UPCOMING IN-PERSON EVENTS: The Schellman team will be around the country at events the week of June 5th

Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Privacy | GDPR | TCF

By: James Hunter
April 28th, 2022

Founder of Apple, Steve Jobs, once remarked, “Privacy means people know what they’re signing up for, in plain language, and repeatedly. I believe people are smart. Some people want to share more than other people do. Ask them.” 

Blog Feature

Privacy | GDPR | CoC | Code of Conduct

By: Schellman
August 13th, 2021

The EU Cloud CoC General Assembly recently welcomed Schellman & Company as the newest supporting member of the EU Cloud Code of Conduct (CoC). Read the official press release below or on the EU Cloud CoC website.

Blog Feature

Privacy | GDPR | thought leadership

By: MICHAEL MELHEM
May 28th, 2019

Giant strides have been made in privacy rights and regulations in Europe and many parts of the globe ever since the General Data Protection Regulation (GDPR) became enforceable on May 25th, 2018. In a world with serious impediments to my privacy and yours, the GDPR, to varying degrees of success, has been slowly leveling the field in how personal data is treated; rest assured, it’s a lot more than the privacy e-mail updates you’ve been receiving and the website cookie banners you’ve been accepting. In layman’s terms, the GDPR mandates requirements for storing, processing, accessing, and protecting personal data. We’ve all heard it – failure to comply with the Regulation attracts staggering fines of up to 4% annual global turnover of the prior financial year, or €20 million, whichever is higher. Despite the laundry list of concerns surrounding the Regulation, there has been reasonable progress since the enforcement date. Here are some notable observations since the inception of GDPR that you should know:

Blog Feature

GDPR | CaCPA

By: KEVIN KISH
September 4th, 2018

Organizations across the globe are making their way back to the ‘war room’ to analyze their applicability against one of the most comprehensive data privacy laws sweeping the US, the California Consumer Privacy Act of 2018 (“CaCPA”).  The CaCPA, approved on June 28th, 2018, was designed to give consumers (i.e. Californians) control over the use, including the sale, of their personal information.  Conceptually, having similar characteristics to the European Union’s data protection regulation, including its ability to be enforced on a global platform.

Blog Feature

Privacy | GDPR

By: JAI CHANDARANA
August 1st, 2018

The General Data Protection Regulation (GDPR), which has now come into force, has a primary aim of strengthening the data rights of European Union residents. Moreover, it helps harmonize data protection laws for member states. The GDPR meets its objectives by imposing fines for entities that misuse user data. Astonishingly, the Regulation’s data breach fines can reach 4 percent of annual turnover for a business, or €20 million (approx. $23.4 million USD), whichever is higher. Organizations are now more than willing to disclose information about the data such as details about the data that is being collected and how the collected data is used.

Blog Feature

GDPR

By: KEVIN KISH
June 12th, 2018

Article originally published by TheStreet

Blog Feature

GDPR

By: KEVIN KISH
June 6th, 2018

“Up to 4 % of an undertaking’s global worldwide annual turnover for the preceding fiscal year” This is arguably the single most powerful (and certainly the most frightening) statement from the GDPR. The heavy consequences of noncompliance with the recently enacted regulation was most likely the catalyst that propelled many organizations’ readiness review for GDPR. At a high level, one may assume that you can compute your risk exposure simply by multiplying (.04 x Gross Annual Revenue). But it is not always that easy! This formula applies to organizations that are part of a single “undertaking” as defined by the regulation. For organizations that are not considered a single undertaking, the total exposure may be more difficult to calculate since the annual revenue totals may be part of a larger group of enterprises. This aspect of GDPR raises a number of critical questions, including the following: What is an “undertaking”? How do I know whether I am a single undertaking? If I am not a single undertaking, how do I compute my potential risk of noncompliance? Is a fine inevitable, or could I receive a lesser penalty? Read the full article on www.threatstack.com