Posts Tagged :

EU

Global Peace, Security and Strategic Studies MA launched

960 288 Stuart O'Brien

Vesalius College, Brussels, has announced a new Masters programme aimed specifically for those who want to pursue a career working towards the world’s future peace and security.

The MA in Global Peace, Security and Strategic Studies is in partnership with Egmont Institute, the Royal Military Academy, the Institute of Economics and Peace and Vesalius College, with courses starting August 2017.

The one-year programme will be led and taught in English by a transnational network of leading academics, as well as those from top international think-tanks and senior policy makers from the EU, NATO and the United Nations.

Students will also have the opportunity to complete a prestigious internship with one of the programme’s many high-profile partners.

The director of the program is NATO’s Deputy Assistant Secretary General fro Emerging Security Challenges, Jamie Shea.

Commenting on the program, Shea said: “The ever-shifting landscape of international diplomacy means that institutions such as the EU and NATO, along with NGOs and think tanks, need a strong inflow of smart, well-prepared individuals. From cyber-threats to increasing geo-political instability, the security issues facing the world are more complicated than ever before and we need to learn new tricks to keep on top of them. It’s a challenge, but an exciting one – this programme is a call to arms for all those young people who care about the world’s future security and want to help.”

Applications for the MA in Global Peace, Security and Strategic Studies are being taken now.

www.vesalius.edu

Guest Blog, Marc Sollars: Five ways UK firms can size up to GDPR compliance…

800 450 Jack Wynn

Even as Britain’s business community looks to the government for a workable Brexit plan, the shadow of much tougher data privacy regulation is falling right across UK Plc’s economy.

That’s because the EU’s General Data Protection Regulation (GDPR) is dragging citizens’ right to data privacy back to the heart of the continent’s digital economy from May 2018. And this seismic shift will apply however quickly, and most likely on whatever terms, once Britain leaves the EU.

Concern has grown in Europe for years as personal details being exposed in a connected world. But the GDPR goes way beyond previous privacy thinking, enshrining principles of ‘accountability’, and citizens’ ‘right to be forgotten’ in law – transforming day-to-day business and social interactions with digital and cloud footprints. 

The directive will pervade commerce. When trading partners agree contracts post-2018, they must decide if a workable contract involves consent; from a citizen or data subject, to the handling of personal data that isn’t needed to perform the actual contract. This ruling could upset sectors like eCommerce, or manufacturing with extended supply chains, that draw on multiple partners and data sets.

There’s no escaping the GDPR’s shadow, even with Brexit, because it:

  • Applies to those supplying goods and services to the EU from inside the union or outside; 
  • Goes into law without any enabling legislation; 
  • It takes effect before Britain can make its earliest technical Brexit, we will need different compliance regimes before and after leaving Europe.

Government ministers, the technology sector and legal commentators agree that complying with the directive will change the way that UK organisations, down to comparatively smaller businesses, operate. Post-Brexit, Britain will still need a close imitation of the GDPR to trade with European partners.

And if that hasn’t focused C-level minds, penalties for GDPR non-compliance dwarf anything seen before: offender organisations could be fined up to four per cent of turnover.

But the GDPR’s biggest impact will be on day-to-day work, since UK organisations will become directly liable for managing all the unstructured data (customer details, images and social media interactions) on their networks and in the cloud – a challenge for any business.

Legal and technology experts rightly say there is no silver compliance bullet. Boards, we are told, should take a strategic approach; driving compliance, examining privacy standards and getting their employees on board. 

But this thinking breaks down in the face of exploding cloud-based data processing levels. IT teams have little or no visibility of their data assets and their final uses, a situation only exacerbated as new cloud services come on-stream or organisations authorise bring-your-own-device (BYOD) programmes simply to stay competitive.

GDPR planning begins with visibility: as employees use cloud apps from Evernote to Netsuite, IT and security professionals are asking: where is the data – and who owns it after it leaves our offices?  When a company’s customers use, for example, OneDrive, data is accessed by customers from any device anywhere, so the corporate security team must build corporate-level checks and controls to stop easy data leakage. Well-known UK companies are beginning to deploy Cloud Access Security Brokers (CASBs) solutions for sanctioning and controlling IT applications; only employees on a patched corporate device can access the application.

At present, no team of IT suppliers can provide a complete GDPR compliance solution but suppliers such as CASBs are starting to put organisations on a practical path towards it. This is because these suppliers can integrate corporate network and application monitoring systems – delivering that essential visibility of data.

These fast-evolving capabilities enable us to set out five broad, practical measures for IT and security professionals to anticipate GDPR compliance, as well as help streamline operations, after 2018:

  • Boards must oversee systems that meet data subjects’ future requests under GDPR, such as the right to be forgotten, or requesting copies of relevant (unstructured) personal data;
  • Organisations must start to design data security into products or services – by default;
  • UK companies must plan data security and auditing processes and ways to notify stakeholders of a data breach – as well as making suppliers document their own information security processes;
  • Companies over 250 employees, or whose operations are based on data handling, will need a data protection officer to scrutinise their IT processes, data security and privacy systems;
  • Boards must operate Data Protection Assessments and train up their IT and security personnel on compliance.

It’s a lengthy list, but cloud services and related hardware technologies will transform organisations’ processing and network monitoring power – with these capabilities increasingly available to CIOs and security teams as flexible, managed services. 

There is no silver bullet. But senior IT executives are already scoping the foundations of GDPR compliance. And others will appreciate the irony that UK companies will achieve far better control and visibility of their fast-evolving cloud data processing operations through such focused innovations, even as the directive’s long shadow finally falls over us.

Marc Sollars is CTO of Teneo, a specialist integrator of next generation technology, offering global organisations optimisation solutions for networks, security, storage and applications. The company designs its solutions by understanding through consultancy and delivering through managed services. Marc is on Twitter at: @MarcatTeneo

Guest Blog, Markus Bekk: EU General Data Protection rules will hit soon – are you prepared?

800 450 Jack Wynn

Did you ever try to set-up and execute a transformation programme in just 18 months that will change your global processes, involve all divisions, affect most of your supplier and client contracts, and bear the risk of fines as high as four per cent of your global turnover?

That is what many are probably facing as they prepare for the General Data Privacy Regulation (GDPR), which the EU enacted in 2016 and comes into effect mid-2018. I can already hear shouts of “But Brexit!” However, if an enterprise offers services to the EU market, it is still involved. And now things have gotten even more complex…

What’s the buzz about GDPR?

Given the patchwork of data protection directives created since 1995, the EU decided to harmonise standards, increase cooperation between institutions, and provide clear points of contact. This was backed by a 2015 study showing 89 per cent of Europeans said it was important to have the same rights and protections over their personal information, regardless of the country in which the entity offering services is based.

The most important GDPR updates include:

Privacy by design: Design processes need to incorporate ”privacy by design,“ which means appropriate technical and organisational measures to implement data-protection principles, e.g. applying principles for personal data minimisation, early pseudonymizing of personal data, and data protection security features.

Right to be forgotten: Subjects can request erasure if no legal ground or purpose still exists, or their consent has been withdrawn. Online enterprises are obliged to inform third parties to remove links or duplicates of the data to be erased.

Data portability: In case of automated data processing, data subjects have the right to request and receive data in ”a structured, commonly used, machine-readable and interoperable format” that can be transferred to a different provider.

Notification in case of data breaches: In cases of risks to the rights of data subjects, the supervisory authority needs to be informed within 72 hours. In cases of high-risk data subjects need to be informed with recommendations to mitigate the risk.

Review and Recertification of data: Users may view and update their personal data, free of charge (if not misused).

Rules for consent of data subject: Processing based on consent has been update. It needs to ensure that sufficient consent can be demonstrated; existing consent either fulfils all new requirements or needs to be renewed. Consent may not be conditional for the performance of a contract, must be in clear and plain language, and easily withdrawn in the future. Consent for processing of sensitive data needs to be explicit.

Processing documentation: Data controllers and processors need to maintain processing documentation of various aspects, e.g. representative contact, data protection officer, processing purpose, data categories, data recipients, safeguards in third countries, time limits for erasure, and security measures.

Data Protection Officers (DPO):  Necessary in a variety of circumstances. They require expertise, need to remain independent, and shall directly report to the highest management level. 

Transparency to data subject: When personal data is acquired the subject needs to be informed about various aspects, e.g. identity of the processor, DPO, recipients, international transfers, storage period, several data protection rights, and if data is used for automated decision-making.

Data processing risk assessments:  GDPR requires establishment of effective procedures and mechanisms that focus on processing operations that are likely to result in high-risk to allow effective risk mitigation (in some cases with supervisory authority).

International transfers to non-EU countries: Have been modified and need to be revisited. 

Explicit obligations of data processors: Data processors (processing on behalf of a data controller) are now explicitly required to fulfil certain rules, like documentation requirements, DPO, EU representatives, or data breach notification.

What should be done?

You should get the detailed requirements from the regulation, check how far the regulation is applicable, perform a gap-analysis and launch the most important transformation initiatives. 

This could include:

  • Review communication channels and appoint necessary roles
  • Ensure proper consent of data subjects
  • Update notices, standards and policies
  • Verify and streamline your processes
  • Design processes (privacy by design) 
  • Risk assessment and security measures 
  • Data subject requests (erasure/portability) 
  • Notification and reporting (PDA/data subjects) 
  • Documentation 
  • Evaluate your contracts
  • With your data subjects 
  • With your data processors 
  • Monitor for local GDPR amendments and any updates issued by the European Commission orthe European Data Protection Board.  

Markus Bekk, CISA, PMP, ITIL Expert is a hands-on professional in IT governance, risk and compliance management, and specialises in sourcing and third-party management. He has delivered numerous transformation, transition and innovation projects and programmes with international players mainly in the financial and insurance industry. Bekk is determined to overcome the gaps between traditional IT management disciplines and distributed, international, agile business requirements.

GDPR could see 75,000 new data protection positions worldwide…

800 450 Jack Wynn

The International Association of Privacy Professionals (IAPP) estimates that 75,000 new data protection officer positions will need to be created globally by the time the General Data Protection Regulation (GDPR) comes into effect from May 2018.

After initially predicting that 28,000 such roles would be required, the IAPP calculates a much higher total with 11,790 in the EU alone. The US, considered to be the EU’s biggest trading partner, will need to appoint the most data protection officers, followed by China, Turkey, Russia and Switzerland.

A separate study in partnership with TRUSTe has revealed nine in 10 companies have started to action GDPR, with 67 per cent of EU-based organisations claiming their implementation is either underway or already completed.

Trevor Hughes, IAPP CEO and president said: “Clearly, IAPP members are taking the GDPR’s DPO requirement seriously, with many of them well on their way toward creating a GDPR compliance programme.

 “As the research shows, privacy program leaders are resourceful, but increasingly pressed for time and resources. The IAPP’s training and in-depth educational materials, alongside tools developed by technology providers like TRUSTe, will be vital for helping organizations be ready for the GDPR in May of 2018.”

Read the full ‘Preparing for the GDPR: DPOs, PIAs, and Data Mapping’ report from the IAPP and TRUSTe here

Malwarebytes and Wick Hill partner to expand growing EU presence…

900 600 Jack Wynn

The advanced malware prevention and remediation provider, Malwarebytes, has announced a partnership with Wick Hill to become a pan-European value-added distributor specialising in security; agreeing to support Malwarebytes with its growing presence on the continent as well as its continued strategy to expand through ‘channel relationships’.

Both parties will work together to provide Malwarebytes’ advanced endpoint protection and remediation services and capabilities — such as ‘Endpoint Security’ and ‘Breach Remediation’ — for organisations to resellers in areas including the UK, the Nordics and France as part of a two-tier distribution model.

Vice president, sales EMEA at Malwarebytes, Anthony O’Mara, said: “Given the ever advancing threat landscape, the possibility of suffering a security breach has never been higher. Our proven ability to quickly detect and remediate these threats means our products are in higher demand than ever.  Wick Hill is an ideal partner for us and the company also operates an enviable range of partner support services and has a track record of helping vendors expand their reseller base and grow sales. As part of Rigby Private Equity (RPE), Wick Hill also has access to an established network of resellers across EMEA, and we will be taking advantage of that to grow our presence even further in the future.”