GDPR Compliance: How to be Compliant
Editor’s note: This is an excerpt from a recent webinar presented by Dana Simberkoff, Chief Risk, Privacy and Security Information Officer for AvePoint. Check out the rest of the webinar here.
Well, good afternoon, everybody. Thank you for joining us this afternoon. My name is Dana Simberkoff and we’re going to be spending the next 45 minutes to an hour or so together talking about getting ready for the EU General Data Protection Regulation and the intersection of privacy and security, which we know is a high priority for organizations around the world.
Very briefly, just as an introduction for those of you who have joined our session but are not familiar with AvePoint, I just wanted to talk with you for a moment about AvePoint. We’re a global software company and I’m our chief risk privacy and security information officer.
That means that for me at AvePoint, I, along with my team and a multi-disciplinary group of other business stakeholders across AvePoint look after our own internal privacy security and risk initiatives at the company.
This means that we are responsible for implementing GDPR and our GDPR program at AvePoint because we, along with most of you, are subject to GDPR as well.
We are also are responsible… Again, me and a multi-disciplinary team are responsible for the business and technology solutions that AvePoint brings to the market that also help our customers solve and address the operational and technical challenges of their privacy security and GDPR program. We’re quite lucky in that we have an opportunity to build and to use our own software and then to bring that software to market too.
AvePoint has worked in the States for many years. We’re a very mature software company with customers around the world and we help our customers address their data protection, migration and management issues globally.
One of the ways that most of the folks in the privacy community know us is through the work that we have done with the National Association of Privacy Professionals. Providing an automated privacy impact or data protection impact and assessment solutions to the market for over four years now with AvePoint, where we’ve been working with the global privacy community and have over 6,000 users of this technology.
So, if you’re not familiar with the AvePoint privacy impact assessment solution, I would encourage you to take a look at it. It is a free resource available to the privacy community. Now, as I mentioned, there are going to be some resources available to you. We’ll include these links at the end of the presentation as well. These are some good resources and I would encourage you to take a look at them, particularly if you’re not able to stay on for the entire time.
Let’s get started talking about GDPR in the context of a day in the life of information within and across your business. I’m going to start off with a really simple scenario, one in which a user is filling out a request for whitepaper, such as on the AvePoint website or perhaps on many of your websites. Let’s take a look at what happens typically with that data.
A user, a consumer, an end user, customer, maybe even an employee fills out a form on a website. That website takes the user’s information, and then from there, what happens to that information? Well, in our particular scenario, information is put into a database where that data is stored. It goes to marketing as appropriate, if the end user has collected a willingness to consent to have that information used for marketing.
From there, perhaps it’s pushed along the funnel to sales or to somebody in business development to follow up. From there, the sales people… And this is not necessarily at AvePoint, because we don’t allow some of these technologies.
But in a typical organization, that end user might put information in a corporate system, or in some organizations they might put it in the personal system, such as Box, somewhere else in the cloud. It could also perhaps be put in a file share or a network drive inside of their company or on their desktop.
Then from there, that data could even be shared further with external users, perhaps with external parties through marketing automation. And that’s a really big circle of that data going from an end user throughout the business.
Curious about GDPR? Wondering if and how you’ll be impacted by it? Be sure to download a (FREE!) on demand version of our webinar: Get GDPR Compliant Fast! Also, check out the video below to see how our Compliance Guardian software can help you with your organization’s GDPR compliance goals!