This company seeks to automate compliance efforts

(Jun 13, 2018) Getting a product to market is not easy for fledgling companies, especially those within regulated industries. One of those challenges involves the documentation of compliance efforts, and it is an area the team at Aptible has been looking to solve, especially now with the EU General Data Protection Regulation in effect. While Aptible started out helping health care organizations with their HIPAA-compliance efforts, the company moved into other regulatory environments, Aptible Account Executive... Read More

All of the European Data Protection Board and Article 29 Working Party guidelines, opinions, and documents

(Jun 4, 2018) Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/67925 May 2018, pdf 750KB Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/67925 May 2018, pdf 718 KB From the Article 29 Data Protection Working Party The WP29 was an advisory body made up of representatives from the data protection authorities of each EU member state, the EU Commission and the European Data Protection Supervisor. Upon ena... Read More

Why businesses should use 'statistical approaches' to protect user data

(Jun 4, 2018) In a column for the Harvard Business Review, professors Sachin Gupta and Matthew Schneider argue that current business approaches to protecting consumer data — most notably, access control and pseudonymization — are "woefully inadequate" and "not sufficient," respectively. However, public agencies, such as the U.S. Census Bureau and Department of Agriculture, protect data by systematically perturbing it via adding random noise, rounding information, creating synthetic data, among other methods. ... Read More

An open letter to the GDPR's unsung hero

(May 29, 2018) These have, no doubt, been busy times for privacy pros all around the world, but Bojana Bellamy, CIPP/E, president at Hunton Andrews Kurth's Centre for Information Policy Leadership, has a message to everyone who has been working so hard as of late: "I want you to know that I think you are amazing and to say thank you for the herculean effort and boundless commitment you have given in getting your organizations ready" for the EU General Data Protection Regulation. In this post for Privacy Perspe... Read More

The GDPR (page) is for everyone

(May 25, 2018) Throughout the past two years (longer, really), the IAPP has been gathering and creating articles, tools, white papers, charts, analysis, and guidance to help privacy pros figure out what to do about this thing called the General Data Protection Regulation. We've collected all that information on a single page in the IAPP Resource Center, which until now has been available only to IAPP members. In celebration of GDPR Day, we've opened up that page to anyone with an internet connection for the ne... Read More

The ePrivacy Regulation: No rest for the weary

(May 25, 2018) It's GDPR Day! The scramble is over right? Well, no. Compliance with the EU General Data Protection Regulation is ongoing, of course, but just when you think you can take a deep breath ... there's more. The ePrivacy Regulation is on the move. Currently with the EU Council, the European Commission is pushing for a quick agreement so it can move talks to Parliament in June. The law aims to protect the electronic communications of EU citizens, and the current draft significantly broadens the scope ... Read More

NIST Framework for Improving Critical Infrastructure Cybersecurity

(May 22, 2018) This document, published by the National Institute of Standards and Technology, focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of an organization’s risk management processes. The framework consists of three parts: the framework core, the implementation tiers, and the framework profiles. The framework core is a set of cybersecurity activities, outcomes and informative references that are common across sectors and critical infrastruc... Read More

Implementing appropriate security under the GDPR

(May 22, 2018) The EU General Data Protection is finally here, and things like data mapping, data protection impact assessment, consent management, and data subject rights have been on everyone’s minds leading up to its arrival. While these operational requirements are obvious for many companies, some others have flown under the radar. One in particular that we have received questions about from our customers at OneTrust is the requirement for appropriate security. Security of processing Security of processi... Read More

TrustArc, RADAR CEOs discuss strategic partnership

(May 18, 2018) The EU General Data Protection Regulation is staring everyone in the face. The countdown to implementation day is now in the single digits, and everyone is currently waiting to see what happens when May 25 comes and goes. While organizations around the world prepare for the rules, a pair of major players has joined forces to help those worried about not only complying with the GDPR but everything beyond it, as well. TrustArc and RADAR have announced a strategic partnership aimed at simplifying c... Read More