TrustArc Blog

Why You Should Get Started on CCPA Compliance Now

July 17, 2018

The California Consumer Privacy Act of 2018 (AB 375) was passed on June 28th, 2018 (“CCPA”). Similar to the GDPR, the CCPA will require companies in scope to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the January 1, 2020 deadline. Those who have helped their companies prepare for the GDPR compliance date know the importance and benefit of starting early. While they may have a head start, creating processes to manage these new and ongoing compliance obligations under the CCPA will be a large undertaking for any company in scope. There … Continue reading Why You Should Get Started on CCPA Compliance Now

One Week to Go: Are you Ready for May 25th? – Webinar Recap

May 22, 2018

As part of the TrustArc Privacy Insight Series Webinars, Paul Iagnocco, Consulting Director & Senior Privacy Consultant at TrustArc, presented “One Week to Go: Are you Ready for May 25th?”  This blog post will give a brief summary of that webinar; you can listen to the entire webinar and download the slides here. In this webinar Paul addressed the questions companies are facing  as the May 25th GDPR deadline approaches: Is my company compliant? What if we are not 100% compliant? What happens next?  This webinar focused on four main areas as they apply to the GDPR: compliance status, enforcement, … Continue reading One Week to Go: Are you Ready for May 25th? – Webinar Recap

GDPR Compliance – Consent Requirements under the GDPR – Marketing Activities

May 04, 2018

Companies that must comply with the GDPR should take a close look at their marketing processes to ensure that they will meet GDPR requirements. The following three examples are key places where most companies should take another look at their processes with regard to GDPR consent requirements. Marketing Outreach Email Programs Most companies’ marketing departments have outreach programs where a large database of clients and prospects are sent emails with information about new products or services. If individuals have unsubscribed, opted out, or otherwise indicated their desire that your organization stop using their personal information, your organization may not contact … Continue reading GDPR Compliance – Consent Requirements under the GDPR – Marketing Activities

72 Hours Notice: GDPR Incident Response Management – Webinar Recap

April 20, 2018

As part of the TrustArc Privacy Insight Series Webinars, Ashley Slavik, Senior Counsel & Data Protection Officer, Veeva Systems Inc. and K Royal, Consulting Director, TrustArc, discussed how companies can plan for and respond to a data breach in compliance with the GDPR. Ashley and K gave best practices, suggested tools, and tips for addressing GDPR Article 33 and Article 34. This blog post will give a brief summary; you can listen to the entire webinar and download the slides here. Before going into data breach requirement details, our speakers discussed the different notification requirements for Controllers and Processors and gave examples … Continue reading 72 Hours Notice: GDPR Incident Response Management – Webinar Recap

How the GDPR will Affect Your Marketing Program

March 06, 2018

Our recent webinar “Marketing Under the GDPR” covered GDPR’s impact upon marketing activities. The webinar generated a lot of questions, and we are sharing five of them, along with answers prepared by TrustArc privacy experts. This blog post is intended as a general overview of the subject and cannot be regarded as legal advice. Consent and Marketing Under the GDPR Can my company capture consent in exchange for content? For example, collecting an email address to download a white paper or register for a webinar? Yes, but organizations must clearly state at the time of information collection what the specific … Continue reading How the GDPR will Affect Your Marketing Program

TrustArc Sponsors the EU Cloud Code of Conduct in Support of GDPR Compliance

March 05, 2018

TrustArc is honored to join with Google Cloud and Cisco as new industry sponsors of the EU Cloud Code of Conduct (EU Cloud CoC) as members of its General Assembly, working together with founding members Alibaba Cloud, Fabasoft, IBM, Oracle, Salesforce and SAP. Article 40 of the GDPR recommends Codes of Conduct for applying GDPR in specific sectors and contexts, and as the May 25, 2018 GDPR compliance deadline approaches, companies depending on GDPR-compliant SaaS, PaaS and IaaS platforms will be able to rely on the EU Cloud Code of Conduct (EU Cloud CoC). In a press release announcing the … Continue reading TrustArc Sponsors the EU Cloud Code of Conduct in Support of GDPR Compliance