GDPR: A simple explainer

Minimalist · Dec 1, 2017

Businesses bracing for GDPR data deletion requests

Businesses are concerned that data deletion requests under the GDPR will have a significant or even crippling effect, with many unprepared to meet the expected demand
Click to expand...

http://www.computerweekly.com/news/450431134/Businesses-bracing-for-GDPR-data-deletion-requests

Minimalist · Dec 5, 2017

How cybersecurity solutions can help with GDPR compliance

Technical (protection) measures, means, technologies, rules and resources are mentioned multiple times throughout the GDPR text. The Regulation does not, however, specify any security technology implementation as obligatory (a few methods are suggested as optional solutions for the specific usage). Choice and evaluation of adequacy is the sole responsibility of the data controller and processor.

The range of possible technical mechanisms and safeguards for processing personal data depends primarily on the existing business processes and underlying ICT systems. Cybersecurity (or ICT security) solutions present a subset of possible technical approaches to ensuring compliance, characterized by its scope (digital domain) and purpose of application (preserving availability, authenticity, integrity, confidentiality, non-repudiation and privacy.

A saying, especially appropriate for GDPR, states that “there is no privacy without security” (not necessarily vice versa). So, what does InfoSec have in store for the GDPR buyer?
Click to expand...

https://www.helpnetsecurity.com/2017/12/05/cybersecurity-solutions-gdpr-compliance/

Minimalist · Dec 22, 2017

WHOIS The First Casualty Of GDPR?

In some cases, organizations might simply elect to throw their hands up in the air and sunset their data. One such organization that came to mind for me was Internet Corporation for Assigned Names and Numbers (ICANN). If you are not familiar with ICANN, this is a non-profit that was established in 1998. The organization charged with shepherding and enforcing policies related to the names and numbers used on the internet, domain names and ip addresses for example.

One example is the venerable WHOIS. This is a repository that stores the information of the registered users or its delegates for an autonomous system (AS), IP address block or domain name. This data is stored in a readable format which would fly in the face of the guidance outlined in GDPR.
Click to expand...

https://www.forbes.com/sites/davelewis/2017/12/21/whois-the-first-casualty-of-gdpr

ronjor · Jan 23, 2018

Facebook to hand privacy controls to users ahead of EU law

Julia Fioretti January 23, 2018
BRUSSELS (Reuters) - Facebook will make it easier for its more than 2 billion users to manage their own data in response to a tough new European Union law that comes into force in May, the social network’s Chief Operating Officer Sheryl Sandberg said.
Click to expand...

ronjor · Feb 1, 2018

US Government in Whois GDPR Warning

1 Feb 2018 Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
The head of a US government agency has warned against over-zealous changes to the Whois internet lookup service in order to comply with the forthcoming EU General Data Protection Regulation (GDPR).
The decades-old system publishes the personal details including name, address, email and telephone number of every domain name registrant. However, this flies in the face of Europe’s new privacy laws, which state that businesses must obtain clear consent from individuals to store and publish their personally identifiable information (PII).
Click to expand...

Minimalist · Feb 5, 2018

7 steps for getting your organization GDPR-ready

At its core, GDPR compliance is about following sensible information management practices. However, oftentimes, business users do not follow their organization’s information governance policies, whether it’s because storing content in these platforms is tedious or simple ignorance of the rules. Compliance with the GDPR will therefore require practical steps which both improve employee awareness and the practices that make it more likely people will follow the rules.
Click to expand...

https://www.helpnetsecurity.com/2018/02/05/gdpr-ready-organization/

ronjor · Feb 15, 2018

New EU Privacy Law May Weaken Security

Companies around the globe are scrambling to comply with new European privacy regulations that take effect a little more than three months from now. But many security experts are worried that the changes being ushered in by the rush to adhere to the law may make it more difficult to track down cybercriminals and less likely that organizations will be willing to share data about new online threats.
Click to expand...

xxJackxx · Feb 16, 2018

For those of you that are subject to the GDPR (we have customers in EU countries) what resources are you using to verify that you are compliant or to find out what you need to get that way? Is there a comprehensive checklist? Do you acquire the services of a consultant or attorney that specializes in it? The company I work for still has more questions than answers as far as what it needed to comply.

Minimalist · Feb 26, 2018

Is GDPR-regulated data lurking in unexpected pockets of your organization?

A recent study showed that over 60 percent of corporate data is stored on employee endpoints. And yet, as companies work to ensure compliance with the new General Data Protection Regulation (GDPR), they still may be overlooking a few key areas.

The GDPR globally impacts the processing of all personal data on EU residents and takes effect on May 25, 2018. The challenge is personal data doesn’t just live in your customer relationship management (CRM) system, it also exists in a more unstructured way on your company’s endpoints.

To protect company assets and meet GDPR compliance standards, organizations need to have a firm understanding of where personal data resides, including where it is created, used and stored. Failure to adequately secure user endpoints could mean major fines as well as damage to customer relationships and brand reputation.
Click to expand...

https://www.helpnetsecurity.com/2018/02/26/gdpr-regulated-data/

Minimalist · Mar 14, 2018

The 600+ Companies PayPal Shares Your Data With

One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good visualization of that data.

Is 600 companies unusual? Is it more than average? Less? We'll soon know.
Click to expand...

https://www.schneier.com/blog/archives/2018/03/the_600_compani.html

Minimalist · Apr 6, 2018

Crypto Group Claims Blockchain Should be Exempt From EU Data Protection Rules

On 25th May the EU's General Data Protection Regulation (GDPR) comes into effect, and with it tech companies are going to have to make sweeping changes to how they handle user data and granting users more control over what information is stored. One Washington DC-based think tank thinks Bitcoin and the rest of the blockchain should be exempt from those rules, however.

Coin Center says that because blockchain can be used to store personal data, it would likely wall under the jurisdiction of GDPR rules. Under those rules companies that store data on EU citizens will have to comply should those citizens ask for their personal data to be deleted. Unfortunately experts told The Verge that this might be totally incompatible with the way blockchain works, since modifying or deleting any stored data has consequences on the rest of the blocks in the chain.
Click to expand...

http://www.gizmodo.co.uk/2018/04/cr...ould-be-exempt-from-eu-data-protection-rules/

RollingThunder · Apr 8, 2018

Minimalist said: ↑

https://www.helpnetsecurity.com/2017/05/04/mssp-gdpr-compliance/
Click to expand...

Well, good! I hope in these companies profound sense of head swaggering arrogance that the EU fines them $20,000,000 or 4 percent of their budget for each offense when they continue business as usual. I will for one laugh my *** off when it happens. I am only hoping the first violator is Facebook.

stapp · Apr 9, 2018

Seems like Malwarebytes may have to alter their default opt in because of this.

https://forums.malwarebytes.com/topic/226296-massive-data-upload-by-mbamserviceexe/

Minimalist · Apr 9, 2018

GDPR Privacy Policy Fail: Only 34% of EU Sites Compliant

Just a third of websites in the EU and even fewer in the UK have their privacy policy in order ahead of major new legislation set to land next month.

The European General Data Protection Regulation (GDPR) represents the biggest change to the EU’s privacy laws in almost a generation.

However, despite it being ratified two years ago, there appear to be major compliance problems ahead of the May 25 deadline.
Click to expand...

https://www.infosecurity-magazine.com/news/gdpr-privacy-policy-fail-34-eu/

stapp · Apr 9, 2018

Well Malwarebytes have a just few weeks to comply.

https://forums.malwarebytes.com/top...-mbamserviceexe/?tab=comments#comment-1231178

It looks like that law/regulation doesn't go into full effect until May 25th of this year according to the document you linked there (and I heard the same from a Malwarebytes employee when I asked about it) so I'm guessing that as long as Malwarebytes has it corrected by then, there should be no issues with failure to comply with EU regulations. That gives them just over 2 weeks from today to get it done and get a new build out which includes the change(s) necessary for compliance.
Click to expand...

Minimalist · Apr 13, 2018

ICANN Requests GDPR Exemption As It Develops Compliance Plans

Internet domain name bodies have estimated they could take up to a year or more to implement proposals designed to bring them into compliance with the EU’s General Data Protection Regulation (GDPR), as the internet oversight body ICANN scrambles to put a compliance plan into place.
Click to expand...

https://www.silicon.co.uk/workspace/icann-gdpr-exemption-compliance-231353

ronjor · Apr 14, 2018

Report: EU may slap new GDPR Fines on Old Data Breaches

April 12, 2018 17:00 by Elizabeth Montalbano
The European Union (EU) wants to send a clear message to companies that it’s serious about data privacy, suggesting it will still slap fines on data breaches that happen even before the EU General Data Protection Regulation (GDPR) takes effect in late May if companies don’t disclose them first.
Click to expand...

Minimalist · Apr 16, 2018

Europe Tells ICANN Its GDPR Compliance Plans Need More Work

The European Commission’s data protection advisory body has said it continues to have “concerns” about plans to bring the internet’s WHOIS service into compliance with sweeping new data rules set to come into force in Europe next month, indicating those plans are as yet insufficient.

In a letter by the Article 29 Working Party (WP29), which is made up of representatives from EU member states’ data protection bodies, to internet oversight body ICANN, the European group identified a number of areas in which it was of the “utmost importance” for ICANN to “either reconsider or further evaluate its current approach”.
Click to expand...

https://www.silicon.co.uk/workspace/europe-icann-gdpr-compliance-231417

Minimalist · Apr 26, 2018

GDPR Too Close, Half of Global Companies Not Ready

With only one month remaining before the EU's General Data Protection Regulation (GDPR) goes into effect, many organizations are still scrambling to be in compliance. That could result in hefty fines and legal consequences for the majority of the 448 institutions surveyed by KPMG Global Legal Services. More than half (54%) reported that they are not in compliance.
Click to expand...

https://www.infosecurity-magazine.com/news/gdpr-too-close-half-of-global/

ronjor · Apr 27, 2018

How to handle the flood of GDPR privacy updates

By Leo Kelion Technology desk editor
Many app users' inboxes are bulging with requests to review new terms of service and privacy conditions.
And it is no coincidence that so many developers have revamped their small print at the same time.
Click to expand...

Minimalist · May 1, 2018

Media Groups Accuse Google Of GDPR Power Grab

Publisher trade groups representing thousands of newspapers and media organisations have accused Google of making unreasonable demands on them as it brings in new advertising rules to comply with the EU’s General Data Protection Regulation (GDPR).

Google updated its policies for advertisers about one month ago, telling publishers they must share any data they receive from users with the search giant if they use Google’s platform to sell ads.

Google said it would not disclose how it uses the data. At the same time, the company says publishers, not Google, are liable if GDPR violations occur.
Click to expand...

https://www.silicon.co.uk/workspace/media-groups-google-gdpr-power-231899

Minimalist · May 2, 2018

Time is running out, yet many US companies are not GDPR-ready

A significant percentage of US companies are uncertain about or unprepared for the European Union’s General Data Protection Regulation (GDPR) that takes effect later this month, according to a new survey by CompTIA.

“Confusion about the regulations remains a significant problem for many companies,” said Todd Thibodeaux, CompTIA president and CEO.
Click to expand...

https://www.helpnetsecurity.com/2018/05/02/not-gdpr-ready/

Minimalist · May 2, 2018

ICANN ‘To Deliver Temporary GDPR Plan’ As Deadline Looms

Internet oversight body ICANN has said it hopes to deliver a draft temporary specification for compliance with the EU’s General Data Protection Regulation (GDPR) within the next few days, amidst dissension with European regulators and the US government over its delayed compliance plans.

The update came as a study found only 3 percent of US organisations were concerned about fines under the new regulations, and as a result were not prioritising compliance.
Click to expand...

https://www.silicon.co.uk/workspace/icann-gdpr-deadline-231965

guest · May 5, 2018

New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance
May 5, 2018
https://www.bleepingcomputer.com/ne...panies-can-save-thousands-on-gdpr-compliance/

A new service called GDPR Shield is making the rounds this week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with GDPR compliance.
Companies are turning away from the EU market
Any company that has data on EU users is subject to the new GDPR regulation and can be fined, regardless if the company is not based in a EU state.
Companies are intentionally blocking EU IP addresses
Apart from this, there are also the companies that had no intent on breaking into the EU market but are serving customers regardless, and as such, are also falling under the GDPR umbrella.
A company that has openly admitted to such a practice is Boston-based cyber-security firm Steel Root, which has implemented its own system that blocks EU-based users from accessing its service.
EU regulation sparks another Internet trend
"Block EU users from accessing your site," the GDPR Shield website reads. "Don't spend thousands on legal fees to make your site GDPR-compliant. If you aren't targeting EU users, simply use GDPR Shield to block all traffic from the EU," the company boasts.
Click to expand...

Minimalist · May 12, 2018

Why the GDPR email deluge, and can I ignore it?

‘Urgent action required ”, “Do you still want to hear from us?”, “We’ve updated our privacy policy”, “Should we stop sending you updates? If not, act now!”

Many of us will have received emails like this during the past few weeks, some of them from companies we haven’t used for years or have maybe never even heard of.

Triggering this deluge of emails is something called GDPR that comes into effect in just under two weeks’ time. Often the emails warn that if you don’t respond, you will be removed from the company’s database, which raises a lot of questions. What action, if any, do you need to take? Could it affect you financially? If you ignore the emails, will you wake up one morning to find tumbleweed blowing through your inbox?
Click to expand...

https://www.theguardian.com/money/2018/may/12/why-the-gdpr-email-deluge-and-can-i-ignore-it

Log in or Sign up

GDPR: A simple explainer

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

ronjor Global Moderator

xxJackxx Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

RollingThunder Registered Member

stapp Global Moderator

Minimalist Registered Member

stapp Global Moderator

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

guest Guest

Minimalist Registered Member

Log in or Sign up

GDPR: A simple explainer

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

ronjor Global Moderator

xxJackxx Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

RollingThunder Registered Member

stapp Global Moderator

Minimalist Registered Member

stapp Global Moderator

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

guest Guest

Minimalist Registered Member

Useful Searches