The purpose of Poetslife is to promote the art and discipline of American Tactical Civil Defense for families and small businesses and to contribute practical American civil defense preparedness guidance for all Americans through my articles in the The American Civil Defense Association (TACDA.ORG) Journal of Civil Defense and leadership as the volunteer Vice President of TACDA.
8/05/2018
6/27/2018
Personal Honor
Personal Honor
I am old enough to understand what personal honor, honesty, integrity, and decency mean.All were drilled into me by the St. Joseph nuns at Holy Angels Grade School in West Oak Lane in Philadelphia, Pennsylvania.
What used to be a bunch of Micks is now a Vietnamese school...and isn't that the story of America?
So I sent President Trump a number of articles and think pieces about American Civil Defense.
In a miracle that happens everyday in America, my ideas actually got to the desk of the President.
I supported Donald Trump in 2015.
Many mocked me, including my two older brothers, and laughed at me.
In truth, I didn't care.
I wanted a businessman running the country.
That is President Donald Trump.
Despite the slings and arrows of the Hard Left Opposition Media, he stands.So many wealthy Left investors were shocked at the Facebook and Twitter stock drop.
Not me or many Constitutionalists.
We've been banned from the public square by them.
So we communicate via Email, blog, Periscope, cell phone...anywhere we don't get banned, censored, resisted, or oppressed.
And we have created platforms of our own that are not dependent on Amazon, Twitter, Google, Apple, and their CCP overlords.
They don't realize we're the majority, even if they don't know any of us.
People like me, and there are many of us, admire Donald Trump's fortitude, strength, vigilance, and love.
Yes, love.
I've seen it so many times.
They don't realize we're the majority, even if they don't know any of us.
People like me, and there are many of us, admire Donald Trump's fortitude, strength, vigilance, and love.
Yes, love.
I've seen it so many times.
But the clearest case for me is when he went out of his way to embrace the 7-year old dressed in a U.S. Marine outfit visiting the grave of his Dad.
And Donald Trump invited that child and is mother to stand with him at the 2018 Punch Bowl Veteran's Day ceremony.
I downloaded the photo of President Trump hugging that young boy.
It stands by my computer.
And what empathy for the death of a great man who sacrificed himself for this country, and the pain of his wife and child he left behind, means to this nation.
CNN/MSNBC/CBS/NBC/Google/Hollywood/Saturday Night Live, Jimmy Ballless Kimmel, Barak Hussein Obama, Democrats, Socialists, Communists, Pedophiles (especially Epstein/Clinton), New York, California, Washington Post, New York Times...oh, it's endless...the "resist" zombies...and their financiers (Soros, Tom Steyer, etc.) will never understand.
A revolution happened when Donald Trump was elected.
It is as real as when the Great Awakening happened in 1740 that enabled the Revolution in 1776.
I have studied George Washington.
I have studied Benjamin Rush, William Penn, John and Abigail Adams, Benjamin Franklin, John Locke, Adam Smith, Rosseau, Aristotle, Plato, St. Thomas Aquinas, St. Thomas Moore, etc.
I have studied the Civil War, WWI, WWII, the Korean War, Vietnam War, Desert Storm, the War on Terror, the hundreds of conflicts forced on this nation.
In the war of ideas, and combat is just the result of the war of ideas, the better ideas always win.
Theodore White taught us that in his great book In Search of History.
And the better ideas are Republicanism and Judeo-Christianity.
For decades I have debated communists/socialists/progressives/lefties/democrats.
They argue "forces" determine history.
I have always argued that individuals -- Aristotle to Christ to Donald Trump-- determine history.
Even with the corrupt opposition media's 365/24/7 assault on the ideas, actions and followers of Donald J. Trump, even they cannot deny he is a force of history.
They may not like it, but they have to admit it.
President Trump, or his underlings, wrote to me twice.
That is a businessman's attention to detail.
He sends me emails like these:
And Donald Trump invited that child and is mother to stand with him at the 2018 Punch Bowl Veteran's Day ceremony.
I downloaded the photo of President Trump hugging that young boy.
It stands by my computer.
As a reminder of what sacrifice means.
And what hard work means.And what empathy for the death of a great man who sacrificed himself for this country, and the pain of his wife and child he left behind, means to this nation.
CNN/MSNBC/CBS/NBC/Google/Hollywood/Saturday Night Live, Jimmy Ballless Kimmel, Barak Hussein Obama, Democrats, Socialists, Communists, Pedophiles (especially Epstein/Clinton), New York, California, Washington Post, New York Times...oh, it's endless...the "resist" zombies...and their financiers (Soros, Tom Steyer, etc.) will never understand.
A revolution happened when Donald Trump was elected.
It is as real as when the Great Awakening happened in 1740 that enabled the Revolution in 1776.
War is Waged over Ideas
I have studied the French and Indian War.I have studied George Washington.
I have studied Benjamin Rush, William Penn, John and Abigail Adams, Benjamin Franklin, John Locke, Adam Smith, Rosseau, Aristotle, Plato, St. Thomas Aquinas, St. Thomas Moore, etc.
I have studied the Civil War, WWI, WWII, the Korean War, Vietnam War, Desert Storm, the War on Terror, the hundreds of conflicts forced on this nation.
In the war of ideas, and combat is just the result of the war of ideas, the better ideas always win.
Theodore White taught us that in his great book In Search of History.
And the better ideas are Republicanism and Judeo-Christianity.
For decades I have debated communists/socialists/progressives/lefties/democrats.
They argue "forces" determine history.
I have always argued that individuals -- Aristotle to Christ to Donald Trump-- determine history.
Even with the corrupt opposition media's 365/24/7 assault on the ideas, actions and followers of Donald J. Trump, even they cannot deny he is a force of history.
They may not like it, but they have to admit it.
President Trump, or his underlings, wrote to me twice.
That is a businessman's attention to detail.
The Vile, Vulgar, Violent Left Resist Campaign
Like many Constitutional Traditionalists, I have watched the campaign of the Left to oppose the President's campaign with violence and vulgarity go from bad to worse. Think ANTIFA.
What was done to heretics in the Middle Ages is amateur league compared to Dems, the media, social media tycoons, Hollywood producers, actors and actresses in their ability to use culture, social media, the schools, and deep state to silence any views that do not fit their accepted orthodoxy.
Also like many, the true Left believers, their atheism and socialist to communism fanaticism drives their daily lives and actions.
This is true even in my own family.
He has raised serious money for the Democrats, so much that he was seated behind Hillary Clinton at the Democratic National Convention.
He enforces socialism in all the unions that he represents.
He reminds them daily that Republicans and independent thought are forbidden.
He tells them they are only allowed to vote for Dems.
Anyone who disagrees is identified and finds no work.
My oldest brother is retired and watches CNN, MSNBC and PBS religiously.
He reads the New York Times daily and considers every word of it Gospel truth.
His wife is a Marxist feminist gender studies professor and dean who teaches at a Catholic college.
This will amuse you when you see her husbands anti-Catholicism as expressed in his emails to me.
Back when we were in contact, the would write me tweets and emails like this all day long.
Chaos King & Dystopian tRump gives a dark & truthless speech @ U.N. There are not enough pejorative adjectives to adequately describe how this Illegitimate President is destroying the fiber & heart of America!!!
At his Rally last night tRump confessed his love for Kim Il Jong. Cut-off from his usual supply of compliant bimbos by the glare of the Oval Office. the Orange Man has turned to man-love to fill his beastie needs!!!
You know it! I turn off the t.v. when he appears in it I switch the radio dial when his voice is played. I don’t read news stories about him. I keep asking God to take tRump home but he insists the Orange One is Earth’s penance for past sins!!!
"We have yet to touch upon the Catholic Church's pedophilia problem and
the Pope blaming Devils and asking for Saints to intercede after he
has elevated pedophiles to be Bishops. The existential threat to the
Catholic Church is internal and will play out in the next 10 years.
Here's a prediction you will like: The Cafholic Church will crumble
and disappear before the American Left."
has elevated pedophiles to be Bishops. The existential threat to the
Catholic Church is internal and will play out in the next 10 years.
Here's a prediction you will like: The Cafholic Church will crumble
and disappear before the American Left."
Ok, the gloves are off.
I pulled my punches in my email but you came back with a personal attack.
So here goes. My honest, heartfelt response to your efforts to shape the truth through the lens of your personal & political biases.
"Maybe you should look at the Trump Cult you and your son joined.
His Facebook Page is a sterling example of White Nationalism with its’ racist posts."
Trump: How do you support a man who has lied, not misspoke, but lied more than 4000 times (cf. NYT)?
How do you support a man who stole $431 Million dollars from his father’s estate (and siblings)?
How do you support a “business man” who drove six (6) businesses into bankruptcies?
I know, lies & conspiracies all, right?
As a Catholic, how do you support tRump Administration keeping migrant children (10,000+) in tents in the Texas desert with no plan to reunite them with their parents?
Twitter: I’m busted! I post 240 characters at a time and appreciate the opportunity to counter the Rights’ lying posts. I get 10,000 impressions (views) a month on average. Some individual tweets have gotten 2500 looks.
Sad.
He used to be creative, highly intelligent, a very good writer, in fact.
Now, he is a political hack.
Whatever the legacy media spouts...he believes.
He is clueless about how the CCP's information dominance controls his thinking.
I don't think I am alone in this split in my family.
It is going on everywhere.
God only knows how it will end.
Every day I include him in my rosary.
Prayer works where I fail.
I have no idea how to deal with his unrelenting ideology.
He wrote to me that my research on my Uncle MIA Frank Curley was a fetish due to my failure in the United States Air Force.
Hmmmmm...
Not sure where he got that.
He and his wife are "intellectuals."
She has a PhD in psychology so I guess that is where he got that dozy.
He does not know me, but presumes to judge me.
Lefty stuff.
Boring.
So I keep my distance to protect my family.
And protecting ones family is, after all, what it is all about in the end.
Labels:
Personal Honor
6/24/2018
Donald Trump's Thank You Note
Donald and Melanie Trump sent me a thank you for the gifts I sent them.
Those gifts were issues of the American Civil Defense Associations Journal of Civil Defense articles:
The genesis of my sending them on began one evening when I spoke to Sandra Huckabee Sanders as she put money in a parking meter with two interns.
I was on my way to hear James O'Keefe speak at the National Press Club.
I turned and asked her if I could send her the ISIS articles.
She said sure and was gracious enough to give me her card.
I sent them on three times over a period of nine months.
When I heard nothing back I thought they were never passed along.
Turns out, they were passed along.
Thank you, Sara! That's great.
As great is that President Trump and Melania sent me a thank you card to acknowledge receiving them. And the envelope was hand addressed.
Class move.
How many people do that these days?
Making America Great...one step at a time.
Those gifts were issues of the American Civil Defense Associations Journal of Civil Defense articles:
- Rollling Up ISIS Social Media Weapons
- ISIS Use of Social Media as a Force Multiplier
- Church Emergency Evacuation, Shelter in Place, or Lock Down
- Business Continuity Disaster Recovery Plan Outline
- Active Shooter, Bomb Threat, or Just Rumors
I also sent Donald Trump my EU GDPR White Papers.
And I sent on a few private strategy papers.
Guess he got them, or his staff did anyway.The genesis of my sending them on began one evening when I spoke to Sandra Huckabee Sanders as she put money in a parking meter with two interns.
I was on my way to hear James O'Keefe speak at the National Press Club.
I turned and asked her if I could send her the ISIS articles.
She said sure and was gracious enough to give me her card.
I sent them on three times over a period of nine months.
When I heard nothing back I thought they were never passed along.
Turns out, they were passed along.
Thank you, Sara! That's great.
As great is that President Trump and Melania sent me a thank you card to acknowledge receiving them. And the envelope was hand addressed.
Class move.
How many people do that these days?
Making America Great...one step at a time.
Labels:
Donald Trump's Thank You Note
5/31/2018
GDPR Security Holes and More White Paper
Despite the many rules and regulations, there are still security holes int he GDPR regime. For example, how does it handle the multitudes in any company's BYOD (Bring Your Own Device) platform? I analyse that security hole and others in my white paper below.
European Union General Data Protection Regulation (GDPR) Security Holes and More White Paper
GDPR Security Holes
Here is what a former Senior
Solutions Architect at Perficient has to say
about GDPR Security Holes. “Every place that I have worked at since the early
2000’s has had a BYOD (Bring Your Own Device) policy with set reimbursement
based on role. Very occasionally we would purchase tablets on the company dime
and they were usually replacing laptops. What has happened is that these
tablets have negatively impacted security, because consumer-based cloud
solutions were used when it was convenient for the users.
This reality of a mobile, disconnected workforce has
outweighed security concerns of their use. And we have gotten lazier: Neither
mobile devices nor laptops were encrypted and there was no effective way to
prevent leakage of data either due to lost devices or departing employees.”
How do we address this security hole? Perhaps use Airwatch to
protect the data?
Cleaning Up Redundant, Obsolete or Trivial Databaseshttps://www.ibm.com/blogs/think/nl-en/2017/03/20/upside-gdpr-potential-remedy-dark-data/
Think of all the data in production systems that nobody uses
anymore. And what about dark or unstructured data, fragmented in crumbs
throughout emails, presentations, phone notes, spreadsheets, and so much more?
Keeping data you don’t need for business or regulatory purposes can be
unhealthy in terms of IT cost and it can also put your company at greater risk
in a data breach – and on top of that, you may be basing your business
decisions on data that is incorrect or no longer relevant. Getting your
organization ready for GDPR might sound difficult, but it’s actually the
perfect opportunity to take on this issue as well.
Very likely, some of data we store is what we would call ROT:
redundant, obsolete or trivial. It has no business value, but may still cost
money to store and maintain. However, when it comes to its unstructured data,
we are usually looking at a totally different picture. Personal information may
have been shared in emails between the company and physicians. Sensitive
customer and client information may have been extracted from production systems
for analytical purposes.
And spreadsheets containing confidential customer and client
information from our organization may have been saved locally. Most
organizations don’t have insight into their unstructured data stores — which is
why it’s often referred to as dark data.
Under GDPR, we must assess what personal information we have,
where we keep it and what we are using it for. We can create business value
from our data by leveraging new insights based on reliable information. We can
improve our decision-making processes to serve customers better and more
efficiently — and gain their trust by securing their data at the same time.
So, we can add value for our customers and clients while
complying with GDPR regulations if we adapt this strategic approach.
IBM Security,
Outthink security threats with intelligence, integration, and expertise, Written Sep 26, 2016, Christina Thompson, IBM
Portfolio
I've been reading a ton lately on GDPR and find
it a fascinating topic, considering the amount of impact it will have on
businesses, not just in the EU but all over the world (because if you market
to, and process information of, EU data subjects then you will be impacted).Note: I don't believe — at this time — that you
can actually receive "certification" for GDPR compliance. But in my
findings, there are many things you can be doing to prepare for the privacy
regulations, such as the ones below.
Here are 2 GDPR webinars:
Webinar: The Journey to GDPR: Your Guide to Data Protection
Technology, Tools and Key takeaways are:
·
How does the new
technology landscape factor into the GDPR?
·
How do you get
started with your compliance program?
·
What kinds of
tools and assistance are available?
Key
takeaways are:
·
Get started on
the path to ‘know your data’, which is a key prerequisite to moving forward.
·
Learn how to
navigate knowing your data and then protecting personal data can help you with
your GDPR obligations.
·
Get pointed in
the right direction with 5 top tips to help you smoothly sail as you get ready
for the GDPR.
Two
helpful GDPR articles include:
GDPR Training and Certification
EUR-Lex — Access to European Union Law
THE NEW EU DATA PROTECTION REGIME FROM AN HR PERSPECTIVE
By Stefan Nerinckx, Tim Van Canneyt and Gaëtan
Goossens, Fieldfisher
INTRODUCTION
Just before Christmas and after years of negotiations,
the EU institutions agreed on the text of the EU's successor privacy
legislation: the General Data Protection Regulation (GDPR).
The GDPR will replace the 'patchwork quilt' of 28
different EU Member States' laws with a single, unifying data protection law,
which should lead to significantly greater data protection harmonization
throughout the EU.
In addition to harmonizing the EU data protection
legal framework, its main objectives are threefold:
·
First, the GDPR increases the
rights for individuals.
·
Secondly, it strengthens the
obligations for companies.
·
Thirdly, the GDPR dramatically
increases sanctions in case of non-compliance. Data protection regulators will
have the powers to impose fines up €20,000,000 or 4% of the total worldwide
annual turnover. Add to that the possibility for the regulators to impose a ban
on processing or the suspension of data transfers, the risk of class actions,
criminal sanctions and reputational damage, and it becomes clear that not
complying with the GDPR will not be an option.
For
these reasons, it is fair to say that the GDPR is the most important change in
data privacy law in the last twenty years.
Moreover, it will affect all businesses, all over the world - as every organization has employees and contacts, even if they don't have individual customers.
In this article, we will provide a recap of the most significant changes that the GDPR will bring from an HR perspective. Employers process lots of HR related personal data on a daily basis. How will they be affected by the GDPR and what steps should they take to become compliant with this new set of rules?
Moreover, it will affect all businesses, all over the world - as every organization has employees and contacts, even if they don't have individual customers.
In this article, we will provide a recap of the most significant changes that the GDPR will bring from an HR perspective. Employers process lots of HR related personal data on a daily basis. How will they be affected by the GDPR and what steps should they take to become compliant with this new set of rules?
WHERE DO PRIVACY AND HR MEET ON THE WORK FLOOR?
Maintaining
the balance between the protection of the privacy of the workers and the
prerogatives of the employer can be tricky in several circumstances such as in
the case of body searches on workers, camera surveillance, geolocation,
interrogation of workers, hotlines, the use of internet, email and social
networks, etc…. There are many laws that apply to this matter.
It starts with article 8 of the European Convention on Human Rights, which lays down rules concerning the protection of private and family life, the home and correspondence. Case law based on this article stipulates employees have the right to privacy, even in the workplace.
It starts with article 8 of the European Convention on Human Rights, which lays down rules concerning the protection of private and family life, the home and correspondence. Case law based on this article stipulates employees have the right to privacy, even in the workplace.
On
a national level, article 22 of the Belgian Constitution deals with privacy,
whereas article 29 relates to confidentiality of the mail. Article 314 bis of
the Penal Code addresses the tapping of telecommunications. Interception of
e-mail is covered by this legislation too.
Also
the Employment Contracts Act, which lays down, particularly in articles 16 and
17, the rights and obligations of the employer and the employee as well as
Collective Labor Agreement (CLA) 81 on the protection of the privacy of
employees with respect to the monitoring of electronic online communication
data in the workplace in the private sector are of importance. This list is not
exhaustive.
Furthermore, employers also process private information about their employees. In this area some major changes are to be expected very soon. Below you will find an overview.
Processing of HR-related data: harmonization but look out for additional local rules in the HR context
Furthermore, employers also process private information about their employees. In this area some major changes are to be expected very soon. Below you will find an overview.
Processing of HR-related data: harmonization but look out for additional local rules in the HR context
The
main objective of the GDPR is to harmonize data protection laws throughout the
EU. Where a group of companies is established in several EU Member States, the
rules applicable to the processing of HR-related personal data will now be the
same. This is an important improvement for big multinationals, which are quite
often struggling to comply with the 28 local flavors of EU data protection law.
There is, however, an important caveat to be made with regard to personal data in the employment context. The GDPR expressly authorizes individual Member States to implement more specific rules in respect of the processing of HR-related personal data.
This carve-out means that specific rules regarding the processing of personal data for the purpose of recruitment, the performance of the employment contract, diversity, health and safety, etc. may still be adopted on a national level.
For HR professionals, it will therefore remain important to continue to follow national law developments in the field of privacy in the workplace, in addition to the more generic GDPR.
There is, however, an important caveat to be made with regard to personal data in the employment context. The GDPR expressly authorizes individual Member States to implement more specific rules in respect of the processing of HR-related personal data.
This carve-out means that specific rules regarding the processing of personal data for the purpose of recruitment, the performance of the employment contract, diversity, health and safety, etc. may still be adopted on a national level.
For HR professionals, it will therefore remain important to continue to follow national law developments in the field of privacy in the workplace, in addition to the more generic GDPR.
A BROADER SCOPE AND A GLOBAL IMPACT
The
GDPR will not only apply to employers processing the personal data of their
employees, but also to HR service providers that process such data on behalf of
the employer ("data processors"). This is an important change
compared to the current legal framework, where HR service providers (e.g.
social secretariats, providers of HRIS solutions) only have a contractual
obligation vis-Ã -vis the employer but are not directly accountable for
complying with the data protection regulations.
The
GDPR will also affect non-EU affiliates of a multinational if all HR data is
stored in a central system, accessible to affiliates worldwide. While the
mechanism for cross-border transfers of personal data has not been materially
changed compared to the existing rules, it will become more important for
companies to have a good understanding of the different HR data flows within
and outside of the group in view of implementing the required mechanisms to
legitimize these cross-border data transfers, especially since the European
Court of Justice ruled that the EU-US Safe Harbor can no longer be relied on.
For intra-group cross-border transfers, Binding Corporate Rules (BCR) will become a more important and attractive means of achieving compliance under the GDPR. BCRs are now expressly mentioned in the GDPR as a lawful means of transferring personal data to group companies outside the EU, and the process for getting them approved has been further streamlined.
For intra-group cross-border transfers, Binding Corporate Rules (BCR) will become a more important and attractive means of achieving compliance under the GDPR. BCRs are now expressly mentioned in the GDPR as a lawful means of transferring personal data to group companies outside the EU, and the process for getting them approved has been further streamlined.
MORE DIFFICULT TO RELY ON CONSENT
This
is a highly relevant topic in the context of HR-related data processing. Today,
a lot of companies process personal data of employees on the basis of their
consent. Over recent years, this approach has been increasingly criticized.
People questioned the validity of consent given by an employee, on the basis that the latter did not really have a choice due to the hierarchal relationship and the imbalance resulting therefrom. The GDPR wants to reinforce the value of consent given by a data subject. It therefore requires that consent be given unambiguously.
People questioned the validity of consent given by an employee, on the basis that the latter did not really have a choice due to the hierarchal relationship and the imbalance resulting therefrom. The GDPR wants to reinforce the value of consent given by a data subject. It therefore requires that consent be given unambiguously.
This
means the consent must be given freely, specifically and on an informed basis.
For the consent to be given freely, the refusal to give the consent should not
be detrimental to the data subject. Moreover, when the consent is given through
a declaration that also regulates other matters, the consent to the processing
of data has to be clearly distinguishable from other matters to be valid.
This means that employers will need to carefully re-assess the legal ground on the basis of which they process HR-related data. Where they rely on consent, they will need to check whether they meet all the requirements imposed by the GDPR and bear in mind that free consent implies that it may be revoked at any time.
In most cases, companies will need to move to one of the other legal grounds to (continue to) process HR-related personal data. This could be the contractual necessity (e.g. for the processing of employee payment data), a legal obligation (e.g. for the processing of employee data in relation to social security) or the legitimate interest of the employer (e.g. in the context of employee monitoring).
However, the latter legal grounds all have their restrictions and must be narrowly construed. It may well be that a company will have to stop processing the data or limit the range of data processed, where it cannot rely on any of the legal grounds for processing laid down in the GDPR.
This means that employers will need to carefully re-assess the legal ground on the basis of which they process HR-related data. Where they rely on consent, they will need to check whether they meet all the requirements imposed by the GDPR and bear in mind that free consent implies that it may be revoked at any time.
In most cases, companies will need to move to one of the other legal grounds to (continue to) process HR-related personal data. This could be the contractual necessity (e.g. for the processing of employee payment data), a legal obligation (e.g. for the processing of employee data in relation to social security) or the legitimate interest of the employer (e.g. in the context of employee monitoring).
However, the latter legal grounds all have their restrictions and must be narrowly construed. It may well be that a company will have to stop processing the data or limit the range of data processed, where it cannot rely on any of the legal grounds for processing laid down in the GDPR.
RESPECT THE INCREASED RIGHTS OF YOUR EMPLOYEES
The
GDPR significantly enhances the rights of data subjects.
Firstly, with regard to the right to information, employers will need to provide more detailed information as to the how and why of the processing of HR-related personal data. This long list of information to be provided aims at giving more transparency to the processing of data and by doing so enhancing security.
Secondly, employees have a right of access to their data and a right to have inaccurate data rectified. These existing rights have been modified in order to bring more clarity but they are not extended that much.
Finally, under the new so-called right to be forgotten, employees will be entitled to require the employer to erase personal data about them in certain circumstances. This may be the case where the data are no longer necessary for the purpose for which they were originally collected, or where the employee has withdrawn his/her consent.
Firstly, with regard to the right to information, employers will need to provide more detailed information as to the how and why of the processing of HR-related personal data. This long list of information to be provided aims at giving more transparency to the processing of data and by doing so enhancing security.
Secondly, employees have a right of access to their data and a right to have inaccurate data rectified. These existing rights have been modified in order to bring more clarity but they are not extended that much.
Finally, under the new so-called right to be forgotten, employees will be entitled to require the employer to erase personal data about them in certain circumstances. This may be the case where the data are no longer necessary for the purpose for which they were originally collected, or where the employee has withdrawn his/her consent.
ACCOUNTABILITY – COMPANIES MUST BE ABLE TO DEMONSTRATE COMPLIANCE
The
GDPR introduces a number of new obligations for companies, which should trigger
a shift from paper-based compliance to actual and demonstrated compliance in
the field. As a result, the obligations to notify processing activities to the
data protection authorities will be abolished.
Instead, the GDPR expects companies to implement a number of measures such as: appointment of a (mandatory) data protection officer, carrying out (mandatory) privacy impact assessments and (mandatory) consultation with the data protection authorities before new data processing activities are commenced, as well as keeping records of all their processing activities. These new obligations will have a significant impact on how companies approach projects that involve the processing of personal data.
Instead, the GDPR expects companies to implement a number of measures such as: appointment of a (mandatory) data protection officer, carrying out (mandatory) privacy impact assessments and (mandatory) consultation with the data protection authorities before new data processing activities are commenced, as well as keeping records of all their processing activities. These new obligations will have a significant impact on how companies approach projects that involve the processing of personal data.
IMPLEMENT A DATA BREACH NOTIFICATION PROGRAM
On
top of the accountability package, the GDPR introduces a general obligation to
notify data breaches. While most US-based companies are already familiar with
the concept, this will be an important change for many EU businesses and one
that they do not particularly look forward to.
Where a company suffers a data breach, as a rule it must notify the data protection regulator within 72 hours. If the notification is not done within 72 hours, there has to be a justification for this delay.
If the data breach relates to HR-related data, the employer must notify the affected employees without undue delay if the breach is likely to result in a high risk to his/her rights and freedoms. To avoid notification fatigue, the GDPR contains a few exceptions to this rule, e.g. if the data was encrypted.
Where a company suffers a data breach, as a rule it must notify the data protection regulator within 72 hours. If the notification is not done within 72 hours, there has to be a justification for this delay.
If the data breach relates to HR-related data, the employer must notify the affected employees without undue delay if the breach is likely to result in a high risk to his/her rights and freedoms. To avoid notification fatigue, the GDPR contains a few exceptions to this rule, e.g. if the data was encrypted.
CONCLUSION
It
is difficult to overstate the importance of the GDPR and it is clear that it
will significantly affect all businesses. Employers will need to very carefully
assess their current HR-related processing activities and identify the gaps
with the GDPR. On the basis of this gap analysis, they will need to update
their existing procedures and implement the required mechanisms to comply with
the new obligations. Failure to do so may result in significant fines or other
enforcement measures that could materially impede their business.
While the GDPR will only become effective in about two years from now, it is critical to start preparing the transition to new regime as soon as possible. Indeed, the sheer scale and breadth of the changes will require a significant investment of time and resources to ensure a company's data processing policies and IT landscapes are compliant with the new rules.
Belgian State Secretary for Privacy Bart Tommelein has stated that, prior to the entry into force of the GDPR, Belgium will make changes to the current Privacy Act. This means that a number of the obligations under the GDPR will become effective under Belgian law before its official entry into force. Other EU countries may take a similar approach.
To make it simple Varonis provide some really simple infographics to understand GDPR.
The GDPR significantly enhances the rights of data subjects.
While the GDPR will only become effective in about two years from now, it is critical to start preparing the transition to new regime as soon as possible. Indeed, the sheer scale and breadth of the changes will require a significant investment of time and resources to ensure a company's data processing policies and IT landscapes are compliant with the new rules.
Belgian State Secretary for Privacy Bart Tommelein has stated that, prior to the entry into force of the GDPR, Belgium will make changes to the current Privacy Act. This means that a number of the obligations under the GDPR will become effective under Belgian law before its official entry into force. Other EU countries may take a similar approach.
To make it simple Varonis provide some really simple infographics to understand GDPR.
The GDPR significantly enhances the rights of data subjects.
Firs, for the right to information, employers will need to
provide more detailed information as to the how and why of the processing of
HR-related personal data. This long list of information to be provided aims at
giving more transparency to the processing of data and by doing so enhancing
security.
Second, employees have a right of access to their data and
a right to have inaccurate data rectified. These existing rights have been
modified in order to bring more clarity but they are not extended that much.
Finally, under the new so-called right to be forgotten,
employees will be entitled to require the employer to erase personal data about
them in certain circumstances. This may be the case where the data are no
longer necessary for the purpose for which they were originally collected, or
where the employee has withdrawn his/her consent.
The GDPR introduces a number of new obligations for
companies, which should trigger a shift from paper-based compliance to actual
and demonstrated compliance in the field. As a result, the obligations to
notify processing activities to the data protection authorities will be
abolished.
Instead, the GDPR expects companies to implement a number
of measures such as: appointment of a (mandatory) data protection officer,
carrying out (mandatory) privacy impact assessments and (mandatory)
consultation with the data protection authorities before new data processing
activities are commenced, as well as keeping records of all their processing
activities.
These new obligations will have a significant impact on
how companies approach projects that involve the processing of personal data.
On top of the accountability package, the GDPR introduces
a general obligation to notify data breaches. While most US-based companies are
already familiar with the concept, this will be an important change for many EU
businesses and one that they do not particularly look forward to.
Where a company suffers a data breach, as a rule it must notify the data protection regulator within 72 hours. If the notification is not done within 72 hours, there has to be a justification for this delay.
Where a company suffers a data breach, as a rule it must notify the data protection regulator within 72 hours. If the notification is not done within 72 hours, there has to be a justification for this delay.
If the data breach relates to HR-related data, the
employer must notify the affected employees without undue delay if the breach
is likely to result in a high risk to his/her rights and freedoms. To avoid
notification fatigue, the GDPR contains a few exceptions to this rule, e.g. if
the data was encrypted.
For HR professionals, it will therefore remain important
to continue to follow national law developments in the field of privacy in the
workplace, in addition to the more generic GDPR.
The GDPR will not only apply to employers processing the
personal data of their employees, but also to HR service providers that process
such data on behalf of the employer (data processors).
This is an important change compared to the current legal
framework, where HR service providers only have a contractual obligation
vis-Ã -vis the employer but are not directly accountable for complying with the
data protection regulations.
But how companies are taking GDPR so far?
According to Help Net Security, 97
percent of companies don’t have a GDPR plan. Explanation of this survey can
found on the provided link.
Also go through the best practices to address GDPR
requirement from Help
Net Security. According to them the main practices
are:
·
Hire a data protection officer (DPO)
·
Deploy an access governance solution
·
Control access managemen
·
Protect the Network
·
Facilitate secure mobile access
·
Ensure email security
And these are definitely adding value for any organization
for their data security strategy. As there are lots of data protection
challenges and issues for the organization and one must need to take it very
seriously to avoid any legal consequences and high penalties.
Another interesting aspects are the data protection issues
and it is always a wise choice to look after over the data protection issues
from the beginning and plan accordingly. What are the Top Data Protection
issues for HR Professionals? According to SQUIRE
SANDERS, an international law firm here are the top ones.
Data Breach Response
EU Data Protection Rules impose specific requirements for
storing, processing and transferring personal data about EU employees –
employer’s liability exposure is increased by failure to prepare for data breach
incidents.
Bring Your Own Device (BYOD)
EU Data Protection Rules impose obligations on data
controllers (employers) to ensure the security of personal data they hold about
their employees.
User devices can easily pass malware and viruses onto
company platforms and impact security levels. Combining personal data of
employees with company data may complicate compliance with EU data protection
rules.
HRIS Platforms
Employers must abide by EU data protection rules when
rolling out a global HR information system involving the processing of EU
employee data outside of Europe.
Employee Monitoring and Cross-Border Investigations
EU rules limit the ability of EU legal entities to process
personal data within Europe, and to transfer it to foreign affiliates and third
parties, including non-EU governmental authorities.
Data Subject Access Requests
EU data protection rules give employees the right to
access personal data about them that is held by their employer, and also to
correct inaccurate information or request its deletion.
Proposed EU Data Protection Regulation
A new and highly controversial Regulation on data
protection is currently being debated by the EU institutions and, if adopted,
will become directly enforceable law in all EU Member States.
There are many more and companies definitely need to take
them seriously. It’s important that employers understand their
responsibilities and potential liabilities under data protection law.
Employers that ignore their legal obligations risk
reputational damage and potential prosecution in the courts. However, our
research shows that, where employees feel they are under excessive monitoring
or surveillance, they have more negative attitudes to their employer and are
more likely to suffer from stress.
Employers should therefore develop policies in this area
that take a compliant, but balanced, approach and ensure that employees are
aware of, and understand their rights and obligations under data protection
law.
GDPR and the UK (Brexit Question)
https://www.shrm.org/resourcesandtools/legal-and-compliance/employment-law/pages/eu-data-protection-regime.aspx
Europe's new data protection legal framework is set
out in the General Data Protection Regulation (GDPR), which will come into
force in all EU Member States on May 25, 2018, including the U.K. Key points
follow.
Key Points
1. A new EU data protection regime came into force on all EU Member States on 25 May
2018.
2. The GDPR
will apply to the U.K. and is likely to apply after the U.K. leaves the
EU. The U.K. will still be a Member State of the EU on 25 May 2018. The
GDPR comes into effect for all Member States, and so will come into force in
the U.K. The U.K. will retain the GDPR following Brexit.
3. The GDPR is evolutionary rather than
revolutionary. The GDPR does not mark a radical departure from the current
data protection regime (i.e., in the U.K. under the Data Protection Act 1998
(DPA)). There are, however, certain key changes that will focus attention in
the pensions industry.
4. There are four key developments that will affect
the pensions industry the most. The GDPR contains four key developments that
trustees, employers and the pensions industry will need to grapple with. These
are:
More detailed privacy notices, while still being
concise and easily understood.
·
Overlapping controller and
processor obligations, especially around security.
·
Mandatory breach notification
to regulators and members.
·
More severe sanctions for
noncompliance.
·
What's Happening on Data
Protection?
Regardless of the progress of Brexit negotiations, it
is very likely that the U.K. will still be a Member State of the EU on May 25,
2018. The GDPR will therefore apply to data controllers and processors in the
U.K. on and from this date and the Great Repeal Bill will translate the GDPR
into national law.
The Information Commissioner has also made it clear
she expects that the U.K. will want to keep in step with European data
protection standards after we leave the EU in order to facilitate cross-border
transfers but also as many U.K. controllers and processors will process
personal data of European citizens and are therefore caught by the GDPR in any
event as it has extraterritorial effect.
Pension scheme trustees will, therefore, need to comply with the GDPR from May 25, 2018.
Pension scheme trustees will, therefore, need to comply with the GDPR from May 25, 2018.
With just over one year to go until the GDPR goes into
force, it is now time to map your data flows and start reviewing current
policies, procedures, systems and practices and ensuring you understand your
data protection obligations.
The new law is not as radical a departure from the old law as might have been feared. Broadly speaking, data processes that are lawful under the U.K.'s DPA are likely to remain lawful under the GDPR. This should provide some comfort to trustees to the extent they are compliant with the current legal requirements. This is, however, subject to four important changes that are particularly relevant to pension schemes.
The new law is not as radical a departure from the old law as might have been feared. Broadly speaking, data processes that are lawful under the U.K.'s DPA are likely to remain lawful under the GDPR. This should provide some comfort to trustees to the extent they are compliant with the current legal requirements. This is, however, subject to four important changes that are particularly relevant to pension schemes.
What Are the Key Changes for Pensions Under the GDPR?
1. More detailed privacy notices. The
requirements relating to privacy notices under GDPR are more detailed and
specific than under the DPA and place more emphasis on making them
understandable and accessible. Privacy notices will need to contain additional
information, such as details of the legal basis for the processing of the
personal data that is held.
Existing privacy notices will therefore need to be
reviewed and updated accordingly.
2. Overlapping controller and processor obligations,
especially around security. Under the GDPR, data processors (i.e., those
who process personal data on behalf of a data controller, such as a scheme
administrator) will, for the first time, be subject to direct legal
obligations. This significant exposure to additional legal liability will make
compliance a higher priority among actuaries, employee benefit consultants and
other advisers.
In addition, the GDPR will require agreements between
trustees and these parties to cover various data protection issues. Data
controllers (such as trustees) are not relieved of their obligations under the
GDPR even if they have delegated to a third-party data processor.
3. Mandatory breach notification to regulators and
members. Under the GDPR, breaches of the data protection requirements must
be reported to the national supervisory bodies (i.e. the Information
Commissioner's Office in the U.K.) within 72 hours. If breaches are likely to
result in a high risk to the rights and freedoms of data subjects (i.e.,
pension scheme members, employees etc.), the breach has to be communicated
directly to the affected persons without undue delay.
4. More severe sanctions for noncompliance. The
GDPR imposes significantly greater fines for non-compliance, up to the greater
value of €20 million and 4 percent of global annual turnover for the majority
of data processing that is relevant for the pensions industry.
Author: Jason Coates is an attorney with Gowling WLG
in London. ©2017 Gowling WLG. All rights reserved. Reposted with
permission of Lexology.
Subscribe to:
Posts (Atom)