The 25th of May 2018 will be a day that is forever etched into our memories. It is a day we had been working towards for well over seven years by the time it arrived. For those of you who don’t remember – it is the day the GDPR entered into application. What other topic could we possibly discuss in today’s Serious Privacy episode other than the first GDPR review? The serious question is – is it time to celebrate?
Let’s look at lessons we learned over the past two years and review activities by consumers, businesses, and regulators. You will get both the U.S. and the European perspective, and we have a special guest for this episode – TrustArc’s own CEO, Chris Babel. Chris brings with him decades of experience in both security and privacy and has a front row seat in most privacy initiatives. Being in security when it first ramped up in compliance requirements provided Chris with a solid understanding of how compliance initiatives grow, including funding challenges. We discuss the good, the bad, the ugly – and the promise of GDPR. Listen to this week’s episode on our website or stream the episode below.
What is a representative under GDPR? Why do I need one? What do they actually do? Are these questions familiar to you? Does it sound like we are reading your mind? Then join us for this exciting unscripted conversation with Tim Bell, Managing Director of the DPR group – a walking, talking, EU representative.
If a data controller or processor does not have an establishment in any of the member states of the European Union, they have to appoint a representative. This is stipulated by article 27 GDPR. But does this really happen? The EU Member States seem to have concerns. In their evaluation report of the GDPR, they say it is uncertain to what extent controllers and processors from third countries have complied with the Representation obligation.
Apparently, there are cases where a representative has not been designated. Reason enough to dive a bit deeper into this topic and discuss the role of the representative and how to appoint one. In this podcast, we address a variety of topics such as the complexities of current EU representatives established in the United Kingdom and what that means for companies who will need a UK representative in the EU or vice versa. Listen on your favorite podcast platform or stream the episode below.
TrustArc announced major updates to Nymity Awareness Tracker, the first compliance solution on the market to streamline contextual privacy awareness across an entire business. Privacy legislation such as the General Data Protection Regulation (GDPR) in Europe and the upcoming California Consumer Privacy Act (CCPA) in the US have elevated the visibility of privacy professionals in the corporate world. However, many still feel confused about which privacy rules apply to them and the teams they support. With the Nymity Awareness Tracker, employees can hone in on areas of legislation that are relevant to their role and location and receive tailored updates that are easy to understand.
Awareness Tracker provides simple, one-stop access to privacy awareness learning, helping to reduce risk while increasing engagement, knowledge and accountability across an entire organization. With gamification elements designed to make privacy learning fun, its mission is to empower privacy champions at every level of the business.
Key benefits of the Awareness Tracker include:
- The ability to maintain awareness across the organization in a few minutes each week
- Engaging infographics and visuals to support the learning process
- The power to reward Privacy Champions with status as their knowledge improves
- Built in user feedback to continually improve the content relevance by audience
- CPE credits
“Privacy compliance is complex, ever changing and can often seem overwhelming,” said Terry McQuay, TrustArc Vice President, Knowledge & Intelligence Solutions and Founder of Nymity. “Awareness Tracker makes privacy regulations and concepts easy to understand for business units whose primary responsibility is not privacy. Businesses need tools to help their teams navigate the ever-changing privacy legislative landscape. Awareness Tracker helps them do this, allowing businesses to empower Privacy Champions in an engaging and fun way.”
To learn more about Awareness Tracker, click here.
TrustArc recently announced the acquisition of Nymity – click here to learn more.
The European Union’s (EU) General Data Protection Regulation (GDPR) is the most sweeping change to data protection in the past 20 years, and will go into effect in less than a year. Its impact will be felt by every organization that does business in the EU, or handles personal information of EU citizens in any manner.
We benchmarked the status of 200 U.S. companies’ efforts to meet privacy mandates in general, and in particular to meet the May 25, 2018 deadline for the GDPR. The survey was conducted by Dimensional Research on behalf of TrustArc.
On July 26, as the first webinar in the Summer/Fall TrustArc Privacy Insight Series, we had privacy experts talk about what they’ve been seeing as the causes behind some of the key statistics in our research.
The study results showed that 95% of organizations say that the need for technology to help manage privacy is growing. Why the shift from privacy being primarily a policy issue handled by the legal office toward privacy becoming an operational issue requiring sophisticated solutions to manage? Digital Accountability.
Now privacy is a business issue, and compliance requires the entire organization to participate. New requirements around things like Verifiable Consent, the Right to be Forgotten, and Privacy by Design touch departments such as marketing and product. Because accountability now goes beyond the legal team, organizations need solutions to verify and demonstrate that GDPR requirements are being met.
Results also demonstrated that 83% of organizations expect their GDPR spending to exceed $100,000 dollars. While larger organizations plan to spend even more, most organizations are prepared to spend a lot. The deadline is approaching fast and many organizations have a shortage of internal resources. Although the cost may seem high, companies can maximize their investment by taking an integrated approach by having all teams work together toward compliance. Additionally, ensuring that the technology used for compliance is integrated into a long term plan will help get the most out of the investment.
You can read the full report or listen to the webinar on demand. If your organization needs help building, implementing, or demonstrating GDPR compliance, TrustArc offers solutions to help, no matter where your organization stands against the GDPR requirements. Contact us today.
The results of the TrustArc / Dimensional research report on the status of U.S. Privacy and GDPR Compliance Programs will be shared in a three-part blog post series:
- To review Part 1, the General Privacy Market Results, click here
- To review Part 2: GDPR Compliance Results, click here
- Part 3: Privacy Program Implementation Results
Companies report needing help in a wide range of areas, topped by GDPR planning, international data transfer, compliance reporting, conducting PIAs / DPIAs, and data inventory.
Many GDPR implementation plans begin with conducting a data inventory; however, companies face three common challenges when it comes to data inventory. The three challenges cited most by the privacy professionals surveyed were difficulty to maintain and update privacy programs (57%), lack of appropriate tools and technology (56%), and lack of internal resources (54%).
50% of the respondents preferred dealing with outside vendors that could provide both tools and technology, together with process/legal expertise.
In terms of desired capabilities for third party vendors, the most important in terms of priority ranking were knowledge of the customer’s industry (48%) and years of experience (39%).
To download a copy of the TrustArc “Privacy and the EU GDPR” research report, click here.