45 Useful and Informative GDPR Presentations & Resources

The months leading up to May 25, 2018 produced a steady barrage of articles urging organizations to get ready for the GDPR and warning about the consequences of failing to comply.

After May 25? . . . To be honest, not much. There are still lots of articles — “Tips For What Comes After,” “What to Watch For” — but no big stories. And therefore, it has been tempting to take a bit of a snooze.

But not so fast. Just because the headlines haven’t been filled with stories about violations and massive fines, that doesn’t mean you can sit back and do nothing if you’re operating within reach of the GDPR. The GDPR became fully enforceable on May 25, 2018, and fines for non-compliance can reach up to 20 million Euros or 4 percent of an organization’s annual global turnover for the preceding financial year, whichever is higher.

While it’s too early for these fines to have been imposed, it’s not too early to take another look at the GDPR and then strategically determine what you still need to do to ensure that your systems and processes are protecting your organization and your customers’ data.

Our advice? If you come under the GDPR — which is binding and applicable without the need for national governments to pass any enabling legislation — do your homework, shore up any deficiencies, and take whatever measures you need to become compliant or to maintain compliance.

And remember: While there are challenges to the GDPR, there are also opportunities, including the opportunity to create visibility and control over the data in your systems as well as the opportunity to build greater trust with your customers.

To help you out, we’ve put together this catalogue of 45 useful and informative resources that provide guidance on an extensive array of GDPR-related issues and topics. Read more “45 Useful and Informative GDPR Presentations & Resources”

Group Fines Under the GDPR

How Multinational Companies May be Affected by Their Subsidiaries’ Noncompliance

Introduction

— by Lindsey Ullian, Threat Stack Compliance Manager

Preparing for GDPR was similar to preparing for Y2K — heads down grinding with anxiety running high, only to find that May 25th came and went without a peep. So what was all that hard work and worry for, anyway? What drove all the privacy emails and data inventorying within companies? In all honesty, it was most likely driven by the high consequences that a company might suffer as a result of noncompliance. But just because your company is now “GDPR ready,” does that mean you’re safe from heavy fines?

Not necessarily. The noncompliance of other companies just might make you vulnerable.

In this post, Kevin Kish, Privacy Technical Lead with Schellman & Company, explains how you may be affected by your subsidiaries’ noncompliance and how you can manage the risk.
Read more “Group Fines Under the GDPR”

GDPR: What Compliance Says vs. What DevOps Hears

The deadline for the General Data Protection Regulation (GDPR) is fast approaching, with May 25 marking the official day of reckoning. The updates to the data protection directive of 1995 (Directive 95/46/EC) are designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy rights, and to reshape the way organizations across the EU approach data privacy.

There’s a likelihood that Compliance has approached your DevOps team to get on board. But when Compliance talks, what do you hear? Are you truly understanding what’s required of you to become GDPR compliant? Let’s take a look at some of the possible gaps in knowledge below. Read more “GDPR: What Compliance Says vs. What DevOps Hears”

Are You Ready for GDPR Compliance? Here’s a Checklist.

The European Union’s General Data Protection Regulation (GDPR) is going into effect in just two months — on May 25, 2018. Yet a recent Forrester report indicates that only about 30% of companies say they’re ready to comply, and at least some of those firms are actually overstating their readiness.

If you haven’t completed your preparations or you’re not confident about your status, we’ve created the following checklist to help your organization prepare for the upcoming changes. We hope you find it useful. Read more “Are You Ready for GDPR Compliance? Here’s a Checklist.”

GDPR: What is the Right to Erasure?

Introduction

— by David Weinstein, Senior Security Engineer, Threat Stack

The other week, Chris Lippert, Privacy Technical Lead at Schellman & Company, LLC., wrote an excellent blog post that explores overlaps and differences between GDPR and other frameworks, including ISO/IEC 27000, NIST, and PCI, as well as ways organizations can start to bridge the gaps to achieve alignment with GDPR.

In this post, Frank Kyazze, Senior Associate at Schellman, zeroes in on one of the questions that sit at the heart of the GDPR: “What is the Right to Erasure?” In this highly informative article, Frank explains some of the rights of data holders, responsibilities of data controllers, and best practices for effectively responding to requests for erasure. Read more “GDPR: What is the Right to Erasure?”

T-72 Hours to Report a Breach – Are You GDPR Ready? – Webinar Recap

The GDPR deadline is looming large. With fewer than 100 days until May 25, many U.S. companies are still unsure what their responsibilities are under GDPR and what steps they need to take to meet new requirements.

To help you prepare, Threat Stack product marketing manager Hank Schless got together with Paul-Johan Jean, GDPR legal consultant at Sphaerist Advisory to give a high level-summary of GDPR responsibilities for U.S. companies in a recent webinar. You can either stream the archived webinar right now, or read the recap below. Read more “T-72 Hours to Report a Breach – Are You GDPR Ready? – Webinar Recap”

GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps

Introduction

— by Pat Cable, Senior Infrastructure Security Engineer, Threat Stack

From time to time Threat Stack invites industry experts to share our blog space, and in today’s post, Chris Lippert, Privacy Technical Lead at Schellman & Company, LLC., takes a look at the General Data Protection Regulation (GDPR), a topic that is on everyone’s mind, whether they’re prepared for it or not.

In this post, Chris explores what’s unique about the GDPR, how it overlaps with existing frameworks including ISO/IEC 27000, NIST, and PCI, and points to how you can leverage your current controls to meet many of the security considerations for personal data under Article 32, as well as other requirements of the GDPR, such as data protection policies or vendor management.

Without further ado, here are Chris’ insights into GDPR. Read more “GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps”