Welcome!

Java IoT Authors: Liz McMillan, Elizabeth White, Yeshim Deniz, Zakia Bouachraoui, Pat Romanski

Related Topics: Open Source Cloud, @CloudExpo, Cloud Security, @DXWorldExpo

Open Source Cloud: Article

What GDPR Is and How to Comply with It | @ExpoDX #AI #GDPR #Security

GDPR is designed to help companies handle the data challenges of the 21st century

What GDPR Is and How to Comply with It: A Brief Guide

As you have probably heard, the EU commission signed the General Data Protection Regulation (GDPR) back in April 2016. The legislation is designed to help companies handle efficiently the data challenges of the 21st century and give strict guidelines as to how to work with massive flows of digital information. It is set to protect web users (data subjects) from malicious use and loss of their personal info and, also, to give people greater control over how their records are processed.

GDPR is to take effect on May 25, 2018.

Company runners still have time enough to modify organizational processes to comply fully with new security rules, and today we will explain how they should start.

What Exactly Is GDPR About?

What Exactly Is GDPR About?
First off, it outlines how companies that work with EU personal data should obtain client’s consent. It gives instructions on how they should collect/store/process personal information, and urges firms to report, in case of a hack or system failure, any data breaches.

It also puts an obligation on companies to prove accountability – every business should be able to demonstrate, vividly, that it’s compliant with the GDPR and that it grants extensive rights (concerning data) to both its customers and employees.

This piece of legislation is to be enforced upon every firm that works with the personal data of EU citizens, not just businesses that reside in the EU.


GDPR is to be enforced upon every firm that works with the personal data of EU citizens.
Click To Tweet


Second, it affords data subjects:

  • A right to be informed as to the purpose of the collection of their personal data
  • A right to get a copy of that information in its entirety and in a portable format
  • A right to have the personal records corrected
  • A right to restrict data processing
  • A right to have personal information erased from a company’s database (not an absolute right; if there’s a legal ground for a company to keep your data, it might, lawfully, reject such a request)
  • A right to object to automated personal data processing

Why Is GDPR Needed?
The currently active Data Protection Directive, too, has outlined a comprehensive system for securing personal information. But, adopted in 1995, it lacks regulatory policies for handling the vast data flows of the digital world.

Also, it is merely a directive. The EU state members themselves (not the EU parliament) decide how to translate the guidance and integrate it with their country laws. Therefore, the security framework a European country ends up with often varies greatly from that in a neighboring state.

The 1995 Data Protection Act does require companies in countries outside the EU, be they data controllers or processors, to provide a satisfiable level of security. However, since there’s been no enforcement, many businesses have chosen to neglect it.

What Are the New Obligations for Companies (Data Controllers and Data Processors) Under the GDPR?

What are the New Obligations for Companies (Data Controllers and Data Processors) Under the GDPR?

Again, the rules outlined by the law apply equally to companies in the EU area, those operating in the European market, and, in general, every firm that deals with personal info of European citizens.

The law requires companies to:

  • Be accountable and able to demonstrate compliance
  • Adopt the “privacy by design” approach
  • Appoint an EU representative (if a company itself is not residing in the EU zone)
  • Conduct due diligence on third-parties; ensure the right contracts are in place to work with businesses outside the EU
  • Store records of processing (which regulators might request to see at any time)
  • Have a system setup that allows a company to inform an authority about a data breach within 72 hours
  • Notify data subjects about data breaches (when the data lost is sensitive, and the probable damage is high)
  • Ensure there are technical and organizational measures taken to protect data rights of EU citizens
  • Conduct privacy risk assessments
  • Appoint a Data Protection Officer (for enterprises that store and/or process vast amounts of personal data)

What Should You Do?

What Should You Do?

Risk assessment, one of the key requirements outlined by the GDPR, is no strange procedure to enterprises around the world. Financial institutions especially are used to measuring financial, reputational and regulatory impacts of each possible information security fail.

However, it’s wrong to assume a company can get a pass by sticking to its standard processes in 2018. The new data protection act requires you to figure out how much damage a data breach can cause to a client’s privacy and integrity, not your organization, and take precautionary steps accordingly to that assessment.

The first thing CEOs should do is estimate who their data subjects are and how much information their companies are actually processing. This includes customers, employees, candidates who applied for a position at a firm and those who worked there in the past.

Also, establish precisely which type of data you work with. How personal is it? Health and criminal records, people’s religion and sexuality, sensitive financial information – a breach of these records could damage data subjects greatly. Therefore, if your company is one collecting such personal info, be sure to take on protection measures, technical and organizational, that are appropriate to the level of risk.

Besides that, we advise you to catalog the third-parties. An HR or a Performance Evaluation system – you’re probably using those, add them to the list. A CRM software? How about a software vendor(s) you’re outsourcing development to – do they have access to clients’ personal records? Determine clearly where your firm’s data is stored, who has access to it, and where the copies of it are.

An estimation of organizational risks will give you clarity as to the degree of compliance your firm should be aiming to achieve. Once it’s established, we suggest involving a legal team to check the lawfulness of your data processing (if it’s in line with the GDPR). If not, update the policies and, possibly, adopt new procedures.

If necessary (if you do collect lots of personal records) appoint a Data Protection Officer to ensure that every practice you have in place is one allowed under the GDPR.

Then, minimize the risks of data corruption by deleting the information your company no longer needs. Developers in tech firms create backups of the main production base each time they apply a modification. That is what they are used to doing to stay on the safe side but, paradoxically, that is what can get them in trouble once the GDPR comes into full force.

Duplicates, excess fields in systems (CRMs, CMSs, etc.) and overall, the records you firm can do without should be deleted.

Also, start building up a procedure for fulfilling, efficiently, the requests of data subjects. Work out a way to grant the aforementioned right to your clients and employees alike.

Finally, once everything else is done, move on to data protection impact assessment DPIA for the projects your firm is currently working on. Use the official GDPR guidelines.

Conclusion
As a company runner you should ask yourself these questions:

  • Do we have a legal ground to store and process the data we collect?
  • Should we apply pseudoanonymaztion and encryption so that if data is lost there’s less damage?
  • How many people at my organization have access to clients and employees data?

This will help you understand how your firm’s data collection and processing can be cleaned and improved.

The GDPR might seem daunting to adapt to, although, in fact, the principles it introduces largely resemble (and build upon) those in the currently active Data Protection Act. With a right amount of dedication, you can achieve the compliance without putting a whole lot of time and resources into it.

Would you like to hear more about GDPR and how to comply with it quickly? Reach out to our expert for a free consultation.

The post What GDPR is and How to Comply with It: A Brief Guide appeared first on Perfectial.


DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the conference tracks for CloudEXPO | DXWorldEXPO 2018 New York.

DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City.

Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.

A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Sponsorship Opportunities Here

Speaking Opportunities Here

Sponsorship and Speaking Inquiries: [email protected].

2018 Conference Agenda, Keynotes and 10 Conference Tracks

DXWordEXPO New York 2018 and Cloud Expo New York 2018 agenda present 222 rockstar faculty members, 200 sessions and 22 keynotes and general sessions in 10 distinct conference tracks.

  • Cloud-Native | Serverless
  • DevOpsSummit
  • FinTechEXPO - New York Blockchain Event
  • CloudEXPO - Enterprise Cloud
  • DXWorldEXPO - Digital Transformation (DX)
  • Smart Cities | IoT | IIoT
  • AI | Machine Learning | Cognitive Computing
  • BigData | Analytics
  • The API Enterprise | Mobility | Security
  • Hot Topics | FinTech | WebRTC

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

DXWorldEXPO | CloudEXPO 2018 New York cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 200 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor brings together the world's leading companies throughout the world of Cloud Computing, DevOps, FinTech, Digital Transformation, and all they entail.

As your enterprise creates a vision and strategy that enables you to create your own unique, long-term success, learning about all the technologies involved is essential. Companies today not only form multi-cloud and hybrid cloud architectures, but create them with built-in cognitive capabilities.

Cloud-Native thinking is now the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, as well as the public sector.

CloudEXPO is the world's most influential technology event where Cloud Computing was coined over a decade ago and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals.

FinTech Is Now Part of the DXWorldEXPO | CloudEXPO Program!

Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expensive intermediate processes from their businesses.

Accordingly, attendees at the upcoming 22nd CloudEXPO | DXWorldEXPO November 11-13, 2018 in New York City will find fresh new content in two new tracks called:

  • FinTechEXPO
  • New York Blockchain Event

which will incorporate FinTech and Blockchain, as well as machine learning, artificial intelligence and deep learning in these two distinct tracks.

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Sponsorship Opportunities Here

Speaking Opportunities Here

Sponsorship and Speaking Inquiries: [email protected].

FinTech brings efficiency as well as the ability to deliver new services and a much improved customer experience throughout the global financial services industry. FinTech is a natural fit with cloud computing, as new services are quickly developed, deployed, and scaled on public, private, and hybrid clouds.

More than US$20 billion in venture capital is being invested in FinTech this year. DXWorldEXPOCloudEXPO are pleased to bring you the latest FinTech developments as an integral part of our program.

DXWorldEXPO | CloudEXPO are accepting speaking submissions for this new track, so please visit Cloud Computing Expo for the latest information or contact us at [email protected]

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Sponsorship Opportunities Here

Speaking Opportunities Here

Sponsorship and Speaking Inquiries: [email protected].

Download Slide Deck ▸ Here

Only DXWorldEXPO | CloudEXPO bring together all this in a single location:

Attend DXWorldEXPO | CloudEXPO. Build your own custom experience. Learn about the world's latest technologies and chart your course to Digital Transformation.

22nd International DXWorldEXPO | CloudEXPO, taking place November 11-13, 2018, in New York City, will feature technical sessions from a rock star conference faculty and the leading industry players in the world.

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Sponsorship Opportunities Here

Speaking Opportunities Here

Sponsorship and Speaking Inquiries: [email protected].

Download Slide Deck: ▸ Here

Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS - software, platform, and infrastructure as a service.

With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.

Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers.

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Sponsorship Opportunities Here

Speaking Opportunities Here

Sponsorship and Speaking Inquiries: [email protected].

Download Slide Deck: ▸ Here

Companies are each developing their unique mix of cloud technologies and services, forming multi-cloud and hybrid cloud architectures and deployments across all major industries. Cloud-driven thinking has become the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, and the public sector.

Sponsorship Opportunities

DXWorldEXPO | CloudEXPO are the single show where technology buyers and vendors can meet to experience and discus cloud computing and all that it entails. Sponsors of DXWorldEXPO | CloudEXPO will benefit from unmatched branding, profile building and lead generation opportunities through:

  • Featured on-site presentation and ongoing on-demand webcast exposure to a captive audience of industry decision-makers.
  • Showcase exhibition during our new extended dedicated expo hours
  • Breakout Session Priority scheduling for Sponsors that have been guaranteed a 35-minute technical session
  • Online advertising on 4,5 million article pages in SYS-CON's i-Technology Publications
  • Capitalize on our Comprehensive Marketing efforts leading up to the show with print mailings, e-newsletters and extensive online media coverage.
  • Unprecedented PR Coverage: Unmatched editorial coverage on Cloud Computing Journal.
  • Tweetup to over 100,000 plus Twitter followers
  • Press releases sent on major wire services to over 500 industry analysts.

Secrets of Our Most Popular Sponsors and Exhibitors ▸ Here

For more information on sponsorship, exhibit, and keynote opportunities, contact [email protected].

Sponsorship Opportunities Here

Download Slide Deck:Here

Speaking Opportunities

The upcoming 22nd International DXWorldEXPO | CloudEXPO November 11-13, 2018 in New York City, NY announces that its Call For Papers for speaking opportunities is now open.

Secrets of Our Most Popular Faculty Members ▸ Here

Submit your speaking proposal Here or by email [email protected].

Download Slide Deck: ▸ Here

About DXWorldEXPO LLC

DXWorldEXPO LLC is a Lighthouse Point, Florida-based trade show company and the creator of DXWorldEXPODigital Transformation Conference & Expo. The company produces and presents CloudEXPO, DevOpsSummitFinTechEXPO Blockchain Event, the world's most influential conferences and trade shows.

More Stories By Rostyslav Demush

Ross Demush is a digital marketing specialist at custom software development company Perfectial, a leading provider of web & mobile development services, specializing in FinTech, Real Estate, Media & Entertainment & eLearning.

IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...