• How to address the Dissimilarities between GDPR and Blockchain
    The complexities of GDPR both in implementation and enforcement means that old technologies and internal legacy systems with inundated IT platforms cannot solve the GDPR complexities. With the emerging blockchain technologies, there are new avenues to further strengthen data-ownership, transparency and trust between entities and to address the most critical GDPR issues. However specific components of the GDPR regulation prohibits the stash of data directly on the current blockchain technology since in GDPR terms ‘the data is not erasable’.
  • The Technical Aspects of Privacy by Design And Default
    When GDPR is implemented the right and the correct way digitisation can be a contributing factor and make the role and responsibilities of the DPO or CIO a bit easy. However, if not implemented in a structured and holistic way. GDPR can create some threats to the fundamental rights of the individual or data subject.
  • Is Your Company Vulnerable to Cyber-Crime?
    Internet of Things, big data, analytics, globalisation, cloud and related internet issues create new concerns when it comes to corporate data protection and IT security. After a wide range of cyber-attacks the general belief amongst the board of directors now is that no company can be prepared for future hacker attacks. However that must never be the case. All companies can be prepared to save the business and damage control any major cyber-attack.
  • Reflections of a GDPR Data Protection Officer (Part I of III)
    As the year 2017 is ending, I sit here in my corner office and began reflecting on what has transpired in the world of the EU’s General Data Protection Regulation (GDPR) and the apprehensions on what the coming year 2018 will have in store for me, my colleagues, the organisation and the business.
  • 2018 GDPR Update from the EUGDPR Institute. The confessions of a DPO
    Part I excerpt: As the year 2017 is ending, I sit here in my corner office and began reflecting on what has transpired in the world of the EU’s General Data Protection Regulation (GDPR) and the apprehensions on what the coming year 2018 will have in store for me, my colleagues, the organisation and the business.
  • Reflections/confessions of a GDPR Data Protection Officer (Part III of III)
    In the first two reflections, I focused on how we implemented GDPR in the first and some observations on some of the issues and problems my colleagues experienced in the second blog. However the primary concerns was in dealing with the critical GDPR issues, about the role and responsibilities of the DPO, which of course vary considerably due to the culture, level of proficiency and maturity etc.
  • The need to shift data privacy focus in Sales and Marketing departments to comply with GDPR
    GDPR is not only a technical, logistics or an HR compliance issue. Since any GDPR breach deals with reputation, it is not merely a compliance regulation but involves some stakeholders. The correct GDPR implementation provides the organisation with an opportunity to deepen the digital trust and do more with personal data. This is where the smart guys make it as an opportunity for marketers.
  • The board and management must take a knee for the GDPR
    The GDPR on personal data regulation was necessary. The old Data Protection Directive was 23 years old and did not keep up with the news requirements of social media, big data and IoT. Therefore there are advantages for everyone through the excellent data protection because customer confidence in proper data management is a severe breach and potentially violates trust and the organisation's earnings base.
  • How GDPR help Oracle dominate European cloud computing market
    £122 Billion is at risk just for the UK companies as of 25 May 2018. Tesco alone could pay £1.9 Billion fine under the new regulation. GDPR is coming and is mandatory for every company that wants to operate in any member of state of the EU.
  • The Territorial and Material scope of the GDPR
    The geographic range of the GDPR is broader than the current Directive from 1995 because it will apply not only to data controllers who are established in the EU. The regulative also applies to data controllers who are not established in the EU; but where the processing activities are related to the monitoring of their behaviour, if the behaviour takes place within the European Union." Under Article 3 of the GDPR.
  • Data analytics can transform GDPR risk assessment on, e.g. Profiling
    Your big data analytics on Profiling can have a significant impact on businesses. Given the broad scope, both geographically and materially of the GDPR, and the definition it gives to 'profiling', most businesses must be concerned by these provisions due to the lack of 'profiling' experience.
  • 2016 Annual Report - The state of privacy 2017: EDPS provides mid-mandate report
    The GDPR has been, and will continue to be, the point of reference for our work. As set out in the Strategy for the EDPS mandate, the aim is to make data protection as simple and effective as possible for all involved.
  • The multijurisdictional scope of the EU GDPR
    Crucial to the General Data Protection Regulation (GDPR) and integral to the entire legislation, is its explicitly extended territorial scope. This rather ambitious piece of legislation obviously seeks to exercise control and impose sanctions in jurisdictions beyond the EU and when EU citizen data protection rights are at risk.
  • The correct GDPR implementation can protect the organisation on data and IT Governance
    Getting started the right way to assess, compile and measure the tremendous amount of effort required for GDPR compliance cannot be performed by other than in-house staff who know the idiosyncrasies of digital platforms, software ecosystems and how to streamline the current data and communication structures.
  • If you get GDPR certified, you get recognised for your privacy efforts and data knowledge
    There is a rush to solve the GDPR problem. However, it is important to secure the right approach at the right time with the right process and above all the right certification. At our GDPR events you can get certified as the holder of an EU GDPR FAS exam certificate and register your qualification on the international The EuroSox Institute® Successful Candidate Register for free.
  • Preparing The Structure and Plan For EU General Data Protection Regulation
    Learn how to change your practices within your IT platform and data environment to comply with GDPR, data privacy regulation. At the seminar on the 20th April 2017 at The Confederation of Danish Industries we focus on the following GDPR implementation issues.
  • How will the new EU data protection requirements (GDPR) affect your organisation?
    The EU General Data Protection Regulation (GDPR) is new legislation that provides a single, harmonised data privacy law for the European Union. With the increasing risk of data breaches from cyber-attack, the GDPR aims to prevent the loss of personal data by improving data security for all individuals living in EU member states.
  • The why, the how, the who, the what, the exceptions, the consequences and the solution to GDPR compliance
    The aim and goal of the EU General Data Protection Regulation (GDPR) are to both strengthen and unify the data protection rights of individuals within the European Union (EU) and at the same time address the transfer of personal data outside the EU. The compliance deadline for GDPR is May 2018; however, the amount of internal collaboration to address on how data is collected, stored, used and archived means that planning compliance to GDPR cannot wait any longer
  • Personal accountability for data protection at the board level is an issue.
    In the good old days, the board of directors were accountable to the shareholders for its actions. This limitation has now changed forever. The Board and the committee members are now more responsible to the oversight authorities as well as to the annual assembly and the shareholders.
  • Characteristics of a Responsible Lift-Off of the General Data Protection Regulation (GDPR) implementation.
    The timeline & milestones for EU general data protection regulation require that companies throughout the EU address the significant challenges in handling personal data when the General Data Protection Regulation (GDPR) goes live. The new GDPR regime cannot be automatically translated into the current IT platforms and data structures within the organisation. However, when stakeholders figure out how the current data is collected, stored, accessed, disclosed and utilised the difficulties in complying are activated.
  • Principle GDPR definitions that will have a considerable impact on the IT, Data and security policies of the organisation
  • GDPR is an opportunity for organisations to re-balance their total digital engagement
    From time to time, companies are faced with regulatory Governance, Risk Management, Compliance (GRC) and IT-Security issues that are on the onset extremely cumbersome. It probably started with SOX (Sarbanes-Oxley Act) in 2004 for added good Governance, after the financial crisis in 2008. The Glass-Steagall Act, (37 pages) was replaced by Dodd-Frank (848 pages) for added Risk Management processes. 20,000 new regulatory requirements for the financial services industry were created in 2015 for added Compliance and to avoid big banks to fail. Now added IT-Security and Data Protection systems must be implemented under The General Data Protection Regulation (GDPR) to protect and preserve all corporate data.
  • Ready or not, GDPR is round the corner
    Another year has passed with a collection of massive data breaches. The year 2015 had some massive violations. However, 2016 has proved to be worst year, with two of the largest data breaches in the history of mankind. Besides the massive hack at the Democratic National Committee with significant global political implications and a continued onslaught of breaches from healthcare, to point pf sale technology.
  • Do not mess up the EU Data Protection Compliance
    Based on recent research, a recent survey indicates that up to 75 percent of Nordic organisations could be at risk of sanction under the new EU GDPR rules. Primary results: more 52% have done nothing at all to prepare themselves for GDPR, 36% were unaware of its existence.
  • GDPR spelt backwards is Regulation on Protecting Data with Governance
    Getting started head on to assess, compile and measure the tremendous amount of effort required for GDPR compliance cannot be performed by other than in-house staff who know the idiosyncrasies of digital platforms, software ecosystems and how to streamline the current data and communication structures.
  • The Changing Dynamics of Data Protection, IT Governance and the International Transfer of Data
    Many organisations face the challenge of needing to comply with the new EU General Data Protection Regulation (GDPR) by May 2018. There is no shortage of advice as to what these organisations need to live up to, but currently, there is little information or guidance as to how to do it. Developing a GDPR Roadmap with an implementation framework should be an early priority to ensure an organisation is focused on doing the right things, in the right way and at the right time.
  • GDPR workshop and assessment.
    We recommend that when you address the EU GDPR compliance requirements, all organisations must take the following two steps before launching the implementation process.
    1. Conduct an in-house workshop to identify the key impacts of GDPR and determine and prioritise the exact number of key deliverables, with a description of each key task and deliverables and the resources needed.
    2. Get a regular data audit of the personal data in your organisation and receive a data flow map that identifies where your GDPR relevant data is stored. The review will enable you to implement measures to reduce the risk of an information security breach and be in-compliance with the GDPR mandates.
    We will help you conduct the workshop and perform the audit, to get a clear idea of the shared personal data being stored and where it originates. The workshop and the data review is a vital part of the EU GDPR data protection compliance regime that ultimately will develop the plan, roadmap and framework, specific to your organisation.

    For details see: http://www.copenhagencompliance.com/gdpr/GDPR-Key-Framework.pdf
  • The Multi jurisdictional Scope of The EU GDPR. Waiting for The USA To Be Global
    The EU General Data Protection Regulation (GDPR) is not explicitly a global law. However, it has in more ways than one become a de facto universal law for some businesses.In this globalised world where data knows no boundaries, it is often praised that many countries have now adopted the privacy principles and practice in their legislation making GDPR also a de facto global law for some countries.
  • Machine Learning and The GDPR Is More Than Just Profiling Activities
    The EU General Data Protection Regulation, known as GDPR, is the most critical change in data privacy regulations in the 21st century, and it will have a significant impact on many aspects of data collection and processing activities of data of EU residents and will affect not only EU companies but also multinationals that operate in EU.
  • European GDPR Update 8 Months After Implementation. Stay Calm and Implement
    Through out Europe companies, corporations’ organisations and the oversight authorities continue to be quite busy organising their policies, procedures, processes and controls to monitor the Data Protection implementation together with stakeholders, partners. Legal counsel and knowledgeable GDPR experts.
  • The Meaning, Key Components and Structures of Information-Security Systems
    Information Security systems are the various data sets of inter-related IT procedures. The IT procedures together with the IT infrastructure is used to generate and distribute the desired information for controlling, monitoring and disclosing the information to all stakeholders.
  • United States continues to ensure an adequate level of protection for personal data
    The Privacy Shield on transferring EU data to the United States continues to ensure an adequate level of protection for personal data transferred under from the European Union to organisations in the United States.
  • Automation and Orchestration Components Of Governance, Risk Management, Compliance, Data Protection, IT-And Cyber Security In 2019
    Does technology diversity drive a better overall privacy and cybersecurity platform using professionals as a part of the security system or is digitisation the only option.
  • Addressing the GDPR Compliance Challenges In Blockchain Technology
    Given the numerous possible uses of blockchain technology there is a need to analyse the direct relationship between blockchain technology and the General Data Protection Regulation. The primary issue relating to GDPR compliance is whether blockchain is or can be made to be GDPR compliant.We review the challenges that that Blockchain technology offers and offer practical suggestions for using blockchain technology in a GDPR-compliant manner.
  • The Role and Responsibility Of the Board and Senior Management in Cybersecurity and Data Protection
    The Board of directors and Senior Management need clear, reliable information and updates from multiple corporate functions including Legal, HR, IT, Procurement, Customer Services and Marketing to help them to comply with the Governance, Accountability and Proportionality (GAP) principles of GDPR.
  • The perfect cyber security storm, how prepared are businesses across Europe
    It seems that in the real world the number of storms and tornadoes recorded appears to have increased significantly. The jury is still out on the reasons for the increase, as the storm data is limited. In any case, when the storm hits an area, region or an organisation, each one is expected to make for a dreadful day. Even with all the improvements in forecasting and warning technology, more people die,and thousands more are injured. The same is the case in the corporate world.
  • The GDPR framework requires companies to meet a set of well-defined risk-based wisdoms