— by David Weinstein, Senior Security Engineer, Threat Stack
The other week, Chris Lippert, Privacy Technical Lead at Schellman & Company, LLC., wrote an excellent blog post that explores overlaps and differences between GDPR and other frameworks, including ISO/IEC 27000, NIST, and PCI, as well as ways organizations can start to bridge the gaps to achieve alignment with GDPR.
In this post, Frank Kyazze, Senior Associate at Schellman, zeroes in on one of the questions that sit at the heart of the GDPR: “What is the Right to Erasure?” In this highly informative article, Frank explains some of the rights of data holders, responsibilities of data controllers, and best practices for effectively responding to requests for erasure. Read more “GDPR: What is the Right to Erasure?”
The GDPR deadline is looming large. With fewer than 100 days until May 25, many U.S. companies are still unsure what their responsibilities are under GDPR and what steps they need to take to meet new requirements.
To help you prepare, Threat Stack product marketing manager Hank Schless got together with Paul-Johan Jean, GDPR legal consultant at Sphaerist Advisory to give a high level-summary of GDPR responsibilities for U.S. companies in a recent webinar. You can either stream the archived webinar right now, or read the recap below. Read more “T-72 Hours to Report a Breach – Are You GDPR Ready? – Webinar Recap”
— by Pat Cable, Senior Infrastructure Security Engineer, Threat Stack
From time to time Threat Stack invites industry experts to share our blog space, and in today’s post, Chris Lippert, Privacy Technical Lead at Schellman & Company, LLC., takes a look at the General Data Protection Regulation (GDPR), a topic that is on everyone’s mind, whether they’re prepared for it or not.
In this post, Chris explores what’s unique about the GDPR, how it overlaps with existing frameworks including ISO/IEC 27000, NIST, and PCI, and points to how you can leverage your current controls to meet many of the security considerations for personal data under Article 32, as well as other requirements of the GDPR, such as data protection policies or vendor management.
Without further ado, here are Chris’ insights into GDPR. Read more “GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps”