Group Fines Under the GDPR

How Multinational Companies May be Affected by Their Subsidiaries’ Noncompliance

Introduction

— by Lindsey Ullian, Threat Stack Compliance Manager

Preparing for GDPR was similar to preparing for Y2K — heads down grinding with anxiety running high, only to find that May 25th came and went without a peep. So what was all that hard work and worry for, anyway? What drove all the privacy emails and data inventorying within companies? In all honesty, it was most likely driven by the high consequences that a company might suffer as a result of noncompliance. But just because your company is now “GDPR ready,” does that mean you’re safe from heavy fines?

Not necessarily. The noncompliance of other companies just might make you vulnerable.

In this post, Kevin Kish, Privacy Technical Lead with Schellman & Company, explains how you may be affected by your subsidiaries’ noncompliance and how you can manage the risk.
Read more “Group Fines Under the GDPR”

GDPR: What Compliance Says vs. What DevOps Hears

The deadline for the General Data Protection Regulation (GDPR) is fast approaching, with May 25 marking the official day of reckoning. The updates to the data protection directive of 1995 (Directive 95/46/EC) are designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy rights, and to reshape the way organizations across the EU approach data privacy.

There’s a likelihood that Compliance has approached your DevOps team to get on board. But when Compliance talks, what do you hear? Are you truly understanding what’s required of you to become GDPR compliant? Let’s take a look at some of the possible gaps in knowledge below. Read more “GDPR: What Compliance Says vs. What DevOps Hears”

Are You Ready for GDPR Compliance? Here’s a Checklist.

The European Union’s General Data Protection Regulation (GDPR) is going into effect in just two months — on May 25, 2018. Yet a recent Forrester report indicates that only about 30% of companies say they’re ready to comply, and at least some of those firms are actually overstating their readiness.

If you haven’t completed your preparations or you’re not confident about your status, we’ve created the following checklist to help your organization prepare for the upcoming changes. We hope you find it useful. Read more “Are You Ready for GDPR Compliance? Here’s a Checklist.”

GDPR: What is the Right to Erasure?

Introduction

— by David Weinstein, Senior Security Engineer, Threat Stack

The other week, Chris Lippert, Privacy Technical Lead at Schellman & Company, LLC., wrote an excellent blog post that explores overlaps and differences between GDPR and other frameworks, including ISO/IEC 27000, NIST, and PCI, as well as ways organizations can start to bridge the gaps to achieve alignment with GDPR.

In this post, Frank Kyazze, Senior Associate at Schellman, zeroes in on one of the questions that sit at the heart of the GDPR: “What is the Right to Erasure?” In this highly informative article, Frank explains some of the rights of data holders, responsibilities of data controllers, and best practices for effectively responding to requests for erasure. Read more “GDPR: What is the Right to Erasure?”

T-72 Hours to Report a Breach – Are You GDPR Ready? – Webinar Recap

The GDPR deadline is looming large. With fewer than 100 days until May 25, many U.S. companies are still unsure what their responsibilities are under GDPR and what steps they need to take to meet new requirements.

To help you prepare, Threat Stack product marketing manager Hank Schless got together with Paul-Johan Jean, GDPR legal consultant at Sphaerist Advisory to give a high level-summary of GDPR responsibilities for U.S. companies in a recent webinar. You can either stream the archived webinar right now, or read the recap below. Read more “T-72 Hours to Report a Breach – Are You GDPR Ready? – Webinar Recap”

GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps

Introduction

— by Pat Cable, Senior Infrastructure Security Engineer, Threat Stack

From time to time Threat Stack invites industry experts to share our blog space, and in today’s post, Chris Lippert, Privacy Technical Lead at Schellman & Company, LLC., takes a look at the General Data Protection Regulation (GDPR), a topic that is on everyone’s mind, whether they’re prepared for it or not.

In this post, Chris explores what’s unique about the GDPR, how it overlaps with existing frameworks including ISO/IEC 27000, NIST, and PCI, and points to how you can leverage your current controls to meet many of the security considerations for personal data under Article 32, as well as other requirements of the GDPR, such as data protection policies or vendor management.

Without further ado, here are Chris’ insights into GDPR. Read more “GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps”