sobota 10. února 2018

One GRC Manager’s Practical Approach to GDPR Readiness

February 8, 2018 - David Lewis - Blog | Imperva
Plné znění článku:
Cituji úvodní část textu:
"...According to this survey, the majority of companies are slow off the mark. On top of that, companies require resources and budget to prepare for and comply with the GDPR....
- At Imperva, our readiness to meet the regulatory requirements established by the GDPR is managed by our Privacy Office. As a GRC manager on that team, I was one of several individuals tasked with reading, understanding and communicating GDPR requirements to our internal stakeholders as we developed our compliance plan.
- No doubt, your organization has a team established to work through GDPR requirements and prepare as needed. If you’re a member of that team and haven’t yet started down your own path, I’m hopeful you’ll find this a useful guide in helping jump start your project, with the ability to tailor it to your specific needs. My goal was to make it as practical as possible. And I provide timelines to give you a sense for how long each step took when I took it on. Here we go...".

Ensuring that email data is compliant with GDPR regulations

By - Nathaniel Borenstein - 8. 2. 2018 - Information Management
Plné znění  najdete na adrese:
Cituji vybrané části textu:
- "More than 90 percent of cyberattacks start with email – whether it’s from customers, partners or colleagues, organizations collect hundreds, if not thousands, of emails that contain personal information every day.
- Considering the current cybersecurity landscape, none of that data is safe – even your deleted files. And all of it is vulnerable to attack, which ups the risk for getting hit with noncompliance penalties.
- So, how can your business ward off hefty fines and ensure compliance? For starters, make archiving an essential part of your compliance plans.
Make archiving an essential part of your compliance plans.
When GDPR goes into effect, organizations will need quick and easy access to their email – both current and historical files. This includes trashed and archived emails, which aren’t always simple to find....
Consider the chains of custody
Audit trails, referred to as “chains of custody” by some, are an essential piece of the puzzle when it comes to rounding out your archiving solution....
Determine who holds the keys to the castle
In a time crunch and can’t access the files you need to? Archiving solutions should make it simple for users to approve (and disapprove) who has the ability to directly access and recall specific files....
Leap to the cloud
Has your team moved to a cloud-based solution yet? If the answer’s no, you’re not alone, but you may soon be. Cloud adoption is up – and archiving is becoming a popular use case. Today, utilizing the cloud for archiving solutions saves the budget and your employees time....
Make teamwork a priority
Think the IT team is responsible for archiving? Think again. Everyone in the organization, from the C-level down, should be involved in the process. Teams must work together to define each of the different files that are being archived, and determine their sensitivity and retention period to develop the best protection plan. Without this collaboration, there’s a good chance files will go “missing.” And getting them back will require extensive resources – time and money – to recover....".

pátek 2. února 2018

Počítač pro každého - Ochrana osobních údajů nově

Počítač pro každého - Ochrana osobních údajů nově
Pokud odebíráte časopis Počítač pro každého, nepřehlédněte v čísle 4/18 podrobný článek, týkající se GDPR. Na 3 stranách se dozvíte přehledně o GDPR a to s respektováním  pohledu z IT/IS. Časopis najdete v každé prodejně tisku.

pondělí 8. ledna 2018

Microsoft - GDPR akademie

Microsoft - GDPR akademie
Vše co potřebujete vědět o GDPR

GDPR akademie je série 3 webinářů, které jsou určeny pro pověřené osoby odpovědné za osobní informace, bezpečnost nebo agendu GDPR.
Slouží jako přehledný průvodce v problematice GDPR a poskytují návod, jak mohou služby a produkty společnosti Microsoft a třetích stran pomoci naplnit regulaci GDPR. 
Součástí akademie bude i představení skutečného projektu u zákazníka, který naplnil požadavky. Získáte tak nejen informace, ale i konkrétní dokumentaci, kterou následně můžete využít pro vlastní přípravu naplnění GDPR.
3 webináře: 
Datum a čas                 Téma
a) 25.01. 14:00 – 15:00 Efektivní vyhledávání, řízení a zabezpečení osobních informací v dokumentech a v e-mailech
b) 08.02. 14:00 – 15:00 Zajištění bezpečnosti provozu Vašich aplikací s osobními daty a partnerská řešení pro podporu GDPR
c) 22.02. 14:00 – 15:00 Představení skutečného příběhu zákazníka, jak naplnil požadavky GDPR

Přihlášky na adresách:
a) ZDE
b) ZDE
c) ZDE

sobota 30. prosince 2017

Preparing for the General Data Protection Requirement

Published by Rob Mellor - 26. 12. 2017. Článek najdete na adrese:
Cituji vybrané části textu:
"On May 25, 2018, the EU’s new General Data Protection Rules take effect forcing companies worldwide to comply with a fundamental change to the way businesses manage and distribute data.
" ... As a result, many businesses appear stuck in 'analysis paralysis', incapable of implementing strategies to meet the GDPR challenge.
How can you break through that paralysis? How can you get started on the path to compliance? In short, where do you start?"
First, let’s remind ourselves what is behind the GDPR.
"At the most foundational level, it is about stopping the misuse of personal data by organizations who may be tempted to use that data to engage in intrusive, unwanted marketing activities. We have all suffered such targeting and know how annoying it is. So, one of the key tenets of GDPR will be that it requires organizations to prove that any data they store is necessary to the running of the business, rather than being used for marketing activities. Within every business, there are obviously many different and disparate data streams making it tough to create an easily auditable view of the data and, in turn, prove why it is essential to the running of the business."
"For example, let’s imagine it is found that a retailer, at the point of purchase, is scanning the color of people's' eyes as they pay. The company will now have to explain why it is doing that. Perhaps, it is an optician that has a legitimate reason for capturing this data, as it helps provide better aftercare to customers."

Guidance on consent under the gdpr

Posted on December 15, 2017
Cituji vybrané části:
"Recently, the EU’s Article 29 Working Party (the “Working Party”) adopted guidelines (the “Guidance”) on the meaning of consent under the EU General Data Protection Regulation (“GDPR”). In this Guidance, the Working Party has confirmed that consent should be a reversible decision where a degree of control must remain with the data subject. The Guidance provides further detail on what is necessary to ensure that consent satisfies the requirements of the GDPR:
• Freely given. 
• Specific. 
• Informed.
• Clear affirmative action. .
Meaning of Explicit Consent
Demonstrating Consent
Children’s Consent
Pre-existing Consent"
Cituji ze závěru:
"For processing operations in relation to which existing consent will no longer be valid, the Working Party recommends that data controllers (1) seek to obtain new consent in a way that complies with the GDPR, or (2) rely on a different legal basis for carrying out the processing in question. If a data controller is unable to do either of those things then the processing activities concerned should cease."

It's time to re-examine the future of data infrastructure

Článek publikoval Ravi Mayuram na portálu "information-management" 20. 12. 2017. Najdete ho na adrese:
Cituji vybranou část textu:
"In 2017, artificial intelligence and digital transformation vaulted to the forefront of business priorities, and these technologies will continue to drive new business initiatives as we move into 2018.
Recent research suggests that the AI market will surpass $100 billion by 2025, and 89 percent of enterprises say their industry is being disrupted by digital technology. For companies to succeed today, digital strategies must underlie an organization’s approach to innovation and customer experience. And to support these efforts, it’s vital for companies to build out the necessary data infrastructure.
Today, AI is more of a trendy buzzword than a practical reality. Difficult to execute, AI is only as good as its data, and data integrity still varies from enterprise to enterprise. However, we’ve seen the early stages of machine learning applications in industries such as advertising and retail, and in the years ahead we’ll see more industries, including industrial Internet of Things, digital health and digital finance, begin taking advantage of this technology to provide more meaningful user experiences.
Throughout this transformation, the database will play an instrumental role by accommodating rapidly-changing data at scale, while keeping big data sets reliable and secure, although true implementation of AI is still several years away........".

GDPR – A legislative milestone for a digital age

PDF soubor s názvem "guide_gdpr_legislative_milestone_en.pdf"
najdete ke stažení na portálu "", na adrese:
Cituji z textu:
"GDPR – A legislative milestone for a digital age BY NEIL THACKER, INFORMATION SECURITY & STRATEGY OFFICER, EMEA FORCEPOINT™ The clock is officially ticking for organisations to get their data protection policies in order now that the General Data Protection Regulation (GDPR) has been approved and is set to replace the previous EU Data Protection Directive. The new regulation will come into effect in May 2018 and will require organisations to put a much stricter focus on data protection. The headline items for organisations that collect or process EU citizen records are: } They must notify their supervisory authority of a data breach within 72 hours. } The subject will have the right to retract consent, request data erasure or data portability. } They may face fines of up to 4% of their worldwide turnover, or €20 million for intentional or negligent violations. These increased sanctions mean it is vital that this new law be fully understood by a number of key stakeholders within the organisation, and that organisations start preparing to comply with the new regulations as soon as possible. There are five key steps to help organisations perform a basic assessment of their current data protection strategy and to identify any potential gaps that need filling prior to a more comprehensive view of the GDPR...."
Příklad nabídky profesionálního poradenství v GDPR:
"THERE ARE THREE CORE AREAS WHERE FORCEPOINT’S SOLUTIONS CAN HELP ORGANIZATIONS MEET THE REQUIREMENTS OF THE GDPR: } Inventorying personal data, whether as part of the initial scoping of a compliance program or to support the operational duties of controllers, processors or responders, including dealing with subject access requests or data incidents. } Mapping personal data flows across the organization that expose broken business processes and unsanctioned IT or highlight supply chain activity that puts critical data at risk. This clear visibility allows organizations to implement management and control of personal data flows using mechanisms such as authorization, policy-based encryption, notification and blocking to mitigate risk. } Leveraging behavioral analytics and risk modelling to rapidly detect high risk employee activity (malicious or compromised) and broken business processes that put critical data at risk, as well as enabling a quick and decisive response, which often lets organizations get ahead of the breach itself."

pátek 29. prosince 2017

GDPR kalkulačka

Na adrese:
najdete jednoduchý test přípravy na GDPR. Jde sice o reklamu poradanství, nicméně není na škodu sítí dotazů si projít. Je možné si nechat zaslat výsledek, ale pokud nezadáte mailovou adresu, dozvíte se souhrnný výsledek na webové stránce.   

čtvrtek 14. prosince 2017

GDPR Bílá kniha CZ

9-stránkový soubor pdf s výše uvedeným obsahem najdete na adrese
- Terminologie
- Přehled o GDPR
- Dopad GDPR
- Požadavky GDPR
- GDPR v cloudu
- Řešení GDPR

pátek 1. prosince 2017

5 ways you can benefit from GDPR

5 ways you can benefit from GDPR
Inderjit Mund publikoval 29. 11. 2017 článek na portále "", konkrétně na adrese:
Cituji vybrané části textu a osnovu:
"Contrary to the negative hype, the General Data Protection Regulation (GDPR) is a force for good for both individuals and marketers. The new Regulation empowers consumers by refocusing the attention on them owning their data.
With new guidelines around explicit permission to use an individual’s data, brands will need to create more relevant and compelling brand communications to customers who are actually interested. Looking at the key requirements for compliance in more detail, GDPR can in fact help marketers to enhance their activities, improve customer engagement and boost ROI."
Here’s 5 ways you can benefit from GDPR:
1. Personalised and more efficient marketing
2. The fast-track to effective data-driven marketing
3. Permission is everything
4. Better data equals better relationships
5. GDPR as a catalyst for change
Cituji ze závěru:"With this in mind, it is understandable to be taken back by the requirements of GDPR. Its complexity can be daunting and unclear at stages, yet underneath the prescriptive text, there is vast opportunity to make business and marketing activity compatible with our digital future. Responsible brands should not fear GDPR, but learn to work with it to unlock and future-proof data-driven marketing practices. Once you become at peace with this, your marketing activity will have higher first-time success rates and impact on the right type of audience."

čtvrtek 16. listopadu 2017

Why your printer could be your GDPR blindspot

Na portálu "" byl publikován článek na téma "Why your printer could be your GDPR blindspot".
Plné znění článku najdete na adrese:

Cituji vybrané části textu:
"Industries of all types have already started shoring up their defences and reshaping the way they handle data, yet all that hard work is likely to be undone by something as seemingly innocuous as a printer."
"Print security obligations under GDPR remain one of the most misunderstood areas of the new regulations, potentially creating a blind spot that could not only lead to a data breach, but also substantial fines for non-compliance."
"As with any device that's connected to the internet, MFPs are susceptible to unwanted snooping. Without effective security protocols, unauthorised users are able to gain access to a printing network and any document that has been sent to a machine. What's more, most machines also make use of facilities such as scan to email, scan to cloud, or scan to internal storage, which could all be compromised to either steal sensitive data in bulk, or reroute future correspondence to external addresses."
"Maintaining the security of an MFP network is a daunting task. The sheer number of potential weak spots on your system, not to mention the various differences that exist between printer brands, makes performing regular manual checks for vulnerabilities unfeasible."
"As with other IoT devices, there are tools available that provide a complete overview of your system, and cut down on a lot of the hard work."

středa 15. listopadu 2017

Will AI Change the Role of Cybersecurity?

Tami Casey vystavil na portálu "IMPERVA" článek s názvem "Will AI Change the Role of Cybersecurity?
Plné znění článku najdete na adrese:
Cituji vybrané části textu:
"Mention artificial intelligence (AI) and security and a lot of people think of Skynet from The Terminator movies. Sure enough, at a recent Bay Area Cyber Security Meetup group panel on AI and machine learning, it was moderator Alan Zeichick – technology analyst, journalist and speaker – who first brought it up. But that wasn’t the only lively discussion during the panel, which focused on AI and cybersecurity."
"I found two areas of discussion particularly interesting, which drew varying opinions from the panelists. One, around the topic of AI eliminating jobs and thoughts on how AI may change a security practitioner’s job, and two, about the possibility that AI could be misused or perhaps used by malicious actors with unintended negative consequences."
Dvě kapitoly:
- Artificial Intelligence Eliminating Jobs?
- AI and Malicious Misuse
Cituji závěr článku:
"The difference between a good data scientist and an awesome data scientist is orders of magnitude different in terms of where they can take this technology.  But not to fear, humans will be highly involved in the development of these systems for quite some time."

úterý 14. listopadu 2017

CCTV, the GDPR and the third wave of Data Privacy Regulation

Andrew Charlesworth, Reader in IT Law, University of Bristol, opublikoval na portálu "Cloudview", White Paper 2017:
"CCTV, the GDPR and the third wave of Data Privacy Regulation"
Článek najdete na adrese:
A Cloudview white paper 2017: "Watching Watchers"
CCTV, the GDPR and the third wave of Data Privacy Regulation
Cituji úvod článku:

"The CCTV industry has, almost from its inception, been portrayed in popular culture as the unoffcial face of unaccountable surveillance overreach and invasion of privacy.This position has been cemented by a popular perception of a lack of transparency and public engagement on the part of its users. More recently, it has become the unwilling poster child for the hazards of engaging with the Internet of ThingsThe General Data Protection Regulation (GDPR) thus provides a welcome opportunity for the CCTV industry and its users to tackle this negative image head-on."

CCTV Users at 'Risk of Breaching GDPR'

Michael Hill, Deputy Editor , vystavil na portálu "Infosecurity-magazine" článek: "CCTV Users at 'Risk of Breaching GDPR".
Plné znění najdete na adrese:
Cituji vybrané části textu:
"Organizations that use CCTV systems could be putting themselves at risk of breaching GDPR data protection and privacy requirements by failing to understand how the forthcoming regulations cover the collection of visual data."...
" ...the fact that because there has been little regulation governing CCTV systems (until now) there is a danger that users will fall short in their obligations to ensure safe usage under GDPR, which comes into force in just six months." ....
“The good news is that the GDPR gives CCTV users an opportunity to tackle what is often a negative image and take the lead in demonstrating accountability and privacy protection. They can also use new technologies such as cloud, which enables them to meet the new regulations while improving data accessibility and security.”

neděle 12. listopadu 2017

Do You Know Where Your Data Is?

Na portálu "", na stránce:
najdete odkaz na eBook, věnovaný tématu z titulku ( viz níže ).
Cituji z úvodní stránky:
"Do You Know Where Your Data Is? Three Common Data Management Problems & How to Fix Them"
"Knowing the location of your data plays a crucial role with keeping it secure. When you find yourself jumping through hoops in order to protect, monitor, or report on your data, then you're not getting the most out of your IT infrastructure. Is your current IT infrastructure helping you--or hurting you?"
Po registraci se dostanete na stránku eBooku od firmy "Globalscape".
"In this eBook from Globalscape, you will learn:
- Three common IT infrastructure challenges that can interfere with data management
- The consequences of these common obstacles
- Strategies and tools to put security, compliance, and efficiency at the forefront."
Přímá adresa eBooku je:
Cituji z Whitepaperu:
"Your IT infrastructure can be severely weakened when core IT requirements
are not being met. If you don’t know where your data is at all times, then your
IT infrastructure is getting in your way. An agile, efficient, secure, and
compliant IT infrastructure provides operational visibility, control, and governance." 
"Legacy or homegrown systems, disparate applications and systems, and shadow IT interf"Is your current IT infrastructure helping you—or hurting you? "
eres with the secure and efficient management of your data and IT infrastructure."
"Three common IT infrastructures that lack the optimal level of data management and can adversely affect your security, compliance, and efficiency goals include the following: 
1. Legacy and homegrown data exchange systems
When an old or homegrown data exchange system slows down your business growth

2. Disparate applications and systems
When you have multiple systems or applications moving your data, leaving you lacking a single platform to manage, protect, and track your data movement 
3. Shadow IT
When employees use unsanctioned applications and tools that limit IT control or governance, and in turn expose an organization to security vulnerabilities."
"Getting ahead of these common IT infrastructure challenges will require a proactive data management strategy that enables full operational visibility, control, and governance over your data exchange environment. With the right data management strategy and tools in place, security, compliance and efficiency will always be at the forefront. "
"How to Get Out of Your Own Way with a Data Management Strategy
Three Common IT Infrastructure Challenges that Get in the Way..."
"How Can You Prevent the Increased Shadow IT Costs?
Four Signs that Shadow IT is a Problem. What are the Red Flags? ....".
"How to Get Ahead of Shadow IT:
- Evaluate Existing Processes
- Communicate with Employees
- Keep it Simple
Další text se věnuje dílčím tématům:
- The Ultimate Data Transfer Headache
- Failed Data Transfers Interfere with Daily Business Operations
- What Happens When Data Transfers Fail
- data loss
- data transfer interseption
- Missed SLAs
- Lost Revenue 
- Data Corruption
- Fines Due to Non-Compliance."
MFT to the Rescue
The managed file transfer (MFT) technology enables organizations to securely and efficiently move data within the IT infrastructure and between systems. More robust than the insecure FTP server, MFT is a powerful and secure solution that can move a high volume of data and a complex set of workflows. 
- Overcome Data
Transfer Challenges with a MFT Solution 
The challenges that follow legacy or homegrown file transfer systems, disparate systems and applications, and shadow IT require an advanced data management solution that is inherent in a MFT technology."
Na závěr eBooku je zařazena informace o sw produktu, který výše uvedené aktivity podporuje.
"Enhanced File Transfer™ (EFT™) is Globalscape’s award-winning MFT platform that was designed to manage data transparently, efficiently, and within the parameters of control and accessibility that you require. 
EFT provides enterprise-level security for collaboration with business partners, customers, and employees, while automating the integration of back-end systems."

The Evolution of Managed Security Services

Článek na dané téma byl publikován firmou "Tata Communications".
Plné znění článku s odkazem na PDF verzi Whitepaperu:
Cituji z článku:

"Managed security services initially came into the market under the garb of consulting and started taking off because it helped organizations bring in some measurability, says Avinash Prasad, vice president and head of the managed security services business at Tata Communications.
"The on-premises model was the norm and MSSPs were sought after for cost saving and service visibility," he says.
But the objectives with the emerging security-as-a-service model are different, Prasad says. The model, for example, helps distributed organizations, formed through mergers and acquisitions, scale to meet their growing needs.
Read this whitepaper to learn about:
The early days of managed security services;
Traction and challenges for the security-as-a-service model;
How security-as-a-service could be as important to security as the cloud was to IT operations.
Prasad heads the business area of managed security services globally for Tata Communications. He has a multi-functional focus on customer management, practice and solution development, business development, innovation and partnership. He previously served in leadership roles at Wipro and Infosys."
Odkaz na Whitepaper
"Insights from Tata Communications’ Avinash Prasad on where he sees the security-as-a-service market heading from a global perspective."

sobota 11. listopadu 2017

Protecting Web Applications in the World of GDPR

Článek na téma "Protecting Web Applications in the World of GDPR" je vystaven na portálu "SolarWinds MSP", konkrétně na adrese:
Cituji vybrané části textu:
"Businesses have embraced both the creation and use of web services and web applications at an astronomical rate. But as many companies—most recently Equifax®—have found out, protecting web services and web applications is serious business. In the case of Equifax, the failure to patch a known vulnerability in the Apache® Struts Framework led to a major data breach. If the Global Data Protection Regulation (GDPR) was already in effect, they could have faced severe repercussions for not notifying both the regulatory authorities and the data subjects within the 72-hour deadline.
It’s not unreasonable to suggest that web services are the weakest technological link in the struggle against cybercriminals. Web applications and web services are vulnerable to customer account compromise from poor user behaviour or even complete compromise due to technical flaws or weak administrative passwords. Given the mandates of GDPR to protect data subjects’ personal data, a webserver hosted by a business could present a clear and present danger of a data breach. What follows is an analysis of how website owners are responding to the danger of presenting an open portal of personal data to the internet. And if your business develops web applications, you may want to implement some of these techniques."
"To improve your application security, try building logic into your authentication process that answers the following questions: 
- Is the browser connecting up to date?
- Where is the connection coming from?
- Has the IP address connected before?
- Has the device connecting accessed the service before?
- Has the account been compromised?
- Has the account been hijacked?
- Has the user enabled multifactor or two-factor authentication (MFA, 2FA)?
Protecting Customer Data within Your Web Applications
Due to the rising threat of account compromises via web services, many website owners are building systems to ensure legitimate users and administrative users are protected. And with the increased responsibilities of organizations under GDPR, the stakes are even higher when it comes to web application security. As a website owner, you must do your best to safeguard your customers from fraudulent logins if you want to avoid a potentially severe data breach and penalties under the GDPR (and to make your sure your customers are safe).

Aktuální, doplněná a upravená verze GDPR

General Data Protection Regulation – Final legal text of the EU GDPR. The official PDF and its recitals as a neatly arranged website.
Aktuální, doplněná a upravená verze GDPR je vystavena ve speciální formě na adrese:
Text je uveden slovy:
"Welcome to Here you can find the official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation) as a neatly arranged website. All Articles of the GDPR are linked with suitable recitals. The European Data Protection Regulation will be applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe. If you find the page useful, feel free to support us by sharing the project."