Cloud Companies Can Conquer GDPR with ISO 27018 Certification. Almost a year into a post-GDPR world, the question for many cloud service providers is still, “How do I evidence GDPR compliance?” With no meaningful certification in sight, the time is now for cloud service providers to be proactive in showing how they protect customer data in accordance with GDPR.
Many organizations are bracing for the recent wave of Privacy regulations announced this year. In May, GDPR became enforceable, then in June California passed the California Consumer Privacy Act (effective starting 2020). These landmark regulations provide new privacy requirements for businesses collecting and/or processing data. The purpose of this whitepaper is to compare requirements under[…]
Profiling and automated decision-making are not prohibited under GDPR. However, both of these activities are subject to detailed requirements on when they can legitimately be performed and what must be communicated to data subjects. Key Questions: 1| How are automated decision-making and profiling defined under GDPR? 2| How do the general rules of GDPR apply[…]
Whether it is a software or infrastructure as a service (SaaS/IaaS) almost everyone is relying on the cloud. Have you considered how this impacts your GDPR strategy? In this whitepaper we set out to clarify the role of cloud service providers as well as users of cloud services. Key Questions: 1) What is your role(s)[…]
The Data Protection Impact Assessment (DPIA) is a significant new burden on data controllers under GDPR. As many have noted, GDPR does not clearly outline when a DPIA is required, instead referring to processing “likely to result in a high risk to the rights and freedoms of natural persons.” Article 35(4) charges supervisory authorities with[…]
The EU’s new General Data Protection Regulation (“GDPR”) introduces the concept of a Data Protection Impact Assessment (“DPIA”); defined as an analysis of the risks of processing operations on the “rights and freedoms” of data subjects.This means that if your company is processing the data of individuals who are EU citizens you may have to[…]
Approved by the European Union on April 14, 2016 and fully enforceable beginning May 25, 2018, General Data Protection Regulation (GDPR) is arguably the most wide-reaching change to privacy requirements to date. How wide reaching is GDPR? If you are located in the EU and control or process personal data, if you offer goods or[…]
Approved by the European Union on April 14, 2017 and fully enforceable beginning May 25, 2018, General Data Protection Regulation (GDPR) is arguably the most wide-reaching change to privacy requirements to date. How wide reaching is GDPR? If you are located in the EU and control or process personal data, if you offer goods or[…]