Facebook

Facebook reveals Libra cryptocurrency, with lofty goals

SAN FRANCISCO/NEW YORK (Reuters) - Facebook Inc revealed plans on Tuesday to launch a cryptocurrency called Libra, the latest development in its effort to expand beyond social networking and move into e-commerce and global payments. Facebook has linked with 28 partners in a Geneva-based entity
/
ZDnet

Apple’s Tim Cook: Silicon Valley has created privacy-violating ‘chaos factory’

Big tech companies are failing to take responsibility for the chaos that their innovations have created, according to Apple CEO Tim Cook...
/

Data Protection Officers

The General Data Protection Regulation (GDPR) is officially here. Yet, organizations are still unaware, are ignoring, or flat out didn’t build in enough time to make sure they met all mandates of this expansive and impactful regulation. One of the lesser well-known requirements is the emergence of a totally new role: The Data Protection Officer (DPO). Organizations are required to (in some capacity) have a DPO on board, but this can be easier said than done.

The right stuff: what to look for in a DPO

Data Protection Officer

The Data Protection Officer (DPO) is sure to be the hot new role for companies operating in the European Union (EU). This individual will be responsible for ensuring anonymity and maintaining the personal information (PI) collected by the company during routine marketing and business practices. The DPO will build and implement procedures for collecting, processing, and storing personal information within the GDPR compliance framework.

The responsibilities of the DPO may appear to be relatively straightforward, but that’s far from the case. The new position is an intricate one and requires dual knowledge of cybersecurity and legalities. That said, individuals that possess this unique skillset are going to be in high demand. So much so that the International Association of Privacy Professionals predicted there are 75,000 new GDPR vacancies around the world. The DPO must also keep up to speed with amendments to the regulation, especially within the first 6 months of its enforcement. This level of expertise will no doubt come with a high price tag, which could present challenges for midsize organizations with limited wiggle room in their budgets.

Keeping the neighborhood safe

Due to the high cost of such advanced expertise, many experts are predicting that we’ll see a rise in compliance-as-a-service models in which a DPO would instruct the IT teams of several companies. This could be a cost-effective solution for many organizations who don’t have the available budget or resources to bring on an in-house DPO. However, each company will still be responsible for its data, so they must approach this outsourced model carefully. It will also be important for enterprises to seek advice from their data protection providers, as they can advise on which technology can help maintain compliance continuously.

So, how should an organization work with both their DPO and data protection provider to make sure they remain in regulators’ good graces? IT leaders should seek guidance on:

  • Phasing out old IT architecture: Legacy systems are often oriented around individual data management, so they lack the necessary features to provide a GDPR solution. Finding and removing these systems will be very important.
  • Where to spend money on new tools: Currently, there isn’t one tool, solution, or service that can protect and maintain compliance for every single aspect of GDPR. That said, companies need to make sure they’re investing in an effective suite of tools that enable improved data governance.
  • Defining personal data: In the GDPR, the phrase “personal data” is loosely defined. It can include everything from emails and email addresses, to information gathered during routine marketing and business activities. Setting an organizational guidance on what classifies personal information will be key.
  • The importance of email archiving: More than 60 billion emails are generated each day, so the potential for a compliance violation is massive because of the amount of personal information exchanged in emails. If there is a subject access request (SAR), the systems administrator must be able to identify and remove emails if a user withdraws their consent. Establishing set processes for producing and maintaining activity logs will also be important, especially in the event of an audit.
  • Keeping tabs on data: When companies store data of EU citizens, it needs to be held in the EU unless the user has provided consent for it be stored elsewhere. Unless a company has a system in place for acquiring this consent, it’s not likely a user has allowed them to store their information in another part of the world. This will be tricky for organizations with storage centers in different continents, so it’s going to be very important to establish a process for understanding where user data is stored.

There are many aspects of GDPR that are subject to interpretation, so organizations need to listen to and implement the advice from both their DPO and their data protection providers. Working with both is the best way to assure continuous compliance, even as amendments are made to the regulation and the technology landscape continues to change.

By Oussama El-Hilali, VP of products at Arcserve

Oussama El-Hilali

Oussama has nearly 25 years of IT and R&D experience driving and achieving product strategy and roadmaps, acquisition of new technology, and developing strategic business partnerships in both Fortune 100 and emerging companies. At Arcserve, he is responsible for managing product development.

View Website
Mark Casey Apcela

Can your network meet the challenges of Office 365?

Network Challenges of Office 365 Microsoft's focus on growing commercial adoption of Office 365 in 2018 has resulted in the ...
Winning the data intelligence game

Winning the data intelligence game

Data intelligence A case can be made that every company is now a data company. But, it is the effective ...
Ronald van Loon

AI, Automation & 5G ensuring the future of Industry 4.0

AI, Automation & 5G Industry 4.0 involves interconnecting all parts of a company and giving rise to effective automation resulting ...
Using Machine Learning To Find Employees Who Can Scale With Your Business

Using Machine Learning To Find Employees Who Can Scale With Your Business

Machine Learning To Find Employees Hiring managers in search of qualified job candidates who can scale with and contribute to ...
NVIDIA Builds Supercomputer to Develop Self-Driving Cars

NVIDIA Builds Supercomputer to Develop Self-Driving Cars

/
In a clear demonstration of why AI leadership demands the best compute capabilities, NVIDIA today unveiled the world’s 22nd fastest supercomputer — DGX SuperPOD — which provides AI infrastructure that ...
Bloomberg

Facebook crypto plan draws fire

/
European leaders have reacted with alarm to Facebook’s plans for a cryptocurrency. Citing privacy and money laundering concerns, French finance minister Bruno Le Maire says Libra must not “become a sovereign ...
Teradata

AI for Industrials: Why is it different?

/
A few weeks ago I wrote a myth-busting post to tell the truth about using AI in industrial settings. But why is this coming up? What is different about industrial situations, and ...