TrustArc Blog

What you Need to Know About the GDPR: Practical Steps to Address GDPR Compliance

May 09, 2017

While some organizations have written about the impending GDPR deadline and potential fines, or re-printed an exact copy of the text itself, TRUSTe has taken the 200+ pages of the GDPR and translated it into practical implementation steps for an organization of any size or maturity. The implementation steps are grouped into five actionable phases: Building a Program and Team Assessing Risks and Creating Awareness Designing and Implementing Operational Controls Managing and Enhancing Controls Demonstrating Ongoing Compliance A sample implementation step is developing a DPIA program, which includes creating templates, conducting DPIAs, managing remediation, and providing compliance reports. The guide also … Continue reading What you Need to Know About the GDPR: Practical Steps to Address GDPR Compliance

Privacy Program Management: A Framework for Success Webinar Recap

April 03, 2017

TRUSTe General Counsel and Chief Data Governance Officer Hilary Wandall gave a webinar where she discussed how to support each phase of building a privacy program by using a clear framework, standards, and operational controls. The discussion also included tips on how to make accountability effective in an organization, and what accountability looks like in practice. If you missed it, click HERE to listen to the entire webinar on demand. One of the topics covered was how to get started. To get started with a privacy program, first you have to decide upon a model. Some important considerations are: What … Continue reading Privacy Program Management: A Framework for Success Webinar Recap

3 Ways to Leverage Your Privacy Shield Certification

March 02, 2017

EU US Privacy Shield

Last week TRUSTe held a webinar “Privacy Shield Self-Certification – What’s Next?” as part of its Privacy Insight Series. If you missed the webinar you can still sign up to receive the on-demand recording and the slides. Our speakers, David Fowler, Chief Privacy & Digital Compliance Officer, Act-On Software; Amanda Gratchner, Global Privacy Counsel, NAVEX Global; and K Royal, Senior Privacy Consultant at TRUSTe discussed several different ways to enhance everything from your policies to your Privacy Impact Assessments by leveraging your Privacy Shield Certification. They also discussed how to use the Certification toward compliance with other frameworks, such as the … Continue reading 3 Ways to Leverage Your Privacy Shield Certification

Play Store Requires Privacy Policies

February 28, 2017

Google recently informed some developers with apps on its storefront that it will be penalizing apps on its Google Play Store that do not have privacy policies adhering to its User Data Policy. According to Next Web, Google emailed a notice to developers stating that violations of the User Data Policy would result in their apps’ visibility being limited or removed altogether. The User Policy states: You must be transparent in how you handle user data (e.g., information provided by a user, collected about a user, and collected about a user’s use of the app or device), including by disclosing … Continue reading Play Store Requires Privacy Policies

Argentina GDPR-like Data Privacy Bill

February 21, 2017

As previously described in our blog post “Doing Business with Argentina Just got Easier“, change appears afoot in the land of silver’s data protection law, in order to keep pace with evolving digital technologies and global regulatory regimes. Whereas in December 2016 the Argentine Data Protection Agency (DPA) issued a report proposing changes to the national Data Protection Act (Act) after nearly a year of public consultation, this month the DPA released a draft bill to update the sixteen-year-old Act in line with many of the European Union’s General Data Protection Regulation (GDPR)’s new requirements taking effect in May 2018. … Continue reading Argentina GDPR-like Data Privacy Bill

Submit Comments on WP 29 GDPR Guidance by Today

February 15, 2017

In December 2016 we summarized the GDPR guidelines released by the Article 29 Working Party on the “Right to Data Portability”, Identifying a Lead Supervisory Authority, and appointing a “Data Protection Officer.” The deadline for submitting comments is today. To submit comments, email and To learn more about TRUSTe EU GDPR solutions, or to speak with a consultant, contact us.

Subscribe to Blog