The GDPR has a variety of wide-ranging impacts on internal and external business processes. In this MeetUp, we’ll examine a specific organization, and a few of the issues GDPR raises in Sales, Marketing, IT, and HR contexts. Come learn how GDPR impacts international organizations, with a look at the corporate response to these issues.

About the Speaker: Preston Bukaty works in the Legal/Compliance function at Trimble Inc., spearheading the global GDPR Project on issue identification and risk remediation across multiple sectors spanning the globe. Preston graduated from the Univ. of Kansas School of Law in 2014 and is bar-certified in Missouri and Colorado. Please note, information provided in this MeetUp does not constitute legal advice – only an appreciation of privacy issues and their impact on business.

You are welcome to join this group via MeetUp.com at https://www.meetup.com/meetup-group-coxjsIUF/.

This informative meeting will be held on Tuesday, May 22nd, 2018, at the Trimble office in Westminster: 10368 Westmoor Dr, Westminster, CO 80021.

If you are interested in speaking or sponsoring one of our MeetUp’s, please contact carlin@americancsm.com.

Details on GDPR specifics can be found on the EU’s official website: http://www.eugdpr.org/

*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts.

May 25, 2018, is nearly here. Is your business GDPR ready? Are you looking for technical solutions to help you overcome the new requirements? Did you know that data security is a foundational piece of the GDPR? Come enjoy discussing this topic with other like-minded folks. This MeetUp brings together privacy practitioners, GRC leads, and others interested in and leading their GDPR transformations. The goal of this group is to discuss and share learnings, emerging best practices, technical solutions, and keep up to date on regulation changes.

The next topic will be “GDPR: Article 32 and the Elastic Stack.” As GDPR Article 32 calls for Secure Processing, Matteo Rebeschini from Elastic will explain how the Elastic Stack can be used to facilitate compliance with this article.

You are welcome to join this group via MeetUp.com at https://www.meetup.com/meetup-group-coxjsIUF/.

This informative meeting will be held on Wednesday, April 25th, 2018, at the Trimble office in Westminster: 10368 Westmoor Dr, Westminster, CO 80021. (This meeting is normally held the 4th Tuesday of the month but needed to be rescheduled due to other MeetUp conflicts this same week.)

If you are interested in speaking or sponsoring one of our MeetUp’s, please contact carlin@americancsm.com.

Details on GDPR specifics can be found on the EU’s official website: http://www.eugdpr.org/

*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts.

American Cyber Security Management is proud to be a Silver sponsor of the 2018 Rocky Mountain Information Security Conference. The RMISC (https://www.rmisc.org/) is a premier security event in the Rocky Mountain Region for security and privacy experts. Once again ISSA and ISACA combine forces to organize this extremely well-attended event. It is held this May 8-10, 2018, at the Colorado Convention Center in downtown Denver Colorado.

Please stop by our booth this May, as our privacy and security experts will be on-hand to answer questions, schedule your assessment, or just catch up the daily breach events::
https://www.rmisc.org/be-a-sponsor-exhibitor/current-sponsors-and-exhibitors/

*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts.

Are you GDPR Ready?  May 25 2018 is just around the corner and the efforts are really heating up.  Please come enjoy discussing this topic with other like-minded folks. This MeetUp brings together privacy practitioners, GRC leads, and others interested in and leading their GDPR transformations. The goal of this group is to discuss and share learnings, emerging best practices, technical solutions, and keep up to date on regulation changes.

The next topic will be “GDPR and the Legal Basis for Processing: Is consent really required?”

This Meetup will cover the legal bases for processing under GDPR, including an analysis of the legitimate interests and other exceptions allowing for lawful processing, as well as the basic requirements for consent. Austin Chambers, CIPP/US, CIPP/C, CIPP/E, from Lewis Bess Williams and Weese will be presenting.

You are welcome to join this group via MeetUp.com at https://www.meetup.com/meetup-group-coxjsIUF/.

This informative meeting will be held on Tuesday, March 27th, 2018, at the Trimble office in Westminster: 10368 Westmoor Dr, Westminster, CO 80021.

Details on GDPR specifics can be found on the EU’s official website: http://www.eugdpr.org/

On an early April morning in 1953, Union Pacific 4005, known as “The Big Boy”, was hauling sixty-two cars westbound at nearly 70 miles per hour along the tracks in southern Wyoming. Weighing in at a whopping 1,200,000 pounds, Big Boy was the biggest steam locomotive ever built.

At about 9:55 AM, the massive locomotive barreled toward Red Desert where the switch operator had erroneously opened the siding switches due to a miscommunication in the morning’s track line-up message.

An eyewitness recounts the incredible event: “the head brakeman and the fireman were screaming at the top of their voices to the engineer, STOP, STOP, RED SWITCH AHEAD! But it was too late.”

The 4005 entered the open switch at 50 mph causing it to careen off the rails and skid along its left side tearing up rail and roadbed. The locomotive, tender, and first 18 cars derailed. The cab of the locomotive was destroyed as the tender tore into it twisting and smashing the metal. The first 12 cars were badly damaged and piled in a 70-foot high heap. The engineer and fireman aboard were killed instantly.

While the engineer had many controls in the main cab of the locomotive and made an emergency attempt to break, the train entered the siding rails at an unsafe speed nonetheless. The scattered load of dead hogs, tractors, typewriters, coal, sewing machines, and other goods was not the result of a single point of failure. Rather, it was the fault of a systemic breakdown in communication and culture.

What does this massive catastrophe teach us about privacy and responsible data stewardship? A massive breach of privacy data can feel just like the 4005 wreck. The collateral damages incurred due to a large-scale data breach are broad and not easily remedied. In order to prevent the loss of personal data, we must establish a culture of privacy by design and responsible data stewardship.

Realizing no single control can prevent a data disaster, we must retrofit existing process and design new systems employing these control planes:

• Visibility – “What assets are we protecting?”
• Audit-ability – “Are we compliant to applicable regulations?”
• Controllability – “Is the location and access to our data properly controlled?”
• Agility – “How quickly can we adapt to change?”
• Automation – “Are our processes repeatable?”
• Scale – “Are we scaling to meet the demands of our constituents?”

When we work these six control planes into our culture of design, we are better prepared to avoid a massive privacy train wreck. GDPR provides us with an opportunity to take a look at our existing maturity of data stewardship and the related risk levels. If we take advantage of the impending deadline to review our current posture, we can emerge with an improved opportunity for transformation and not just a “check-the-boxes” response.

*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts. Our Privacy specialists can help you make sense of and comply with GDPR.