All Compliance related articles

GDPR Essentials: Data Protection Officers, What Are They and How Do You Get One?

March 15, 2018 Author: Compliance 0 Comments

With the implementation of the EU’s General Data Protection Regulation (GDPR) 10 weeks away, organizations are struggling to reach compliance before the deadline passes. The new legislation is meant to unify and standardize data protection regulations across the EU, simplifying compliance procedures across borders and giving EU data subjects an unprecedented level of control over their personal data.

For the first time, privacy, in its digital context, will be legally enforced by design and by default. Companies will be held responsible for any breach of privacy and hefty fines will be applied to data controllers and processors found to not have taken adequate measures to protect EU data subjects’ personal information.

The GDPR brings one additional significant change to its predecessor: certain companies will have to appoint a Data Protection Officer (DPO). But what …

Read more

Using DLP to meet MPAA best practices

February 22, 2018 Author: Compliance 0 Comments

The entertainment industry has seen its fare share of leaks and hacks in recent years, with giants such as Sony, Netflix and HBO falling victims to attacks and having their private records and upcoming releases made public online. Movie studios in particular make for tempting targets as any cyberattacks they suffer will instantly make its perpetrators notorious and internet pirates rejoice.  They are often not targets for profit as they are for fun. After all, even hackers can’t wait to see the latest season of Game of Thrones.

It is therefore no surprise that an organization such as the Motion Picture Association of America (MPAA) has issued comprehensive guidelines to secure digital film assets and ensure industry best practices are being met by third party vendors. While abiding by these guidelines is strictly voluntary, the MPAA performs content security assessments of vendors…

Read more

Shadow IT in the Age of GDPR Compliance

February 15, 2018 Author: Compliance 0 Comments

Since the cloud went mainstream, a proliferation of online services and tools have led to the rise of so-called shadow IT, the use of unauthorized third-party services by employees in the workplace. Examples include the use of personal email and cloud storage services, file transfer sites, format conversion websites or popular collaboration platforms such as Wrike or Asana.

Mostly used without ill-intent, through either negligence or for the sake of convenience, these services pose a serious threat to data security because companies are unaware of their use and thus do not know where their data is being processed or whether they are secure channels.

With the EU’s General Data Protection Regulation (GDPR) coming into force on 25 May 2018, companies must now, more than ever, put an end to shadow IT or risk the consequences of being financially penalized under the new regulation.

Why…Read more

GDPR: The Pros and The Cons

February 1, 2018 Author: Compliance 0 Comments

Data protection legislation is seen as a way for governments to take back control over data security which has suffered critical hits in recent years with major breaches making headlines on a weekly basis.  Regulations are a natural reaction to these real-world threats that companies seem powerless to stop. Governments hope that through the enforcement of tougher data protection policies, companies unwilling to take extra measures to ensure data protection will be brought to higher overall standards.

While this goal in itself seems necessary given recent developments, how will these new legislations translate into the business world and how will they affect business growth and the push for innovation? There is a marked concern in business circles that cumbersome overly restrictive data protection regulations, such as the EU’s General Data Protection Regulation (GDPR)…

Read more

EU vs US: How Do Their Data Protection Regulations Square Off?

January 17, 2018 Author: Compliance 0 Comments

The EU’s new General Data Protection Regulation (GDPR) is coming into effect on 25 May 2018 and will have wide-ranging consequences on a global scale, affecting all businesses that trade with the European Union, from within or outside its borders. From among non-EU countries, US businesses in particular have been actively taking steps to ensure that they comply with the new regulation.

With the United States having a number of regulations in place for data protection itself, does that mean companies already compliant with national regulations will find it easier to adjust to GDPR requirements? Let’s have a look at data protection regulations on both sides of the Atlantic to find out.

The European Union under the GDPR

The most important and talked about change in data protection regulation in Europe in the last twenty years, the GDPR has set off a race for compliance among companies…

Read more

GDPR Compliance Checklist

December 18, 2017 Author: Compliance 0 Comments

With 2017 coming to an end, the clock is ticking closer to the implementation of the EU’s new General Data Protection Regulation (GDPR) on May 25th 2018. While interest in issues of compliance surrounding the dreaded new legislation has soared in recent months, a great number of companies have yet to take concrete measures to ensure their businesses are up to the new standards before the deadline.

So what does it take to start your journey to compliance? Here is a short compliance check to get you started!

Whether your company is located within the European Union or outside it, you are required to comply with all requirements of the GDPR if any of your customers are EU data subjects. You must also bear in mind that the GDPR restricts cross-border data transfer outside the EU. For free data flow to occur cross-border, a third country must be deemed to have an adequate level of data protection …

Read more

The EU aligns its new ePrivacy Regulation to the GDPR

November 16, 2017 Author: Compliance 0 Comments

In January 2017, a new ePrivacy Regulation meant to repeal Directive 2002/58/EC was proposed by the European Commission and published on its website.  Concerning the respect for private life and the protection of personal data in electronic communications, the regulation is part of the Digital Single Market strategy and is meant to bring the ePrivacy Regulation in line with the General Data Protection Regulation (GDPR) coming into force in May 2018.

Directive 2002/58/EC previously covered the area of personal data processing and the protection of privacy in the electronic communications sector, but with the GDPR bringing requirements up to present day standards, the ePrivacy Directive needed to receive a similar upgrade that would help complement the GDPR, in the same way it was previously aligned to the Directive 95/46/EC. The two regulations are tightly interconnected with…

Read more

The UK’s bid for GDPR Compliance

November 9, 2017 Author: Compliance 0 Comments

As we draw nearer to the end of the year and we enter the last stretch to the GDPR compliance deadline, the UK has recently announced its own bill on data protection has entered Parliament for assessment. With two data protection regulations on the table though, which one are UK companies supposed to follow? Can they escape the scourge of the GDPR or will more requirements be added to their already full plate? Let’s take a closer look!

What is the UK Data Protection Bill?

The first draft of the UK Data Protection Bill was made public on 14 September 2017, after it passed its second reading in the House of Lords. Its aim is to modernize data protection laws in the UK for the 21st century, give people more control over their data, and provide them with new rights to move or delete personal data. It will be replacing the now outdated Data Protection Act 1998.

Its stipulations align themselves to the EU’s…

Read more

GDPR Requirements: The Essential Five

October 17, 2017 Author: Compliance 0 Comments

With the EU General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, the clock is ticking for companies to implement its requirements and to ensure compliance is reached before the looming deadline. Designed to replace the Data Protection Directive 95/46/EC, the GDPR aims to standardize data privacy laws across Europe, to protect EU citizens’ data privacy and give them power over what happens to their data.

The GDPR puts the ball firmly in EU citizens’ court, creating a new set of priorities for companies with personal data privacy at its apex, essentially reshaping the way organizations approach data privacy and security. But what does that mean exactly, in practical terms? While the regulation is couched in many cases in general terms, there are a few requirements that are explicitly stated within it. Here are the most important five:

1. Data Protection…Read more

NIST 800-171 compliance and Data Loss Prevention

September 7, 2017 Author: Compliance 0 Comments

The NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, published June 2015 (updated January 2016), focuses on information shared by federal agencies with non-federal entities. With its implementation deadline, 31 December 2017, looming, governmental contractors and sub-contractors are running out of time to update their policies and reach compliance.

What is NIST 800-171 and who does it apply to?

Issued by the National Institute of Standards and Technology(NIST), the publication works as a guide for federal agencies to guarantee that Controlled Unclassified Information(CUI) is protected when processed, stored and used in non-federal information systems. This sort of data is often shared by the federal government with institutions and organizations that carry out the work of federal…

Read more