úterý 31. října 2017

Why Consent Lifecycle Management is crucial for GDPR compliance and your customer data

Why Consent Lifecycle Management is crucial for GDPR compliance and your customer data
June 6, 2017 by SVEN DUMMER,consent management.
Článek je publikován na portálu: "janrain.com"
Plné znění je na adrese: http://tinyurl.com/ybqwr3pj
Cituji vybrané části článku:
"This blog explains how Consent Lifecycle Management can help you achieve compliance for this new regulation."
"Some of the most challenging requirements of the GDPR are around the need to collect consent from end users before obtaining and transferring their personal data. ... It is important to understand that the GDPR requires affirmative, and in some cases, explicit, consent  with dramatic impact for many organizations."
"Moving from implicit to explicit, purpose-bound consent
Today, many companies rely on implicit and “opt-out” consent when collecting personal data from their customers – for example, we all are very familiar with pre-checked boxes on registration forms. This practice of collecting implicit consent will no longer be allowed under the GDPR, which requires consent by the user signaling agreement by “a statement or a clear affirmative action.”
"if your customer database today contains data that was collected via implicit consent, the GDPR doesn’t allow your existing non-complying data to be “grandfathered in”. You will have to request consent from your customers again, but this time in a fashion that complies with the GDPR."
"The GDPR not only requires explicit consent before collecting sensitive personal data, but also limits that data collection to “specified, explicit and legitimate purposes,” and the data “must not be further processed in a manner that is incompatible with those purposes."
"GDPR requests that customers must be enabled to view and modify their consent settings at any time."
"How an Identity Cloud enables proper consent
The solution we provide to address these challenges is Consent Lifecycle Management, the newest member of the Janrain Identity Cloud, a cohesive set of cloud-based services for Customer Identity and Access Management (CIAM)."

neděle 29. října 2017

GDPR is NOT an IT project, it is a Complex Change Program!

GDPR is NOT an IT project, it is a Complex Change Program!
18 SEPTEMBER 2017 
Článek byl publikován na portálu: ascend.se
Plné znění najdete na adrese: http://tinyurl.com/yd4z93bl
Cituji vybrané části textu:
"The complexity of GDPR poses the challenge of how to address the requirements; some regard it as an IT project since it (partially) relates to information stored in systems and applications. Others regard it as an Information and IT Security Initiative driven by the need to protect information." 
"...there are several functions and areas in an organization that need to be involved and interact in the change journey. Only working together in coordination can an organization ensure to avoid potential fines and implications to the organization's brand."
"As an example, see the request below from a former employee, requesting information to be deleted, that lacks any legal basis to be stored or further porcessed: 
Příklad - Požadavek: "Delete all information about me that has no legal basis to be stored"
- Where do we have personal data stored?
- What data do we have to remove and what data do we need to store?
- What 3rd parties may have data that we need to delete?
- How to delete all data in an efficient way?
"A “simple” request of deleting information has an impact on several functions in an organization:
All departments - IT - Procurement - Managers and employees - ‘Servcie Desk’ - Legal advisors" 
"There is a need for a Cross-Departmental Change Program or a Transformation Program."
"Hence GDPR should not be deemed as an IT or Information Security project, instead a Program of Complex Change  that needs to address all areas and departments in the organization."
V textu je uveden odkaz na článek 
" ... about the difference between a change program and a transformation program" na adrese:
http://ascend.se/inspired-by-ascend/business-transformation-by-ascend

Interim GDPR Programme Manager - nabídka

Interim GDPR Programme Manager
Pro zajímavost uvádím nabídku práce v pozici dočasného programového manažéra. Najdete ji na portálu:  changeboard.com
konkrétně na adrese: http://tinyurl.com/y75fhdac
Cituji text nabídky:
"A leading private sector organisation are looking for a GDPR Programme Manager for an initial 9 month contract, paying between £850p/d - £950p/d.
The GDPR Programme Manager will deliver a cross-business transformation programme to ensure the organisation is appropriately protecting personal data, as with new regulatory requirements. The role will be required to manage all workstreams within the programme and will need someone to work with all business units affected.
Key Capabilities
- Used to working across all levels of the business from senior stakeholders to associate colleagues.
- Proven delivery of enterprise-wide programmes
- Delivery in a fast moving environment
- Confident in the use of programme management tools and techniques that are appropriate for the situation
- Experience of being a leading a team, and being able to work with technology managers and heads to ensure everyone is contributing effectively
- Influencing and negotiation skills to ensure successful progress of the programme
- Proven ability to manage multiple third-party supplier relationships
This is a fantastic opportunity to lead a high profile transformation in a leading international business.
( Poznámka: jistě si v nabídce povšimnete i podmínek :-). )

sobota 28. října 2017

GDPR can bring major benefits to governance, security professionals

GDPR can bring major benefits to governance, security professionals
Published October 23 2017, 6:53am EDT - By Vilius Benetis
Plné znění článku najdete na portálu: "information-management"
konkrétně na adrese: http://tinyurl.com/y84jtfy3
Cituji vybrané části textu:
"Combined with other data management and compliance efforts, the regulation can help solve a number of cybersecurity and privacy issues."
"With some data, it is easy. ... But the question is not only about granting or revocation of rights to process, but also about getting to know which data is stored, how it was processed, with whom it was shared, and having the possibility to remove that data from systems (i.e., to be forgotten)."
"Each of our digital activities touches many systems: computers, servers, information systems, transmission systems, security systems, usage analysis systems, and so on."
"Information systems and the Internet were designed mostly respecting another model – that the owner of the system owns the data as well, unless it is specifically provisioned otherwise."
"Despite all the difficulties, I would argue that implementation of the new regulation brings a lot of benefits to all those involved in IT governance, such as:
"IT staff are forced to talk and understand legal teams, discuss the impact, and better understand threat landscapes and liabilities, which shrinks gaps of understanding.
"Now, the securing of information systems, data and information system life-cycling, and the creating, processing, destroying, auditing, handing over and disposing of data will be assessed.
"Overall, GDPR has the potential to be one of the pillar forces that gets us together to address cyber security properly. While it alone will not be sufficient, combined with other governance and regulatory efforts, real progress can be made."
(Note: This post originally appeared on the ISACA blog, which can be viewed here).

GDPR compliance is a moving target but firms need to keep up

GDPR compliance is a moving target but firms need to keep up
Published October 24 2017, 6:38am EDT - by PETER MERKULOV
Plné znění článku najdete na portálu: "information-management",
konkrétně na adresehttp://tinyurl.com/ycgcrorp
Cituji vybrané části textu: 
"A primary challenge with any major regulation is that, no matter how meticulous its writers intended to be, there will always be ambiguity. Some of that is intentional and some simply unavoidable."
"GDPR was necessitated because the old regulation dictating the security and management of data, 1995’s Data Protection Directive, was obsolete. ... The Data Protection Directive could not keep up."
"Not every possible situation can be accounted for in a single regulation, nor can the future be accurately predicted. ... Whether by design or oversight, many conditions and definitions contained in GDPR will be subject to legal challenges and that process will set the precedents needed to clarify the regulations"
"In Europe, data is considered breached if "accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed" occurs."
"Depending on available resources and willingness to accept a certain amount of risk, some aspects of implementing a compliance program may have to wait until after precedent has been set and clarity is further established."
"Data security compliance is—and always will be—a moving target, and that is never as true as in the period before a regulation goes into effect."

GDPR compliance is a moving target but firms need to keep up Published October 24 2017, 6:38am EDT - by PETER MERKULOV Článek najdete na portálu: "information-management", konktétně na adrese: http://tinyurl.com/ycgcrorp Cituji vybrané části textu: "A primary challenge with any major regulation is that, no matter how meticulous its writers intended to be, there will always be ambiguity. Some of that is intentional and some simply unavoidable. " "GDPR was necessitated because the old regulation dictating the security and management of data, 1995’s Data Protection Directive, was obsolete. ... The Data Protection Directive could not keep up." "Not every possible situation can be accounted for in a single regulation, nor can the future be accurately predicted. ... Whether by design or oversight, many conditions and definitions contained in GDPR will be subject to legal challenges and that process will set the precedents needed to clarify the regulations" "In Europe, data is considered breached if "accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed" occurs." "Depending on available resources and willingness to accept a certain amount of risk, some aspects of implementing a compliance program may have to wait until after precedent has been set and clarity is further established." "Data security compliance is—and always will be—a moving target, and that is never as true as in the period before a regulation goes into effect."

GDPR compliance is a moving target but firms need to keep up
Published October 24 2017, 6:38am EDT - by PETER MERKULOV
Plné znění článku najdete na portálu: "information-management",
konkrétně na adresehttp://tinyurl.com/ycgcrorp
Cituji vybrané části textu: 
"A primary challenge with any major regulation is that, no matter how meticulous its writers intended to be, there will always be ambiguity. Some of that is intentional and some simply unavoidable. "
"GDPR was necessitated because the old regulation dictating the security and management of data, 1995’s Data Protection Directive, was obsolete. ... The Data Protection Directive could not keep up."
"Not every possible situation can be accounted for in a single regulation, nor can the future be accurately predicted. ... Whether by design or oversight, many conditions and definitions contained in GDPR will be subject to legal challenges and that process will set the precedents needed to clarify the regulations"
"In Europe, data is considered breached if "accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed" occurs."
"Depending on available resources and willingness to accept a certain amount of risk, some aspects of implementing a compliance program may have to wait until after precedent has been set and clarity is further established."
"Data security compliance is—and always will be—a moving target, and that is never as true as in the period before a regulation goes into effect."

The pragmatic GDPR project

The pragmatic GDPR project - C-cure Seminar, 29 March 2017
Tim Clements CIPP/E, CIPM, CIPT, CRISC, CGEIT
Prezentace přednášky sestávající z 42 slajdů.
Zajímavé zejména z hlediska metodologického!
Prezentace je publikována na portálu: "c-cure.dk" na adrese:
http://tinyurl.com/y9h2q9zu
Osnova prezentace - cituji z originálu:
Scope of this presentation
•The GDPR project –a new paradigm?
•Falck’sGDPR project –approach & structure
•Identifying GDPR project scope
•Identifying data flow scope
•Data flow mapping –an approach
•Ensuring ongoing compliance
•The human factor
•A slide for the busy executives

pátek 27. října 2017

Risk management is key to successful GDPR compliance

Risk management is key to successful GDPR compliance
by Nortal HQ, September 21, 2017
Článek najdete na portálu "nortal.com", kokrétně na adrese:
https://nortal.com/blog/risk-management-key-successful-gdpr-compliance/
Cituji vybrané myšlenky článku:
"GDPR shouldn’t be seen as a risk but as an opportunity to update your organization’s approach to risk management."
"GDPR compliance has to be approached from a risk management point of view."
“Companies need to establish a good risk-management culture in order to mitigate risks by falsely processing data,”
“GDPR puts pressure on an organization’s leadership to rethink their current business models.”
"GDPR sets new rules, making the business environment harsher, as in many cases old business models and processes do not respect the new regulation."
“Challenges also mean opportunities for new and disruptive innovations.”
Cituji závěr článku:
"GDPR is not only about data, data governance or hefty fines for not being careful enough when collecting, storing and processing people’s personal information."

čtvrtek 26. října 2017

GDPR - ARE YOU READY? - Autotest - Kasperski

GDPR - ARE YOU READY?
Autotest připravenosti na GDPR.
Test najdete na portálu "kaspersky.co.uk" adrese: https://www.kaspersky.co.uk/gdprnebo přímo na adrese: https://www.gdprkaspersky.com/en/get-started
Test by měl údajně trvat 10 minut (  myslím, že je to dost optimistický odhad).
Cituji z úvodu:
"The best way to figure out what steps are needed is to understand how your business is currently placed. That's why Kaspersky Lab has created a free and simple to use assessment tool, focusing on the practical steps your teams will need to set in place prior to the May 25, 2018 deadline. What's more, to provide better insight on how you are placed against peer companies, we've built in a handy benchmarking feature. It should take you no longer than 10 minutes to complete, but by the end, you'll have a clear idea of where and on what you need to invest your time into."
"While in most cases, the GDPR will mean a lot of work for legal, information security and IT teams, much of the responsibility for continued compliance will fall to other departments and the individuals within them."
Cituji vybrané části textu testu:
"Answer the simple questions in under 10 minutes to get your Readiness Assessment."
- Track Your Progress - See how other have answered the questions as you progress through to the summary.
- Hints & Tips - Along the way we will offer advice and guidance regards GDPR compliance
- Readiness Assessment - Once you’ve answered the questions we will give you a personalised summary to download.
Úvodní otázky pro nastavení testu:
- Does your organisation store, process or transmit personal data, such as customer data supplier records or staff records?
- What size is your organisation?
- What is your level of knowledge about your organisation's existing IT security? (1 being minimum and 5 being maximum)
- What best describes your role?
Nabízení varianty odpovědi:
a) Operations / Management / Executive
b) IT Administration
c) Research and Development
d) Information Security
e) Other
Následuje přehled 18-ti otázek:
1) Are you aware of the new General Data Protection Regulations (GDPR) that will take effect on May 25th 2018?
Na výběr jsou předloženy 4 varianty odpovědi:
- Yes, and I have good knowledge
- Yes, and I am aware of some of the details
- No, but I have heard of the term GDPR
- No, I have no awareness of it
2)Please indicate your level of confidence that your organisation is taking appropriate steps to achieve compliance of the GDPR by the May 25th deadline next year.
3) Please indicate your level of confidence that your organisation will be fully compliant with GDPR by the May 25th deadline next year.
4) Please indicate your level of confidence that all staff responsible for handling personal data within your organisation are aware that the existing laws relating to data protection are changing.
5) Please indicate your level of confidence that all staff responsible for handling personal data in your organisation are aware of the effect that the changes to existing data protection laws will have on your organisation.
6) Please indicate whether the person with overall responsibility for the following departments is aware of the GDPR, and understands his or her responsibilities regarding the changes to the storage and processing of personal information.
7)My marketing and communications teams have reviewed existing privacy notices and policies to ensure that they will meet their new obligations around personal data collection (such as double opt-in)?
8) My marketing and communications teams are aware that they must now obtain consent to process personal information of children under the age of 13?
9) My marketing and communications teams have implemented new practices to verify the age of individuals or obtain parental / guardian consent when processing the personal data of children?
10) Could your orgainsation currently identify where all personal information (such as staff records, customer data and supplier records) is stored?
11)Could your organisation successfully demonstrate how, and from where, the personal data held by your organisation was sourced?
12)Could your orgainsation currently provide details of all the people and organisations it has shared personal data with, if requested to do so?
13)Which of the following data practices does your organisation currently follow?
14) Do you think those responsible for IT security in your organisation could report potential data breaches to relevant authorities and affected persons within 72 hours of detection?
15) Could your organisation demonstrate to the relevant authorities that you have adequate procedures in place to detect, investigate and report on personal data breaches?
16) Are you familiar with the concept of 'Privacy by Design'?
17) Question 17
18) Are you aware that Data Protection Impact Assessments should be carried out in high risk situations?
Your Personalised GDPR Summary
"Below is a permanent link to your personalised GDPR Assessment summary so you refer back to it and also share the results with colleagues.
https://gdprkaspersky.com/en/results/XXXX ( číslo testu - přiděluje systém )".

3 reasons GDPR won’t be a big problem for good email marketers

3 reasons GDPR won’t be a big problem for good email marketers
Článek najdete na portálu "phraseeadrese:
https://phrasee.co/3-reasons-gdpr-wont-be-a-big-problem-for-good-email-marketers/
Cituji z úvodu článku"

The General Data Protection Regulation, a piece of legislation governing the ways in which consumers’ “private” digital data can be used by marketers, comes into effect across the EU next May, and already has many brands running scared.
For both brands and email marketers, while the GDPR will certainly present some new challenges, it’s certainly not the end of the world.
Vybrané části textu článku - 3 příčiny:
"Here are 3 reasons why…
3 reasons GDPR won’t be a big problem for good email marketers"
"1) Those who are scrupulous with their opt-ins won’t be affected (much)
The lead-up to the GDPR’s implementation will be a period of reflection for many in the email marketing business."
"2) Your subscribers still want what you have to offer
If you are a brand with a strong email marketing programme, you offer your subscribers value."
"3) Well executed re-opt-in campaigns work
No matter how good or bad your brand’s email marketing programme may be, the lead-up to the GDPR’s implementation is re opt-in season (or at least it should be)."
"A re-opt-in campaign presents the perfect opportunity to separate the mailing list wheat from the mailing list chaff."
Závěrečný odstavec:
A re-opt-in campaign presents the perfect opportunity to separate the mailing list wheat from the mailing list chaff.

Konference - Security IT s podtitulem GDPR

Konference - Security IT s podtitulem GDPR
2 ročník konference Security IT, tentokrát s podtitulkem GDPR proběhla 18. 4. 2017.
Všechny prezentace ke stažení najdete na adrese:
http://www.security-it.cz
Cituji úvodní odstavec informočního textu:
"Na 2. ročníku konference Security IT s podtitulem GDPR – od teorie k praxi jsme vám představili problematiku GDPR z právního i technického pohledu. Úvodní přednášky se ujmul Ing. Aleš Špidla, prezident Českého institutu manažerů informační bezpečnosti a jeden z největších odborníků v oblasti kybernetické bezpečnosti v České republice, který následně celou akci moderoval. Konference proběhla 18. dubna 2017 v Konferenčním centru U Hájků (Hotel Grandior, Na Poříčí 42, Praha 1). Vstup na akci byl zdarma."
Program konference - seznam prezentací:
Úvod do problematiky GDPR, eIDAS, NIS
Obecné nařízení na ochranu osobních údajů
GDPR a kybernetická bezpečnost
VÝSLEDKY PRŮZKUMU PŘIPRAVENOSTI – NEZÁVISLÁ STUDIE PŘIPRAVENOSTI FIREM V ČR A SR NA LEGISLATIVU GDPR A NAPLNĚNÍ NOREM GDPR POMOCÍ VMWARE NSX
Technická opatření pro plnění požadavků GDPR
ENTERPRISE MOBILITY MANAGEMENT A OCHRANA OSOBNÍCH ÚDAJŮ – AIRWATCH
Enterprise Mobility Management & GDPR
OBSAH ARCHIVNÍCH DAT MŮŽE ZNAMENAT RIZIKO PRO ORGANIZACE ZAVÁDĚJÍCÍ GDPR. JAK NAD NIMI ZÍSKAT KONTROLU POMOCÍ VERITAS ENTERPRISE VAULT. PŘÍPADOVÁ STUDIE
PŘÍPADOVÁ STUDIE A PREZENTACE VÝSLEDKŮ NASAZENÍ PALO ALTO NETWORKS. JAK TATO PLATFORMA POMOHLA SE ZAJIŠTĚNÍM SOULADU S POŽADAVKY GDPR.
State Of The Art Prevention – případová studie
4 VĚCI, KTERÉ BYSTE PRO PŘIPRAVENOST NA GDPR MĚLI ZAČÍT DĚLAT JEŠTĚ DNES
JAK UCHOPIT POŽADAVKY GDPR S TECHNOLOGIEMI IBM
Jak uchopit požadavky GDPR s technologiemi od IBM
GDPR V PRAXI – PŘÍPRAVA A ZAVÁDĚNÍ
GDPR v praxi – příprava a zavádění
PREZENTACE VÝSLEDKŮ DATOVÉHO AUDITU PROVEDENÉHO POMOCÍ SYMANTEC DATA LOSS PREVENTION
GDPR JAKO KATALYZÁTOR BUSINESSU
PRAKTICKÁ UKÁZKA PSEUDONYMIZACE DAT
PANEL Q&A

úterý 24. října 2017

Technology and GDPR: Is your platform ready?

Technology and GDPR: Is your platform ready?
By David Mackay, associate vice president of business development, Ness Digital Engineering
Cituji z úvodu:
"There are several common challenges arising from GDPR that companies should consider when it comes to making their technology platforms GDPR compliant."
Plné znění článku najdete na adrese:
https://www.itproportal.com/features/technology-and-gdpr-is-your-platform-ready/
Cituji vybrané části textu:
"While numerous “toolkits” of varying degrees of sophistication are available to help companies assess the degree of process compliance that currently exists within their organisations, and to provide process flows that facilitate compliance, little has been discussed around GDPR’s impact on technology platforms currently holding all that data. One reason is because each company or organisation has a unique mix of technologies, people and processes involved, so it is difficult to generalise. However, there are several common challenges arising from GDPR that companies should consider when it comes to making their technology platforms GDPR compliant.
"One way to address this data handling transparency requirement is to revisit a company’s enterprise data architecture to better understand where PII data exists. "
"Identifying where PII data exists can be further addressed by implementing more holistic search capabilities, ensuring a company can search across all its technology platforms and archives for specific keys or identifiers relating to individuals."
"This requires the reporting of information in a way that explains what data is being held (i.e. structured information versus raw computer data) and how an organisation is processing it to derive insights about that individual. These SARs can come from any number of (mostly digital) channels and may need to be delivered back via that same channel with an appropriate user experience."
"Companies will almost certainly need to upgrade existing data platforms, and in most cases, implement a new data governance technology platform to facilitate and automate their ability to comply with GDPR legislation. However, the specific needs of GDPR are not well handled out-of-the-box by existing data governance products that offer a generic solution, as much of the effort required will be bespoke to each organisation’s existing data platforms."
"When it comes to concerns about GDPR’s impact on technology and data platforms, organisations should consider carrying out a GDPR data platform audit and make specific recommendations to address technology shortfalls."

GDPR is an opportunity for business growth

GDPR is an opportunity for business growth
Blog posted by: John McDermott, EMEA Portfolio Manager, HP Enterprise and Nick Wilding, General Manager Cyber Resilience, AXELOS, 20 October 2017.
Článek nejdete na portálu: www.wired-gov.net
Konkrétně na adrese: http://tinyurl.com/yap56aup
Cituji vybrané části textu:
"Organizations can use the introduction of GDPR in May 2018 to learn more about their customers while building customer loyalty and increasing efficiency.
According to John McDermott, EMEA Portfolio Manager at Hewlett Packard Enterprise (HPE), the new regulations are a business opportunity and business leaders should not be overcome with ‘doom and gloom’ about non-compliance and large fines."
"During the webinar John outlined the four-step programme which can move an organization towards compliance with the GDPR regulations:
Perform: carry out a gap analysis and prepare a GDPR readiness report; revise policies, contracts, procedures and data governance model.
Know: classify data and enforce best practice for each classification; identify who collects data and where from, encryption and breach protection.
Identify: understand what will change and who will make the change
Prepare: carry out a data protection impact assessment and get approval from the data protection authority; implement new tools and instigate a company-wide and ‘effective’ awareness programme to educate all employees."
“Effective and engaging online learning can also be combined with a range of techniques including team meetings, lunch and learn briefings, surveys, posters and competitions. They should all work to build confidence so that anyone can deal effectively with issues, as and when they arise,” Nick added."
"The webinar emphasized that GDPR has the ability to enhance a business and, with the right support and training for employees, it should mean full compliance. If there is already a good governance strategy in place it really should be business as usual.
Watch the webinar GDPR and the importance of protecting your human firewall. Webinar najdete na adrese:
http://digileaders.com/gdpr-protecting-your-human-firewall/

pondělí 23. října 2017

GAP IN GDPR READINESS ACROSS EUROPE

GAP IN GDPR READINESS ACROSS EUROPE
BIG DATA EUROPE GDPR NEWS - 23 OCTOBER 2017
Článek najdete na portálu:  
https://www.research-live.com
na adrese: http://tinyurl.com/yd56tp9o
Cituji z úvodu článku:
"A study has highlighted inconsistencies in the level of preparation and readiness for the General Data Protection Regulation (GDPR) across European countries.""With under nine months until GDPR comes into force, new research from Kaspersky Lab suggests inconsistencies in preparation amongst European IT professionals from one country to another."
Cituji ze závěru článku:
“The deadline is the same for every company no matter their size, industry or location, so action needs to be taken now to get data handling practices up to scratch before the wrath of the regulators makes the impact of GDPR a bitter pill to swallow, rather than a good thing for the data health of an organisation.”

neděle 22. října 2017

CHIP: GDPR - Formuláře pro udělení souhlasu

CHIP: GDPR - Formuláře pro udělení souhlasu
Jedním z nejnáročnějších požadavků nařízení EU o ochraně osobních údajů fyzických osob (GDPR) je takzvané dokumentování shody s tímto nařízením.
Pojednání na toto téma je předmětem článku Dana Konečného a Petra Moláčka v listopadovém čísle časopisu CHIP
Cituji vybrané části textu:
"V praxi to znamená, že společnost či organizace, která osobní údaje jednotlivců zpracovává, musí zajistit, aby činnosti, které se týkají zpracování osobních údajů včetně souhlasu se zpracováním, byly zaznamenány a v případě potřeby mohly být předloženy dozorovému úřadu."
"Pro představu to značí, že společnosti a organizace musí ve svých informačních systémech zajistit, aby o jednotlivých činnostech prováděných s osobními údaji byly vedeny záznamy."
" V praxi může být takový souhlas poskytnut nejen elektronicky (na webových stránkách nebo odesláním potvrzujícího e-mailu), ale také například písemnou formou na papírovém formuláři anebo také ústní formou. "
"Osobní údaje byste měli shromažďovat opravdu jen pro konkrétní účel a uchovávat pouze po dobu, kdy se tato činnost fakticky provádí. A pokud bylo účelem shromažďování vizitek pouze zaslání slíbené informace o vystavované novince, po zaslání tyto kontakty smažete a prostě je přestanete evidovat, natož pak dále využívat pro zasílání dalších nabídek, nebo dokonce prodání někomu dalšímu bez vědomí jejich majitelů."
"Jako příklad minimalizace osobních údajů se v článku uvádí formulář k poskytnutí e-mailu pro zasílání newsletteru z pražské městské části Kunratice."
"Transparentnost. Uplatnění toho principu bude po vás požadovat, aby texty, ve kterých se jim snažíte sdělit podmínky souhlasu, nebyly vágní, složité nebo nesrozumitelné, takže je lidé nebudou číst ani jim rozumět."
"Jednotlivci by měli být v okamžiku poskytování souhlasu informováni o tom, že mohou kdykoli svůj souhlas odvolat a jak to udělat."
Uvádí se příklad přehledného způsobu odvolání souhlasu se zasíláním newsletterů u Mall.cz.
"Použijte mechanismus dvojího souhlasu. V praxi to funguje tak, že dotyčná osoba, která vám poskytla své osobní údaje na vašem on-line formuláři, například k odběru newsletterů e-mailem, bude ve druhém kroku obeslána e-mailem s připojeným potvrzovacím odkazem."
V článku se uvádí příklad funkčního registračního formuláře s Double Opt-ln u portálu iDnes.
"Vzhledem k tomu, že jednoduchý Opt-ln souhlas má závažné nedostatky, stále častěji se pro potvrzení souhlasu využívá proces dvojího souhlasu Double Opt-ln."
V závěru článku se uvádějí výhody Double Opt-ln.

The role of the DPO – And how to find one in a competitive landscape

Opinion GDPR: The role of the DPO – And how to find one in a competitive landscape - By Mike Hughes
Published October 16 2017, 6:30am EDT
Článek najdete na portálu: www.information-management.com
na adrese: http://tinyurl.com/y875lvta
Cituji vybrané části textu:
"GDPR (General Data Protection Regulation) introduces the new role of Data Protection Officer (DPO). While many organizations have had the title of such a role under the existing EU Directive, member states had different interpretations of what this meant. GDPR takes the responsibilities of the DPO to another level."
"To be able to effectively discharge the duties of the DPO, as outlined in Articles 38 and 39 of GDPR, the DPO needs to have a high authority in their organization, have a wide range of experience and be multiskilled, both technically and socially."
So, what makes a good DPO?
"The DPO needs a mix of skills and experience extending from data privacy into information risk management, relationship management, persuasive/negotiating skills, and the ability to operate at the highest levels within an organization."
"The DPO’s initial primary focus will be to get his or her organization ready to be GDPR-compliant by the May 2018 deadline, when GDPR becomes enforceable. "
Cituji závěr článku:
"To sum up, there is massive requirement to recruit DPOs with GDPR experience. As GDPR is only in its implementation phase, these people do not exist in the numbers required. Therefore, organizations need to take a more pragmatic view. Look at existing data protection professionals; can they be developed into the role of the DPO with training and coaching? Look at information risk and information governance professionals; can they be trained in data privacy? For the large corporates, look at the role of Chief Data Officer, and for SMEs, look at buying a managed service."
(This post originally appeared on the ISACA blog.)

středa 18. října 2017

How Legal and IT Teams Can Work Together to Achieve GDPR Compliance

How Legal and IT Teams Can Work Together to Achieve GDPR Compliance
Článek najdete
na portálu 
okta.com, konkretně na adrese:
https://www.okta.com/blog/2017/10/tips-for-legal-IT-GDPR-compliance/
Autorem, je Chris Niggel - Director, Security and Compliance - Oct.17.2017
Cituji vybrané části textu:
"This article doesn’t constitute legal advice, and is provided for informational purposes only".
"While the GDPR can seem intimidating at first, thoughtful planning can help your organization efficiently maintain compliance."
"... And since the regulation can affect many parts of the enterprise, regular interdepartmental meetings will help ensure that each team is aware of any operational changes that are being made."
"The keys to getting ready for the regulation are communication, transparency, and accountability. Everyone involved in GDPR preparations needs to understand their role and be held accountable for ensuring compliance."
"The regulation strongly encourages encryption and requires that security measures are built into any system that is engineered to collect, process, or store personal data of EU individuals."
"What IT needs to gather for and from the legal and compliance teams."
"The IT department knows the nitty gritty of your enterprise’s data infrastructure in a way that the legal department may not, meaning that IT may need to outline much of that information for the organization’s legal and compliance teams."
"Mapping the personal data and avoiding unnecessary duplication is one of the key ways to help ensure compliance with the GDPR. Doing so makes it easier to comply with erasure and portability requests."
"Regular training about the GDPR requirements can also help IT better understand how personal data of EU individuals is subject to the regulation. IT will also need to work with the compliance and legal teams to understand if any IT processes for handling data needs to be changed to better comply with the regulations."
What compliance and legal teams need to know about IT
"A key role of an organization’s compliance and legal teams is to understand how their enterprise collects, stores, and processes personal data of EU individuals, and how the GDPR impacts the organization."
"While both the controller and processor are generally responsible for security of the data, each has different responsibilities that an organization’s compliance and legal teams will need to apprise them of."
"It may be important for compliance and legal teams to advise IT about whether new security solutions – such as identity and access management or a cloud access security broker – are needed to ensure personal data-handling is compliant with the GDPR."
"Encouraging two completely different departments to work together can be a challenge, but there are several ways to ensure smooth collaboration."
"They can communicate across departments to keep track of what each team is doing to get ready for the GDPR. It’s also important for teams to have a checklist with deadlines, and even more so to hold people accountable if they miss those deadlines."
"Bring teams together and visually map out roles and expected contributions to the end goal of GDPR compliance. Request input from teams on process improvements, to help them feel valuable and invested in the final outcome."
"Finally, leaders of all affected departments should hold regular meetings to know how far along they are towards achieving their GDPR goals."

úterý 17. října 2017

4 AREAS GDPR CHANGES FOR INFOSEC PROFESSIONALS

4 AREAS GDPR CHANGES FOR INFOSEC PROFESSIONALS
Posted on Monday, October 16, 2017
Článek najdete na adrese:
https://www.softcat.com/news/4-areas-gdpr-changes-for-infosec-professionals/
Cituji vybrané části textu:
"GDPR at its core has a large problem to solve. Remember, private and public organisations want to process personal data and many of them want to do this lawfully. International businesses who are processing or indeed storing European data subjects' data are impacted, so the implications are truly global.
The following four areas were concerns that the DPD didn't address, that are now addressed by the GDPR:
- Right to Erasure and other Data Subject Rights (Articles 15-21)
- Security of Processing (Article 32)
- Accountability – Security Breach Notification (Articles 33 & 34)
- Data Transfers (Articles 44-50)
It's critical that both information security and privacy professionals are aware of these changes and new articles, not simply from a regulatory perspective but also from a practical perspective. Putting aside for the moment the discussions, hype and media concern around potential fines and sanctions, Forcepoint has co-produced a practical whitepaper to focus on the four imminent areas of change."

neděle 15. října 2017

GDPR for small businesses: What it means for you

GDPR for small businesses: What it means for you
Joe Curtis - 27 Jul, 2017 - http://www.itpro.co.uk/
Plné znění článku najdete na adrese: http://tinyurl.com/yc7cnpyv
Cituji vybrané části textu:
"We look at how the new data protection laws will impact SMBs"
"So what does GDPR mean for SMBs? Let's answer a few key questions addressing specifically how it applies to smaller organisations before you dive into our step-by-step guide to all the elements of the new data protection rules."
"The bit these guides seem to get confused about is Article 30, which in the final draft of the legislation states that there's a difference between the types of records SMBs and larger firms must keep."
"The regulation states that extra record keeping duties will apply to an SMB if "the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data ... or personal data relating to criminal convictions and offences referred to in Article 10."
"While an earlier draft of GDPR limited the appointment of a data protection officer to organisations with more than 250 employees, there's no such bar now."
"The "whichever is higher" is the key phrase for SMBs, who could be financially ruined by a data breach, meaning the risks are just as big - if not bigger - than for a multinational enterprise that could absorb the penalty in its next financial quarter without too much of an impact on its stock price."

sobota 14. října 2017

Microsoft - Náš smluvní závazek

Microsoft - "Náš smluvní závazek" Microsoft je údajně první globální poskytovatel služeb, který veřejně nabízí smluvní závazky k nařízení GDPR. Podívejte se na video, ve kterém Julia White vysvětluje závazek Microsoftu.
Video je součástí souboru informací, prezentovaných pod společným názvem:
Rychlejší splnění požadavků nařízení GDPR
https://www.microsoft.com/cs-cz/rethink-IT-security/GDPR/default.aspx
Adresa videa je
https://www.youtube.com/watch?v=7cTp6JsO7UU

Experts react to the security risks of GDPR and AI

Experts react to the security risks of GDPR and AI
Rene Millman - 15 Jun, 2017 - http://www.itpro.co.uk
Plné znění článku najdete na itpro.com, zde: http://tinyurl.com/yagwrbvg
Cituji vybrané myšlenky z textu článku:
"Over the last few months, security experts have had to contend with the GDPR, ransomware, and AI as the three most pressing IT issues companies have to face at present."
"Endless surveys and research suggest very few organisations are prepared for the rules. Although, to be fair, it is hard to be ready when the Information Commissioner's Office (ICO) itself hasn’t yet published its final guidance on certain aspects. Adhering to the eight data protection principles still appears to be the best way forward in order to be compliant with GDPR."
"If a company can demonstrate it is fully compliant, its reputation will be enhanced."
"Ilias Chantzos, Symantec's senior director of government affairs for EMEA and Asia, said there is no box that can “solve” GDPR problems."
"The more people take seriously the threat of hacking and cybercrime, the more people will be cautious about suspicious content."
"Another issue was the increasing use of automation within technology as well as its impact on IT security. With the internet now meeting the “classic definition” of a robot as far as it being able to sense, think and act, we are creating a world-sized robot without even realising it."
"Artificial intelligence as a basis for IT security also got a grilling from Giovanni Vigna, CTO of Lastline. Such technologies only really work when they have large data sets, and you can only learn from “things you know”.
"Machine learning could be used to reduce the number of security analysts needed and direct focus on more important issues." 
"Ultimately, artificial intelligence, machine learning, and deep learning cannot be used in a simple way, according to Vigna. Organisations need to start at breach detection events to teach such systems to look for similar patterns elsewhere."

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance- Posted on October 5, 2017 - huntonprivacyblog.com
PRIVACY & INFORMATION SECURITY LAW BLOG
Global Privacy and Cybersecurity Law Updates and Analysis
Plné znění článku najdete na adrese: http://tinyurl.com/ycu28rxx
Cituji vybrané části z textu článku:
"Last week, at the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong, data protection authorities from around the world issued non-binding guidance on the processing of personal data collected by connected cars (the “Guidance”). "

"Building on existing international guidelines and resolutions, the Guidance urges the automobile industry to follow privacy by design principles “at every stage of the creation and development of new devices or services.”
PDF soubor s plnou verzí přijaté rezoluce: 
"Resolution on Data Protection in Automated and Connected Vehicles"
najdete na adrese: http://tinyurl.com/y8lwvkkb
The Guidance sets forth the following recommendations, among others:
List of 12 Recommendation
Cituji závěr článku:
"While non-binding, the Guidance is being interpreted by many as a set of global standards to guide data protection enforcement efforts, and may signal a wave of enforcement actions to come. The Federal Trade Commission did not participate in issuing the Guidance."

pátek 13. října 2017

GDPR and cloud

GDPR and cloud - Markets Media October 13, 2017
A looming data-privacy regulation holds significant implications for financial-services firms that store data in the cloud.
Plné znění článku najdete na  portálu bloomberg.com, na adrese:
https://www.bloomberg.com/professional/blog/gdpr-and-cloud/
This article was for Markets Media and was licensed by Bloomberg.
Cituji vybrané části textu:
"As a data storer, practitioners and experts generally say cloud is more secure than a traditional, on-premises IT environment, so cloud reduces the risk of the data breaches that are in GDPR’s crosshairs."
"Accountability for data protection cascades down through the data supply chain. Web-based companies will have to clearly define responsibilities and liabilities among solution partners.”
"Companies will need to know the attributes of their data and demonstrate consumer consent as baseline GDPR capabilities. They also need to ensure portability and erasure..." 
Regulators are becoming cloud friendly,” Accenture said in a report highlighting cloud adoption as a key trend for investment banks in 2017." 

čtvrtek 12. října 2017

GDPR - ochrana osobních údajů - program konference

GDPR - ochrana osobních údajů - nové nařízení EK - program konference
Konferenci uspořádala společnost SEMINARIA a konala se dne 20. 9. 2017
Tuto zprávu zařazuji především proto, že program konference ukázal přehled dobře vybraných aktuálních témat, kterým se na konferenci věnovali profesionálové.
Pozvánku s programem si lze prohlédnout na adrese: https://www.seminaria.cz/ konkrétně
na adrese
http://tinyurl.com/y7l4gogn
Příprava zabere firmám a  organizacím nejméně rok. Celostátní konference účastníky seznámila s obsahem nařízení a nabídla jim  jízdní řád, jaká opatření a v jakých oblastech začít realizovat.
Stručné zhodnocení konference najdete na adrese:
http://tinyurl.com/y6v27b2k
Cituji z textu hodnocení:
- Důležité informace plynoucí z nového nařízení sdělila účastníkům konference Eva Škorničková, členka Pracovní skupiny Úřadu vlády ČR k legislativě GDPR.
- Jan Tomíšek z advokátní kanceláře ROWAN LEGAL se věnoval nově vznikající roli pověřence pro ochranu osobních údajů, tzv. Data Protection Officer (DPO). 
- Vojtěch Chloupek z advokátní kanceláře Bird & Bird uvedl, že zejména v online businessu si společnosti musí prozatím počkat na pokyny od pracovní skupiny WP29, 
- Konferenci zakončil Igor Prosecký s praktickými tipy, jakým způsobem se připravit na GDPR, jak zpracovat vstupní analýzu, jakých údajů se to týká a kdo s danými daty je ve styku. Závěrem zdůraznil: „Podcenění vstupní analýzy se negativně promítne do všech procesů souvisejících s GDPR.“



středa 11. října 2017

Why GDPR will revolutionise marketing

"Not all doom and gloom: Why GDPR will revolutionise marketing"
October 10, 201
Článek najdete na portálu: http://www.netimperative.com
na adrese: http://tinyurl.com/y98thu2g
Author: Julian Saunders, founder of data management and GDPR compliance solution PORT.im, discusses how GDPR is great news for marketers
Cituji z textu:

- "For talented marketers GDPR will create an environment in which they will flourish."
-- "Organisations will have to priorities the security of the data they hold, clearly communicate privacy terms and inform customers if there are any breaches. People will be empowered to make clear decisions on the messages they receive and what happens with their data. This will provide knowledge and control to customers. Companies that have a cavalier attitude to data privacy and security will find themselves having to self-certify their GDPR compliance and agree to accept onerous financial liabilities when they want to provide services to other enterprises."
-- "Finally, the scales will fully tilt to innovative marketers, as businesses who continue to send simplistic, high volume and non-personalised content to their entire marketing database will soon find their customer base shrinking."
Cituji závěr článku:
"This quick run through of the probably implications of GDPR is likely to be just the start. Higher standards, improved marketing effectiveness, the necessity of innovation, and the imperative of implementing data management solutions will undoubtedly have many more unforeseen positive consequences. The responsibility is now on good marketers to go beyond the negative noise surrounding GDPR fines and ‘onerous’ regulations, and focus on how their approach to marketing should change to take advantage of this opportunity. Intelligent marketing professionals will revamp their strategy far in advance of May 2018 and begin up-skilling themselves on innovative marketing techniques."

pondělí 9. října 2017

Preparing for GDPR compliance: Where you need to be now and how to get there

Preparing for GDPR compliance:
"Where you need to be now and how to get there"

Autor článku: Doug Drinkwater - an experienced technology and security journalist. Článek najdete na portálu: csoonline.com na adrese:
http://tinyurl.com/y8tll2jb
Cituji vybrané části textu. Pro stručnost prezentuji samotné myšlenky, aniž bych uváděl bližší souvislosti jejich vzniku. Autory textů hledejte ve zmiňovaných zdrojích.
-" Failure to comply with the EU General Data Protection Regulation (GDPR) leaves firms vulnerable to penalties, but many U.S. companies doing business in Europe are in danger of missing the deadline. Here’s how to catch up.
- "Behind the noise, hype, and misunderstanding is a substantial piece of legislation that will change how organizations operating in Europe approach data protection.
"It also harmonizes data protection across 28 EU member states, replacing the need for national legislation. The headlines are ... as well as mandatory security notifications, new rules around user consent, a clearer definition around what could be personal data (such as IP addresses, for example), and greater rights for people to access — or request deletion of — the information companies hold on them.
- "As such, GDPR transcends IT and spreads into areas like sales and marketing, but this complex legislation carries numerous misconceptions. The ambiguity over data processors and controllers — not aided by the controversial Google Spain court case of 2015 — has also caused headaches, especially around data stored in the cloud.
- "A lot of businesses are now holding back full implementation for compliance because it's hard to determine what compliance looks like, and are putting faith in a clear plan of action will be enough to deter the regulator.”
- "The big shock everyone has with GDPR is that they weren't operating in compliance with current data protection legislation. 
- "Data subjects are given rights to make it easier to access their own data, a right to data portability a clearer "right to be forgotten"  plus a right to be informed if your personal data have been subject to a serious breach.”
- "Rules on accountability and transparency are strengthened, and they will have to embrace concepts such as ‘data protection by design and default.’ 
GDPR readiness: Where business are today
- "The regulation, after all, stipulates companies must provide a “reasonable” level of protection
- "Like many, we've taken a risk-based approach for the implementation of controls; we're identifying where our data is, how it's protected, and ensuring our supply chain has agreed to new terms.”
- "We established a cross-departmental team to understand the scope of the new legislation, assess the processes and controls we have in place, and identify any gaps we had, before then addressing them. We then implemented a mechanism to automate the identification and searching of data stores across our systems and tied it to data classification technology that tags data based on its confidentiality. This is linked to data loss prevention controls that only allow certain data types to travel between networks.”
- "Vocalink jointly developed the firm’s strategy for GDPR among the legal, operations, and security teams, analyzing their environment against the EU regulations and drawing up a roadmap to quickly address any gaps.
- "The Drum, revealed how GDPR had enabled it to look at digital marketing in a new way — putting the customer at the center. 
- "The CIO of telco O2 spoke of how GDPR was an “opportunity to get our customers’ trust.” 
- "GDPR can bring some positives to business, such as improved data management and customer loyalty. “Better information management is one clear benefit, but the principle of privacy by design can deliver products and services that, cannily marketed, could be very commercially successful,” says Baines.
- "Most organizations are falling behind, only now appointing DPOs and steering committees, and fighting for boardroom buy-in. Others are progressing slowly with information audits and generally developing company-wide awareness. 
- "There’s the risk of additional penalties if you don’t meet any of these within the timeline given. Such penalties can cause a huge administrative burden and even cost the organization more than the fine,” 
- "Mandatory notification in 72 hours is clearly achievable. This isn't about a full diagnostic and report into what happened. This is the cursory notification to the regulator that something is afoot. Share what you know; your plan for further investigation and triage along with and anticipated timeline.”
- "How do companies accelerate their GDPR initiatives?
- "Organizations work closely with the DPO and their teams. If they don’t have a DPO, CISOs and CIOs should be lobbying their board hard to introduce one on the basis that “data protection isn't and shouldn't be, the sole responsibility of an information security lead.”
- "Organizations get some “validated and authentic” advice, and entrust a person or group of people to manage all aspects of GDPR, from delivering company-wide training to ensuring the supply chain is up-to-date (contract updates are recommended). At the heart of it, he says, is good data management. 
- “Work out what personal data you have. Where it is? How did you get it? Get rid of it if you don’t need it, a DPO could be considered good practice.
- "Organizations must understand the type of data, its location, and how it is being used. This should then be compared versus regulation requirements. “You have to maintain this level of compliance throughout your organization. Embedding privacy-compliant thinking into projects and programs, using tools like a privacy impact assessment, to understand the risk of each activity.”

Are you ready for the GDPR? GDPR Assessment

Are you ready for the GDPR? GDPR Assessment
Tyto stránky obsahují systém 26-ti postupně odpovídaných otázek týkajících se aktuální situace, v které se organizace / firma právě nychází. Po zodpovězení poslední otázky, je soubor odpovědí vyhodnocen a vypracován Report, který je zobrazen a nabídnut ke stažení. Výsledkem je i nabídka softwarového řešení problémů - přirozeně - s dílny Microsoftu. Tento gdpr benchmark jsem zařadit do weblogu hlavně proto, že systém kladených otázek může být inspirující pro sestavení vlastní analýzy situace.
Úvod najdete na adrese:  https://www.gdprbenchmark.com a soubor otázek najdete na adrese:  https://www.gdprbenchmark.com/questions
Cituji z úvodu k auto-testu:
"GDPR Assessment is a quick, online self-evaluation tool available at no cost to help your organization review its overall level of readiness to comply with the GDPR."
"Preparing for a new era in privacy regulation"
"Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations. We are committed to GDPR compliance across our cloud services when enforcement begins May 25, 2018, and provide GDPR related assurances in our contractual commitments."
Vedle úvodu je na výchozí stránce i přehled dílčích témat, vztahujících se ke GDPR, rozdělených do 4 částí
- Personal privaci - Controls anad notifications - Transparem policies - IT and training.
Uvedu jako příklad témata ze skupiny "IT and training":
Organizations will need to:
- Train privacy personnel and employees
- Audit and update data policies
- Employ a Data Protection Officer (if required)
- Create and manage compliant vendor contracts
What GDPR means for your data:
- Stricter control on where personal data is stored and how it is used
- Better data governance tools for better transparency, record keeping, and reporting
- Improved data policies to provide control to data subjects and ensure lawful processing
Assessment
The following questions are meant to assist organizations by identifying technologies and steps that can be implemented to simplify their GDPR compliance efforts.
System otázek je rozdělen do skupin podle aktivit: 
Segmentation - Discover - Manage - Protect - Report
Před "zpovědí" jsou uvedeny 4 definice pojmů:
Personal Data - Controller - Processor - Processing
Příklad otázky ( č. 8 ):
Classify personal data. The GDPR has many requirements to enable the rights of data subjects. This makes it necessary to classify personal data.
How confident are you in the tools your organization currently has to classify personal data? ( označit volbu )
- Very confident
- Mostly confident
- Somewhat confident
- Not very confident
- Don't know/Not Sure
Hodnocení je souhrnné za Skupiny aktivit: discover ...
Následují 2 skupiny variant sw řešení:
"A critical first step to addressing GDPR requirements is to identify all personal data managed by the controller, so that they can adequately protect it and respond to data subject requests, such as erasure, rectification, and data portability. Microsoft business products and services offer a number of ways to identify personal information:" sw.
" Controllers must have in place a mature data classification process and effective supporting technology that will enable them to comply with data subject requests, and meet other GDPR requirements. Microsoft business products and services offer a number of ways to classify personal information": sw.

neděle 8. října 2017

GDPR and Azure, a new era for data privacy

GDPR and Azure, a new era for data privacy
7 Oct 2017 3:50 PM
GDPR Questions? Azure has answers
Roberto Stefanetti
Text najdete na portálu community.dynamics.com na adrese:
http://tinyurl.com/ybyfdohu
Stránka je velmi stručná, slouží vv podstatě jako rozcestník na detailní textové dokumenty. 
První odkaz je na whitepaper informující o tom, jaký je vztah produktu Microsoftu AZURE a GDPR.
"White paper about Microsoft Azure and GDPR Compliance on Technet" https://gallery.technet.microsoft.com/How-Azure-Can-Help-788a4979
Microsoft cloud services such as Azure (as well as other cloud services and on-premises solutions that are out of scope for this paper) help organizations identify and catalog personal data in systems, build more secure environments, and simplify management of GDPR compliance. This white paper is written for decision makers, privacy officers, security and compliance personnel, and other stakeholders who like to learn more about useful actions to prepare for GDPR compliance by using Microsoft Azure. It is divided into the following sections
- Section 1 discusses the GDPR in general, its importance, and what approach Microsoft suggests for addressing GDPR requirements.- Section 2 discusses how you can use Azure today to prepare for GDPR compliance.- Section 3 discusses related topics such as Azure Cloud Germany.Section 4 provides additional recommendations that may be useful for your organization’s journey toward GDPR compliance.
Cituji z textu na stránce: 
"Microsoft is here to help
- Please have a look at our white paper showing "How Microsoft Azure Can Help Organizations Become Compliant with the EU General Data Protection Regulation to gain an understanding of how your organization can use currently available features in Azure to optimize your preparation for GDPR compliance. "
- May 25, 2018: a new era begins for data privacy
On this date in a little less than a year, the new European Union (EU) data protection law will be implemented, replacing the old Data Protection Directive, which has been in effect since 1995. 
"Preparing for a new era in privacy regulation
"We are committed to GDPR compliance across our cloud services when enforcement begins May 25, 2018, and provide GDPR related assurances in our contractual commitments.
Learn more about how Microsoft products help you comply with the GDPR, and let us help you get started. You can also find resources like webinars, videos, white papers, and FAQs about the regulation."
"This is what we do
"Azure has developed a tradition of compliance which gives our customers the tools they need to comply with complex regulations. Our attention to, and preparation for the impact of GDPR continues to show how we equally prioritize the best cloud technology with the best compliance offerings.
Additional information about how Microsoft helps you to fulfill specific GDPR requirements are available at the GDPR section of our Microsoft Trust Center."