TrustArc Blog

TrustArc Privacy and GDPR Compliance Research Report– Part 3 of 3

July 05, 2017

The results of the TrustArc / Dimensional research report on the status of U.S. Privacy and GDPR Compliance Programs will be shared in a three-part blog post series: To review Part 1, the General Privacy Market Results, click here To review Part 2: GDPR Compliance Results, click here Part 3: Privacy Program Implementation Results Companies report needing help in a wide range of areas, topped by GDPR planning, international data transfer, compliance reporting, conducting PIAs / DPIAs, and data inventory. Many GDPR implementation plans begin with conducting a data inventory; however, companies face three common challenges when it comes to data … Continue reading TrustArc Privacy and GDPR Compliance Research Report– Part 3 of 3

TrustArc Privacy and GDPR Compliance Research Report– Part 2 of 3

June 28, 2017

Part 2 of our three part series reviews results from the TrustArc / Dimensional research report on the status of U.S. Privacy and GDPR Compliance Programs. To review Part 1, the General Privacy Market Results, click here Part 3 will include Privacy Program Implementation Results. In Part 2 of this series, we will share the GDPR Compliance Results. For all companies responding, approximately 40% are still designing their GDPR plan and only about 10% have GDPR plans well underway. Many companies have a significant amount of GDPR implementation ahead of them. Responding companies have set aside relatively large budgets for … Continue reading TrustArc Privacy and GDPR Compliance Research Report– Part 2 of 3

TrustArc Privacy and GDPR Compliance Research Report – Part 1 of 3

June 20, 2017

This blog series will cover the results of a new privacy survey conducted in May of 2017 as part of the closing session at the TrustArc Privacy Risk Summit, held at the Bespoke Conference Center in San Francisco June 6, 2017. The survey, conducted by Dimensional Research on behalf of TrustArc, focused on the status of U.S. private sector efforts to meet privacy mandates in general and in particular to meet the May 25, 2018 deadline for the EU General Data Privacy Regulation (GDPR). The results will be shared in a three-part blog post series: Part 1: General Privacy Market Results Part 2: GDPR … Continue reading TrustArc Privacy and GDPR Compliance Research Report – Part 1 of 3

1 Year Until EU GDPR Enforcement Begins

May 25, 2017

EU General Data Protection Regulation (GDPR)

EU General Data Protection Regulation (GDPR) The EU GDPR is a law designed to enhance data protection for EU residents and provide a consolidated framework to guide business usage of personal data across the EU, replacing the patchwork of existing regulations and frameworks. The 200-plus page GDPR replaces the 20 year old Directive (95/46/EC). This new law has received a lot of attention due to its complexity  and the associated penalties for noncompliance. Fines can be up to 20,000,000 EUR or 4% of total worldwide annual turnover of the preceding year (whichever is higher). As a result, many organizations are … Continue reading 1 Year Until EU GDPR Enforcement Begins

Swiss-US Privacy Shield Rollout: What to Expect – Webinar Recap

April 13, 2017

  Adding Swiss-US Privacy Shield self-certification. As part of the TRUSTe Privacy Insight Webinar Series, Nasreen Djouini, Michelle Sylvester-Jose of the U.S. International Trade Administration, and Josh Harris of TRUSTe discussed the rollout of Swiss-US Privacy Shield. Some examples of where the Swiss-US Privacy Shield framework and the EU-US Privacy Shield framework vary are: When covering HR data received from Switzerland, an organization must commit to cooperating with the Swiss Federal Data Protection Information Commissioner authority (FDPIC) as the independent recourse mechanism. However, for non-HR data, an organization can elect to use the Swiss Federal Data Protection Information Commissioner or … Continue reading Swiss-US Privacy Shield Rollout: What to Expect – Webinar Recap

Important Privacy Shield Requirements for Pharma & Medical Companies

March 28, 2017

By Emily S. Yu, Privacy Solutions Manager, TRUSTe The EU-US Privacy Shield framework is an approved transfer mechanism for personal data from the EU to the United States, meaning that once self-certified, companies have “adequate” protections in place when transferring personal data. Businesses involved in clinical, medical and other forms of scientific research may not be aware that there are specific requirements under Privacy Shield that apply to those fields. The requirements may create the need for additional privacy policy controls, so companies in those fields should check to ensure that all requirements are being met. These requirements are addressed in … Continue reading Important Privacy Shield Requirements for Pharma & Medical Companies