čtvrtek 14. prosince 2017

GDPR Bílá kniha CZ

9-stránkový soubor pdf s výše uvedeným obsahem najdete na adrese
https://www.zebra.cz/wp-content/uploads/GDPR_Bila-kniha_CZ.pdf
Osnova:
- Terminologie
- Přehled o GDPR
- Dopad GDPR
- Požadavky GDPR
- GDPR v cloudu
- Řešení GDPR

pátek 1. prosince 2017

5 ways you can benefit from GDPR


5 ways you can benefit from GDPR
Inderjit Mund publikoval 29. 11. 2017 článek na portále "dataiq.co.uk", konkrétně na adrese:
http://tinyurl.com/ycqmcbvl
Cituji vybrané části textu a osnovu:
"Contrary to the negative hype, the General Data Protection Regulation (GDPR) is a force for good for both individuals and marketers. The new Regulation empowers consumers by refocusing the attention on them owning their data.
With new guidelines around explicit permission to use an individual’s data, brands will need to create more relevant and compelling brand communications to customers who are actually interested. Looking at the key requirements for compliance in more detail, GDPR can in fact help marketers to enhance their activities, improve customer engagement and boost ROI."
Here’s 5 ways you can benefit from GDPR:
1. Personalised and more efficient marketing
2. The fast-track to effective data-driven marketing
3. Permission is everything
4. Better data equals better relationships
5. GDPR as a catalyst for change
Cituji ze závěru:"With this in mind, it is understandable to be taken back by the requirements of GDPR. Its complexity can be daunting and unclear at stages, yet underneath the prescriptive text, there is vast opportunity to make business and marketing activity compatible with our digital future. Responsible brands should not fear GDPR, but learn to work with it to unlock and future-proof data-driven marketing practices. Once you become at peace with this, your marketing activity will have higher first-time success rates and impact on the right type of audience."

čtvrtek 16. listopadu 2017

Why your printer could be your GDPR blindspot

Na portálu "itpro.co.uk" byl publikován článek na téma "Why your printer could be your GDPR blindspot".
Plné znění článku najdete na adrese: http://tinyurl.com/y74anzjm

Cituji vybrané části textu:
"Industries of all types have already started shoring up their defences and reshaping the way they handle data, yet all that hard work is likely to be undone by something as seemingly innocuous as a printer."
"Print security obligations under GDPR remain one of the most misunderstood areas of the new regulations, potentially creating a blind spot that could not only lead to a data breach, but also substantial fines for non-compliance."
"As with any device that's connected to the internet, MFPs are susceptible to unwanted snooping. Without effective security protocols, unauthorised users are able to gain access to a printing network and any document that has been sent to a machine. What's more, most machines also make use of facilities such as scan to email, scan to cloud, or scan to internal storage, which could all be compromised to either steal sensitive data in bulk, or reroute future correspondence to external addresses."
"Maintaining the security of an MFP network is a daunting task. The sheer number of potential weak spots on your system, not to mention the various differences that exist between printer brands, makes performing regular manual checks for vulnerabilities unfeasible."
"As with other IoT devices, there are tools available that provide a complete overview of your system, and cut down on a lot of the hard work."

středa 15. listopadu 2017

Will AI Change the Role of Cybersecurity?

Tami Casey vystavil na portálu "IMPERVA" článek s názvem "Will AI Change the Role of Cybersecurity?
Plné znění článku najdete na adrese:
https://www.imperva.com/blog/2017/11/will-ai-change-the-role-of-cybersecurity/
Cituji vybrané části textu:
"Mention artificial intelligence (AI) and security and a lot of people think of Skynet from The Terminator movies. Sure enough, at a recent Bay Area Cyber Security Meetup group panel on AI and machine learning, it was moderator Alan Zeichick – technology analyst, journalist and speaker – who first brought it up. But that wasn’t the only lively discussion during the panel, which focused on AI and cybersecurity."
"I found two areas of discussion particularly interesting, which drew varying opinions from the panelists. One, around the topic of AI eliminating jobs and thoughts on how AI may change a security practitioner’s job, and two, about the possibility that AI could be misused or perhaps used by malicious actors with unintended negative consequences."
Dvě kapitoly:
- Artificial Intelligence Eliminating Jobs?
- AI and Malicious Misuse
Cituji závěr článku:
"The difference between a good data scientist and an awesome data scientist is orders of magnitude different in terms of where they can take this technology.  But not to fear, humans will be highly involved in the development of these systems for quite some time."

úterý 14. listopadu 2017

CCTV, the GDPR and the third wave of Data Privacy Regulation

Andrew Charlesworth, Reader in IT Law, University of Bristol, opublikoval na portálu "Cloudview", White Paper 2017:
"CCTV, the GDPR and the third wave of Data Privacy Regulation"
Článek najdete na adrese:
http://www.cloudview.co/whitepapers/watchingthewatchers
A Cloudview white paper 2017: "Watching Watchers"
CCTV, the GDPR and the third wave of Data Privacy Regulation
Cituji úvod článku:

"The CCTV industry has, almost from its inception, been portrayed in popular culture as the unoffcial face of unaccountable surveillance overreach and invasion of privacy.This position has been cemented by a popular perception of a lack of transparency and public engagement on the part of its users. More recently, it has become the unwilling poster child for the hazards of engaging with the Internet of ThingsThe General Data Protection Regulation (GDPR) thus provides a welcome opportunity for the CCTV industry and its users to tackle this negative image head-on."

CCTV Users at 'Risk of Breaching GDPR'

Michael Hill, Deputy Editor , vystavil na portálu "Infosecurity-magazine" článek: "CCTV Users at 'Risk of Breaching GDPR".
Plné znění najdete na adrese:
https://www.infosecurity-magazine.com/news/cctv-users-at-risk-of-breaching/
Cituji vybrané části textu:
"Organizations that use CCTV systems could be putting themselves at risk of breaching GDPR data protection and privacy requirements by failing to understand how the forthcoming regulations cover the collection of visual data."...
" ...the fact that because there has been little regulation governing CCTV systems (until now) there is a danger that users will fall short in their obligations to ensure safe usage under GDPR, which comes into force in just six months." ....
“The good news is that the GDPR gives CCTV users an opportunity to tackle what is often a negative image and take the lead in demonstrating accountability and privacy protection. They can also use new technologies such as cloud, which enables them to meet the new regulations while improving data accessibility and security.”

neděle 12. listopadu 2017

Do You Know Where Your Data Is?

Na portálu "infoworld.com", na stránce: http://tinyurl.com/y8v35wk4
najdete odkaz na eBook, věnovaný tématu z titulku ( viz níže ).
Cituji z úvodní stránky:
"Do You Know Where Your Data Is? Three Common Data Management Problems & How to Fix Them"
"Knowing the location of your data plays a crucial role with keeping it secure. When you find yourself jumping through hoops in order to protect, monitor, or report on your data, then you're not getting the most out of your IT infrastructure. Is your current IT infrastructure helping you--or hurting you?"
Po registraci se dostanete na stránku eBooku od firmy "Globalscape".
Cituji:
"In this eBook from Globalscape, you will learn:
- Three common IT infrastructure challenges that can interfere with data management
- The consequences of these common obstacles
- Strategies and tools to put security, compliance, and efficiency at the forefront."
Přímá adresa eBooku je:
http://dynamic.globalscape.com/files/data-management-strategies.pdf
Cituji z Whitepaperu:
"Your IT infrastructure can be severely weakened when core IT requirements
are not being met. If you don’t know where your data is at all times, then your
IT infrastructure is getting in your way. An agile, efficient, secure, and
compliant IT infrastructure provides operational visibility, control, and governance." 
"Legacy or homegrown systems, disparate applications and systems, and shadow IT interf"Is your current IT infrastructure helping you—or hurting you? "
eres with the secure and efficient management of your data and IT infrastructure."
"Three common IT infrastructures that lack the optimal level of data management and can adversely affect your security, compliance, and efficiency goals include the following: 
1. Legacy and homegrown data exchange systems
When an old or homegrown data exchange system slows down your business growth

2. Disparate applications and systems
When you have multiple systems or applications moving your data, leaving you lacking a single platform to manage, protect, and track your data movement 
3. Shadow IT
When employees use unsanctioned applications and tools that limit IT control or governance, and in turn expose an organization to security vulnerabilities."
"Getting ahead of these common IT infrastructure challenges will require a proactive data management strategy that enables full operational visibility, control, and governance over your data exchange environment. With the right data management strategy and tools in place, security, compliance and efficiency will always be at the forefront. "
"How to Get Out of Your Own Way with a Data Management Strategy
Three Common IT Infrastructure Challenges that Get in the Way..."
"How Can You Prevent the Increased Shadow IT Costs?
Four Signs that Shadow IT is a Problem. What are the Red Flags? ....".
"How to Get Ahead of Shadow IT:
- Evaluate Existing Processes
- Communicate with Employees
- Keep it Simple
Další text se věnuje dílčím tématům:
- The Ultimate Data Transfer Headache
- Failed Data Transfers Interfere with Daily Business Operations
- What Happens When Data Transfers Fail
- data loss
- data transfer interseption
- Missed SLAs
- Lost Revenue 
- Data Corruption
- Fines Due to Non-Compliance."
MFT to the Rescue
The managed file transfer (MFT) technology enables organizations to securely and efficiently move data within the IT infrastructure and between systems. More robust than the insecure FTP server, MFT is a powerful and secure solution that can move a high volume of data and a complex set of workflows. 
- Overcome Data
Transfer Challenges with a MFT Solution 
The challenges that follow legacy or homegrown file transfer systems, disparate systems and applications, and shadow IT require an advanced data management solution that is inherent in a MFT technology."
Na závěr eBooku je zařazena informace o sw produktu, který výše uvedené aktivity podporuje.
"Enhanced File Transfer™ (EFT™) is Globalscape’s award-winning MFT platform that was designed to manage data transparently, efficiently, and within the parameters of control and accessibility that you require. 
EFT provides enterprise-level security for collaboration with business partners, customers, and employees, while automating the integration of back-end systems."

The Evolution of Managed Security Services

Článek na dané téma byl publikován firmou "Tata Communications".
Plné znění článku s odkazem na PDF verzi Whitepaperu:
http://tinyurl.com/ydb8lo6k
Cituji z článku:

"Managed security services initially came into the market under the garb of consulting and started taking off because it helped organizations bring in some measurability, says Avinash Prasad, vice president and head of the managed security services business at Tata Communications.
"The on-premises model was the norm and MSSPs were sought after for cost saving and service visibility," he says.
But the objectives with the emerging security-as-a-service model are different, Prasad says. The model, for example, helps distributed organizations, formed through mergers and acquisitions, scale to meet their growing needs.
Read this whitepaper to learn about:
The early days of managed security services;
Traction and challenges for the security-as-a-service model;
How security-as-a-service could be as important to security as the cloud was to IT operations.
Prasad heads the business area of managed security services globally for Tata Communications. He has a multi-functional focus on customer management, practice and solution development, business development, innovation and partnership. He previously served in leadership roles at Wipro and Infosys."
Odkaz na Whitepaperhttp://tinyurl.com/ybcbnk3n
Název: THE EVOLUTION OF MANAGED SECURITY SERVICES
"Insights from Tata Communications’ Avinash Prasad on where he sees the security-as-a-service market heading from a global perspective."

sobota 11. listopadu 2017

Protecting Web Applications in the World of GDPR

Článek na téma "Protecting Web Applications in the World of GDPR" je vystaven na portálu "SolarWinds MSP", konkrétně na adrese:
https://www.solarwindsmsp.com/blog/protecting-web-applications-world-gdpr
Cituji vybrané části textu:
"Businesses have embraced both the creation and use of web services and web applications at an astronomical rate. But as many companies—most recently Equifax®—have found out, protecting web services and web applications is serious business. In the case of Equifax, the failure to patch a known vulnerability in the Apache® Struts Framework led to a major data breach. If the Global Data Protection Regulation (GDPR) was already in effect, they could have faced severe repercussions for not notifying both the regulatory authorities and the data subjects within the 72-hour deadline.
It’s not unreasonable to suggest that web services are the weakest technological link in the struggle against cybercriminals. Web applications and web services are vulnerable to customer account compromise from poor user behaviour or even complete compromise due to technical flaws or weak administrative passwords. Given the mandates of GDPR to protect data subjects’ personal data, a webserver hosted by a business could present a clear and present danger of a data breach. What follows is an analysis of how website owners are responding to the danger of presenting an open portal of personal data to the internet. And if your business develops web applications, you may want to implement some of these techniques."
"To improve your application security, try building logic into your authentication process that answers the following questions: 
- Is the browser connecting up to date?
- Where is the connection coming from?
- Has the IP address connected before?
- Has the device connecting accessed the service before?
- Has the account been compromised?
- Has the account been hijacked?
- Has the user enabled multifactor or two-factor authentication (MFA, 2FA)?
Protecting Customer Data within Your Web Applications
Due to the rising threat of account compromises via web services, many website owners are building systems to ensure legitimate users and administrative users are protected. And with the increased responsibilities of organizations under GDPR, the stakes are even higher when it comes to web application security. As a website owner, you must do your best to safeguard your customers from fraudulent logins if you want to avoid a potentially severe data breach and penalties under the GDPR (and to make your sure your customers are safe).

Aktuální, doplněná a upravená verze GDPR

General Data Protection Regulation – Final legal text of the EU GDPR. The official PDF and its recitals as a neatly arranged website.
Aktuální, doplněná a upravená verze GDPR je vystavena ve speciální formě na adrese: https://gdpr-info.eu
Text je uveden slovy:
"Welcome to gdpr-info.eu. Here you can find the official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation) as a neatly arranged website. All Articles of the GDPR are linked with suitable recitals. The European Data Protection Regulation will be applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe. If you find the page useful, feel free to support us by sharing the project."

čtvrtek 9. listopadu 2017

GDPR příručka HKČR

Hospodářská komora ČR vydala příručku ke GDPR.
Najdete ji ke stažení na adrese:
https://www.komora.cz/wp-content/uploads/2017/06/PriruckaGDPR_final.pdf

Eurokomisařka Jourová slíbila podnikatelům podporu při zavádění GDPR

O příslibu podpory informovali "Parlamentní listy" 9. 11. 2017.
Úplný text najdete na adrese: http://tinyurl.com/ydxq64uo
Cituji z textu zprávy:
"Informační kampaň Hospodářské komory zvyšující povědomí podnikatelů o nových povinnostech v oblasti ochrany osobních údajů, které zavádí evropské nařízení GDPR, podpoří také eurokomisařka Věra Jourová. Uvedl to dnes prezident Hospodářské komory Vladimír Dlouhý po jejich společném jednání na půdě Evropské komise."
"Dlouhý uvedl, že ani příručky ale nenahradí školení, která musí podnikatelé a jejich zaměstnanci pracující s osobními údaji absolvovat, aby novému nařízení vyhověli."
"Hospodářská komora rovněž usiluje o to, aby dozorový orgán Úřad pro ochranu osobních údajů při kontrolách postupoval zdrženlivě. Podle Hospodářské komory by úřad alespoň ze začátku měl na možné pochybení při zpracování osobních údajů podnikatele jen upozorňovat, než rovnou sankcionovat."

středa 8. listopadu 2017

Critical Capabilities for Enterprise Data Loss Prevention 2017

Critical Capabilities for Enterprise Data Loss Prevention 2017
Gartner 2017 Critical Capabilities Report
Published: 10 April 2017 - Brian Reed, Deborah Kish
Odkaz na Report je na portálu Forcepoint.com na adrese: http://tinyurl.com/ycqlo884
Original Repport: je na adrese:
https://www.gartner.com/doc/reprints?id=1-3XN7WNP&ct=170410&st=sb

INDUSTRY ANALYST REPORT
According to Gartner: “Security and risk management leaders deploy enterprise DLP for three major use cases: regulatory compliance, intellectual property protection and visibility into how users handle sensitive data. This research evaluates DLP products for the three use cases, derived from nine critical capabilities." *
Cituji z textu Reportu:
"Summary
Security and risk management leaders deploy enterprise DLP for three major use cases: regulatory compliance, intellectual property protection and visibility into how users handle sensitive data. This research evaluates DLP products for the three use cases, derived from nine critical capabilities."
"Key Findings
- Enterprise data loss prevention (DLP) has become a key piece of a broader data life cycle process supported by technology, as opposed to DLP simply being another technology buying decision."
- Any regulatory compliance requirements beyond the most basic of use cases are better addressed through the unified workflow of enterprise DLP products.
- Enterprise DLP is typically adopted for intellectual property protection, particularly in large multinational organizations.
- Data visibility and monitoring observed by enterprise DLP products alone do not convey who the riskiest users are in an organization."
Recommendations
- Security and risk management leaders responsible for data security must:
- Engage and involve business units and data owners to improve the odds of success of a DLP deployment.
- Start with data in use at the endpoint for DLP initiatives driven by intellectual property (IP) protection, then implement advanced detection features, such as image analysis, machine-learning and other data-matching techniques.
- Deploy data in motion (such as network DLP on outbound email) for DLP initiatives driven by regulatory compliance to meet the requirements for the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA) and other compliance standards.
- Select DLP vendors with strong integrations with complementary data security technologies, such as data classification, user and entity behavior analytics, cloud access security brokers, and incident response and forensics products, to fill in technology gaps."

úterý 7. listopadu 2017

6 impacts of GDPR on organizations that store data in the cloud

6 impacts of GDPR on organizations that store data in the cloud
By Cristopher Burge - a cloud computing enthusiast and content editor at CloudStorageAdvice.
Published 02. 11. 2017, information-management.com
Článek najdete na adrese: http://tinyurl.com/y7fqoqcp
Cituji z textu článku:
"The General Data Protection Regulation refers to a platform where the European Parliament, European Commission, and Council of the European Union intend to unify and strengthen data protection for persons within the European Union. It addresses the transfer of personal information outside the EU".

"The GDPR aims at bringing together the EU regulation to simplify the governing environment for international business. It also gives residents control over their data."
"Companies that store data in the cloud will experience stronger restrictions relating to how they access and use information under the new regulation. EU residents, on the other hand, will gain several rights concerning personal data. Outlined below are six GDPR changes:
1. Personal Data Definition is Stricter
2. Data Minimization Principles
3. Enhanced Individuals’ Rights
4. Data Breach Notification
5. Increased Accountability
6. Stricter Consent Procedures
"All questions from a company to an individual asking them to grant the organization permission to collect, process, and store personal details ought to be presented clearly. "
"The new regulation applies to every entity that monitors or processes personal information of EU citizens across the universe."


pondělí 6. listopadu 2017

Konference: CyberSecurity 2017

Konference: CyberSecurity 2017
Termín konference: 14. 11. 2017 
Místo konání: Praha 4, Konferenční centrum City
Webová adresa konference:
https://eventworld.cz/akce/cyber-security-2017-II-116/pozvanka-cyber-security-2017-II
Odborná konference pod záštitou ministra obrany MgA. Martina Stropnického, zaměřená na kybernetickou bezpečnost v době legislativních změn, cloudu a IoT. Je určena IT profesionálům pracujícím ve firemním sektoru, státní správě nebo samosprávě, specialistům z oblasti finančnictví, průmyslu a všem, kteří chtějí získat rozšířenou představu o aktuálních bezpečnostních problémech a rizicích v IT spolu s možnostmi efektivní cesty ke snížení těchto rizik.
Témata
- Dopady legislativních změn na ochranu dat v českých organizací a jejich spolupráci s externími dodavateli a poskytovateli služeb.
- Aktuální kybernetické hrozby na českém trhu – poučte management a upozorněte na rizika ty, kdo ponesou následky.
- Nástup digitální transformace: tlak cloudu, mobility a IoT na zabezpečení sítě i koncových bodů. Je větší bezpečnostní riziko zaměstnanec nebo útočník?
- Až na vás přijde řada: Je důležitější prevence útoku nebo reakce na incident? Monitoring a SIEM v hlavní roli.
- Všechna témata doplní vybrané bezpečnostní technologie, které se umí přizpůsobit měnícím se požadavkům organizací i stavu jejich IT infrastruktury.

sobota 4. listopadu 2017

GDPR: The role of technology in data compliance

GDPR: The role of technology in data compliance
31 Oct 17 | Author Clark Boyd | Data & Analytics Marketing Technology
Článek najdete na adrese:

https://www.clickz.com/gdpr-the-role-of-technology-in-data-compliance/113865/
Cituji vybrané části textu:- "2% of US-based multinationals see the GDPR as their top data security priority over the next 12 months with 77% of businesses planning to spend over $1 million on GDPR compliance efforts. Here we look at some of the ways in which technology can help streamline this process and explain some of the opportunities presented by getting your ducks in a row."
- "With the European Union General Data Protection Regulation (EU GDPR) due to come into full effect on 25 May 2018, the onus is on compliance efforts for businesses worldwide. Over 90% of US businesses see this as their top data security priority over the next year, and technology will be the defining factor in their attempts to abide by the new rules."
- "We should, therefore, view technology as either an enabler of transparency and compliance, when used effectively; or as a costly hindrance to progress, when used without care."
- "With so many international businesses spending significant sums to get their house in order, a new technology market has started to develop. Software providers are launching new products to help international businesses with compliance efforts, and also to validate their progress.
- Using technology to audit personal data
It is essential to understand the separate roles of data controllers and data processors if we are to get to the heart of this question.
Technology will play a key role in gaining the single view on every customer that companies will need.
- Using technology to collect personal data
- Using technology to protect personal data
- Key takeaways"
-"This begins by using technology to assess the following four areas:
Audit: Gain a clear understanding of where all of your data resides and bring this together into a single view of each customer.
Capture: Use a platform to help standardize your consent forms and capture the ensuing data in a compliant fashion.
Process: Encrypt sensitive information to ensure that in the event of a data breach, no useful data is stolen.
Monitor: Utilize a dashboard to monitor your progress and set up automated alerts so you can act quickly if there are issues.

Nařízení o ePrivacy jako doplněk k GDPR

Nařízení o ePrivacy jako doplněk k GDPR
3. 11. 2017 15:51
Článek najdete na portálu: parlamentnilisty.cz
konkrétně na adresehttp://tinyurl.com/yc2az5db
Důležitý krok k vysoké úrovni ochrany soukromí při využívání elektronických komunikací udělal Evropský parlament. Na konci října totiž schválil nařízení o respektování soukromého života a ochrany osobních údajů v elektronických komunikacích - ePrivacy.
Novinkou je podrubrika Otázky a odpovědi k GDPR, ve které Úřad zveřejnil nejčastější otázky k Obecnému nařízení, na které je dotazován. Základní příručka k GDPR, která byla upravena, pak obsahuje přehled základních pojmů a informací vztahující se k Obecnému nařízení.
„Podrubrika Otázky a odpovědi k GDPR bude nadále rozšiřována. V současné chvíli osahuje témata jako je certifikace, vydávání osvědčení, kodexy chování pro veřejnou správu, porušení zabezpečení osobních údajů, posouzení vlivu na ochranu osobních údajů, pověřenec pro ochranu osobních údajů, práva subjektu údajů, právní důvody zpracování a sociální služby,“ informoval mluvčí Úřadu Tomáš Paták.
Ostatní původní rubriky GDPR a role ÚOOÚ, Dokumenty k GDPR a Pracovní skupina WP29 zůstaly zachovány.

úterý 31. října 2017

Why Consent Lifecycle Management is crucial for GDPR compliance and your customer data

Why Consent Lifecycle Management is crucial for GDPR compliance and your customer data
June 6, 2017 by SVEN DUMMER,consent management.
Článek je publikován na portálu: "janrain.com"
Plné znění je na adrese: http://tinyurl.com/ybqwr3pj
Cituji vybrané části článku:
"This blog explains how Consent Lifecycle Management can help you achieve compliance for this new regulation."
"Some of the most challenging requirements of the GDPR are around the need to collect consent from end users before obtaining and transferring their personal data. ... It is important to understand that the GDPR requires affirmative, and in some cases, explicit, consent  with dramatic impact for many organizations."
"Moving from implicit to explicit, purpose-bound consent
Today, many companies rely on implicit and “opt-out” consent when collecting personal data from their customers – for example, we all are very familiar with pre-checked boxes on registration forms. This practice of collecting implicit consent will no longer be allowed under the GDPR, which requires consent by the user signaling agreement by “a statement or a clear affirmative action.”
"if your customer database today contains data that was collected via implicit consent, the GDPR doesn’t allow your existing non-complying data to be “grandfathered in”. You will have to request consent from your customers again, but this time in a fashion that complies with the GDPR."
"The GDPR not only requires explicit consent before collecting sensitive personal data, but also limits that data collection to “specified, explicit and legitimate purposes,” and the data “must not be further processed in a manner that is incompatible with those purposes."
"GDPR requests that customers must be enabled to view and modify their consent settings at any time."
"How an Identity Cloud enables proper consent
The solution we provide to address these challenges is Consent Lifecycle Management, the newest member of the Janrain Identity Cloud, a cohesive set of cloud-based services for Customer Identity and Access Management (CIAM)."

neděle 29. října 2017

GDPR is NOT an IT project, it is a Complex Change Program!

GDPR is NOT an IT project, it is a Complex Change Program!
18 SEPTEMBER 2017 
Článek byl publikován na portálu: ascend.se
Plné znění najdete na adrese: http://tinyurl.com/yd4z93bl
Cituji vybrané části textu:
"The complexity of GDPR poses the challenge of how to address the requirements; some regard it as an IT project since it (partially) relates to information stored in systems and applications. Others regard it as an Information and IT Security Initiative driven by the need to protect information." 
"...there are several functions and areas in an organization that need to be involved and interact in the change journey. Only working together in coordination can an organization ensure to avoid potential fines and implications to the organization's brand."
"As an example, see the request below from a former employee, requesting information to be deleted, that lacks any legal basis to be stored or further porcessed: 
Příklad - Požadavek: "Delete all information about me that has no legal basis to be stored"
- Where do we have personal data stored?
- What data do we have to remove and what data do we need to store?
- What 3rd parties may have data that we need to delete?
- How to delete all data in an efficient way?
"A “simple” request of deleting information has an impact on several functions in an organization:
All departments - IT - Procurement - Managers and employees - ‘Servcie Desk’ - Legal advisors" 
"There is a need for a Cross-Departmental Change Program or a Transformation Program."
"Hence GDPR should not be deemed as an IT or Information Security project, instead a Program of Complex Change  that needs to address all areas and departments in the organization."
V textu je uveden odkaz na článek 
" ... about the difference between a change program and a transformation program" na adrese:
http://ascend.se/inspired-by-ascend/business-transformation-by-ascend

Interim GDPR Programme Manager - nabídka

Interim GDPR Programme Manager
Pro zajímavost uvádím nabídku práce v pozici dočasného programového manažéra. Najdete ji na portálu:  changeboard.com
konkrétně na adrese: http://tinyurl.com/y75fhdac
Cituji text nabídky:
"A leading private sector organisation are looking for a GDPR Programme Manager for an initial 9 month contract, paying between £850p/d - £950p/d.
The GDPR Programme Manager will deliver a cross-business transformation programme to ensure the organisation is appropriately protecting personal data, as with new regulatory requirements. The role will be required to manage all workstreams within the programme and will need someone to work with all business units affected.
Key Capabilities
- Used to working across all levels of the business from senior stakeholders to associate colleagues.
- Proven delivery of enterprise-wide programmes
- Delivery in a fast moving environment
- Confident in the use of programme management tools and techniques that are appropriate for the situation
- Experience of being a leading a team, and being able to work with technology managers and heads to ensure everyone is contributing effectively
- Influencing and negotiation skills to ensure successful progress of the programme
- Proven ability to manage multiple third-party supplier relationships
This is a fantastic opportunity to lead a high profile transformation in a leading international business.
( Poznámka: jistě si v nabídce povšimnete i podmínek :-). )