Special Webinar Event: Current State of Brexit and Data Protection Impact

TrustArc is proud to present a special webinar event: “Current State of Brexit and Data Protection Impact.” This webinar will take place this Thursday, March 28th at 12pm GMT | 8am ET | 5am PT. Don’t miss this opportunity to learn more about how Brexit will affect data protection – register today!

Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar! Click here for answers to the most commonly asked webinar related questions.

The impact of a potential “Brexit” will play an important role on the data protection strategy of many companies and a lot will depend on what is decided in the next few days and weeks. This is why understanding the current state of Brexit is so critical right now.

You will learn in this webinar:

  • What is the current state of play between the UK and EU?
  • What are the options for Brexit resolution
    • “No deal” Brexit
    • “UK PMs deal” Brexit
    • Other options
  • The Data Protection Act (DPA) 2018 and its relationship with GDPR
  • What are the consequences of Brexit for the ICO?
  • What are the consequences of Brexit for business?
  • How will international data transfers be impacted?
  • What are the steps to take now?

If you want to understand better what the current state of Brexit is and what its implications to data protection are, then register now for this free webinar!

The TrustArc Privacy Insight Series is a set of live webinars featuring renowned speakers presenting cutting edge research, tips, and tools. Events are free and feature informative discussions, case studies and practical solutions to today’s tough privacy challenges. Over 20,000 privacy professionals registered for our events in 2018!

Upcoming Webinar – Pragmatic Consent Management: Meeting Compliance and Business Needs

TrustArc is proud to present the next Privacy Insight Series webinar “Pragmatic Consent Management: Meeting Compliance and Business Needs” with TrustArc Consulting Program Director Margaret Alston and TrustArc Senior Privacy Consultant Jim Keese. This webinar will take place this Wednesday, March 20th at 9am PT / 12pm ET / 5pm GMT. Don’t miss this opportunity to learn more about managing consent – register today!

As the dust settles on the first wave of GDPR implementation initiatives, businesses are left with a multitude of questions. Is implementing a simple cookie banner enough? How can I manage consents across multiple systems? How can I ensure our policies are being implemented? Do I really need a “Do Not Sell” button to comply with CCPA? Will all this change under the ePrivacy Regulation anyway? What kind of records do I need if a regulator asks?

As a privacy professional or a marketer, you’re responsible for advising the business and working through the realities of balancing compliance with ongoing demand for data-driven insights and growth. Join this webinar for a playbook of key tips and guidance to help you juggle these requirements with ease and understand what’s required and what’s open to interpretation.

This webinar will outline:

  • Consent requirements under key regulations including GDPR and CCPA
  • Key considerations and decisions for the business to take
  • Tools to support universal consent management

Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar! Click here for answers to the most commonly asked webinar related questions.

The TrustArc Privacy Insight Series is a set of live webinars featuring renowned speakers presenting cutting edge research, tips, and tools. Events are free and feature informative discussions, case studies and practical solutions to today’s tough privacy challenges. Over 20,000 privacy professionals registered for our events in 2018!

Privacy Insight Series Webinar Recap: Managing Risk & Easing the Pain of Vendor Management

As part of the TrustArc Privacy Insight Series, Director of Consulting at TrustArc, Paul Iagnocco, presented “Managing Risk & Easing the Pain of Vendor Management”.  This blog post will give a brief summary of that webinar; you can listen to the entire webinar and download the slides here.

In this webinar, Paul discussed methods and challenges companies face when accessing and evaluating vendors under regulations such as the GDPR, CCPA, Privacy Shield and HIPAA. Under each of these regulations, demonstrating compliance requires vendor management provisions speaking to specific topics such as: documented instructions, technical and organization measures, confidentiality, disclosure, right to audit, and retention periods. Paul stressed the importance of involving key stakeholders (IT, finance, legal, etc.) and how companies should prioritize building relationships with information security teams. Working with that team in particular is important because once a company identifies their existing vendor management approach, it’s key to find where privacy and security can be added and implemented within that cycle.

Shankar Chebbrolu, Enterprise Security Architect at RedHat spoke on his experience using various vendor management methods. Prior to 2016, RedHat used a home-grown approach to vendor management using Google Forms and a ticketing system. In May 2016, RedHat had an auditor assess the way the company was handling risk management, including third party management.  Results from the auditor’s report showed RedHat needed to further develop their vendor management system in order to improve their privacy posture. RedHat implemented TrustArc Assessment Manager in February 2017 as a means to assess and minimize their third party risk. Shankar discussed how the robust, out-of-box templates within Assessment Manager, specifically vendor assessment, removed the need for his team to frame vendor questions themselves. As of February 2019, RedHat has completed over 200 vendor assessments using Assessment Manager!  

Paul outlined several key takeaways for effective vendor management:

  • Identify tools to manage vendor due diligence, whether it be by manual/low-tech or a technology platform approach, while considering long-term versus short-term sustainability
  • Conduct privacy assessments (e.g., PTA, PIA and if necessary, DPIA) that addresses vendor’s overall privacy program appropriate to the nature of the information
  • Be prepared to demonstrate due diligence – including reporting and individual rights management
  • Establish a common repository for all vendor management and data protection initiatives

To learn more about best practices for vendor management, view the on-demand Privacy Insight Series webinar here. Registration is now open for the next webinar in the Privacy Insight Series: “Pragmatic Consent Management: Meeting Compliance and Business Needs.”

The TrustArc Privacy Insight Series is a set of live webinars featuring renowned speakers presenting cutting edge research, tips, and tools. Events are free and feature informative discussions, case studies and practical solutions to today’s tough privacy challenges. Over 20,000 privacy professionals registered for our events in 2018!

TrustArc Essential Guide to the California Consumer Privacy Act (CCPA)

This guide distills the California Consumer Privacy Act (CCPA) into distinct phases to help a business achieve and then maintain compliance. The guide is designed for professionals across a wide range of functions who will be impacted by the CCPA.

Before building a program, TrustArc suggests that companies review with legal counsel all applicable privacy compliance regulations or frameworks with which your company will have to comply. Finding commonalities between the requirements and controls will allow a company to find overlap between the obligations, and then adjust for any differences, rather than having completely separate programs.

One example of a requirement that is new for CCPA is the “look back” period. Therefore, your budget should take into account supplying your team with the resources necessary to address the requirements around access, accounting of disclosures, and transparency requirements. For example, companies will have to identify any personal information previously collected by the business about the consumer for the past 12 months, so the process should ensure that business processes that collect personal information are recorded in a data inventory. A company will need to be able to identify the type of personal information being collected; there are 11 categories enumerated in the CCPA and the company would have to choose the one that most closely describes the personal information. The company will also need to know why it collected the personal information (the purpose); which categories of personal information were sold; and which categories were disclosed for a business purpose. Keeping up-to-date and detailed records will be key.

To learn more about CCPA requirements and how to leverage your existing privacy program, download your copy of the CCPA Essential Guide now.

Managing Compliance with Privacy Assessments

No matter what industry you are in, the size of your organization, or the maturity of your privacy program, conducting regular privacy assessments is important to understand and ensure compliance. Privacy assessments need to address a wide range of legal requirements and best practices and will help build an action plan to identify gaps and define and manage remediation activities.

When assessments align with pertinent global privacy laws, they provide a structure for gathering information necessary to determine compliance successes and gaps. They also help companies predict trends, assign resources appropriately, and resolve the right issues. Stakeholders participating in the assessment process typically learn from the experience and become more engaged and educated about privacy. Finally, a historical set of assessment results can demonstrate a company’s progress along its privacy compliance journey.

TrustArc has a wealth of data from numerous privacy research studies conducted over the past several years. These studies have gauged consumer attitudes, actions, and the impact that data privacy management has had on businesses. TrustArc has also conducted research studies to provide companies with guidance on common questions including how to handle internal privacy practices, as well as appropriate budgeting and planning.

TrustArc and IAPP released the findings of the “Measuring Privacy Operations” research study. The study examined the current state of privacy program management. The research shows that critical privacy program activities such as creating data inventories, conducting data protection impact assessments (DPIA), and managing data subject access requests (DSAR) are now well established in large and small organizations in both Europe and the United States.

Some key findings about assessments are:

  • DPIAs are the most common type of privacy assessments
  • 75% of respondents subject to the GDPR report they have completed one or more Data Protection Impact Assessments (DPIA).
  • 46% use technology tools for DPIA management, including 20% who use a specialized software solution; only 47% continue to use a manual process, down from 66% two years ago.
  • DPIAs, Privacy Impact Assessments (PIAs), and Vendor / Third Party Risk are the most popular type of privacy assessments, and are used significantly more often than popular security assessments such as ISO 27001 and NIST.

TrustArc offers a broad range of solutions to help companies build and manage a privacy program. TrustArc offers self-service and managed service offerings to address a wide range of privacy compliance requirements. To learn more, download the “Managing Compliance with Privacy Assessments” here.

Upcoming Webinar: Managing Risk & Easing the Pain of Vendor Management

Shankar Chebrolu, Enterprise Security Architect at RedHat, will join TrustArc to speak about  “Managing Risk & Easing the Pain of Vendor Management” during the next Privacy Insight Series webinar on Wednesday, February 20th at 9am PT / 12pm ET / 5pm GMT. Don’t miss this opportunity to learn more about privacy risk management – register today!

Speakers will discuss the one of the most important components of a privacy and security risk management program – understanding how your third party vendors are handling your data and whether they can maintain compliance. This component is critical whether you’re focused on GDPR, CCPA, HIPAA or Privacy Shield. He will provide best practice son how to keep up with privacy assessments and security questionnaires about your own data handling practices in addition to monitoring your vendors’ data handling practices.

Vendor management is also key because while a  regulator may never ask about your GDPR compliance status,  your largest customer probably will ask. Demonstrate your compliance or expand and efficiently scale a vendor management program.

This webinar will illustrate :

  • Options to demonstrate compliance against multiple regulations or buyer requirements;
  • Tools and methodology to support privacy and security third party assessments; and
  • Ways to develop an independent validation program and process for ongoing assurance of a risk-based level of supplier compliance

Join us on Wednesday, February 20th to hear more about vendor management best practices from our expert speakers.

Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar!

 

div>