TrustArc Blog

Mastering Article 30 Compliance: Conducting, Maintaining and Reporting on your Data Inventory

August 18, 2017

As part of its Summer / Fall Privacy Insight Series, TrustArc hosted a webinar where Charles Nwasor of Ensono, Paul Iagnocco and Margaret Alson of TrustArc spoke about the EU GDPR Article 30 requirements. Article 30 pertains to Records of Processing Activities. Not only do organizations have to keep records, but also, The controller or the processor and, where applicable, the controller’s or the processor’s representative, shall make the record available to the supervisory authority on request. While creating data maps are not required, many organizations find them very useful. Data maps, or data flow maps, are visual representations of … Continue reading Mastering Article 30 Compliance: Conducting, Maintaining and Reporting on your Data Inventory

Privacy Insight Series Webinar Highlights GDPR Benchmarking Research

July 31, 2017

The European Union’s (EU) General Data Protection Regulation (GDPR) is the most sweeping change to data protection in the past 20 years, and will go into effect in less than a year. Its impact will be felt by every organization that does business in the EU, or handles personal information of EU citizens in any manner. We benchmarked the status of 200 U.S. companies’ efforts to meet privacy mandates in general, and in particular to meet the May 25, 2018 deadline for the GDPR. The survey was conducted by Dimensional Research on behalf of TrustArc. On July 26, as the … Continue reading Privacy Insight Series Webinar Highlights GDPR Benchmarking Research

GDPR: DPIAs & Risk

July 26, 2017

  TrustArc Chief Data Governance Officer and General Counsel Hilary Wandall and Information Accountability Foundation (IAF) Executive Director and Chief Strategist Marty Abrams held a webinar where they spoke about the background, requirements, and examples of DPIAs, available on demand here. First, they reviewed how the first privacy assessment methodology was developed and how comprehensive data impact assessments originated to illustrate the evolution of privacy assessments. Then, they went on to explain how the newly required DPIAs differ from traditional PIAs. While traditional PIAs focus on technical requirements for compliance, DPIAs bring in larger ethical issues. Technical requirements focus on … Continue reading GDPR: DPIAs & Risk

TrustArc Partners with Alibaba Cloud

July 25, 2017

We announced our newest partnership with Alibaba Cloud (the cloud computing arm of Alibaba Group) at the IAPP Asia Privacy Forum 2017. As data privacy increases in importance for organizations of all sizes and maturity in Asia, TrustArc saw an opportunity to partner with one of the fastest-growing cloud computing companies in the world. Both TrustArc and Alibaba Cloud believe that as organizations continue to provide excellent experiences for their customers by collecting personal data, keeping up with evolving regulations and protecting data privacy is key. Scaling a privacy program requires using a combination of privacy expertise and technology. This strategic … Continue reading TrustArc Partners with Alibaba Cloud

Can You Legally do Analytics Under the GDPR?

July 17, 2017

by Gary LaFever, CEO of Anonos Taking the “personal” out of Personal Data® Many companies aren’t yet aware that they are or will be doing anything wrong processing analytics or using historical data bases under the GDPR. While many companies are understandably focused on conducting data inventories and data protection impact assessments, it is critical to note that inventories and assessments will not support new legal bases required under the GDPR for processing data analytics or for using historical databases involving EU personal data. An important aspect of the GDPR is the new requirement that “consent” must be specific and … Continue reading Can You Legally do Analytics Under the GDPR?

TrustArc Privacy and GDPR Compliance Research Report– Part 3 of 3

July 05, 2017

The results of the TrustArc / Dimensional research report on the status of U.S. Privacy and GDPR Compliance Programs will be shared in a three-part blog post series: To review Part 1, the General Privacy Market Results, click here To review Part 2: GDPR Compliance Results, click here Part 3: Privacy Program Implementation Results Companies report needing help in a wide range of areas, topped by GDPR planning, international data transfer, compliance reporting, conducting PIAs / DPIAs, and data inventory. Many GDPR implementation plans begin with conducting a data inventory; however, companies face three common challenges when it comes to data … Continue reading TrustArc Privacy and GDPR Compliance Research Report– Part 3 of 3