sobota 30. prosince 2017

Preparing for the General Data Protection Requirement

Published by Rob Mellor - 26. 12. 2017. Článek najdete na adrese: http://tinyurl.com/y9zu3kad
Cituji vybrané části textu:
"On May 25, 2018, the EU’s new General Data Protection Rules take effect forcing companies worldwide to comply with a fundamental change to the way businesses manage and distribute data.
" ... As a result, many businesses appear stuck in 'analysis paralysis', incapable of implementing strategies to meet the GDPR challenge.
How can you break through that paralysis? How can you get started on the path to compliance? In short, where do you start?"
First, let’s remind ourselves what is behind the GDPR.
"At the most foundational level, it is about stopping the misuse of personal data by organizations who may be tempted to use that data to engage in intrusive, unwanted marketing activities. We have all suffered such targeting and know how annoying it is. So, one of the key tenets of GDPR will be that it requires organizations to prove that any data they store is necessary to the running of the business, rather than being used for marketing activities. Within every business, there are obviously many different and disparate data streams making it tough to create an easily auditable view of the data and, in turn, prove why it is essential to the running of the business."
"For example, let’s imagine it is found that a retailer, at the point of purchase, is scanning the color of people's' eyes as they pay. The company will now have to explain why it is doing that. Perhaps, it is an optician that has a legitimate reason for capturing this data, as it helps provide better aftercare to customers."

Guidance on consent under the gdpr

Posted on December 15, 2017
Adresa:
https://www.huntonprivacyblog.com/2017/12/15/article-29-working-party-publishes-guidance-on-consent-under-the-gdpr/
Cituji vybrané části:
"Recently, the EU’s Article 29 Working Party (the “Working Party”) adopted guidelines (the “Guidance”) on the meaning of consent under the EU General Data Protection Regulation (“GDPR”). In this Guidance, the Working Party has confirmed that consent should be a reversible decision where a degree of control must remain with the data subject. The Guidance provides further detail on what is necessary to ensure that consent satisfies the requirements of the GDPR:
• Freely given. 
• Specific. 
• Informed.
• Clear affirmative action. .
Meaning of Explicit Consent
Demonstrating Consent
Children’s Consent
Pre-existing Consent"
Cituji ze závěru:
"For processing operations in relation to which existing consent will no longer be valid, the Working Party recommends that data controllers (1) seek to obtain new consent in a way that complies with the GDPR, or (2) rely on a different legal basis for carrying out the processing in question. If a data controller is unable to do either of those things then the processing activities concerned should cease."

It's time to re-examine the future of data infrastructure

Článek publikoval Ravi Mayuram na portálu "information-management" 20. 12. 2017. Najdete ho na adrese: http://tinyurl.com/yc96x79s
Cituji vybranou část textu:
"In 2017, artificial intelligence and digital transformation vaulted to the forefront of business priorities, and these technologies will continue to drive new business initiatives as we move into 2018.
Recent research suggests that the AI market will surpass $100 billion by 2025, and 89 percent of enterprises say their industry is being disrupted by digital technology. For companies to succeed today, digital strategies must underlie an organization’s approach to innovation and customer experience. And to support these efforts, it’s vital for companies to build out the necessary data infrastructure.
Today, AI is more of a trendy buzzword than a practical reality. Difficult to execute, AI is only as good as its data, and data integrity still varies from enterprise to enterprise. However, we’ve seen the early stages of machine learning applications in industries such as advertising and retail, and in the years ahead we’ll see more industries, including industrial Internet of Things, digital health and digital finance, begin taking advantage of this technology to provide more meaningful user experiences.
Throughout this transformation, the database will play an instrumental role by accommodating rapidly-changing data at scale, while keeping big data sets reliable and secure, although true implementation of AI is still several years away........".

GDPR – A legislative milestone for a digital age

PDF soubor s názvem "guide_gdpr_legislative_milestone_en.pdf"
najdete ke stažení na portálu "www.forcepoint.com", na adrese:
http://tinyurl.com/y9vdud9u
Cituji z textu:
"GDPR – A legislative milestone for a digital age BY NEIL THACKER, INFORMATION SECURITY & STRATEGY OFFICER, EMEA FORCEPOINT™ The clock is officially ticking for organisations to get their data protection policies in order now that the General Data Protection Regulation (GDPR) has been approved and is set to replace the previous EU Data Protection Directive. The new regulation will come into effect in May 2018 and will require organisations to put a much stricter focus on data protection. The headline items for organisations that collect or process EU citizen records are: } They must notify their supervisory authority of a data breach within 72 hours. } The subject will have the right to retract consent, request data erasure or data portability. } They may face fines of up to 4% of their worldwide turnover, or €20 million for intentional or negligent violations. These increased sanctions mean it is vital that this new law be fully understood by a number of key stakeholders within the organisation, and that organisations start preparing to comply with the new regulations as soon as possible. There are five key steps to help organisations perform a basic assessment of their current data protection strategy and to identify any potential gaps that need filling prior to a more comprehensive view of the GDPR...."
Příklad nabídky profesionálního poradenství v GDPR:
"THERE ARE THREE CORE AREAS WHERE FORCEPOINT’S SOLUTIONS CAN HELP ORGANIZATIONS MEET THE REQUIREMENTS OF THE GDPR: } Inventorying personal data, whether as part of the initial scoping of a compliance program or to support the operational duties of controllers, processors or responders, including dealing with subject access requests or data incidents. } Mapping personal data flows across the organization that expose broken business processes and unsanctioned IT or highlight supply chain activity that puts critical data at risk. This clear visibility allows organizations to implement management and control of personal data flows using mechanisms such as authorization, policy-based encryption, notification and blocking to mitigate risk. } Leveraging behavioral analytics and risk modelling to rapidly detect high risk employee activity (malicious or compromised) and broken business processes that put critical data at risk, as well as enabling a quick and decisive response, which often lets organizations get ahead of the breach itself."

pátek 29. prosince 2017

GDPR kalkulačka

Na adrese:
https://www.gdprkalkulacka.cz/?utm_source=uschovna&utm_medium=mail&utm_campaign=nebojtese
najdete jednoduchý test přípravy na GDPR. Jde sice o reklamu poradanství, nicméně není na škodu sítí dotazů si projít. Je možné si nechat zaslat výsledek, ale pokud nezadáte mailovou adresu, dozvíte se souhrnný výsledek na webové stránce.   

čtvrtek 14. prosince 2017

GDPR Bílá kniha CZ

9-stránkový soubor pdf s výše uvedeným obsahem najdete na adrese
https://www.zebra.cz/wp-content/uploads/GDPR_Bila-kniha_CZ.pdf
Osnova:
- Terminologie
- Přehled o GDPR
- Dopad GDPR
- Požadavky GDPR
- GDPR v cloudu
- Řešení GDPR

pátek 1. prosince 2017

5 ways you can benefit from GDPR


5 ways you can benefit from GDPR
Inderjit Mund publikoval 29. 11. 2017 článek na portále "dataiq.co.uk", konkrétně na adrese:
http://tinyurl.com/ycqmcbvl
Cituji vybrané části textu a osnovu:
"Contrary to the negative hype, the General Data Protection Regulation (GDPR) is a force for good for both individuals and marketers. The new Regulation empowers consumers by refocusing the attention on them owning their data.
With new guidelines around explicit permission to use an individual’s data, brands will need to create more relevant and compelling brand communications to customers who are actually interested. Looking at the key requirements for compliance in more detail, GDPR can in fact help marketers to enhance their activities, improve customer engagement and boost ROI."
Here’s 5 ways you can benefit from GDPR:
1. Personalised and more efficient marketing
2. The fast-track to effective data-driven marketing
3. Permission is everything
4. Better data equals better relationships
5. GDPR as a catalyst for change
Cituji ze závěru:"With this in mind, it is understandable to be taken back by the requirements of GDPR. Its complexity can be daunting and unclear at stages, yet underneath the prescriptive text, there is vast opportunity to make business and marketing activity compatible with our digital future. Responsible brands should not fear GDPR, but learn to work with it to unlock and future-proof data-driven marketing practices. Once you become at peace with this, your marketing activity will have higher first-time success rates and impact on the right type of audience."

čtvrtek 16. listopadu 2017

Why your printer could be your GDPR blindspot

Na portálu "itpro.co.uk" byl publikován článek na téma "Why your printer could be your GDPR blindspot".
Plné znění článku najdete na adrese: http://tinyurl.com/y74anzjm

Cituji vybrané části textu:
"Industries of all types have already started shoring up their defences and reshaping the way they handle data, yet all that hard work is likely to be undone by something as seemingly innocuous as a printer."
"Print security obligations under GDPR remain one of the most misunderstood areas of the new regulations, potentially creating a blind spot that could not only lead to a data breach, but also substantial fines for non-compliance."
"As with any device that's connected to the internet, MFPs are susceptible to unwanted snooping. Without effective security protocols, unauthorised users are able to gain access to a printing network and any document that has been sent to a machine. What's more, most machines also make use of facilities such as scan to email, scan to cloud, or scan to internal storage, which could all be compromised to either steal sensitive data in bulk, or reroute future correspondence to external addresses."
"Maintaining the security of an MFP network is a daunting task. The sheer number of potential weak spots on your system, not to mention the various differences that exist between printer brands, makes performing regular manual checks for vulnerabilities unfeasible."
"As with other IoT devices, there are tools available that provide a complete overview of your system, and cut down on a lot of the hard work."

středa 15. listopadu 2017

Will AI Change the Role of Cybersecurity?

Tami Casey vystavil na portálu "IMPERVA" článek s názvem "Will AI Change the Role of Cybersecurity?
Plné znění článku najdete na adrese:
https://www.imperva.com/blog/2017/11/will-ai-change-the-role-of-cybersecurity/
Cituji vybrané části textu:
"Mention artificial intelligence (AI) and security and a lot of people think of Skynet from The Terminator movies. Sure enough, at a recent Bay Area Cyber Security Meetup group panel on AI and machine learning, it was moderator Alan Zeichick – technology analyst, journalist and speaker – who first brought it up. But that wasn’t the only lively discussion during the panel, which focused on AI and cybersecurity."
"I found two areas of discussion particularly interesting, which drew varying opinions from the panelists. One, around the topic of AI eliminating jobs and thoughts on how AI may change a security practitioner’s job, and two, about the possibility that AI could be misused or perhaps used by malicious actors with unintended negative consequences."
Dvě kapitoly:
- Artificial Intelligence Eliminating Jobs?
- AI and Malicious Misuse
Cituji závěr článku:
"The difference between a good data scientist and an awesome data scientist is orders of magnitude different in terms of where they can take this technology.  But not to fear, humans will be highly involved in the development of these systems for quite some time."

úterý 14. listopadu 2017

CCTV, the GDPR and the third wave of Data Privacy Regulation

Andrew Charlesworth, Reader in IT Law, University of Bristol, opublikoval na portálu "Cloudview", White Paper 2017:
"CCTV, the GDPR and the third wave of Data Privacy Regulation"
Článek najdete na adrese:
http://www.cloudview.co/whitepapers/watchingthewatchers
A Cloudview white paper 2017: "Watching Watchers"
CCTV, the GDPR and the third wave of Data Privacy Regulation
Cituji úvod článku:

"The CCTV industry has, almost from its inception, been portrayed in popular culture as the unoffcial face of unaccountable surveillance overreach and invasion of privacy.This position has been cemented by a popular perception of a lack of transparency and public engagement on the part of its users. More recently, it has become the unwilling poster child for the hazards of engaging with the Internet of ThingsThe General Data Protection Regulation (GDPR) thus provides a welcome opportunity for the CCTV industry and its users to tackle this negative image head-on."

CCTV Users at 'Risk of Breaching GDPR'

Michael Hill, Deputy Editor , vystavil na portálu "Infosecurity-magazine" článek: "CCTV Users at 'Risk of Breaching GDPR".
Plné znění najdete na adrese:
https://www.infosecurity-magazine.com/news/cctv-users-at-risk-of-breaching/
Cituji vybrané části textu:
"Organizations that use CCTV systems could be putting themselves at risk of breaching GDPR data protection and privacy requirements by failing to understand how the forthcoming regulations cover the collection of visual data."...
" ...the fact that because there has been little regulation governing CCTV systems (until now) there is a danger that users will fall short in their obligations to ensure safe usage under GDPR, which comes into force in just six months." ....
“The good news is that the GDPR gives CCTV users an opportunity to tackle what is often a negative image and take the lead in demonstrating accountability and privacy protection. They can also use new technologies such as cloud, which enables them to meet the new regulations while improving data accessibility and security.”

neděle 12. listopadu 2017

Do You Know Where Your Data Is?

Na portálu "infoworld.com", na stránce: http://tinyurl.com/y8v35wk4
najdete odkaz na eBook, věnovaný tématu z titulku ( viz níže ).
Cituji z úvodní stránky:
"Do You Know Where Your Data Is? Three Common Data Management Problems & How to Fix Them"
"Knowing the location of your data plays a crucial role with keeping it secure. When you find yourself jumping through hoops in order to protect, monitor, or report on your data, then you're not getting the most out of your IT infrastructure. Is your current IT infrastructure helping you--or hurting you?"
Po registraci se dostanete na stránku eBooku od firmy "Globalscape".
Cituji:
"In this eBook from Globalscape, you will learn:
- Three common IT infrastructure challenges that can interfere with data management
- The consequences of these common obstacles
- Strategies and tools to put security, compliance, and efficiency at the forefront."
Přímá adresa eBooku je:
http://dynamic.globalscape.com/files/data-management-strategies.pdf
Cituji z Whitepaperu:
"Your IT infrastructure can be severely weakened when core IT requirements
are not being met. If you don’t know where your data is at all times, then your
IT infrastructure is getting in your way. An agile, efficient, secure, and
compliant IT infrastructure provides operational visibility, control, and governance." 
"Legacy or homegrown systems, disparate applications and systems, and shadow IT interf"Is your current IT infrastructure helping you—or hurting you? "
eres with the secure and efficient management of your data and IT infrastructure."
"Three common IT infrastructures that lack the optimal level of data management and can adversely affect your security, compliance, and efficiency goals include the following: 
1. Legacy and homegrown data exchange systems
When an old or homegrown data exchange system slows down your business growth

2. Disparate applications and systems
When you have multiple systems or applications moving your data, leaving you lacking a single platform to manage, protect, and track your data movement 
3. Shadow IT
When employees use unsanctioned applications and tools that limit IT control or governance, and in turn expose an organization to security vulnerabilities."
"Getting ahead of these common IT infrastructure challenges will require a proactive data management strategy that enables full operational visibility, control, and governance over your data exchange environment. With the right data management strategy and tools in place, security, compliance and efficiency will always be at the forefront. "
"How to Get Out of Your Own Way with a Data Management Strategy
Three Common IT Infrastructure Challenges that Get in the Way..."
"How Can You Prevent the Increased Shadow IT Costs?
Four Signs that Shadow IT is a Problem. What are the Red Flags? ....".
"How to Get Ahead of Shadow IT:
- Evaluate Existing Processes
- Communicate with Employees
- Keep it Simple
Další text se věnuje dílčím tématům:
- The Ultimate Data Transfer Headache
- Failed Data Transfers Interfere with Daily Business Operations
- What Happens When Data Transfers Fail
- data loss
- data transfer interseption
- Missed SLAs
- Lost Revenue 
- Data Corruption
- Fines Due to Non-Compliance."
MFT to the Rescue
The managed file transfer (MFT) technology enables organizations to securely and efficiently move data within the IT infrastructure and between systems. More robust than the insecure FTP server, MFT is a powerful and secure solution that can move a high volume of data and a complex set of workflows. 
- Overcome Data
Transfer Challenges with a MFT Solution 
The challenges that follow legacy or homegrown file transfer systems, disparate systems and applications, and shadow IT require an advanced data management solution that is inherent in a MFT technology."
Na závěr eBooku je zařazena informace o sw produktu, který výše uvedené aktivity podporuje.
"Enhanced File Transfer™ (EFT™) is Globalscape’s award-winning MFT platform that was designed to manage data transparently, efficiently, and within the parameters of control and accessibility that you require. 
EFT provides enterprise-level security for collaboration with business partners, customers, and employees, while automating the integration of back-end systems."

The Evolution of Managed Security Services

Článek na dané téma byl publikován firmou "Tata Communications".
Plné znění článku s odkazem na PDF verzi Whitepaperu:
http://tinyurl.com/ydb8lo6k
Cituji z článku:

"Managed security services initially came into the market under the garb of consulting and started taking off because it helped organizations bring in some measurability, says Avinash Prasad, vice president and head of the managed security services business at Tata Communications.
"The on-premises model was the norm and MSSPs were sought after for cost saving and service visibility," he says.
But the objectives with the emerging security-as-a-service model are different, Prasad says. The model, for example, helps distributed organizations, formed through mergers and acquisitions, scale to meet their growing needs.
Read this whitepaper to learn about:
The early days of managed security services;
Traction and challenges for the security-as-a-service model;
How security-as-a-service could be as important to security as the cloud was to IT operations.
Prasad heads the business area of managed security services globally for Tata Communications. He has a multi-functional focus on customer management, practice and solution development, business development, innovation and partnership. He previously served in leadership roles at Wipro and Infosys."
Odkaz na Whitepaperhttp://tinyurl.com/ybcbnk3n
Název: THE EVOLUTION OF MANAGED SECURITY SERVICES
"Insights from Tata Communications’ Avinash Prasad on where he sees the security-as-a-service market heading from a global perspective."

sobota 11. listopadu 2017

Protecting Web Applications in the World of GDPR

Článek na téma "Protecting Web Applications in the World of GDPR" je vystaven na portálu "SolarWinds MSP", konkrétně na adrese:
https://www.solarwindsmsp.com/blog/protecting-web-applications-world-gdpr
Cituji vybrané části textu:
"Businesses have embraced both the creation and use of web services and web applications at an astronomical rate. But as many companies—most recently Equifax®—have found out, protecting web services and web applications is serious business. In the case of Equifax, the failure to patch a known vulnerability in the Apache® Struts Framework led to a major data breach. If the Global Data Protection Regulation (GDPR) was already in effect, they could have faced severe repercussions for not notifying both the regulatory authorities and the data subjects within the 72-hour deadline.
It’s not unreasonable to suggest that web services are the weakest technological link in the struggle against cybercriminals. Web applications and web services are vulnerable to customer account compromise from poor user behaviour or even complete compromise due to technical flaws or weak administrative passwords. Given the mandates of GDPR to protect data subjects’ personal data, a webserver hosted by a business could present a clear and present danger of a data breach. What follows is an analysis of how website owners are responding to the danger of presenting an open portal of personal data to the internet. And if your business develops web applications, you may want to implement some of these techniques."
"To improve your application security, try building logic into your authentication process that answers the following questions: 
- Is the browser connecting up to date?
- Where is the connection coming from?
- Has the IP address connected before?
- Has the device connecting accessed the service before?
- Has the account been compromised?
- Has the account been hijacked?
- Has the user enabled multifactor or two-factor authentication (MFA, 2FA)?
Protecting Customer Data within Your Web Applications
Due to the rising threat of account compromises via web services, many website owners are building systems to ensure legitimate users and administrative users are protected. And with the increased responsibilities of organizations under GDPR, the stakes are even higher when it comes to web application security. As a website owner, you must do your best to safeguard your customers from fraudulent logins if you want to avoid a potentially severe data breach and penalties under the GDPR (and to make your sure your customers are safe).

Aktuální, doplněná a upravená verze GDPR

General Data Protection Regulation – Final legal text of the EU GDPR. The official PDF and its recitals as a neatly arranged website.
Aktuální, doplněná a upravená verze GDPR je vystavena ve speciální formě na adrese: https://gdpr-info.eu
Text je uveden slovy:
"Welcome to gdpr-info.eu. Here you can find the official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation) as a neatly arranged website. All Articles of the GDPR are linked with suitable recitals. The European Data Protection Regulation will be applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe. If you find the page useful, feel free to support us by sharing the project."

čtvrtek 9. listopadu 2017

GDPR příručka HKČR

Hospodářská komora ČR vydala příručku ke GDPR.
Najdete ji ke stažení na adrese:
https://www.komora.cz/wp-content/uploads/2017/06/PriruckaGDPR_final.pdf

Eurokomisařka Jourová slíbila podnikatelům podporu při zavádění GDPR

O příslibu podpory informovali "Parlamentní listy" 9. 11. 2017.
Úplný text najdete na adrese: http://tinyurl.com/ydxq64uo
Cituji z textu zprávy:
"Informační kampaň Hospodářské komory zvyšující povědomí podnikatelů o nových povinnostech v oblasti ochrany osobních údajů, které zavádí evropské nařízení GDPR, podpoří také eurokomisařka Věra Jourová. Uvedl to dnes prezident Hospodářské komory Vladimír Dlouhý po jejich společném jednání na půdě Evropské komise."
"Dlouhý uvedl, že ani příručky ale nenahradí školení, která musí podnikatelé a jejich zaměstnanci pracující s osobními údaji absolvovat, aby novému nařízení vyhověli."
"Hospodářská komora rovněž usiluje o to, aby dozorový orgán Úřad pro ochranu osobních údajů při kontrolách postupoval zdrženlivě. Podle Hospodářské komory by úřad alespoň ze začátku měl na možné pochybení při zpracování osobních údajů podnikatele jen upozorňovat, než rovnou sankcionovat."

středa 8. listopadu 2017

Critical Capabilities for Enterprise Data Loss Prevention 2017

Critical Capabilities for Enterprise Data Loss Prevention 2017
Gartner 2017 Critical Capabilities Report
Published: 10 April 2017 - Brian Reed, Deborah Kish
Odkaz na Report je na portálu Forcepoint.com na adrese: http://tinyurl.com/ycqlo884
Original Repport: je na adrese:
https://www.gartner.com/doc/reprints?id=1-3XN7WNP&ct=170410&st=sb

INDUSTRY ANALYST REPORT
According to Gartner: “Security and risk management leaders deploy enterprise DLP for three major use cases: regulatory compliance, intellectual property protection and visibility into how users handle sensitive data. This research evaluates DLP products for the three use cases, derived from nine critical capabilities." *
Cituji z textu Reportu:
"Summary
Security and risk management leaders deploy enterprise DLP for three major use cases: regulatory compliance, intellectual property protection and visibility into how users handle sensitive data. This research evaluates DLP products for the three use cases, derived from nine critical capabilities."
"Key Findings
- Enterprise data loss prevention (DLP) has become a key piece of a broader data life cycle process supported by technology, as opposed to DLP simply being another technology buying decision."
- Any regulatory compliance requirements beyond the most basic of use cases are better addressed through the unified workflow of enterprise DLP products.
- Enterprise DLP is typically adopted for intellectual property protection, particularly in large multinational organizations.
- Data visibility and monitoring observed by enterprise DLP products alone do not convey who the riskiest users are in an organization."
Recommendations
- Security and risk management leaders responsible for data security must:
- Engage and involve business units and data owners to improve the odds of success of a DLP deployment.
- Start with data in use at the endpoint for DLP initiatives driven by intellectual property (IP) protection, then implement advanced detection features, such as image analysis, machine-learning and other data-matching techniques.
- Deploy data in motion (such as network DLP on outbound email) for DLP initiatives driven by regulatory compliance to meet the requirements for the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA) and other compliance standards.
- Select DLP vendors with strong integrations with complementary data security technologies, such as data classification, user and entity behavior analytics, cloud access security brokers, and incident response and forensics products, to fill in technology gaps."

úterý 7. listopadu 2017

6 impacts of GDPR on organizations that store data in the cloud

6 impacts of GDPR on organizations that store data in the cloud
By Cristopher Burge - a cloud computing enthusiast and content editor at CloudStorageAdvice.
Published 02. 11. 2017, information-management.com
Článek najdete na adrese: http://tinyurl.com/y7fqoqcp
Cituji z textu článku:
"The General Data Protection Regulation refers to a platform where the European Parliament, European Commission, and Council of the European Union intend to unify and strengthen data protection for persons within the European Union. It addresses the transfer of personal information outside the EU".

"The GDPR aims at bringing together the EU regulation to simplify the governing environment for international business. It also gives residents control over their data."
"Companies that store data in the cloud will experience stronger restrictions relating to how they access and use information under the new regulation. EU residents, on the other hand, will gain several rights concerning personal data. Outlined below are six GDPR changes:
1. Personal Data Definition is Stricter
2. Data Minimization Principles
3. Enhanced Individuals’ Rights
4. Data Breach Notification
5. Increased Accountability
6. Stricter Consent Procedures
"All questions from a company to an individual asking them to grant the organization permission to collect, process, and store personal details ought to be presented clearly. "
"The new regulation applies to every entity that monitors or processes personal information of EU citizens across the universe."


pondělí 6. listopadu 2017

Konference: CyberSecurity 2017

Konference: CyberSecurity 2017
Termín konference: 14. 11. 2017 
Místo konání: Praha 4, Konferenční centrum City
Webová adresa konference:
https://eventworld.cz/akce/cyber-security-2017-II-116/pozvanka-cyber-security-2017-II
Odborná konference pod záštitou ministra obrany MgA. Martina Stropnického, zaměřená na kybernetickou bezpečnost v době legislativních změn, cloudu a IoT. Je určena IT profesionálům pracujícím ve firemním sektoru, státní správě nebo samosprávě, specialistům z oblasti finančnictví, průmyslu a všem, kteří chtějí získat rozšířenou představu o aktuálních bezpečnostních problémech a rizicích v IT spolu s možnostmi efektivní cesty ke snížení těchto rizik.
Témata
- Dopady legislativních změn na ochranu dat v českých organizací a jejich spolupráci s externími dodavateli a poskytovateli služeb.
- Aktuální kybernetické hrozby na českém trhu – poučte management a upozorněte na rizika ty, kdo ponesou následky.
- Nástup digitální transformace: tlak cloudu, mobility a IoT na zabezpečení sítě i koncových bodů. Je větší bezpečnostní riziko zaměstnanec nebo útočník?
- Až na vás přijde řada: Je důležitější prevence útoku nebo reakce na incident? Monitoring a SIEM v hlavní roli.
- Všechna témata doplní vybrané bezpečnostní technologie, které se umí přizpůsobit měnícím se požadavkům organizací i stavu jejich IT infrastruktury.

sobota 4. listopadu 2017

GDPR: The role of technology in data compliance

GDPR: The role of technology in data compliance
31 Oct 17 | Author Clark Boyd | Data & Analytics Marketing Technology
Článek najdete na adrese:

https://www.clickz.com/gdpr-the-role-of-technology-in-data-compliance/113865/
Cituji vybrané části textu:- "2% of US-based multinationals see the GDPR as their top data security priority over the next 12 months with 77% of businesses planning to spend over $1 million on GDPR compliance efforts. Here we look at some of the ways in which technology can help streamline this process and explain some of the opportunities presented by getting your ducks in a row."
- "With the European Union General Data Protection Regulation (EU GDPR) due to come into full effect on 25 May 2018, the onus is on compliance efforts for businesses worldwide. Over 90% of US businesses see this as their top data security priority over the next year, and technology will be the defining factor in their attempts to abide by the new rules."
- "We should, therefore, view technology as either an enabler of transparency and compliance, when used effectively; or as a costly hindrance to progress, when used without care."
- "With so many international businesses spending significant sums to get their house in order, a new technology market has started to develop. Software providers are launching new products to help international businesses with compliance efforts, and also to validate their progress.
- Using technology to audit personal data
It is essential to understand the separate roles of data controllers and data processors if we are to get to the heart of this question.
Technology will play a key role in gaining the single view on every customer that companies will need.
- Using technology to collect personal data
- Using technology to protect personal data
- Key takeaways"
-"This begins by using technology to assess the following four areas:
Audit: Gain a clear understanding of where all of your data resides and bring this together into a single view of each customer.
Capture: Use a platform to help standardize your consent forms and capture the ensuing data in a compliant fashion.
Process: Encrypt sensitive information to ensure that in the event of a data breach, no useful data is stolen.
Monitor: Utilize a dashboard to monitor your progress and set up automated alerts so you can act quickly if there are issues.

Nařízení o ePrivacy jako doplněk k GDPR

Nařízení o ePrivacy jako doplněk k GDPR
3. 11. 2017 15:51
Článek najdete na portálu: parlamentnilisty.cz
konkrétně na adresehttp://tinyurl.com/yc2az5db
Důležitý krok k vysoké úrovni ochrany soukromí při využívání elektronických komunikací udělal Evropský parlament. Na konci října totiž schválil nařízení o respektování soukromého života a ochrany osobních údajů v elektronických komunikacích - ePrivacy.
Novinkou je podrubrika Otázky a odpovědi k GDPR, ve které Úřad zveřejnil nejčastější otázky k Obecnému nařízení, na které je dotazován. Základní příručka k GDPR, která byla upravena, pak obsahuje přehled základních pojmů a informací vztahující se k Obecnému nařízení.
„Podrubrika Otázky a odpovědi k GDPR bude nadále rozšiřována. V současné chvíli osahuje témata jako je certifikace, vydávání osvědčení, kodexy chování pro veřejnou správu, porušení zabezpečení osobních údajů, posouzení vlivu na ochranu osobních údajů, pověřenec pro ochranu osobních údajů, práva subjektu údajů, právní důvody zpracování a sociální služby,“ informoval mluvčí Úřadu Tomáš Paták.
Ostatní původní rubriky GDPR a role ÚOOÚ, Dokumenty k GDPR a Pracovní skupina WP29 zůstaly zachovány.

úterý 31. října 2017

Why Consent Lifecycle Management is crucial for GDPR compliance and your customer data

Why Consent Lifecycle Management is crucial for GDPR compliance and your customer data
June 6, 2017 by SVEN DUMMER,consent management.
Článek je publikován na portálu: "janrain.com"
Plné znění je na adrese: http://tinyurl.com/ybqwr3pj
Cituji vybrané části článku:
"This blog explains how Consent Lifecycle Management can help you achieve compliance for this new regulation."
"Some of the most challenging requirements of the GDPR are around the need to collect consent from end users before obtaining and transferring their personal data. ... It is important to understand that the GDPR requires affirmative, and in some cases, explicit, consent  with dramatic impact for many organizations."
"Moving from implicit to explicit, purpose-bound consent
Today, many companies rely on implicit and “opt-out” consent when collecting personal data from their customers – for example, we all are very familiar with pre-checked boxes on registration forms. This practice of collecting implicit consent will no longer be allowed under the GDPR, which requires consent by the user signaling agreement by “a statement or a clear affirmative action.”
"if your customer database today contains data that was collected via implicit consent, the GDPR doesn’t allow your existing non-complying data to be “grandfathered in”. You will have to request consent from your customers again, but this time in a fashion that complies with the GDPR."
"The GDPR not only requires explicit consent before collecting sensitive personal data, but also limits that data collection to “specified, explicit and legitimate purposes,” and the data “must not be further processed in a manner that is incompatible with those purposes."
"GDPR requests that customers must be enabled to view and modify their consent settings at any time."
"How an Identity Cloud enables proper consent
The solution we provide to address these challenges is Consent Lifecycle Management, the newest member of the Janrain Identity Cloud, a cohesive set of cloud-based services for Customer Identity and Access Management (CIAM)."

neděle 29. října 2017

GDPR is NOT an IT project, it is a Complex Change Program!

GDPR is NOT an IT project, it is a Complex Change Program!
18 SEPTEMBER 2017 
Článek byl publikován na portálu: ascend.se
Plné znění najdete na adrese: http://tinyurl.com/yd4z93bl
Cituji vybrané části textu:
"The complexity of GDPR poses the challenge of how to address the requirements; some regard it as an IT project since it (partially) relates to information stored in systems and applications. Others regard it as an Information and IT Security Initiative driven by the need to protect information." 
"...there are several functions and areas in an organization that need to be involved and interact in the change journey. Only working together in coordination can an organization ensure to avoid potential fines and implications to the organization's brand."
"As an example, see the request below from a former employee, requesting information to be deleted, that lacks any legal basis to be stored or further porcessed: 
Příklad - Požadavek: "Delete all information about me that has no legal basis to be stored"
- Where do we have personal data stored?
- What data do we have to remove and what data do we need to store?
- What 3rd parties may have data that we need to delete?
- How to delete all data in an efficient way?
"A “simple” request of deleting information has an impact on several functions in an organization:
All departments - IT - Procurement - Managers and employees - ‘Servcie Desk’ - Legal advisors" 
"There is a need for a Cross-Departmental Change Program or a Transformation Program."
"Hence GDPR should not be deemed as an IT or Information Security project, instead a Program of Complex Change  that needs to address all areas and departments in the organization."
V textu je uveden odkaz na článek 
" ... about the difference between a change program and a transformation program" na adrese:
http://ascend.se/inspired-by-ascend/business-transformation-by-ascend

Interim GDPR Programme Manager - nabídka

Interim GDPR Programme Manager
Pro zajímavost uvádím nabídku práce v pozici dočasného programového manažéra. Najdete ji na portálu:  changeboard.com
konkrétně na adrese: http://tinyurl.com/y75fhdac
Cituji text nabídky:
"A leading private sector organisation are looking for a GDPR Programme Manager for an initial 9 month contract, paying between £850p/d - £950p/d.
The GDPR Programme Manager will deliver a cross-business transformation programme to ensure the organisation is appropriately protecting personal data, as with new regulatory requirements. The role will be required to manage all workstreams within the programme and will need someone to work with all business units affected.
Key Capabilities
- Used to working across all levels of the business from senior stakeholders to associate colleagues.
- Proven delivery of enterprise-wide programmes
- Delivery in a fast moving environment
- Confident in the use of programme management tools and techniques that are appropriate for the situation
- Experience of being a leading a team, and being able to work with technology managers and heads to ensure everyone is contributing effectively
- Influencing and negotiation skills to ensure successful progress of the programme
- Proven ability to manage multiple third-party supplier relationships
This is a fantastic opportunity to lead a high profile transformation in a leading international business.
( Poznámka: jistě si v nabídce povšimnete i podmínek :-). )

sobota 28. října 2017

GDPR can bring major benefits to governance, security professionals

GDPR can bring major benefits to governance, security professionals
Published October 23 2017, 6:53am EDT - By Vilius Benetis
Plné znění článku najdete na portálu: "information-management"
konkrétně na adrese: http://tinyurl.com/y84jtfy3
Cituji vybrané části textu:
"Combined with other data management and compliance efforts, the regulation can help solve a number of cybersecurity and privacy issues."
"With some data, it is easy. ... But the question is not only about granting or revocation of rights to process, but also about getting to know which data is stored, how it was processed, with whom it was shared, and having the possibility to remove that data from systems (i.e., to be forgotten)."
"Each of our digital activities touches many systems: computers, servers, information systems, transmission systems, security systems, usage analysis systems, and so on."
"Information systems and the Internet were designed mostly respecting another model – that the owner of the system owns the data as well, unless it is specifically provisioned otherwise."
"Despite all the difficulties, I would argue that implementation of the new regulation brings a lot of benefits to all those involved in IT governance, such as:
"IT staff are forced to talk and understand legal teams, discuss the impact, and better understand threat landscapes and liabilities, which shrinks gaps of understanding.
"Now, the securing of information systems, data and information system life-cycling, and the creating, processing, destroying, auditing, handing over and disposing of data will be assessed.
"Overall, GDPR has the potential to be one of the pillar forces that gets us together to address cyber security properly. While it alone will not be sufficient, combined with other governance and regulatory efforts, real progress can be made."
(Note: This post originally appeared on the ISACA blog, which can be viewed here).

GDPR compliance is a moving target but firms need to keep up

GDPR compliance is a moving target but firms need to keep up
Published October 24 2017, 6:38am EDT - by PETER MERKULOV
Plné znění článku najdete na portálu: "information-management",
konkrétně na adresehttp://tinyurl.com/ycgcrorp
Cituji vybrané části textu: 
"A primary challenge with any major regulation is that, no matter how meticulous its writers intended to be, there will always be ambiguity. Some of that is intentional and some simply unavoidable."
"GDPR was necessitated because the old regulation dictating the security and management of data, 1995’s Data Protection Directive, was obsolete. ... The Data Protection Directive could not keep up."
"Not every possible situation can be accounted for in a single regulation, nor can the future be accurately predicted. ... Whether by design or oversight, many conditions and definitions contained in GDPR will be subject to legal challenges and that process will set the precedents needed to clarify the regulations"
"In Europe, data is considered breached if "accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed" occurs."
"Depending on available resources and willingness to accept a certain amount of risk, some aspects of implementing a compliance program may have to wait until after precedent has been set and clarity is further established."
"Data security compliance is—and always will be—a moving target, and that is never as true as in the period before a regulation goes into effect."

GDPR compliance is a moving target but firms need to keep up Published October 24 2017, 6:38am EDT - by PETER MERKULOV Článek najdete na portálu: "information-management", konktétně na adrese: http://tinyurl.com/ycgcrorp Cituji vybrané části textu: "A primary challenge with any major regulation is that, no matter how meticulous its writers intended to be, there will always be ambiguity. Some of that is intentional and some simply unavoidable. " "GDPR was necessitated because the old regulation dictating the security and management of data, 1995’s Data Protection Directive, was obsolete. ... The Data Protection Directive could not keep up." "Not every possible situation can be accounted for in a single regulation, nor can the future be accurately predicted. ... Whether by design or oversight, many conditions and definitions contained in GDPR will be subject to legal challenges and that process will set the precedents needed to clarify the regulations" "In Europe, data is considered breached if "accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed" occurs." "Depending on available resources and willingness to accept a certain amount of risk, some aspects of implementing a compliance program may have to wait until after precedent has been set and clarity is further established." "Data security compliance is—and always will be—a moving target, and that is never as true as in the period before a regulation goes into effect."

GDPR compliance is a moving target but firms need to keep up
Published October 24 2017, 6:38am EDT - by PETER MERKULOV
Plné znění článku najdete na portálu: "information-management",
konkrétně na adresehttp://tinyurl.com/ycgcrorp
Cituji vybrané části textu: 
"A primary challenge with any major regulation is that, no matter how meticulous its writers intended to be, there will always be ambiguity. Some of that is intentional and some simply unavoidable. "
"GDPR was necessitated because the old regulation dictating the security and management of data, 1995’s Data Protection Directive, was obsolete. ... The Data Protection Directive could not keep up."
"Not every possible situation can be accounted for in a single regulation, nor can the future be accurately predicted. ... Whether by design or oversight, many conditions and definitions contained in GDPR will be subject to legal challenges and that process will set the precedents needed to clarify the regulations"
"In Europe, data is considered breached if "accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed" occurs."
"Depending on available resources and willingness to accept a certain amount of risk, some aspects of implementing a compliance program may have to wait until after precedent has been set and clarity is further established."
"Data security compliance is—and always will be—a moving target, and that is never as true as in the period before a regulation goes into effect."

The pragmatic GDPR project

The pragmatic GDPR project - C-cure Seminar, 29 March 2017
Tim Clements CIPP/E, CIPM, CIPT, CRISC, CGEIT
Prezentace přednášky sestávající z 42 slajdů.
Zajímavé zejména z hlediska metodologického!
Prezentace je publikována na portálu: "c-cure.dk" na adrese:
http://tinyurl.com/y9h2q9zu
Osnova prezentace - cituji z originálu:
Scope of this presentation
•The GDPR project –a new paradigm?
•Falck’sGDPR project –approach & structure
•Identifying GDPR project scope
•Identifying data flow scope
•Data flow mapping –an approach
•Ensuring ongoing compliance
•The human factor
•A slide for the busy executives

pátek 27. října 2017

Risk management is key to successful GDPR compliance

Risk management is key to successful GDPR compliance
by Nortal HQ, September 21, 2017
Článek najdete na portálu "nortal.com", kokrétně na adrese:
https://nortal.com/blog/risk-management-key-successful-gdpr-compliance/
Cituji vybrané myšlenky článku:
"GDPR shouldn’t be seen as a risk but as an opportunity to update your organization’s approach to risk management."
"GDPR compliance has to be approached from a risk management point of view."
“Companies need to establish a good risk-management culture in order to mitigate risks by falsely processing data,”
“GDPR puts pressure on an organization’s leadership to rethink their current business models.”
"GDPR sets new rules, making the business environment harsher, as in many cases old business models and processes do not respect the new regulation."
“Challenges also mean opportunities for new and disruptive innovations.”
Cituji závěr článku:
"GDPR is not only about data, data governance or hefty fines for not being careful enough when collecting, storing and processing people’s personal information."

čtvrtek 26. října 2017

GDPR - ARE YOU READY? - Autotest - Kasperski

GDPR - ARE YOU READY?
Autotest připravenosti na GDPR.
Test najdete na portálu "kaspersky.co.uk" adrese: https://www.kaspersky.co.uk/gdprnebo přímo na adrese: https://www.gdprkaspersky.com/en/get-started
Test by měl údajně trvat 10 minut (  myslím, že je to dost optimistický odhad).
Cituji z úvodu:
"The best way to figure out what steps are needed is to understand how your business is currently placed. That's why Kaspersky Lab has created a free and simple to use assessment tool, focusing on the practical steps your teams will need to set in place prior to the May 25, 2018 deadline. What's more, to provide better insight on how you are placed against peer companies, we've built in a handy benchmarking feature. It should take you no longer than 10 minutes to complete, but by the end, you'll have a clear idea of where and on what you need to invest your time into."
"While in most cases, the GDPR will mean a lot of work for legal, information security and IT teams, much of the responsibility for continued compliance will fall to other departments and the individuals within them."
Cituji vybrané části textu testu:
"Answer the simple questions in under 10 minutes to get your Readiness Assessment."
- Track Your Progress - See how other have answered the questions as you progress through to the summary.
- Hints & Tips - Along the way we will offer advice and guidance regards GDPR compliance
- Readiness Assessment - Once you’ve answered the questions we will give you a personalised summary to download.
Úvodní otázky pro nastavení testu:
- Does your organisation store, process or transmit personal data, such as customer data supplier records or staff records?
- What size is your organisation?
- What is your level of knowledge about your organisation's existing IT security? (1 being minimum and 5 being maximum)
- What best describes your role?
Nabízení varianty odpovědi:
a) Operations / Management / Executive
b) IT Administration
c) Research and Development
d) Information Security
e) Other
Následuje přehled 18-ti otázek:
1) Are you aware of the new General Data Protection Regulations (GDPR) that will take effect on May 25th 2018?
Na výběr jsou předloženy 4 varianty odpovědi:
- Yes, and I have good knowledge
- Yes, and I am aware of some of the details
- No, but I have heard of the term GDPR
- No, I have no awareness of it
2)Please indicate your level of confidence that your organisation is taking appropriate steps to achieve compliance of the GDPR by the May 25th deadline next year.
3) Please indicate your level of confidence that your organisation will be fully compliant with GDPR by the May 25th deadline next year.
4) Please indicate your level of confidence that all staff responsible for handling personal data within your organisation are aware that the existing laws relating to data protection are changing.
5) Please indicate your level of confidence that all staff responsible for handling personal data in your organisation are aware of the effect that the changes to existing data protection laws will have on your organisation.
6) Please indicate whether the person with overall responsibility for the following departments is aware of the GDPR, and understands his or her responsibilities regarding the changes to the storage and processing of personal information.
7)My marketing and communications teams have reviewed existing privacy notices and policies to ensure that they will meet their new obligations around personal data collection (such as double opt-in)?
8) My marketing and communications teams are aware that they must now obtain consent to process personal information of children under the age of 13?
9) My marketing and communications teams have implemented new practices to verify the age of individuals or obtain parental / guardian consent when processing the personal data of children?
10) Could your orgainsation currently identify where all personal information (such as staff records, customer data and supplier records) is stored?
11)Could your organisation successfully demonstrate how, and from where, the personal data held by your organisation was sourced?
12)Could your orgainsation currently provide details of all the people and organisations it has shared personal data with, if requested to do so?
13)Which of the following data practices does your organisation currently follow?
14) Do you think those responsible for IT security in your organisation could report potential data breaches to relevant authorities and affected persons within 72 hours of detection?
15) Could your organisation demonstrate to the relevant authorities that you have adequate procedures in place to detect, investigate and report on personal data breaches?
16) Are you familiar with the concept of 'Privacy by Design'?
17) Question 17
18) Are you aware that Data Protection Impact Assessments should be carried out in high risk situations?
Your Personalised GDPR Summary
"Below is a permanent link to your personalised GDPR Assessment summary so you refer back to it and also share the results with colleagues.
https://gdprkaspersky.com/en/results/XXXX ( číslo testu - přiděluje systém )".

3 reasons GDPR won’t be a big problem for good email marketers

3 reasons GDPR won’t be a big problem for good email marketers
Článek najdete na portálu "phraseeadrese:
https://phrasee.co/3-reasons-gdpr-wont-be-a-big-problem-for-good-email-marketers/
Cituji z úvodu článku"

The General Data Protection Regulation, a piece of legislation governing the ways in which consumers’ “private” digital data can be used by marketers, comes into effect across the EU next May, and already has many brands running scared.
For both brands and email marketers, while the GDPR will certainly present some new challenges, it’s certainly not the end of the world.
Vybrané části textu článku - 3 příčiny:
"Here are 3 reasons why…
3 reasons GDPR won’t be a big problem for good email marketers"
"1) Those who are scrupulous with their opt-ins won’t be affected (much)
The lead-up to the GDPR’s implementation will be a period of reflection for many in the email marketing business."
"2) Your subscribers still want what you have to offer
If you are a brand with a strong email marketing programme, you offer your subscribers value."
"3) Well executed re-opt-in campaigns work
No matter how good or bad your brand’s email marketing programme may be, the lead-up to the GDPR’s implementation is re opt-in season (or at least it should be)."
"A re-opt-in campaign presents the perfect opportunity to separate the mailing list wheat from the mailing list chaff."
Závěrečný odstavec:
A re-opt-in campaign presents the perfect opportunity to separate the mailing list wheat from the mailing list chaff.

Konference - Security IT s podtitulem GDPR

Konference - Security IT s podtitulem GDPR
2 ročník konference Security IT, tentokrát s podtitulkem GDPR proběhla 18. 4. 2017.
Všechny prezentace ke stažení najdete na adrese:
http://www.security-it.cz
Cituji úvodní odstavec informočního textu:
"Na 2. ročníku konference Security IT s podtitulem GDPR – od teorie k praxi jsme vám představili problematiku GDPR z právního i technického pohledu. Úvodní přednášky se ujmul Ing. Aleš Špidla, prezident Českého institutu manažerů informační bezpečnosti a jeden z největších odborníků v oblasti kybernetické bezpečnosti v České republice, který následně celou akci moderoval. Konference proběhla 18. dubna 2017 v Konferenčním centru U Hájků (Hotel Grandior, Na Poříčí 42, Praha 1). Vstup na akci byl zdarma."
Program konference - seznam prezentací:
Úvod do problematiky GDPR, eIDAS, NIS
Obecné nařízení na ochranu osobních údajů
GDPR a kybernetická bezpečnost
VÝSLEDKY PRŮZKUMU PŘIPRAVENOSTI – NEZÁVISLÁ STUDIE PŘIPRAVENOSTI FIREM V ČR A SR NA LEGISLATIVU GDPR A NAPLNĚNÍ NOREM GDPR POMOCÍ VMWARE NSX
Technická opatření pro plnění požadavků GDPR
ENTERPRISE MOBILITY MANAGEMENT A OCHRANA OSOBNÍCH ÚDAJŮ – AIRWATCH
Enterprise Mobility Management & GDPR
OBSAH ARCHIVNÍCH DAT MŮŽE ZNAMENAT RIZIKO PRO ORGANIZACE ZAVÁDĚJÍCÍ GDPR. JAK NAD NIMI ZÍSKAT KONTROLU POMOCÍ VERITAS ENTERPRISE VAULT. PŘÍPADOVÁ STUDIE
PŘÍPADOVÁ STUDIE A PREZENTACE VÝSLEDKŮ NASAZENÍ PALO ALTO NETWORKS. JAK TATO PLATFORMA POMOHLA SE ZAJIŠTĚNÍM SOULADU S POŽADAVKY GDPR.
State Of The Art Prevention – případová studie
4 VĚCI, KTERÉ BYSTE PRO PŘIPRAVENOST NA GDPR MĚLI ZAČÍT DĚLAT JEŠTĚ DNES
JAK UCHOPIT POŽADAVKY GDPR S TECHNOLOGIEMI IBM
Jak uchopit požadavky GDPR s technologiemi od IBM
GDPR V PRAXI – PŘÍPRAVA A ZAVÁDĚNÍ
GDPR v praxi – příprava a zavádění
PREZENTACE VÝSLEDKŮ DATOVÉHO AUDITU PROVEDENÉHO POMOCÍ SYMANTEC DATA LOSS PREVENTION
GDPR JAKO KATALYZÁTOR BUSINESSU
PRAKTICKÁ UKÁZKA PSEUDONYMIZACE DAT
PANEL Q&A

úterý 24. října 2017

Technology and GDPR: Is your platform ready?

Technology and GDPR: Is your platform ready?
By David Mackay, associate vice president of business development, Ness Digital Engineering
Cituji z úvodu:
"There are several common challenges arising from GDPR that companies should consider when it comes to making their technology platforms GDPR compliant."
Plné znění článku najdete na adrese:
https://www.itproportal.com/features/technology-and-gdpr-is-your-platform-ready/
Cituji vybrané části textu:
"While numerous “toolkits” of varying degrees of sophistication are available to help companies assess the degree of process compliance that currently exists within their organisations, and to provide process flows that facilitate compliance, little has been discussed around GDPR’s impact on technology platforms currently holding all that data. One reason is because each company or organisation has a unique mix of technologies, people and processes involved, so it is difficult to generalise. However, there are several common challenges arising from GDPR that companies should consider when it comes to making their technology platforms GDPR compliant.
"One way to address this data handling transparency requirement is to revisit a company’s enterprise data architecture to better understand where PII data exists. "
"Identifying where PII data exists can be further addressed by implementing more holistic search capabilities, ensuring a company can search across all its technology platforms and archives for specific keys or identifiers relating to individuals."
"This requires the reporting of information in a way that explains what data is being held (i.e. structured information versus raw computer data) and how an organisation is processing it to derive insights about that individual. These SARs can come from any number of (mostly digital) channels and may need to be delivered back via that same channel with an appropriate user experience."
"Companies will almost certainly need to upgrade existing data platforms, and in most cases, implement a new data governance technology platform to facilitate and automate their ability to comply with GDPR legislation. However, the specific needs of GDPR are not well handled out-of-the-box by existing data governance products that offer a generic solution, as much of the effort required will be bespoke to each organisation’s existing data platforms."
"When it comes to concerns about GDPR’s impact on technology and data platforms, organisations should consider carrying out a GDPR data platform audit and make specific recommendations to address technology shortfalls."