Connect with us

Science & Technology

GDPR Clock is Ticking for the US Companies as Well: Top 7 Tips to Get Ready

Jasna Čošabić, PhD

Published

on

General Data Protection Regulation is about to be applicable as from 25 May 2018. Its long-arm teritorrial reach brings obligations not only to EU establishements, but to US based companies as well. Global connection through internet especially underlines the likelihood of such broad application and it will impact US businesses.One of the prerequisits for safe transfer of data between the EU and US is already accomplished by the EU-US Privacy Shield agreement. The European Commission has considered this agreement as providing adequate guarantees for transfer of data. Under Privacy Shield scheme companies may self-certify and adhere to principles stated therein. Yet, there is still less then 3000 companies in the US participating in the Privacy Shield. But GDPR safeguards have still to be followed. Below, we shall look at some of the most profound aspects of compliance with GDPR for the US (non-EU) based companies.

Data protection officer

Although it is not obligatory pursuant the GDPR, it is advisable that a company appoints a data protection officer (‘DPO’) or designate that role to a specific position in the company. DPOcan also be externally appointed. There may be a single DPO for several companies or several persons designated with DPO role in one company. The position needs not necessarily to follow such a title, but it may be a privacy officer, compliance officer, etc. Such person should possess expert knowledge about the GDPR and data privacy, and may have legal, technical or similar background. GDPR was not specific as to requirements of that person, apart from possesing expert knowledge. Role of DPO is toinform, monitor, advise, the controller, processor or employees, to cooperate with supervisory authority, provide training of staff, help in performing data protection impact assesment.

Data Protection Impact Assesment

The further step that companies affected by the GDPR including US companies should do in order to evaluate the risk of data breach is to perform a data protection impact assesment (‘DPIA’). DPIA is a thorough overview of the processes of the company, and can be done with the help of data protection officer. It may include a form or a template with a series of questions, which have to be answered for each processing activity. DPIA has to be detailed and cover all operations in the company. The function of DPIA is to predict situations in which data breaches may occur, and which include processing of private data. DPIA should contain, pursuant to Article 35 of the GDPR, a systematic description of the envisaged processing operations and the purposes of the processing, an assessment of the necessity and proportionality of the processing operations in relation to the purposes, an assessment of the risks to the rights and freedoms of data subjects referred to in paragraph, the measures envisaged to address the risks, including safeguards and security measures. DPIA is a very useful way of showing compliance and it is also a tool that would help to company at the first place, to have an overview of processing activities and an indication of where a breach could happen.

EU representative

A US company (non-EU based company) has to appoint an EU representative if its businessrelates to offering of goods or services to natural persons in the EU, including even free goods or services, or when processing is related to monitoring of behaviour of data subjects in the EU. Behaviour may include monitoring internet activity of data subjects in order to evaluate or predict her or his personal preferences, behaviors and attitudes. EU representative is not obligatory when the processing is occasional or does not include processing on a large scale of special categories of data such as genetic data, biometric data, data concerning health, ethnic origin, political opinions, etc. and when it is unlikely to result in a risk to the rights and freedoms of natural persons. However, given that the exceptions from the duty of designation of EU representative are pretty vague, in most cases companies whose operations are not neglectable towards persons in the EU would have to appoint a reprsentative. Location of such representative would be in one of the EU Member states where the data subjects are located. Representative should perform its tasks according to the mandate received from the controller or processor, including cooperating with the competent supervisory authorities regarding any action taken to ensure compliance with this Regulation, and he/she is also liable and subject to enforcement in case of non-compliance.

Consent matters

GDPR is overwhelmed with one key word of respect the privacy:consent. If companies wish to process data of natural persons that are in the EU, they must first obtain consent to do that. Consent must be freely given, informed, specific and unambigous.

Freely givenconsent presupposes that data subject must not feel pressured, or urged to consent, or subjected to non-negotiable terms. Consent is not considered as freely given if the data subject has no genuine or free choice.Data subject must not feel reluctant to refuse consent fearing that such refusal will bring detrimental effect to him/her. If the consent is preformulated by the controller, which is usually the case, the language of the consent must be clear and plain and easily understandable for the data subject. Further, if there are several purposes for the processing of certain data, consent must be given for every purpose separately. Consent must be specific and not abstract or vague. Silence, pre-ticked boxes or inactivity is not to be considered as consent under GDPR.

Informed consent means that data subject must know what the consent is for. He/she must be informed about what the consent will bring and there must not be any unknown or undeterminedissues. It is a duty of controller to inform data subject about scope and purpose of consent, and such information must be in clear and plain language. But, one must be careful that, as today in the world of fast moving technologies we face overflow of consentsa person has to give in short period of time, there may be an occurrence of ‘click fatigue []1’, which would result in persons not reading the information about the consent and clicking routinely without any thorough thinking. So, the controllers would have to make, by their technical design, such form of a consent, that would make the person read and understand his or her consent. It could be a combination of yes and no questions, changing of place of ticking boxes, visually appealing text accompanying consent, etc.

Consent must be unambiguous, or clearly given. There must not be space for interpretation whether consent is given for certain purpose or not. As to the form of the consent, it may be by ticking a box, choosing technical settings and similar (Recital 32 GDPR).

Data subject gives his consent for the processing of his personal data. However, companies have to bear in mind that data concept in the EU is broadly understood, and that it includes all personally identifiable information (PII), ranging from obvious data such as name and postal address, to less obvious data, but still PII covered by GDPR, such as IP address [2]. On the other hand the IP address is not that clearly considered as PII in the US. In that regard, the protection in the US must be stricter, obliging US based companies to also apply broader EU standards.

Privacy by design implemented

Privacy by design is a concept which brings together the legal requirements and technical measures. It is a nice and smooth way of incorporating law into technical structure of business. Privacy by design, if applied properly at the outset, shall ensure the compliance with the GDPR requirements. It should point out to principles of data minimisation, where only data which is necesssary should be processed, storage limitation, which would provide for a periodic overview of storage and automatic erasure of data no longer necessary.

One of the ways of showing compliance through the privacy by design is ‘pseudonymisation’. Pseudonymization is, according to GDPR, referred to as the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. Such additional information must be kept separately, so that it cannot be connected to identified or identifiable natural person.Pseudonymisation is not anonymisation and should not be mixed with it. Anonymisation is a technique which results in irreversible deidentification, and since it completely disables identification it is not subject of data protection under GDPR. Pseudonymisation only reduces the likability of a dataset with the original identity of a data subject, and is accordingly a useful security measure [3].

Binding corporate rules

Binding corporate rules (‘BCR’) include set of principles, procedures andpersonal data protection policies as well as a binding clause adopted by the company and approved by competent supervisory authority. Adopting binding corporate rules is not a simple process but means being on a safe track. It is one of the safeguards envisaged by the GDPR. BCR should include according to Article 47 of the GDPR, the structure and contact details of company, categories of personal data, the type of processing and its purposes, application of general data protection principles (such as purpose limitation, data minimisation, limited storage periods, data quality, data protection by design and by default, legal basis for processing, processing of special categories of personal data, ..), rights of data subjects, the tasks of data protection officer, complaint procedures, mechanisms for reporting to the competent supervisory authority, appropriate data protection training to personnel, indication that BCR are legally binding. BCR should additionally be accompanied with privacy policies, guidelines for employees, data protection audit plan, examples of the training program, description of the internal complaint system, security policy, certification process to make sure that all new IT applications processing data are compliant with BCR, job description of data protection officers or other persons in charge of data protection in the company.

Make your compliance visible

Well, if your company has performed all of the above, it has to make it visible. Companies, that are covered with the GDPR, not only do they have to comply, they have to show that they comply. GDPR puts an obligation on controllers to demonstrate their compliance.

From the first contact with the controller, the website must give the impression of compliance. BCR, privacy policies,DPO contact details must be visible in order that data subject may address him in case of data risk or breach. EU representative’s name and contact must be put forward in order to be accessible by the supervisory authority in the EU. Contact form for data subjects with options for access, right to object, erasure, rectification, restriction, should be there.Organisational chart of the company, flow of data transfer demonstrated by data flow mapp.These are only some of the most imporant features that have to be followed.

Non-compliance is a very costly adventure. The adventure that businesses will try to avoid. With systematic planning and duly analysing the necessity of compliance with GDPR, and with clearly defined processes, US companies can put many benefits for the business and attract and encourage data subjects in the EU to freely entrust their datato them. This is a thorough process, but worth accomplishing.

[1] Article 29 Working Party Guidelines on consent,p. 17

[2] According to judgment of the Court of Justice of the EU of 19 October 2016,in case C 582/14,

[3] Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques adopted on 10 April 2014 p. 3

Continue Reading
Comments

Science & Technology

Nuclear Technology Helps Develop New Barley Variety in Kuwait

Published

on

The IAEA has provided support to Kuwait in practical training on mutant identification and selection of barley mutant population in the field. (Photo: L. Jankuloski/IAEA)

New home-grown barley varieties developed using irradiation with the support of the IAEA and the Food and Agriculture Organization of the United Nations (FAO) are in the final stages of development and will be ready to be released to farmers for production in coming years.

“Modern plant breeding technologies ensuring sustainability and conservation of scarce natural resources are of paramount importance in achieving national food security and the enhancement of biodiversity,” said Habibah S. Al-Menaie, a senior research scientist in the Desert Agriculture and Ecosystems Program of the Kuwait Institute of Scientific Research (KISR). “Joining the FAO/IAEA coordinated research projects in the area of mutation breeding has led to the development of several barley mutant lines with improved yield and quality under Kuwait’s environmental conditions.”

As arable land is limited to small areas, 95% of the country’s food and animal fodder is imported. Barley is a preferred crop for cultivation, because it is relatively drought tolerant and therefore one of the most suitable crops for an arid country like Kuwait. Having high yielding home grown crops is among the key objectives of the country’s agricultural programme to enhance food security.

“Increased agricultural production in Kuwait is a major challenge due to several constraints such as drought, salinity, limited water sources, limited plant genetic resources, low percentage of arable land and unpredictable climatic events,” said Al-Menaie.

The development of new varieties with improved traits is just the first step towards increasing yields. Optimizing water and nutrient use efficiency helps ensure that the new improved varieties live up to their yield potential and provide agronomic, environmental and economic benefits. “Efficient crop production requires the establishment of appropriate soil, water and crop management practices in the field. In this regard, soil moisture levels are monitored to develop effective strategies for resource efficient crop production. It increases the efficiency of the agricultural production and conserves natural resources,” Al-Menaie said.

This is a major step forward for the country’s small agriculture industry, said Nader Al-Awadi, the Executive Commissioner for International Cooperation at KISR. Drought, salinity and diseases have historically limited staple crop productivity in Kuwait. The lack of crop varieties optimized to local environmental conditions and improper soil, water and nutrient management practices have hindered sustainable and efficient agricultural production so far, he added.

Mutated barley — the next generation

Mutation induction by radiation rapidly increases the genetic diversity necessary to produce new and improved varieties and is thus advantageous over traditional breeding. “There was no crop mutation work until cooperation commenced with the FAO/IAEA Programme and equipment was received for plant propagation and screening purposes,” Al-Menaie said. With the view to develop the new barley varieties, the growth and yield performance of introduced barley varieties and lines from other countries were evaluated under Kuwait’s environmental conditions. The best adaptable varieties were identified, and the seeds were subjected to induced mutation using gamma rays.

New mutant lines have been generated and they are now examined for drought and salinity tolerance. The selected mutant lines will be advanced, which then can be multiplied for planting. “It’s a long process, but we are about to see the life-changing results, which will have a great impact in the agricultural sector of Kuwait very soon,” Al-Menaie said.

Changed attitude: Increasing farmer awareness

One of the major challenges was explaining to farmers the safety of the new mutated barley lines developed. “When they heard that ‘nuclear techniques’ were used to create improved barely seeds, they got scared,” Al-Menaie said, adding that the authorities encouraged land owners and farmers to participate in crop mutation technology workshops. These provided in-depth information and resulted – over time – in a changed attitude amongst farmers, she said.

Eisa Al-Hasawy, the Chairperson of the Kuwait Dairy Company, pioneered farmers’ support to KISR efforts to promote the benefits of the new mutated barley. “We are happy that on our sandy soil, with little or no water, the new barley variety will be produced to benefit our people and hopefully lead to us exporting barley in the future,” he said. “Working at the grass root level with local farmers was vital to overcoming their fears and traditional mindset.”

Training and enhancing expertise

The FAO/IAEA support has been key to the success in developing the new barley variety. Through technical cooperation and coordinated research projects, the training in integrated crop mutation techniques as well equipment provided to the KISR plant and soil laboratories have helped scientists to gain a better understanding of how nuclear techniques such a gamma ray induction for crop mutation can help to have better crops, Al-Menaie said.

For barley to grow and produce seeds, soil moisture is critical, for which the FAO/IAEA Programme’s support to KISR’s soil and water section, through training and equipment, has been an added value, she said.

To assess the moisture levels in soil, and to ensure every drop of water is used, the FAO/IAEA experts provided training on soil water management and soil moisture equipment, including the use of the cosmic ray neutron sensor to assess water availability to the crop. The cosmic ray sensor monitors soil moisture over up to 20 hectares, a much bigger footprint compared to conventional moisture sensors, said Abdullah Salem Alshatti, the principal researcher at the KISR Soil Department.

The moisture in the soil is tracked in real time and the data acquired helps develop effective strategies to optimise supplemental irrigation to have soil moist to a level that benefits crop production, he said. “Data collected from the cosmic ray sensor also helps to develop precise action to conserve moisture in the soil by using dry weeds and tree barks on the top soil to preserve wetness”.

IAEA

Continue Reading

Science & Technology

Toward Closing the Gender Gap in Nuclear Science

Published

on

Philippine students do hands-on experiments to learn about nuclear science. (Photo: M. Gaspar/IAEA)

Authors: Miklos Gaspar and Margot Dubertrand*

Women make up less than a quarter of the workforce in the nuclear sector worldwide, hurting not only diversity within the industry, but also competitiveness, experts have said. Many organizations, including the IAEA, are actively working to increase the share of women in all job categories.

“Although there are many talented and highly-skilled women within the nuclear industry, we are still vastly under-represented. There is still work to do,” said Gwen PerryJones, Executive Director of Operations Development at the Wylfa Newydd nuclear power plant in the United Kingdom. “Diversity in the workplace benefits us all, and I fully support initiatives that encourage women to enter the industry and help them see routes to senior positions.”

Women who have made it to leadership roles are making a significant contribution. Muhayatun Santoso, a senior researcher at Indonesia’s National Nuclear Energy Agency (BATAN), has led ground-breaking research into the use of nuclear techniques to measure air pollution in many of Indonesia’s cities. Her work contributed to Bandung, Indonesia’s third largest city, receiving the ASEAN Environmentally Sustainable Cities Award in 2017.

“Air pollution is a major problem across urban areas in Indonesia, with a surge in industrial activity and traffic increasing the amount of toxic substances in the air,” she said. “I am proud to be able to help my country tackle this major problem.”

Agneta Rising, Director General of the World Nuclear Association, is a leading specialist on nuclear energy and the environment. While she was Vice President for the Environment at Vattenfall AB, Sweden’s state-owned nuclear and hydropower operator, she headed a pan-European department focused on energy, environment, and sustainability. She is also the co-founder and former President of Women in Nuclear (WiN). During her presidency, WiN quadrupled in size.

“Women are essential to the strong development of the global nuclear sector. To be the most competitive, a business needs to have the best people working for it. The nuclear industry should have programmes to attract and recruit women, otherwise they would be missing out on the competitive advantage their talents could bring,” said Rising. “When the workforce better reflects the diversity of society, including the representation of women, it also helps to build society’s trust in nuclear technologies.”

At present, women make up only 22.4% of the workforce in the nuclear sector, according to data from the IAEA.

Women in Nuclear

The goal of WiN, a non-profit organization with 35,000 members in 109 countries, advocates for stronger roles for women in nuclear science and technology and to increase awareness of the importance of gender balance in historically maledominated fields. It also promotes these areas to women making career choices.

“While there is a growing proportion of women in senior technical positions in every branch of nuclear science and technology, women are still under-represented,” said Gabriele Voigt, President of WiN and former manager of nuclear facilities and laboratories in Germany and at the IAEA.

“Part of the problem is that too few young women study science, technology, engineering, and mathematics in secondary and higher education,” she said. “Another issue is the omnipresent glass ceiling and bias — whether conscious or unconscious — that is difficult to confront in the work environment.”

WiN is helping to change that by increasing girls’ exposure to nuclear-related topics from a young age and by building a strong network of women and creating access to role models for the next generation. Some countries, including with the help of the IAEA, are introducing nuclear science to high school students with a particular emphasis on girls.

“Presenting science, and particularly nuclear science, to girls at an early age is the best way to achieve a higher proportion of female scientists in this field,” said Micah Pacheco, regional science supervisor at the Philippines’ Ministry of Education, under whose watch several schools in the Manila area have introduced nuclear science and technology education programmes. “Nuclear is fun — girls should see that!”

The IAEA’s progress on gender parity

As of the end of 2017, the proportion of women in the professional and higher categories at the IAEA reached 29%, compared to 22.5% ten years earlier. Director General Yukiya Amano has stated that he would like to achieve gender parity at the most senior level by 2021.

“The Agency has taken concrete steps to improve the representation of women in the Secretariat through targeted recruitment efforts and awareness-raising activities, and we’ve seen improvement in the representation of women at the Agency,” said Mary Alice Hayward, Deputy Director General and Head of the Department of Management at the IAEA. “But we are conscious of the challenges that remain. Gender equality in the workplace requires more than improving the statistics — it also means making sure the IAEA is a place where women want to work.”

This includes creating a supportive environment, such as flexible working arrangements that enable staff members to combine work and family responsibilities, as well as special outreach campaigns to young women highlighting the benefits of working at the IAEA.

An example of success in reaching gender parity in senior roles at the IAEA was in the Division of Information Technology. While it is historically a male-dominated field, an active campaign and sourcing strategy resulted in targeted outreach to many qualified women candidates.

At the Office of Legal Affairs, the majority of professional staff are women.

“Not only do we have a female Director, two of the three Section Heads are also female, meaning 75% of the senior staff are women,” said Director Peri Lynne Johnson. “Furthermore, we have 11 female lawyers and ten male lawyers, and we try to ensure parity among our interns.”

*Margot Dubertrand, IAEA Office of Public Information and Communication

IAEA

Continue Reading

Science & Technology

We need to build more networks of women in science

MD Staff

Published

on

photo: UN Environment

Why science?

I was born in Dar Es Salaam, Tanzania with family roots in Usangi, near Mount Kilimanjaro. I was lucky. My parents were community organizers in our village, educated in finance and economics during pre-independent Tanzania. They were not scientists, but they had a clear vision for all their six children—that we would all study science. So it was a bit of a nudge followed by encouragement. They were firm believers that we needed a strong grounding in science so we could analyze the world and do anything we wanted to. They believed science provided strong analytical foundation and flexibility to pursue either science or non-science careers later in life. I am grateful for my parents’ vision of science for their girls and boys.

We were an unusual family compared to the norm in East Africa at that time. Some of my brothers are now doctors, engineers, accountants, and I have a sister who audits information technology systems for a living. A lot of people commented that it wasn’t the “right profession for women” but I was drawn to science because I was curious. And no matter what else I do in life now, I find I have that tendency to prod people and ideas a bit more than is typical.

How hard was it to grow up in East Africa with an interest in science?

In the ‘70s and ‘80s when I was growing up, there were a lot of good missionary schools which had a strong grounding in science. But it was not common for a girl to take physics, chemistry and biology. I had a wonderful headmistress and mentor, Mama Kamm, who believed that girls should do science, and cooking, and needlework! I then obtained a degree in immunology and biochemistry. But it became clear to me how male-dominated this field really was when I went to science competitions or events, and found myself one of the very few women participating. It seemed daunting at the time, but it helped me build the resilience I would later need to work in other male-dominated environments. That, and growing up with four brothers and a family that allowed me to compete with them.

What obstacles did you face when you left Tanzania?

I went to Glasgow, Scotland to pursue a science degree and found that if there were few women studying science at university, even fewer were from Africa. So there, I became a young African woman scientist. It was isolating, and I really had no one to look up to as a role model. This was one of the hardest parts of pursuing science. When I moved to Canada to study microbiology and immunology, it was clear that I had to work much harder than my male colleagues because expectations were so much lower for me as an African woman. I also learned that I needed to develop my own support networks for my science ambition. Because I was abroad, I had to be open to networking with non-Tanzanians: my interest in science became the glue of some of the relationships I developed then.

What perceptions need to change so more girls and women choose science as a career?

Family perception is everything. I was lucky, but not many are. Second, is the perception of your peer group. A lot of who you become in life is influenced by the people around you in your formative years. Third, societal pressure is a big hindrance. How are you perceived by your neighbours, or your friends or teachers? I think that as a girl in science you have to find a way to persevere despite those three levels of pressure. It is important to find how to build networks of women like yourself, and call on them for support and reassurance. Many of my classmates in the girls boarding school where I grew up run important scientific institutions in Tanzania, and even now, no matter where I am in the world, I reach out to this group of friends for support. Our headmistress Mama Kamm transformed the science and girls agenda in Tanzania—we still look up to her for inspiration and admiration. We have our own cohort of women who studied science. But you also have to remember that your network has to include men, because as women, we can learn from them and also count on them as our champions to change some of the misconceptions about girls and science. For example, in my case, I observed early on that my male peers tended to question authority and decisions much more than I did. When I first left Tanzania to study science, it never occurred to me to ask why my paper hadn’t been published, but a man will never shy away from asking that question. I decided to learn from these colleagues and adjusted my professional behavior accordingly.

How can more girls and women choose science as a career?

You have to address self-doubt because expectations from women are often very different and lower than from our male peers. We need to have many more role models. When I was growing up, there were not many women I could look up to and think “I want to be like her.” But technology has made finding these role models so much easier today. We need to use our personal stories to inspire girls. Science provided me with the fundamental DNA to do anything in my life. So while I started my career as a researcher, I later branched out to public health and policy, and today, to environment. It was my scientific foundation that made this possible. This is what I really enjoy about my new role at UN Environment: we inform the global environmental agenda through work that is grounded in science. And so the curiosity continues.

What opportunities do environmental science offer?

Environmental science is a rapidly expanding field, and as our awareness of environmental issues grows, there are more career options within environmental science for girls and women. You can pursue a degree in public health and decide to focus on environmental pollution, for example. So there are many more opportunities and options. For women, life is never clear cut and dry, no matter how much we try—we are far more nuanced in our approach to just about anything, including science. This is why I feel environmental science can only become stronger if we have more women in research, because we often bring the human angle into the science. For us to make a difference in this field, we have to start with and think of people and humanity—the social aspects of environment are equally important. These are exciting opportunities for girls and women!

UN Environment

Continue Reading

Latest

Trending

Copyright © 2019 Modern Diplomacy