TrustArc Blog

What’s In Store for 2018? GDPR, Breaches and Stolen Retinas

January 16, 2018

By Darren Abernethy,  Senior Global Privacy Manager, J.D., FIP, CIPP-A/C/E/M/US/T    This year, the upcoming GDPR deadline has consumed the enterprise security and privacy agenda as companies scramble to adopt new technologies and processes in order to become compliant by May 25, 2018. Virtually every survey gauging the readiness of privacy professionals in both the U.S and in Europe has revealed that for many companies, it is going to be a challenge to comply. For example, failure to comply with the GDPR 72-hour breach notification rule is deemed the riskiest by respondents on both sides of the Atlantic, and more than 80% of US … Continue reading What’s In Store for 2018? GDPR, Breaches and Stolen Retinas

Privacy Advisory: Privacy and Data Security in Mergers & Acquisitions

December 11, 2017

Privacy and data security considerations, far from being relevant solely for international data transfer or data breach reasons, have come to play a central role in today’s mergers and acquisitions (M&A) landscape — for buyers and sellers alike. There are several practical privacy and data security considerations that companies should keep in mind during the mergers and acquisitions process. Each phase of the merger and acquisition process has its own specific considerations. The following are examples from each of those phases discussed in the Privacy Advisory: Privacy and Data Security in Mergers & Acquisitions. I. Pre-M&A Planning and Internal Strategy/Objectives … Continue reading Privacy Advisory: Privacy and Data Security in Mergers & Acquisitions

Privacy Insight Series Webinar Highlights GDPR Benchmarking Research

July 31, 2017

The European Union’s (EU) General Data Protection Regulation (GDPR) is the most sweeping change to data protection in the past 20 years, and will go into effect in less than a year. Its impact will be felt by every organization that does business in the EU, or handles personal information of EU citizens in any manner. We benchmarked the status of 200 U.S. companies’ efforts to meet privacy mandates in general, and in particular to meet the May 25, 2018 deadline for the GDPR. The survey was conducted by Dimensional Research on behalf of TrustArc. On July 26, as the … Continue reading Privacy Insight Series Webinar Highlights GDPR Benchmarking Research

GDPR: DPIAs & Risk

July 26, 2017

  TrustArc Chief Data Governance Officer and General Counsel Hilary Wandall and Information Accountability Foundation (IAF) Executive Director and Chief Strategist Marty Abrams held a webinar where they spoke about the background, requirements, and examples of DPIAs, available on demand here. First, they reviewed how the first privacy assessment methodology was developed and how comprehensive data impact assessments originated to illustrate the evolution of privacy assessments. Then, they went on to explain how the newly required DPIAs differ from traditional PIAs. While traditional PIAs focus on technical requirements for compliance, DPIAs bring in larger ethical issues. Technical requirements focus on … Continue reading GDPR: DPIAs & Risk

TrustArc Privacy and GDPR Compliance Research Report– Part 3 of 3

July 05, 2017

The results of the TrustArc / Dimensional research report on the status of U.S. Privacy and GDPR Compliance Programs will be shared in a three-part blog post series: To review Part 1, the General Privacy Market Results, click here To review Part 2: GDPR Compliance Results, click here Part 3: Privacy Program Implementation Results Companies report needing help in a wide range of areas, topped by GDPR planning, international data transfer, compliance reporting, conducting PIAs / DPIAs, and data inventory. Many GDPR implementation plans begin with conducting a data inventory; however, companies face three common challenges when it comes to data … Continue reading TrustArc Privacy and GDPR Compliance Research Report– Part 3 of 3

TrustArc Privacy and GDPR Compliance Research Report– Part 2 of 3

June 28, 2017

Part 2 of our three part series reviews results from the TrustArc / Dimensional research report on the status of U.S. Privacy and GDPR Compliance Programs. To review Part 1, the General Privacy Market Results, click here Part 3 will include Privacy Program Implementation Results. In Part 2 of this series, we will share the GDPR Compliance Results. For all companies responding, approximately 40% are still designing their GDPR plan and only about 10% have GDPR plans well underway. Many companies have a significant amount of GDPR implementation ahead of them. Responding companies have set aside relatively large budgets for … Continue reading TrustArc Privacy and GDPR Compliance Research Report– Part 2 of 3