What you Need to Know About the GDPR: Practical Steps to Address GDPR Compliance

May 09, 2017

While some organizations have written about the impending GDPR deadline and potential fines, or re-printed an exact copy of the text itself, TRUSTe has taken the 200+ pages of the GDPR and translated it into practical implementation steps for an organization of any size or maturity. The implementation steps are grouped into five actionable phases: Building a Program and Team Assessing Risks and Creating Awareness Designing and Implementing Operational Controls Managing and Enhancing Controls Demonstrating Ongoing Compliance A sample implementation step is developing a DPIA program, which includes creating templates, conducting DPIAs, managing remediation, and providing compliance reports. The guide also … Continue reading What you Need to Know About the GDPR: Practical Steps to Address GDPR Compliance

Argentina GDPR-like Data Privacy Bill

February 21, 2017

As previously described in our blog post “Doing Business with Argentina Just got Easier“, change appears afoot in the land of silver’s data protection law, in order to keep pace with evolving digital technologies and global regulatory regimes. Whereas in December 2016 the Argentine Data Protection Agency (DPA) issued a report proposing changes to the national Data Protection Act (Act) after nearly a year of public consultation, this month the DPA released a draft bill to update the sixteen-year-old Act in line with many of the European Union’s General Data Protection Regulation (GDPR)’s new requirements taking effect in May 2018. … Continue reading Argentina GDPR-like Data Privacy Bill

Webinar Recap: Best Practices to Create a Data Inventory and Meet GDPR Compliance

January 25, 2017

Yesterday we had Ray Everett, Principal Consultant (US), TRUSTe, Veronika Tonry, President, Privacy KnowHow, former Global Privacy Manager at Chevron and Applied Materials, and Guy Sereff, Corporate Counsel, Level 3 Communications share which tools and resources companies are using to conduct data inventories. Our speakers shared some of the biggest “lessons learned” from when they conducted Data Inventories for the first time, so that you can avoid them. There is no “one size fits all” approach – you should conduct these exercises in a way that fits with your company culture. Once you’ve received the support for the project, make … Continue reading Webinar Recap: Best Practices to Create a Data Inventory and Meet GDPR Compliance

Newly Released EU GDPR Guidance

December 21, 2016

The EU GDPR goes into effect in May, 2018. While that may seem far away, for many organizations the changes required to become compliant with the new law will take several quarters to implement. Some of the larger changes required will deal with the new “Right to Data Portability”, Identifying a lead supervisory authority, and appointing a “Data Protection Officer.” The Article 29 Working Party (WP29) has just released guidance on these three requirements. The guidance is summarized below, along with links to the full documents. 1) Right to Data Portability Article 20 provides data subjects with the right to … Continue reading Newly Released EU GDPR Guidance

Your Path to GDPR Compliance | Step 3

June 22, 2016

TRUSTe has developed an education series designed to provide you with a path to achieving GDPR compliance.  This multi-part program provides both guidance on what to do, along with options for helping you get it done. Step 3: Develop Plan In Step 3 of Your Path to GDPR Compliance, we leverage the progress and results from Step 1: Assess Readiness and Step 2: Build Consensus to answer the question, “How do I build a plan that’s prioritized based on risks and accounts for level of effort?” Several things must happen at this stage to develop an effective plan including: Conducting … Continue reading Your Path to GDPR Compliance | Step 3

Your Path to GDPR Compliance | Step 2

June 09, 2016

TRUSTe has developed an education series designed to provide you with a path to achieving GDPR compliance.  This multi-part program provides both guidance on what to do, along with options for helping you get it done. View Step 1: Assess Readiness   Step 2: Build Consensus In Step 2 of Your Path to GDPR Compliance, we address the most common next question, “what do I need to do to secure stakeholder commitment and resources for execution?” Building consensus up-front is critical to the success of any privacy program within an organization and is not specific to the GDPR. Fundamental leadership … Continue reading Your Path to GDPR Compliance | Step 2