202 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Ways to avoid Information Governance pitfalls
Wed, Oct 5th 2016 5
Ways to avoid Information Governance pitfalls
Wed, Oct 5th 2016 10
Finding PCI and PII Data with Discovery Attender
Wed, Sep 21st 2016 7
Finding PCI and PII Data with Discovery Attender
Wed, Sep 21st 2016 11
Bring Your Own Device & Data Security
Tue, Aug 30th 2016 5
Bring Your Own Device & Data Security
Tue, Aug 30th 2016 9
Understanding the General Data Protection Regulation
Wed, Aug 24th 2016 4
Top 10
Important Exchange 2016 Information for Mail Attender Clients
Tue, Nov 3rd 2015 11
Off the topic: Become a tailgating all-star
Thu, Nov 5th 2015 11
Off-the-topic: 5 Winter Getaway Ideas
Tue, Feb 9th 2016 11
Deleting Data from a Device: Is it really gone?
Tue, Feb 23rd 2016 11
Finding PCI and PII Data with Discovery Attender
Wed, Sep 21st 2016 11
Off-the-topic: Top 5 iPhone apps for the “Type A” crowd
Fri, May 2nd 2014 10
Ways to avoid Information Governance pitfalls
Wed, Oct 5th 2016 10
Cloud Computing: Is the Risk Worth the Reward?
Fri, May 2nd 2014 9
Infographic: Two-Question Survey on Policy Enforcement and eDiscovery
Mon, Oct 12th 2015 9
Bring Your Own Device & Data Security
Tue, Aug 30th 2016 9


Understanding the General Data Protection Regulation
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Rick Wilson    

If your organization has international operations in the European Union, you should be planning for GDPR compliance now! The General Data Protection Regulation (GDPR) is set to become the overriding data protection regulation with the EU. It was adopted by the European Parliament Council and Commission in 2015, took effect in 2016 and enforcement is scheduled to begin in May of 2018.

At its core, the GDPR is intended to provide citizens of the EU with greater control over their personal data and assurances that their information is being securely protected by harmonizing data privacy laws across Europe. If you currently do business within the EU, here are some key areas where the provisions of GDPR may impact your operations:

Territorial Scope – The GDPR mandates apply to any processor who handles personal data for a subject residing in the EU. Sharply defining the lines of jurisdiction and compliance was a main goal when drafting the initiative as reflected in this quote from the official GDPR web site “it (GDPR) will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not”. In other words, offshore hosting outside of the EU will not be exempt from compliance.

Penalties – The EU is also serious about compliance as underscored by the stiff penalty associated with a breach of the GDPR. The maximum fine is defined as 4% of annual global turnover or €20 Million (whichever is greater). In addition, smaller tiered penalties exist for companies who do not have their records in order (article 28), have not notified the supervising authority and data subject about a breach, or have not conducted an impact assessment. Since these penalties apply to both controllers and processors, cloud providers who host data are not exempt.

Consent – When requesting consent to use personal data, that request must be clear and presented in plain language. Additionally, it should be as easy for an individual to revoke consent as it is to grant it.

Along with these core changes in data privacy, GDPR formalizes a series of other measures that apply to personal data including breach notification, the right to be forgotten, right to access, data portability, privacy by design and (in some circumstances) the appointment of a Data Protection Officer.

With a little over 600 days until GDPR takes full effect, many organizations are starting to prepare now by scanning their stored information for personal data and implementing plans for remediating that archival content. If you think GDPR may apply to your organization, Sherpa offers a variety of tools that can help you scan your electronic information for personally identifiable information (PII) then either quarantine it for a more in-depth review or simply delete it.

If you are interested in learning more about GDPR, I highly recommend the web site http://www.eugdpr.org/eugdpr.org.html . It is an excellent resource for understanding the compliance requirements of the regulation.

The post Understanding the General Data Protection Regulation appeared first on Sherpa Software.



---------------------
https://sherpasoftware.com/blog/understanding-general-data-protection-regulation/
Aug 24, 2016
5 hits



Recent Blog Posts
5
Ways to avoid Information Governance pitfalls
Wed, Oct 5th 2016 2:25p   Jeff Tujetsch
Ways to avoid Information Governance pitfalls Information Governance (IG) -It sounds like it is a very extensive process because unfortunately, it is.  There are many components to IG, with the two major players being software and people. In this article, I will try to expose possible issues that you can hopefully avoid. For those of you that have had school-age kids, you can attest to the kids succeeding more when a routine is established and followed. So why am I talking about routine? Beca
7
Finding PCI and PII Data with Discovery Attender
Wed, Sep 21st 2016 1:21p   Marta Farensbach
Various privacy laws and other data security regulations detail how private, financial, and other confidential records should be handled. These rules cover the usage and storage of data, such as credit card numbers, social security numbers, social insurance information, and health care records. As described in a previous blog article, having this Personally Identifiable information (PII) or Payment Card Industry (PCI) data loose in your system can cause all kinds trouble, ranging from fi
5
Bring Your Own Device & Data Security
Tue, Aug 30th 2016 4:25p   Harvey Coblin
With the proliferation of portable electronic devices, increasing numbers of professionals are preferring to carry their own smart phones, laptops, tablets, etc. to use for work-related purposes. Rather than transporting duplicate devices to distinguish between professional vs. personal data, employees can work where and when they please and with hardware and applications they are already familiar with. It is estimated worldwide that one in three employees are utilizing personal devices at the
5
Understanding the General Data Protection Regulation
Wed, Aug 24th 2016 1:13p   Rick Wilson
If your organization has international operations in the European Union, you should be planning for GDPR compliance now! The General Data Protection Regulation (GDPR) is set to become the overriding data protection regulation with the EU. It was adopted by the European Parliament Council and Commission in 2015, took effect in 2016 and enforcement is scheduled to begin in May of 2018. At its core, the GDPR is intended to provide citizens of the EU with greater control over their personal data
0
Targeting Risks in IT – 5 Things to Consider
Mon, Jul 11th 2016 6:04p   Marta Farensbach
Today’s compliance, litigation, and regulation-heavy business environments introduce a number of challenges for busy IT professionals. Ignoring any of these areas, as well as failing to implement a strong Information Governance (IG) platform, can introduce substantial risk into your organization. In the worst cases, data breaches, adverse judgements, or non-compliance penalties could thrust a company into the glare of national headlines. Poor policy can affect more than just the finances of a
1
FOIA reforms are on the way, are you ready?
Wed, Jun 22nd 2016 2:06p   Rick Wilson
If you are employed by a federal government agency, then you are probably well aware of FOIA, or the Freedom of Information Act. FOIA was originally signed into law during the 1960’s by then President Lyndon B. Johnson to establish a process whereby citizens can request copies of governmental records that are not published in the Federal Registry. Agencies, in turn, are required to provide this information in a timely fashion (usually 20 days). Although FOIA is a federal mandate, it has also
0
Breach of Security: Measuring the Cost of Cyber Crime
Wed, Jun 8th 2016 2:10p   Harvey Coblin
Cybercrime is an increasing threat. Estimates vary widely, but according to a recent Reuters article, “Cyber crime costs (the) global economy $445 billion a year.” Other estimates place the costs as high as $1 trillion. The reason estimates vary is due in part to the fact that cybercrime can come in many forms, ranging from denial of service, theft of credit card or other financial information  (PCI/PII), industrial espionage, all the way up the ladder to state-sponsored terroris
1
How to Survive Data Discovery in the Digital Age
Wed, May 18th 2016 12:42p   Jeff Tujetsch
eDiscovery. That one word will make IT professionals start shaking. But, as the most technologically advanced civilization in the world, why is that? Is it because of what will be found? Is it because of what they are asked to search? Or is it because of the search terms they are asked to use? Well, the answer to each question is ‘Yes’. Data Discovery has grown into a multi-billion dollar world-wide business. Though the United States might lead the way because of our litigiousness,
0
Information Governance and the Internet of Things
Wed, May 11th 2016 2:28p   Marta Farensbach
Machines talking to machines.  Once the province of science fiction, the Internet of Things is set to transform industries as visionaries incorporate its wide reach into everyday objects. On a very simple level, the Internet of Things (IoT) describes the freeing of communication from the domain of computers and smart phones by allowing all types of devices to share information across the internet.  ‘Things’ like cars, fridges, health monitors, water meters and so much more can be empower
0
WHITE PAPER: Implementing Office 365: Inherent Features and the Need for Third Party Tools
Wed, May 4th 2016 12:59p   bhat67i
In this white paper, the topic of Office 365 and complementary solutions will be discussed; insights will be offered on a business’ future migration plans and knowing the options available. One will learn:  Why Office 365 is a compelling platform, Examples of productivity integrations, About the importance of information governance integration, Supplementing with third party software Click here to download this white paper! The post WHITE PAPER: Implementing Office 365: Inherent Fea




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition