TrustArc Blog

EU GDPR Article 35 – Data Protection Impact Assessment (DPIA), Part II

October 17, 2017

EU General Data Protection Regulation (GDPR)

In Part I of this two-part blog series we provided an introduction and background to EU GDPR Article 35 – Data protection impact assessment (DPIA). Now, in Part II we will share some best practices and helpful tips on implementing a DPIA program. These tips were shared by Beth Sipula, Senior Privacy Consultant at TrustArc and Alexia Maas, SVP & General Counsel at Volvo Financial Services in our Privacy Insight Series webinar, “Building Your DPIA/PIA Program: Tips & Case Studies.” Part II: DPIA Program Essential Elements The six essential elements that make up a sustainable DPIA program are: integrated governance, … Continue reading EU GDPR Article 35 – Data Protection Impact Assessment (DPIA), Part II

EU GDPR Article 35 – Data Protection Impact Assessment (DPIA), Part I

October 10, 2017

EU General Data Protection Regulation (GDPR)

In Part I of this two-part blog series we will give an introduction to EU GDPR Article 35 – Data Protection Impact Assessment (DPIA) and some best practices for conducting them. In Part II we will summarize the six essential elements of a DPIA program. Part I: Introduction & Background As the GDPR compliance deadline of May 25, 2018 grows closer, organizations should have a documented process for conducting PIAs and DPIAs. But before building a DPIA program, it is useful to review what a DPIA is and when it should be conducted. Data Protection Impact Assessment (DPIA) A DPIA … Continue reading EU GDPR Article 35 – Data Protection Impact Assessment (DPIA), Part I

GDPR Implementation Lagging at Majority of UK and US Companies

October 02, 2017

A TrustArc study of UK and US based organizations with at least 500 employees found that most haven’t started their GDPR implementations yet. With only eight months to comply with the GDPR, companies all over the world are determining how best to adjust their internal systems and processes in order to address the new compliance requirements. On September 28, 2017, TrustArc announced results from surveys conducted by Dimensional Research that gauges how prepared US and UK businesses are to comply with the EU’s General Data Protection Regulation (GDPR). The US & UK surveys, completed in August of 2017, included responses … Continue reading GDPR Implementation Lagging at Majority of UK and US Companies

TrustArc Announces 25+ City GDPR Privacy Workshop Series

September 22, 2017

  TrustArc announced this week a special GDPR Privacy Workshop Series. The events, co-sponsored with Ogletree Deakins, are free and part of a global 25+ city program that will feature informative discussions, case studies, and practical solutions to achieve GDPR compliance. The Workshops are part of TrustArc’s renowned Privacy Insight Series that drew over 15,000 webinar registrations in 2016. Attendees will: Learn from industry experts who have implemented GDPR solutions across a wide range of industries Receive hands-on interactive review and tips on core GDPR compliance requirements, including: Data Mapping Building a Record of Processing (Article 30 Reports) Ongoing Risk Assessments … Continue reading TrustArc Announces 25+ City GDPR Privacy Workshop Series

The Solution to help Meet GDPR Article 30 Requirements

September 06, 2017

EU General Data Protection Regulation Article 30 Article 30 pertains to Records of Processing Activities. Not only do organizations have to keep records, and in addition, they have to be able to produce them on-demand. In order to meet this requirement, an organization should follow these best practices: Create a centralized, secure data inventory that can be maintained over time Provide stakeholders across the organization with visual data maps of business process flows Ensure that all information necessary for the Article 30 reports is recorded so that reports can be generated on-demand Generate a scalable, sustainable process for meeting Article 30 … Continue reading The Solution to help Meet GDPR Article 30 Requirements

September Events Spotlight: DPIA/PIA Program Webinar, Privacy & Security 2017, NorCal Information Governance Retreat

August 31, 2017

  September 12 @ 10:00 am – 11:00 am PST Online Webinar Building Your DPIA/PIA Program: Tips & Case Studies The GDPR mandates Privacy by Design and requires documented Data Protection Impact Assessments (DPIAs) for high risk processing. How can you build this into a sustainable program across your business? Having a good understanding of what DPIA/PIAs are and how to implement them can be the key to embedding privacy in the heart of your organization as well as achieving GDPR compliance. Our webinar speakers (Alexis Maas, SVP – General Counsel, Volvo Financial Services and Beth Sipula, Sr. Privacy Consultant, … Continue reading September Events Spotlight: DPIA/PIA Program Webinar, Privacy & Security 2017, NorCal Information Governance Retreat

Subscribe to Blog