Welcome!

Microservices Expo Authors: Flint Brenton, Liz McMillan, Pat Romanski, Elizabeth White, Charles Araujo

Related Topics: Open Source Cloud, @CloudExpo, Cloud Security, @DXWorldExpo

Open Source Cloud: Article

What GDPR Is and How to Comply with It | @ExpoDX #AI #GDPR #Security

GDPR is designed to help companies handle the data challenges of the 21st century

What GDPR Is and How to Comply with It: A Brief Guide

As you have probably heard, the EU commission signed the General Data Protection Regulation (GDPR) back in April 2016. The legislation is designed to help companies handle efficiently the data challenges of the 21st century and give strict guidelines as to how to work with massive flows of digital information. It is set to protect web users (data subjects) from malicious use and loss of their personal info and, also, to give people greater control over how their records are processed.

GDPR is to take effect on May 25, 2018.

Company runners still have time enough to modify organizational processes to comply fully with new security rules, and today we will explain how they should start.

What Exactly Is GDPR About?

What Exactly Is GDPR About?
First off, it outlines how companies that work with EU personal data should obtain client’s consent. It gives instructions on how they should collect/store/process personal information, and urges firms to report, in case of a hack or system failure, any data breaches.

It also puts an obligation on companies to prove accountability – every business should be able to demonstrate, vividly, that it’s compliant with the GDPR and that it grants extensive rights (concerning data) to both its customers and employees.

This piece of legislation is to be enforced upon every firm that works with the personal data of EU citizens, not just businesses that reside in the EU.


GDPR is to be enforced upon every firm that works with the personal data of EU citizens.
Click To Tweet


Second, it affords data subjects:

  • A right to be informed as to the purpose of the collection of their personal data
  • A right to get a copy of that information in its entirety and in a portable format
  • A right to have the personal records corrected
  • A right to restrict data processing
  • A right to have personal information erased from a company’s database (not an absolute right; if there’s a legal ground for a company to keep your data, it might, lawfully, reject such a request)
  • A right to object to automated personal data processing

Why Is GDPR Needed?
The currently active Data Protection Directive, too, has outlined a comprehensive system for securing personal information. But, adopted in 1995, it lacks regulatory policies for handling the vast data flows of the digital world.

Also, it is merely a directive. The EU state members themselves (not the EU parliament) decide how to translate the guidance and integrate it with their country laws. Therefore, the security framework a European country ends up with often varies greatly from that in a neighboring state.

The 1995 Data Protection Act does require companies in countries outside the EU, be they data controllers or processors, to provide a satisfiable level of security. However, since there’s been no enforcement, many businesses have chosen to neglect it.

What Are the New Obligations for Companies (Data Controllers and Data Processors) Under the GDPR?

What are the New Obligations for Companies (Data Controllers and Data Processors) Under the GDPR?

Again, the rules outlined by the law apply equally to companies in the EU area, those operating in the European market, and, in general, every firm that deals with personal info of European citizens.

The law requires companies to:

  • Be accountable and able to demonstrate compliance
  • Adopt the “privacy by design” approach
  • Appoint an EU representative (if a company itself is not residing in the EU zone)
  • Conduct due diligence on third-parties; ensure the right contracts are in place to work with businesses outside the EU
  • Store records of processing (which regulators might request to see at any time)
  • Have a system setup that allows a company to inform an authority about a data breach within 72 hours
  • Notify data subjects about data breaches (when the data lost is sensitive, and the probable damage is high)
  • Ensure there are technical and organizational measures taken to protect data rights of EU citizens
  • Conduct privacy risk assessments
  • Appoint a Data Protection Officer (for enterprises that store and/or process vast amounts of personal data)

What Should You Do?

What Should You Do?

Risk assessment, one of the key requirements outlined by the GDPR, is no strange procedure to enterprises around the world. Financial institutions especially are used to measuring financial, reputational and regulatory impacts of each possible information security fail.

However, it’s wrong to assume a company can get a pass by sticking to its standard processes in 2018. The new data protection act requires you to figure out how much damage a data breach can cause to a client’s privacy and integrity, not your organization, and take precautionary steps accordingly to that assessment.

The first thing CEOs should do is estimate who their data subjects are and how much information their companies are actually processing. This includes customers, employees, candidates who applied for a position at a firm and those who worked there in the past.

Also, establish precisely which type of data you work with. How personal is it? Health and criminal records, people’s religion and sexuality, sensitive financial information – a breach of these records could damage data subjects greatly. Therefore, if your company is one collecting such personal info, be sure to take on protection measures, technical and organizational, that are appropriate to the level of risk.

Besides that, we advise you to catalog the third-parties. An HR or a Performance Evaluation system – you’re probably using those, add them to the list. A CRM software? How about a software vendor(s) you’re outsourcing development to – do they have access to clients’ personal records? Determine clearly where your firm’s data is stored, who has access to it, and where the copies of it are.

An estimation of organizational risks will give you clarity as to the degree of compliance your firm should be aiming to achieve. Once it’s established, we suggest involving a legal team to check the lawfulness of your data processing (if it’s in line with the GDPR). If not, update the policies and, possibly, adopt new procedures.

If necessary (if you do collect lots of personal records) appoint a Data Protection Officer to ensure that every practice you have in place is one allowed under the GDPR.

Then, minimize the risks of data corruption by deleting the information your company no longer needs. Developers in tech firms create backups of the main production base each time they apply a modification. That is what they are used to doing to stay on the safe side but, paradoxically, that is what can get them in trouble once the GDPR comes into full force.

Duplicates, excess fields in systems (CRMs, CMSs, etc.) and overall, the records you firm can do without should be deleted.

Also, start building up a procedure for fulfilling, efficiently, the requests of data subjects. Work out a way to grant the aforementioned right to your clients and employees alike.

Finally, once everything else is done, move on to data protection impact assessment DPIA for the projects your firm is currently working on. Use the official GDPR guidelines.

Conclusion
As a company runner you should ask yourself these questions:

  • Do we have a legal ground to store and process the data we collect?
  • Should we apply pseudoanonymaztion and encryption so that if data is lost there’s less damage?
  • How many people at my organization have access to clients and employees data?

This will help you understand how your firm’s data collection and processing can be cleaned and improved.

The GDPR might seem daunting to adapt to, although, in fact, the principles it introduces largely resemble (and build upon) those in the currently active Data Protection Act. With a right amount of dedication, you can achieve the compliance without putting a whole lot of time and resources into it.

Would you like to hear more about GDPR and how to comply with it quickly? Reach out to our expert for a free consultation.

The post What GDPR is and How to Comply with It: A Brief Guide appeared first on Perfectial.


DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the conference tracks for CloudEXPO | DXWorldEXPO 2018 New York.

DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City.

Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.

A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Sponsorship Opportunities Here

Speaking Opportunities Here

Sponsorship and Speaking Inquiries: [email protected].

2018 Conference Agenda, Keynotes and 10 Conference Tracks

DXWordEXPO New York 2018 and Cloud Expo New York 2018 agenda present 222 rockstar faculty members, 200 sessions and 22 keynotes and general sessions in 10 distinct conference tracks.

  • Cloud-Native | Serverless
  • DevOpsSummit
  • FinTechEXPO - New York Blockchain Event
  • CloudEXPO - Enterprise Cloud
  • DXWorldEXPO - Digital Transformation (DX)
  • Smart Cities | IoT | IIoT
  • AI | Machine Learning | Cognitive Computing
  • BigData | Analytics
  • The API Enterprise | Mobility | Security
  • Hot Topics | FinTech | WebRTC

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

DXWorldEXPO | CloudEXPO 2018 New York cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 200 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor brings together the world's leading companies throughout the world of Cloud Computing, DevOps, FinTech, Digital Transformation, and all they entail.

As your enterprise creates a vision and strategy that enables you to create your own unique, long-term success, learning about all the technologies involved is essential. Companies today not only form multi-cloud and hybrid cloud architectures, but create them with built-in cognitive capabilities.

Cloud-Native thinking is now the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, as well as the public sector.

CloudEXPO is the world's most influential technology event where Cloud Computing was coined over a decade ago and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals.

FinTech Is Now Part of the DXWorldEXPO | CloudEXPO Program!

Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expensive intermediate processes from their businesses.

Accordingly, attendees at the upcoming 22nd CloudEXPO | DXWorldEXPO November 11-13, 2018 in New York City will find fresh new content in two new tracks called:

  • FinTechEXPO
  • New York Blockchain Event

which will incorporate FinTech and Blockchain, as well as machine learning, artificial intelligence and deep learning in these two distinct tracks.

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Sponsorship Opportunities Here

Speaking Opportunities Here

Sponsorship and Speaking Inquiries: [email protected].

FinTech brings efficiency as well as the ability to deliver new services and a much improved customer experience throughout the global financial services industry. FinTech is a natural fit with cloud computing, as new services are quickly developed, deployed, and scaled on public, private, and hybrid clouds.

More than US$20 billion in venture capital is being invested in FinTech this year. DXWorldEXPOCloudEXPO are pleased to bring you the latest FinTech developments as an integral part of our program.

DXWorldEXPO | CloudEXPO are accepting speaking submissions for this new track, so please visit Cloud Computing Expo for the latest information or contact us at [email protected]

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Sponsorship Opportunities Here

Speaking Opportunities Here

Sponsorship and Speaking Inquiries: [email protected].

Download Slide Deck ▸ Here

Only DXWorldEXPO | CloudEXPO bring together all this in a single location:

Attend DXWorldEXPO | CloudEXPO. Build your own custom experience. Learn about the world's latest technologies and chart your course to Digital Transformation.

22nd International DXWorldEXPO | CloudEXPO, taking place November 11-13, 2018, in New York City, will feature technical sessions from a rock star conference faculty and the leading industry players in the world.

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Sponsorship Opportunities Here

Speaking Opportunities Here

Sponsorship and Speaking Inquiries: [email protected].

Download Slide Deck: ▸ Here

Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS - software, platform, and infrastructure as a service.

With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.

Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers.

Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)

Sponsorship Opportunities Here

Speaking Opportunities Here

Sponsorship and Speaking Inquiries: [email protected].

Download Slide Deck: ▸ Here

Companies are each developing their unique mix of cloud technologies and services, forming multi-cloud and hybrid cloud architectures and deployments across all major industries. Cloud-driven thinking has become the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, and the public sector.

Sponsorship Opportunities

DXWorldEXPO | CloudEXPO are the single show where technology buyers and vendors can meet to experience and discus cloud computing and all that it entails. Sponsors of DXWorldEXPO | CloudEXPO will benefit from unmatched branding, profile building and lead generation opportunities through:

  • Featured on-site presentation and ongoing on-demand webcast exposure to a captive audience of industry decision-makers.
  • Showcase exhibition during our new extended dedicated expo hours
  • Breakout Session Priority scheduling for Sponsors that have been guaranteed a 35-minute technical session
  • Online advertising on 4,5 million article pages in SYS-CON's i-Technology Publications
  • Capitalize on our Comprehensive Marketing efforts leading up to the show with print mailings, e-newsletters and extensive online media coverage.
  • Unprecedented PR Coverage: Unmatched editorial coverage on Cloud Computing Journal.
  • Tweetup to over 100,000 plus Twitter followers
  • Press releases sent on major wire services to over 500 industry analysts.

Secrets of Our Most Popular Sponsors and Exhibitors ▸ Here

For more information on sponsorship, exhibit, and keynote opportunities, contact [email protected].

Sponsorship Opportunities Here

Download Slide Deck:Here

Speaking Opportunities

The upcoming 22nd International DXWorldEXPO | CloudEXPO November 11-13, 2018 in New York City, NY announces that its Call For Papers for speaking opportunities is now open.

Secrets of Our Most Popular Faculty Members ▸ Here

Submit your speaking proposal Here or by email [email protected].

Download Slide Deck: ▸ Here

About DXWorldEXPO LLC

DXWorldEXPO LLC is a Lighthouse Point, Florida-based trade show company and the creator of DXWorldEXPODigital Transformation Conference & Expo. The company produces and presents CloudEXPO, DevOpsSummitFinTechEXPO Blockchain Event, the world's most influential conferences and trade shows.

More Stories By Rostyslav Demush

Ross Demush is a digital marketing specialist at custom software development company Perfectial, a leading provider of web & mobile development services, specializing in FinTech, Real Estate, Media & Entertainment & eLearning.

@MicroservicesExpo Stories
Don’t go chasing waterfall … development, that is. According to a recent post by Madison Moore on Medium featuring insights from several software delivery industry leaders, waterfall is – while still popular – not the best way to win in the marketplace. With methodologies like Agile, DevOps and Continuous Delivery becoming ever more prominent over the past 15 years or so, waterfall is old news. Or, is it? Moore cites a recent study by Gartner: “According to Gartner’s IT Key Metrics Data report, ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
"This all sounds great. But it's just not realistic." This is what a group of five senior IT executives told me during a workshop I held not long ago. We were working through an exercise on the organizational characteristics necessary to successfully execute a digital transformation, and the group was doing their ‘readout.' The executives loved everything we discussed and agreed that if such an environment existed, it would make transformation much easier. They just didn't believe it was reali...
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, will discuss how customers are able to achieve a level of transparency that e...
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
"Opsani helps the enterprise adopt containers, help them move their infrastructure into this modern world of DevOps, accelerate the delivery of new features into production, and really get them going on the container path," explained Ross Schibler, CEO of Opsani, and Peter Nickolov, CTO of Opsani, in this SYS-CON.tv interview at DevOps Summit at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Docker is sweeping across startups and enterprises alike, changing the way we build and ship applications. It's the most prominent and widely known software container platform, and it's particularly useful for eliminating common challenges when collaborating on code (like the "it works on my machine" phenomenon that most devs know all too well). With Docker, you can run and manage apps side-by-side - in isolated containers - resulting in better compute density. It's something that many developer...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...
Many organizations are now looking to DevOps maturity models to gauge their DevOps adoption and compare their maturity to their peers. However, as enterprise organizations rush to adopt DevOps, moving past experimentation to embrace it at scale, they are in danger of falling into the trap that they have fallen into time and time again. Unfortunately, we've seen this movie before, and we know how it ends: badly.
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis tool. It is an extremely lightweight tool that can integrate with pretty much any build process right now," explained Andrew Siegmund, Application Migration Specialist for CAST, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"We view the cloud not as a specific technology but as a way of doing business and that way of doing business is transforming the way software, infrastructure and services are being delivered to business," explained Matthew Rosen, CEO and Director at Fusion, in this SYS-CON.tv interview at 18th Cloud Expo (http://www.CloudComputingExpo.com), held June 7-9 at the Javits Center in New York City, NY.
You often hear the two titles of "DevOps" and "Immutable Infrastructure" used independently. In his session at DevOps Summit, John Willis, Technical Evangelist for Docker, covered the union between the two topics and why this is important. He provided an overview of Immutable Infrastructure then showed how an Immutable Continuous Delivery pipeline can be applied as a best practice for "DevOps." He ended the session with some interesting case study examples.
In his session at Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to maximize project result...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Archi...