The engaging white paper delivers the core facts you need to understand the fundamental nature of the GDPR regulations and what it means for your business and the management of its data.
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
Â
Considering the consequences of non-compliance (up to €20M/$24M or 4% worldwide annual revenue), this translates to a major problem for B2B marketers.
How can your team ensure its lead gen processes are GDPR-compliant without undermining demand generation performance?
View this deck to see how Julian Archer (Sr. Research Director, SiriusDecisions) and Scott Vaughan (CMO, Integrate) educate B2B marketers on: developing a comprehensive GDPR compliance strategy, putting your compliance strategy into action, and applying software to support your compliance measures.
To watch the on-demand version of the webinar, click here:
https://www.integrate.com/gdpr-compliance-b2b-marketing-webinar
General Data Protection Regulation for OpsKamil Rextin
Â
A brief on GDPR & Hubspot for Marketing & Marketing Ops.
This PPT provides a brief background on GDPR & how to implement GDPR compliance with Hubspot , Facebook & Google Analytics
The GDPR (DSGVIO) is effective since 25th of May. This brief presentation about privacy law in Europe gives an overview to the GDPR (DSGVO) and and an outlook to privacy regulations.
(presentation from the 18th of June 2018 in "Factory Berlin".
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Â
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
The General Data Protection Regulation (GDPR) is a regulation scheduled to be enacted on May 25, 2018. It is designed to protect the privacy and rights of EU citizens, no matter where they are in the world. These slides cover the basics of these regulations and how you can make sure you are EU compliant.
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
Â
Considering the consequences of non-compliance (up to €20M/$24M or 4% worldwide annual revenue), this translates to a major problem for B2B marketers.
How can your team ensure its lead gen processes are GDPR-compliant without undermining demand generation performance?
View this deck to see how Julian Archer (Sr. Research Director, SiriusDecisions) and Scott Vaughan (CMO, Integrate) educate B2B marketers on: developing a comprehensive GDPR compliance strategy, putting your compliance strategy into action, and applying software to support your compliance measures.
To watch the on-demand version of the webinar, click here:
https://www.integrate.com/gdpr-compliance-b2b-marketing-webinar
General Data Protection Regulation for OpsKamil Rextin
Â
A brief on GDPR & Hubspot for Marketing & Marketing Ops.
This PPT provides a brief background on GDPR & how to implement GDPR compliance with Hubspot , Facebook & Google Analytics
The GDPR (DSGVIO) is effective since 25th of May. This brief presentation about privacy law in Europe gives an overview to the GDPR (DSGVO) and and an outlook to privacy regulations.
(presentation from the 18th of June 2018 in "Factory Berlin".
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Â
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
The General Data Protection Regulation (GDPR) is a regulation scheduled to be enacted on May 25, 2018. It is designed to protect the privacy and rights of EU citizens, no matter where they are in the world. These slides cover the basics of these regulations and how you can make sure you are EU compliant.
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
Cognizant business consulting the impacts of gdpraudrey miguel
Â
In May 2018, GDPR (Global Data Protection Regulation) will come into force in Europe. Conventional wisdom is that GDPR will cause significant legal changes for many organizations and result in yet another regulatory-driven upheaval in technology. But is this an accurate assessment of the likely impact?
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
Â
GDPR is Top Priority in US
Over half of US multinationals say GDPR is their top data- protection priority according to PWC. Of the 200 respondents, 54 % reported that GDPR readiness is the highest priority on their data-privacy and security agenda. Another 38% said GDPR is one of several top priorities, while only 7% said it isn’t a top priority.
Presentation on GDPR which is not technical, nor product specific, focusing on manufacturing industry and providing a non expert view on what the regulation is all about.
Targeted to Senior Management who has a direct responsibility on the treatment (direct or indirect) of personal data.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
Getting to grips with General Data Protection Regulation (GDPR)Zoodikers
Â
Leading employment lawyer Pam Loch, and digital expert Katie King share their advice on how to get to grips with the topic of the moment - GDPR.
They look at who is liable, the impact of Brexit, how it affects marketing and what steps you can take to prepare.
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
Â
Do You Have a Roadmap for EU GDPR Compliance?
Description : The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.
Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?
Webcast URL : https://www.brighttalk.com/webcast/14723/259741
Is there a 100% GDPR compliant analytics tool for website owners? Many website owners still haven't managed to comply with the new GDPR rules. An additional risk for them is using third party analytics tools, that use the visitor data for their own purposes. Find our advice on how to choose an analytics app that complies to GDPR.
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
Â
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
Â
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
What is GDPR, the EU’s new facts protection law? What is the GDPR? Europe’s new information privateness and safety regulation consist of heaps of pages’ really worth of new necessities for companies around the world. This GDPR summary can help you understand the law and determine what components of it follow to you. The General information Protection Regulation (GDPR) is the toughest privacy and safety regulation in the world.
Cognizant business consulting the impacts of gdpraudrey miguel
Â
In May 2018, GDPR (Global Data Protection Regulation) will come into force in Europe. Conventional wisdom is that GDPR will cause significant legal changes for many organizations and result in yet another regulatory-driven upheaval in technology. But is this an accurate assessment of the likely impact?
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
Â
GDPR is Top Priority in US
Over half of US multinationals say GDPR is their top data- protection priority according to PWC. Of the 200 respondents, 54 % reported that GDPR readiness is the highest priority on their data-privacy and security agenda. Another 38% said GDPR is one of several top priorities, while only 7% said it isn’t a top priority.
Presentation on GDPR which is not technical, nor product specific, focusing on manufacturing industry and providing a non expert view on what the regulation is all about.
Targeted to Senior Management who has a direct responsibility on the treatment (direct or indirect) of personal data.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
Getting to grips with General Data Protection Regulation (GDPR)Zoodikers
Â
Leading employment lawyer Pam Loch, and digital expert Katie King share their advice on how to get to grips with the topic of the moment - GDPR.
They look at who is liable, the impact of Brexit, how it affects marketing and what steps you can take to prepare.
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
Â
Do You Have a Roadmap for EU GDPR Compliance?
Description : The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.
Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?
Webcast URL : https://www.brighttalk.com/webcast/14723/259741
Is there a 100% GDPR compliant analytics tool for website owners? Many website owners still haven't managed to comply with the new GDPR rules. An additional risk for them is using third party analytics tools, that use the visitor data for their own purposes. Find our advice on how to choose an analytics app that complies to GDPR.
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
Â
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
Â
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
What is GDPR, the EU’s new facts protection law? What is the GDPR? Europe’s new information privateness and safety regulation consist of heaps of pages’ really worth of new necessities for companies around the world. This GDPR summary can help you understand the law and determine what components of it follow to you. The General information Protection Regulation (GDPR) is the toughest privacy and safety regulation in the world.
Impact of GDPR on Data Collection and ProcessingPromptCloud
Â
This presentation covers how GDPR will impact various aspects of user data collection and processing along with the way to achieve compliance with the regulations.
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
Â
A brief outline of the challenges that could be face by financial institutions with the implementation of the GDPR and recommendations to mitigate them
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
Data Privacy laws around the world have levied stringent obligations on the way businesses are required to handle sensitive data. Non-compliance to these obligations will have severe consequences and penalties, especially in case of a security breach. Organizations looking to achieve GDPR compliance need to map their data flow to assess privacy risks. GDPR Data Mapping is the process of determining the type of data processed and the way they are processed. This helps determine the risk exposure of your company and systems or applications that are highly exposed to threats.
In general, the GDPR applies to any business that processes personal data by automated or manual processing
A strategic approach is introduced to regulating personal data and the normative foundations of the European Unions General Data Protection Regulation (GDPR)
Existing Requirements imposed by the 1995 Data Protection Directive are refined.
It does this by establishing a uniform framework for data protection legislation across the EU
This presentation was prepared to accompany my talk at Montreal All Girls Hack Night.
I think that Data and Privacy should be the foundation for all businesses moving forward to maintain a healthy Digital life for everyone.
General Data Protection Regulation plays a great role in to enforcing such acts that ensure Data Protection and Privacy of the users. GDPR is a very brief topic, but in this presentation I will share with you some core values of GDPR and some basic actions that you can take to make your business compliant to GDPR.
Note: This is not a legal advice. This information is collected from different resources. All the guides and resources used in the presentation are listed below.
Important Definitions and Notes from the presentation:
GDPR
The General Data Protection Regulation (GDPR) (EU) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
Â
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
Â
The General Data Protection Regulation (GDPR) represents significant challenges for financial institutions to comply with the new data processing and record keeping requirements. This Accenture Finance & Risk presentation explores the impact of GDPR on Canadian firms, including lessons learned from our work with clients and knowledge gained that can be used for an effective GDPR journey.
It, Legal, Marketing and sales departments are all affected by the European Union's General Data Protection Regulation (EU GDPR). EU GDPR is more than an IT governance issue, it impacts the IT architecture and the user journey of your online and offline data capture processes.
This study provides guidance on some of the most important aspects of the GDPR for companies outside the EU and describes some of its key implications with regards to organisational IT and governance. It also offers some key practical advice on steps that can ensure compliance with the GDPR.
Similar to The Countdown to the GDPR Regulations (20)
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Â
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Â
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Â
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
DevOps and Testing slides at DASA ConnectKari Kakkonen
Â
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Â
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Â
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Â
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Â
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview​
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Â
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Â
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
The Art of the Pitch: WordPress Relationships and Sales
Â
The Countdown to the GDPR Regulations
1. If you are in the IT business and you have not yet
heard of General Data Protection Regulations
(GDPR), you might need to read this ASAP. If you
have heard of it but are not sure what it is all about,
this is a good time to get educated. A Gartner study
predicts that more than 50% of companies covered
by GDPR will not be in full compliance by the end
of 2018. Another study by SAS reports that only
45% of companies surveyed have a structure in
place and 58% admit that they are not aware of
the consequences for non compliance.
Like most government regulations, GDPR is long and
complex. GDPR bestows new and specific rights to
data subjects and requires new controls be put in place
by data controllers and processors. Specifically, here
is how the regulation defines personal data. “Personal
data is any information that can identify an individual
person. This includes a name, an ID number, location
data, (for example, location data collected by a
mobile phone) or a postal address, online browsing
history, images or anything relating to the physical,
physiological, genetic, mental, economic, cultural or
social identity of a person.” Note that this definition
is quite broad and will require significant changes in
IT process and organization. As with many laws and
regulations, ignorance is no excuse. Further, GDPR
consequences for non compliance are significant.
Therefore, it is recommended to spend some time
understanding this regulation, officially called
“Regulation (EU) 2016 679.” In the mean time, here
are a few key points.
GDPR was passed by the European Commission, The
Council of the European Union and the European
Parliament. It is broad in its scope and reach across
the EU and consequences for non-compliance can be
severe. Although the GDPR was passed in April of
2016, it does not take effect until May 25, 2018. In
the mean time, lets take a quick look at the purpose,
scope and consequences for non-compliance.
GDPR is a regulation intended to strengthen and unify
data protection for all individuals within the European
Union (EU). It also addresses the export of personal
data outside the EU. The primary objective of the
regulation is to give residents control of their personal
data and to simplify the regulatory environment for
international business by unifying the regulation within
the EU.
In general, regulatory compliance can be
cumbersome and costly. The GDPR, however unifies
data protection regulations across the EU making
it easier for international companies to understand
and comply with one rather than many conflicting
regulations. GDPR consolidates the cyber security
and privacy regulatory environment and standardizes
penalties for non-compliance. Sanctions for breach
can range from a warning for first offense or non-
intended non-compliance to fines up to 10,000,000
euro.
The most significant change from previous regulations
thatGDPRaddstootherregulationsistheaccountability
principle. Organizations will be required to show
how they comply with the principles by documenting
decisions taken about a processing activity.
Counting Down to GDPR in the EU
www.networkcritical.com
2. Who Needs to Comply?
Organizations that collect data from EU residents
(controllers) and organizations that process data on
behalf of controllers (processors) such as cloud service
providers and similar contractors are governed by
this regulation. Even organizations based outside the
EU that collect personal data from EU citizens are
held accountable for GDPR compliance. It does not
matter if your organization is small or global. If your
business is deemed a “controller” or a “processor”
you must comply with GDPR. The UK confirmed that
the decision to leave the European Union will not
affect the requirements to implement GDPR.
Key Points
Here are some thoughts consolidated from various
sources to keep in mind while you prepare for GDPR
compliance:
◆◆ Who is Responsible for GDPR Compliance - As
stated above, all companies processing or controlling
personal data that have customers in the EU need to
comply. Even companies in the UK post Brexit who
have customers in the EU will be governed by GDPR.
◆◆ Data subjects rights - Data subjects are customers
who provide personal data to a company. Data
subjects have expanded privacy rights including the
right of erasure, the right to access their data, and to
question decisions made purely on algorithmic basis.
◆◆ Internal record keeping requirements - There are
specific record keeping requirements that may include
the appointment of a Data Protection Officer in order
to manage compliance, audits and record keeping.
These regulations are broad and penalties are severe.
Cross functional requirements will likely require a
specialist who will manage compliance throughout
the organization.
◆◆ Cross Border Data Processing - When utilizing data
processors outside of the EU, companies need to be
sure that GDPR regulations are followed.
◆◆ Training - There will be new rights bestowed upon
data subjects. Staff must be trained to understand
and comply with these rights when requested.
◆◆ Pseudonymisation - This is a GDPR requirement to help
keep data subjects information safe. While subjects
data is under the control of a processor or a controller
it shall be pseudonymized. This is another word for
encryption or other methods of disguising data so it
can not be attributed to a specific data subject without
a key. Further the key must be kept separately from the
pseudonymized data. Essentially, don’t encrypt data
then keep the key with the encrypted data. This idea
sounds simple but it is surprising how often hackers
find the keys to the safe sitting on top of the safe.
Rights of Data Subjects
In addition to the data protection requirements, GDPR
includes individual protections like a data subject bill
of rights. GDPR sets out specific rights with which
processors and controllers must comply. These data
subject individual rights include:
◆◆ The right to be informed about what is being done
with data,
◆◆ The right of access,
◆◆ The right to rectification,
◆◆ The right to erasure,
◆◆ The right to restrict processing,
◆◆ The right to data portability,
◆◆ The right to object,
◆◆ Other rights related to automated decision making
and profiling.
As you can see from this list, data subjects have new
power over their personal data held by processors
and controllers. For years, organizations had little
Counting Down to GDPR in the EU
W03-1217-01
2017 Network Critical Solutions Ltd. All rights reserved
3. direct responsibility to the data subject regarding their
personal information. Therefore, the controls on access
and management of that data has been typically lax.
It will now be important for these organizations to
establish processes that will keep records current and
delete or archive information that is not active.
Many organizations keep all customer/subject data
in the files for use with outbound marketing, sales and
other customer outreach functions. Often, there are
few restrictions within the organization regarding who
has access to that information and how it is used.
That will change under GDPR. It will be prudent
to set specific policies regarding how long data
subject data should be in active files and whether
or when it should be deleted or archived. The type
and frequency of outreach to the data subject for
permission to update and maintain their information
should also be considered.
Access to stored information is a process that will
likely change in many organizations. Historically,
customer data is readily available to anyone in
the organization with a computer. With increased
scrutiny on protection of customer information, it may
be a good idea to develop strict data access policies
throughout the organization. A good example is
the Equifax breach in the United States where 450
million customer records were stolen. The damage
here could have been greatly reduced if access to
that information were segmented and layered. Even
if one access level were breached, other levels may
have still been protected. No one in any organization
has a need for permanent permission to access all the
data all the time.
Determine Lawful Basis
Under GDPR, organizations will be required to
determine and document a lawful basis for processing
personal information. The lawfulness of processing
conditions include:
◆◆ Consent of the data subject
◆◆ Processing is necessary for the performance of a con-
tract with the subject
◆◆ Processing is necessary to be in compliance with a
legal obligation
◆◆ Processing is necessary to protect the vital interests of
a data subject or another person
◆◆ Processing is necessary in the performance of a task
carried out in the public interest or in the exercise of
official authority vested in the controller
◆◆ Processing is necessary for the purposes of legitimate
interests pursued by the controller or a third party, ex-
cept where such interests are overridden by the inter-
ests, rights or freedoms of the data subject.
There are other special categories of data which have
their own special conditions such as employment
related data, data of persons incapable of providing
consent, not-for-profit organizations and others. It is
recommended that all sections of these categories be
reviewed.
Breach Reporting
Reporting a breach will become a requirement under
GDPR. There will be requirements for organizations
to report a breach to the supervisory authority. In
addition, depending on the type of breach and
the information that was taken, notification of the
individuals affected may also be necessary. The
notification will require more information than a
simple statement such as, “ABC organization has
experienced a data breach.” The notification will
need to include, the nature of the breach, categories
and number of individual records lost, name an
contact information of the Data Protection Officer, a
description of the consequences to the individuals and
detail of the measures to be taken by the organization
to mitigate any potential damage to the individuals.
Counting Down to GDPR in the EU
W03-1217-01
2017 Network Critical Solutions Ltd. All rights reserved
4. As noted above penalties for not reporting a breach
within 72 hours of the organization becoming aware
of it can be quite severe.
Data Protection Officer
It is apparent that a new IT specialty will soon be in high
demand, Data Protection Officer. This position will
requiredatanetworkingandITskillsaswellastheability
to understand complex legal requirements, develop
GDPR compliant data protection, documentation
and reporting policy, work across functional areas
and develop training requirements for IT and non-IT
employees within organizations. This should be a
high level function with the authority to set and enforce
internal consequences for policy breaches. As we
have seen, the accountability principles of GDPR put
a heavy burden on organizations that do not comply
with he regulations. The Data Protection Officer will
be a critical internal GDPR advocate, compliance
officer and enforcer to protect the organization from
the liability of non-compliance.
Time is of the Essence
You may have be thinking that there is plenty of time to
get ready GDPR. Hopefully, after reading this paper,
you are now motivated to learn more about GDPR.
As you prepare or adjust your 2018 budget, be
sure to include a high level position of Data Protection
Officer. You will also want to include funds for
increased documentation requirements and new
employee training on GDPR compliance throughout
your organization.
Protection Technology
Of course there are many other requirements for GDPR
compliance such as Privacy by Design and Default,
Data Portability and more. Certain appliances such
as Data Loss Protection and Intrusion Prevention
Systems, may assist in protection from what can
be very expensive breaches and sanctions for non-
compliance. These appliances can be simply and
safely attached to data links by using TAPs and
packet Brokers without risking network performance
or availability. So, while you are preparing for
GDPR compliance, be sure your perimeter protection
is also up to date with appropriate traffic visibility and
link security. For more information on visibility and
perimeter protection go to www.networkcritical.com.
Deploying cyber security technology, diligent
employee training on email use and data access,
as well as well defined network security policy with
consequences will help keep data secure. The best
way to deal with a breach is to not have a breach.
Counting Down to GDPR in the EU
W03-1217-01
2017 Network Critical Solutions Ltd. All rights reserved