's decision to exit the EU makes compliance with the General Data Protection Regulation (GDPR) even more important for businesses. The GDPR will apply from May 2018 and regulates how personal data of EU citizens is handled. It creates unified data protection across EU countries and non-compliance can result in large fines. The Brexit vote occurred after the GDPR was published, so businesses processing EU citizens' data will still need to comply with the GDPR whether they operate inside or outside the EU. The document provides examples of best practices for complying with GDPR rights like access, rectification, erasure, and outlines how understanding where data resides is crucial.
The General Data Protection Regulation (GDPR) is a new EU data protection law that takes effect in May 2018. It places greater obligations on organizations to protect personal data and privacy. The GDPR expands the definition of personal data, increases requirements for consent and transparency, strengthens individual rights, and imposes tougher fines for non-compliance. Businesses need to review their data protection practices, identify any risks, and make changes to policies and procedures to ensure compliance with the new law. Failure to comply could result in significant fines of up to 4% of global revenue.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
The document discusses the General Data Protection Regulation (GDPR) which regulates how companies handle personal data of EU citizens. It provides an overview of GDPR including key events leading to its adoption and how it strengthens data protection rights. It highlights some notable differences between GDPR and the previous UK Data Protection Act. The document also outlines an approach for companies to become GDPR compliant including conducting a data assessment, updating policies and processes, and appointing a data protection officer if needed. It notes both the penalties for non-compliance and opportunities that GDPR presents organizations.
The 2013 Cost of Data Breach Study: France found that the average cost of a data breach in France increased from €122 per lost or stolen record in 2011 to €127 per record in 2012. The total average organizational cost of a data breach also rose over this period, from €2.55 million to €2.86 million. Malicious attacks were the most common cause of breaches, accounting for 42% of cases. Lost business costs, which include customer churn, increased sharply from €0.78 million in 2011 to €1.19 million in 2012. Certain organizational factors like having an incident response plan in place were found to lower the costs of a breach.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
A brief outline of the challenges that could be face by financial institutions with the implementation of the GDPR and recommendations to mitigate them
"If we're leaving the EU, does GDPR even matter?" And other FAQsTech Data
As the GDPR looms, Microsoft and Tech Data help to clear the fog for your business by answering your burning questions surrounding this intimidating regulatory change.
Ø Data protection principles set out the main responsibilities for organizations handling personal data, including processing data fairly and lawfully, only collecting data needed for the purpose, keeping data accurate, not storing it longer than needed, securing the data, and being accountable.
Ø Organizations must have a lawful basis to process personal data and do so in a transparent way by providing privacy notices. They can only use data for the specified purpose, not indefinitely or for new unspecified purposes. They must also minimize the data collected, keep it accurate, securely delete unneeded data, and keep records demonstrating compliance.
The document provides a summary of the key aspects of the General Data Protection Regulation (GDPR) in 3 pages. It discusses the basic principles of GDPR, how it may impact technology systems, and software tools that can help with compliance. Some of the main topics covered include the definition of personal and sensitive data, data subject rights, privacy by design, security requirements, and obligations for controllers and processors. The summary emphasizes the need for businesses to review their data protection practices and ensure they are prepared to comply with GDPR requirements that take effect in May 2018.
The document provides a summary of the key aspects of the General Data Protection Regulation (GDPR) in 3 pages. It discusses the basic principles of GDPR, how it may impact technology systems, and software tools that can help with compliance. Some of the main topics covered include the definition of personal and sensitive data, data subject rights, privacy by design, security requirements, and obligations for controllers and processors. The summary emphasizes the need for businesses to focus on compliance given the enhanced penalties and wider scope of GDPR.
This document discusses how Oracle's MySQL Enterprise Edition security features can help organizations comply with requirements of the EU General Data Protection Regulation (GDPR). It provides an introduction to the GDPR, outlines its key security objectives and definitions of core actors. It then summarizes key GDPR data security requirements in categories of assessment, prevention and monitoring/detection. Finally, it maps specific MySQL Enterprise Edition security features to how they address GDPR requirements around data protection, encryption, access controls and auditing.
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
Running Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docxjeanettehully
Running Head: THE IMPACT OF GDPR ON GLOBAL IT POLICIES 1
THE IMPACT OF GDPR ON GLOBAL IT POLICIES 3
THE IMPACT OF GDPR ON GLOBAL IT POLICIES
Abstract
The General Regulation of the EU on Data Protection (GDPR) provides essential safeguards in the field of privacy, which offer new challenges and potential opportunities for organizations worldwide. However, worldwide organizations must make GDPR compliance changes to minimize GDPR liability. This editorial preface discusses the benefits and threats of the effect of GDPR on global technology growth. We also speak about how China and the US, the two world economic giants, could respond more effectively to GDPR threats and possibilities.
Introduction
The GDPR, which became law on May 25, 2018, is a data protection law that establishes rules on the collection, storage, and management of data of persons living in the European Union (EU, 2016). This legislation applies to all individuals residing in the EU. To satisfy the new demands on privacy raised by digital technology advancement, the new law increases EU data protection. Although the GDPR also covers EU citizens, it has a global impact that impacts every EU business entity that provides services or keeps data regarding EU nationals, which are personally identifiable.
GDPR offers users with a broad degree of control to be overlooked, including the right to withdraw permission. In the same period, the information controllers and processors, including data protection, are required to record all their processing activities by the layout and by necessity. GDPR notes that businesses must seek the customer's permission for data collection and ' implementing successful technological and functional measures ' to protect personal data for EU citizens. (Kaushik et al. 2018).
In May 2018, the European Union adopted a General Data Protection Regulation, which drew a specific conclusion regarding the worlds most detailed and common law on data security, with substantial and unexpected consequences on multinationals. In the months before it began, both inside and outside of Europe, businesses failed to adhere. However, as many as 80% of the firms concerned were still short of this goal on the eve of enforcement.
A year on, businesses continue to work to achieve full conformity with their newly founded regulations. The government will be more confident. Data processing and the processing of complaints in most European countries have doubled, although businesses of all sizes develop violations and associated penalties practices and processes.
The non-conformity to GDPR was held accountable by organizations that process data belonging to EU citizens. GDPR offers a new obstacle, as well as potentially stricter security measures, protocols, and procedures to protect, handle and maintain your data and ensure compliance with GDPR, technology firms, and providers of cloud services, data centers, and advertisers. Afterward, we were probably subjected to s ...
The document discusses the impact of new European Union General Data Protection Regulation (GDPR) regulations on corporate HR functions. It notes that the new regulations, effective in May 2018, will significantly impact how companies collect, store, and use personal employee data. HR departments will need to overhaul processes around data retention, security, transparency, and portability to comply. Non-compliance could result in fines of up to 20 million euros or 4% of global revenue. The document provides recommendations on how companies can assess their readiness, such as conducting privacy impact assessments and implementing centralized governance, risk and compliance solutions.
The document discusses how Oracle's database security products can help organizations comply with the EU's General Data Protection Regulation (GDPR). It provides an overview of the GDPR, including its key objectives to establish data privacy rights and increase enforcement. It also outlines the core actors in the GDPR such as data subjects, controllers, processors, and supervisory authorities. Finally, it maps Oracle's security features to three key GDPR data security requirements: assessing security risks, preventing attacks, and monitoring to detect breaches.
“The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way that organisations handle, protect and use the personal data of EU individuals.
Organisations of all sizes, across all industries, and geographies that process personal data of EU residents need to take steps now to comply with the new EU General Data Protection Regulation by 2018, to satisfy management fiduciary duties
and avoid potentially costly penalties.”
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
This document provides an overview of the General Data Protection Regulation (GDPR) and how Windows 10 can help organizations comply with it. It begins with background on the GDPR, including its key implications like enhanced privacy rights for EU citizens and mandatory breach reporting. It defines personal and sensitive data under the GDPR. The document then outlines the key steps for an organization's GDPR compliance journey and describes various security and privacy capabilities in Windows 10 that can help with compliance, such as threat protection, identity protection, and information protection features. It concludes by providing Windows 10 resources to help organizations meet GDPR requirements.
The document discusses key priorities for boards to consider regarding implementation of the General Data Protection Regulation (GDPR). It provides an overview of the new requirements under GDPR, including expanded individual data rights for EU citizens, increased fines for noncompliance, and broader territorial scope. The document advises boards to ensure proper oversight of their organization's GDPR compliance programs, including regular reporting on status, audits, investigations and market developments. Directors could face liability for failing to oversee GDPR compliance risks.
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDPMalikPinckney86
Running head: THE IMPACT OF GDPR IN IT POLICY 1
THE IMPACT OF GDPR IN IT POLICY 8
The Impact of GDPR In IT Policy
Submitted To
Dr. Donnie Grimes
University of the Cumberland’s
Submitted in Fulfillment of Research Paper
Information Technology in Global Economy (ITS-832-22)
Submitted By
Group # 7
Amarender Reddy Chada
Ramu Chilukuri
Mittal Patel
Manoj Kumar Peddarapu
Abstract
The current rapid transformation within the world of I.T., is posing a threat not only to personal information but all sectors associated with I.T. Managing management of essential data is the factor that organizations, business firms, and government agencies are struggling with daily. As the organizations strive to ensure that there is complete protection of data during the storage and sharing process, hackers are also working around the globe to create new ways through which they can breach the data protection servers. The dis-collusion of vital data from one point to another is a systematic process that must be regulated at all costs because if the data gets compromised, the outcomes are severe. This paper analyses all the impacts of GDPR on impacted I.T. policy around the world through an evaluation of several peer-reviewed articles on GDPR.
Keywords: GDPR, Privacy, Cybersecurity, emerging technologies.
Introduction
The process of disclosing data from various agencies ought to point the purpose of the data, state the duration for data use. When sharing critical data with a third party, it is vital to assess the channels through which the data follows. Business firms and public authorities that actively operate by systematic processing of data have to use DPO (data protection officer). Having control of personal data key in ensuring that the data is shared only with the relevant people. With the rising cases of cyber threat and selling of personal data through dark webs, keeping track of your personal information is your full responsibility. Relevant authorities only come in to assist when the case that is compromising data I critical and poses a security threat to other sectors. The primary obligation of GDPR is to ensure that people have control of their most essential data. GDPR achieves control of data by facilitating the crucial environmental data regulation environment.
Articles analysis on GDPR
In the article (Cornock, 2018), Cornock systematically analyzes the primary impacts of GDPR on various research institutions and the actual research activities within various sectors, such as the I.T. and medical sectors. According to the article, there are still several debates on how GDPR is going to affect research in various sectors, starting with the I.T. sectors to the business and marketing sectors on just with the European Union but around the globe. Most of the arguments on GDRP look at the regulation as a potential obstacle to a world of free information sharing. Many people are still not aware of the actual implications that both the E.U. and the world ...
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docxgemaherd
Running head: THE IMPACT OF GDPR IN IT POLICY 1
THE IMPACT OF GDPR IN IT POLICY 8
The Impact of GDPR In IT Policy
Submitted To
Dr. Donnie Grimes
University of the Cumberland’s
Submitted in Fulfillment of Research Paper
Information Technology in Global Economy (ITS-832-22)
Submitted By
Group # 7
Amarender Reddy Chada
Ramu Chilukuri
Mittal Patel
Manoj Kumar Peddarapu
Abstract
The current rapid transformation within the world of I.T., is posing a threat not only to personal information but all sectors associated with I.T. Managing management of essential data is the factor that organizations, business firms, and government agencies are struggling with daily. As the organizations strive to ensure that there is complete protection of data during the storage and sharing process, hackers are also working around the globe to create new ways through which they can breach the data protection servers. The dis-collusion of vital data from one point to another is a systematic process that must be regulated at all costs because if the data gets compromised, the outcomes are severe. This paper analyses all the impacts of GDPR on impacted I.T. policy around the world through an evaluation of several peer-reviewed articles on GDPR.
Keywords: GDPR, Privacy, Cybersecurity, emerging technologies.
Introduction
The process of disclosing data from various agencies ought to point the purpose of the data, state the duration for data use. When sharing critical data with a third party, it is vital to assess the channels through which the data follows. Business firms and public authorities that actively operate by systematic processing of data have to use DPO (data protection officer). Having control of personal data key in ensuring that the data is shared only with the relevant people. With the rising cases of cyber threat and selling of personal data through dark webs, keeping track of your personal information is your full responsibility. Relevant authorities only come in to assist when the case that is compromising data I critical and poses a security threat to other sectors. The primary obligation of GDPR is to ensure that people have control of their most essential data. GDPR achieves control of data by facilitating the crucial environmental data regulation environment.
Articles analysis on GDPR
In the article (Cornock, 2018), Cornock systematically analyzes the primary impacts of GDPR on various research institutions and the actual research activities within various sectors, such as the I.T. and medical sectors. According to the article, there are still several debates on how GDPR is going to affect research in various sectors, starting with the I.T. sectors to the business and marketing sectors on just with the European Union but around the globe. Most of the arguments on GDRP look at the regulation as a potential obstacle to a world of free information sharing. Many people are still not aware of the actual implications that both the E.U. and the world ...
Data Privacy laws around the world have levied stringent obligations on the way businesses are required to handle sensitive data. Non-compliance to these obligations will have severe consequences and penalties, especially in case of a security breach. Organizations looking to achieve GDPR compliance need to map their data flow to assess privacy risks. GDPR Data Mapping is the process of determining the type of data processed and the way they are processed. This helps determine the risk exposure of your company and systems or applications that are highly exposed to threats.
The document provides an overview of the General Data Protection Regulation (GDPR) that goes into effect in the European Union on May 25, 2018. Some key points:
- GDPR strengthens data protection rights for EU citizens and applies to any organization that collects data from EU individuals, regardless of location.
- It establishes high fines for noncompliance (up to 4% of global revenue or 20 million euros) and requires clear and easy-to-withdraw consent for data collection and use.
- Individuals have new rights regarding their data, including rights to access, correct, and delete personal data, and object to automated decision making. Organizations must also notify about data breaches.
- While
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docxjeanettehully
Running head: THE IMPACT OF GDPR IN IT POLICY1
THE IMPACT OF GDPR IN IT POLICY8
The Impact of GDPR In IT Policy
Submitted To
Dr. Donnie Grimes
University of the Cumberland’s
Submitted in Fulfillment of Research Paper
Information Technology in Global Economy (ITS-832-22)
Submitted By
Group # 7
Amarender Reddy Chada
Ramu Chilukuri
Mittal Patel
Manoj Kumar Peddarapu
Abstract
The current rapid transformation within the world of I.T., is posing a threat not only to personal information but all sectors associated with I.T. Managing management of essential data is the factor that organizations, business firms, and government agencies are struggling with daily. As the organizations strive to ensure that there is complete protection of data during the storage and sharing process, hackers are also working around the globe to create new ways through which they can breach the data protection servers. The dis-collusion of vital data from one point to another is a systematic process that must be regulated at all costs because if the data gets compromised, the outcomes are severe. This paper analyses all the impacts of GDPR on impacted I.T. policy around the world through an evaluation of several peer-reviewed articles on GDPR.
Keywords: GDPR, Privacy, Cybersecurity, emerging technologies.
Introduction
The process of disclosing data from various agencies ought to point the purpose of the data, state the duration for data use. When sharing critical data with a third party, it is vital to assess the channels through which the data follows. Business firms and public authorities that actively operate by systematic processing of data have to use DPO (data protection officer). Having control of personal data key in ensuring that the data is shared only with the relevant people. With the rising cases of cyber threat and selling of personal data through dark webs, keeping track of your personal information is your full responsibility. Relevant authorities only come in to assist when the case that is compromising data I critical and poses a security threat to other sectors. The primary obligation of GDPR is to ensure that people have control of their most essential data. GDPR achieves control of data by facilitating the crucial environmental data regulation environment.
Articles analysis on GDPR
In the article (Cornock, 2018), Cornock systematically analyzes the primary impacts of GDPR on various research institutions and the actual research activities within various sectors, such as the I.T. and medical sectors. According to the article, there are still several debates on how GDPR is going to affect research in various sectors, starting with the I.T. sectors to the business and marketing sectors on just with the European Union but around the globe. Most of the arguments on GDRP look at the regulation as a potential obstacle to a world of free information sharing. Many people are still not aware of the actual implications that both the E.U. and the world in ...
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
Similar to GDPR & You, Claus Mortensen, Ecosystm (20)
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
1. ECOSYSTM ADVISORY
www.ecosystm360.com | info@ecosystm360.com
39 Robinson Road, #11-01
Robinson Point, Singapore 068911
THEGDPRANDYOU:IMPLICATIONSOFTHENEWEURULESONORGANISATIONSOUTSIDETHEEU
Security & Compliance
This study provides guidance on some of the most important aspects of the GDPR for companies outside
the EU and describes some of its key implications with regards to organisational IT and governance. It
also offers some key practical advice on steps that can ensure compliance with the GDPR.
Report Author
Claus Mortensen
Principal Analyst, Digital Transformation & Cloud Computing
May 2018
2. 1
Contents
Executive Summary .......................................................................................................................................................................... 2
Overview........................................................................................................................................................................................... 2
The Advent of the GDPR ............................................................................................................................................................... 2
Key implications of the GDPR ........................................................................................................................................................... 3
As a Company Located Outside the EU, are you Affected? .......................................................................................................... 3
What Type of Data is Affected? .................................................................................................................................................... 4
What is Meant by Data Controller and Data Processor? .............................................................................................................. 4
How are the GDPR Consent Requirements Different?.................................................................................................................. 5
How can Data be Used?................................................................................................................................................................ 6
Are there Rules that Require Organisational Changes?................................................................................................................ 7
What do we Need to do in Case of Data Breaches? ..................................................................................................................... 8
What about Enforcement and Fines? ........................................................................................................................................... 8
3. 2
Executive Summary
The General Data Protection Regulation (GDPR) will not only affect companies within the European Union (EU) but also has the
potential to affect global businesses. This study intends to provide guidance on some of the most important aspects of the GDPR
for companies outside the EU and describes some of its key implications with regards to organisational IT and governance. It also
offers some key practical advice on steps to take to ensure compliance with the GDPR.
This study does not aim to be a comprehensive or exhaustive analysis of the Regulation, but merely to highlight some of the key
rules that could affect the internal processes of organisations within and outside the EU.
The key questions covered in this study are:
▪ Does the GDPR affect you?
▪ What type of data is affected?
▪ What is meant by Data Controller and Data Processor?
▪ How are the GDPR consent requirements different?
▪ How can data be used?
▪ Are there rules that require organisational changes?
▪ What do we need to do in case of data breaches?
▪ What about enforcement and fines?
Overview
The Advent of the GDPR
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. It replaces the former Data Protection
Directive (Directive 95/46/EC) and while it has many similarities with the former Directive, the GDPR has wide implications for
companies across the globe, as it not only further restricts how collected personal data can be used, but also increases the
geographical scope in terms of data and companies affected.
Notably, the GDPR also gives the European Commission a powerful enforcement tool in the shape of potentially very hefty fines
for non-compliance. It also brings other significant changes that may require operational changes within your organisation. While
this study is not a comprehensive or exhaustive analysis of the Regulation, it highlights some of the rules that will potentially have
global implications.
4. 3
Key implications of the GDPR
As a Company Located Outside the EU, are you Affected?
The short answer is: Probably yes.
Even though your company and all of your data centres and cloud providers are located outside the EU, it is important to note
that the GDPR has what can be referred to as “an increased territorial scope”, laid out in Article 3(2).
In fact, most companies dealing with EU businesses’, residents’, or citizens’ data will have to comply with the GDPR - even if a
company does not have a European presence. This includes
▪ Data collected in connection with goods and services offered to that person
▪ The monitoring of their behaviour when these people are living or travelling within the EU
This does not mean that all Asia-based companies with a website and an online shop are affected. The key criterion is whether
they show “intention” of dealing with residents or companies located within the EU. It does not take much to demonstrate this
“intention” however. If a website offers local language translation in EU languages (other than English), if they offer currency
conversion into EU currencies or if they target EU citizens with advertising, then the intention is there, and they will have to
comply with the GDPR rules.
As for monitoring of behaviour when these people are living or travelling within the EU, this mainly concerns so-called profiling
data.
This would include tracking data collected such as:
▪ Online behaviour-based advertising
▪ Financial transaction data used for profiling and scoring for risk assessment (e.g. for purposes of credit scoring,
establishment of insurance premiums, fraud prevention and so on)
▪ Location tracking, for example, by mobile apps
▪ Monitoring of wellness, fitness and health data via wearable devices
A key thing to realise here is that this applies to all people, including travellers, located in the EU. So, if a Singaporean resident
goes to London on vacation and uses a made-for-Singapore app on his or her phone which collects location data, the GDPR applies
to such data and the Singapore-based company that launched the app must (at least in theory) comply with the GDPR for the
duration of that tourist’s holiday in London.
Although it is unlikely that the example above would result in any type of prosecution by EU authorities, it still highlights how far
reaching the GPPR is.
Businesses from outside the EU, whether controllers or processors (see below), that fall under the GDPR regime must appoint a
representative in affected Member States, unless processing is occasional and does not include large scale processing of sensitive
data (such as racial origin, health data, genetic data and so on) and is unlikely to result in a risk to the rights and freedom of
individuals.
5. 4
What Type of Data is Affected?
Article 2 of the GDPR states that the regulation applies to “the processing of personal data wholly or partly by automated means
and to the processing other than by automated means of personal data which form part of a filing system or are intended to form
part of a filing system.”
Under Article 4, personal data means “any information relating to an identified or identifiable natural person (data subject); an
identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a
name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural person.”
Affected personally identifiable information includes obvious personal data such as names, addresses, phone numbers, financial
data and healthcare information but can also include automatically collected data such as IP addresses and cookie data. The GDPR
introduces concepts like subject access requests (SARs), the right to be forgotten/right to deletion, and data portability and EU
residents now have a right to know what data is collected on them. This can be a huge concern for businesses when this type of
information can be stored in a great number of places from email and social platforms to HR, HCM, and CRM systems.
What is Meant by Data Controller and Data Processor?
The European Commission provides some insight into this via its supporting documents:
The data controller determines the purposes for which, and the means by which, personal data is processed. So, if your
company/organisation decides ‘why’ and ‘how’ the personal data should be processed it is the data controller. Employees
processing personal data within your organisation do so to fulfil your tasks as data controller.
The data processor processes personal data only on behalf of the controller. The data processor is usually a third party external to
the company. However, in the case of groups of undertakings, one undertaking may act as processor for another undertaking (e.g.
a subcontractor using another subcontractor).
The duties of the processor towards the controller must be specified in a contract or another legal act. For example, the contract
must indicate what happens to the personal data once the contract is terminated. A typical activity of processors is offering IT
Key advice
▪ If you have any reasonable doubts as to whether your company is affected, then the best approach is to assume
that the answer is “yes” and take the necessary steps to ensure compliance
Key advice
▪ Ask yourself why you collect and hold data
▪ Stop collecting data you do not have a legitimate need for
6. 5
solutions, including cloud storage. The data processor may only sub-contract a part of its task to another processor or appoint a
joint processor when it has received prior written authorisation from the data controller.
These provisions need to be inserted not only into new vendor contracts but also into existing vendor contracts.
Data processors are now jointly liable with data controllers, so if your organisation collects data on individuals and then
outsources the processing of that data to another entity, both you and they are jointly liable for that data.
How are the GDPR Consent Requirements Different?
The GDPR represents a significant change to the previous Directive when it comes to user consent. This means that the typical
multi-page consent forms are no longer feasible as it must be presented to the user “in an intelligible and easily accessible form,
using clear and plain language”. It also requires a clear consent action by the user, which means that pre-ticked boxes or taking
inactivity as a consent is no longer valid.
When securing a consent, the controller must provide “accurate and full information on all relevant issues,” including the nature
of the data that will be processed, purposes of processing, the identity of the controller, and the identity of any other recipients
of the data. Consent must be specific to the processing operations and the controller cannot request open-ended or blanket
consent to cover future processing. This means that if a company wants to use the data for other purposes than they have
originally stated, they must secure a new consent from the user unless the new processing operations are “compatible” with the
original purpose.
The GDPR gives data user the right to withdraw consent at any time and it must be as easy for the user to withdraw consent as it
was to give it. Controllers must inform data subjects of the right to withdraw before consent is given. Once consent is withdrawn,
data subjects have the right to have their personal data erased and no longer used for processing.
Key advice
▪ Make sure you have a full overview of which contractors, channel partners and vendors manage, use and store
your customer data
▪ Make sure that all contracts – including older contracts – are revised to comply with GDPR requirements
•
Key advice
▪ Ensure that your consent forms are updated and presented to all users in the correct form
▪ Make sure that you have clear internal guidelines for how collected data can be used within your organisation
and that the use in is line with the consent given
▪ Make sure all consents are well documented and updated
▪ Seek external legal counsel if you do not have the resources in-house
•
7. 6
How can Data be Used?
GDPR lists the six lawful reasons for processing personal data:
▪ Consent
▪ Contract
▪ Legal obligation
▪ Vital interests
▪ Public task
▪ Legitimate interests
Of these six reasons, the first two – consent and contract – will be the most relevant for the vast majority of companies outside
the EU.
Once you have identified the relevant personal information you have within your organisation and where it is stored, you need
to identify the lawful basis for having it or change your processes, so you stop asking for personal data you do not need.
One of the biggest headaches (especially for larger organisations) is where to find it. Data that resides in on-premises IT systems
can be fairly easily mapped out, but the ever-increasing use of cloud computing, BYO devices in the workspace and general
copying and proliferation of files represent a substantial problem. GDPR regulated information could reside in several places:
▪ Cloud apps, including shadow applications not approved by the organisation
▪ Cloud storage
▪ Online file-sharing services
▪ Removeable media such as USB drives
▪ Physical storage (file cabinets)
▪ Temporary files and other unstructured data
▪ Sandbox/test systems
▪ Backup systems
▪ Employee devices
▪ Third-parties – including contractors, supply chain providers and channel partners
While each one of these bullets might be a manageable task to map out on their own, the real problems for many organisations
is when they are combined into several layers: Individual business units may use cloud providers without the knowledge of the
IT department; they may have deployed multiple test systems on these cloud platforms – many of them no longer in use but still
in existence – and they may have backups of these test systems both online and on USB sticks. This would not really pose a
problem until it is paired with the fact than many developers break protocol and use real data in test systems.
Another problematic area is the increased use of third-party service providers for staff services, payroll, pensions and other
financial operations. These service providers have large amounts of sensitive data on an organisation’s staff and vendors. Given
that your organisation as a data controller, and the supplier as a data processor are jointly liable, the GDPR has big implications
for all parties.
8. 7
Are there Rules that Require Organisational Changes?
Compliance with the rules mentioned above may very well require changes within your organisation. But apart from those, both
data controllers and data processors are required to appoint a Data Protection Officer (DPO) who can be a member of the
organisation’s staff or can be contracted for services. The role of the DPO is in part to inform all relevant employees of their
obligations under the GDPR and to monitor the company’s compliance.
Not all companies are obligated to have a Data Protection Officer, but only those “controllers and processors whose core activities
consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special
categories of data or data relating to criminal convictions and offenses".
Not just anyone in your organisation can be appointed as the DPO however. It must be a person who is adequately resourced
and has “expert knowledge of data protection law and practices” and on the basis of their “professional qualities”. The GDPR
Guidelines say that the level of expertise “must be commensurate with the sensitivity, complexity and amount of data an
organisation processes” and that prospective DPOs “should have expertise in national and European data protection laws and
practices and an in-depth understanding of the GDPR.”
Also, the DPO is statutorily independent and protected. DPOs must be independent, avoid conflicts of interest and they cannot
receive instruction regarding the performance of their tasks. DPOs thus have protected employment status, meaning that
organisations cannot dismiss or sanction DPOs for performing their tasks. This means that the role of a DPO will be very different
from most employees or contractors that you already employ.
You can choose to outsource the DPO role to an external consultant. But the DPO must be “involved properly and in a timely
manner, in all issues which relate to the protection of personal data” and must have a reporting line to the board of directors,
which is an unusual setup for external contractors.
This means that you might not want to appoint a DPO unless you absolutely have to.
Key advice
▪ Look at all area of your organisation where data is written down, printed, scanned or created, and stored as digital
content
▪ Involve all business units and employees in the search for data stored outside core IT – including backup drives,
shadow cloud infrastructure, cabinets and drawers
▪ Use available data tracking and data deduplication technology to map out the location of data
•
•
Key advice
▪ Assess whether you are required to appoint a Data Protection Officer
▪ If needed, talk to the board of directors and to HR about the options for appointing a DPO
9. 8
What do we Need to do in Case of Data Breaches?
Companies are obligated to notify the supervisory authority within 72 hours of discovering the breach unless the breach is unlikely
to “result in a risk to the rights and freedom of individuals.” The notification must include specific information about the nature
of the data breach, the number, and type of breached records, the name of the Data Protection Officer, the measures taken to
mitigate the risks, and other details.
What about Enforcement and Fines?
The GDPR’s potentially hefty fines for non-compliance has gained a lot of attention. Fines on data controllers and processors for
non-compliance can range from up to EUR 10 million or 2% of a company’s worldwide annual revenue of the prior financial year,
whichever is higher. Fines for “upper level” non-compliance are potentially double that amount – EUR 20 million or 4% of the
worldwide annual revenue.
The actual size of a fine will depend on several factors, including the nature and intent of the infringement, mitigation and
preventative measures taken by the infringing party as well as, past history. But when looking at recent fines imposed for anti-
competitive behaviour in the online industry, it would not be a surprise if large GDPR fines were to be issued within the first year.
How fines will actually be enforced on companies outside the EU remains unclear at the moment. Fines are administered by
individual member state supervisory authorities. Fines are administered by individual member state supervisory authorities. But
if a non-compliant company has no or only a nominal legal or economical presence within the EU, such fines could prove
impossible to issue and collect.
The coming months will show how the EU plans to enforce the rules outside the EU.
The report is based on the analyst’s subject matter expertise on the area of coverage in addition to specific research based on interactions with technology buyers from
multiple industries and technology vendors, industry events, and secondary research.
The data findings mentioned in all Ecosystm reports are drawn from Ecosystm’s live and on-going studies on the Ecosystm research platform.
For more information about the Ecosystm research topics, visit www.ecosystm360.com.
Key advice
▪ Make sure you have the internal processes in place for notifying the correct authorities about breaches. This
could typically be the responsibility of the Data Protection Officer, but you need to make sure that he or she is
informed of all breaches
Key advice
▪ The ramifications of non-compliance can be potentially devastating for small to medium-sized companies. If you
think your company might be affected by the GDPR, the fines alone should compel you to take action to ensure
compliance