Data Discovery and Data Mapping: Building Your Inventory to Ensure GDPR Compliance

If you’ve made it this far in our blog series on the European Union General Data Protection Regulation (GDPR), we hope that you’re starting to understand the gravity of what’s expected. If you’re part of an organization that handles or processes any EU citizen’s information, your responsibilities now carry the weight of fines up to four percent of your annual revenue. Even if you think that your organization is only responsible for protecting home-grown data such as intellectual property, financial data, and HR data, remember that your websites may already be tracking behavior of EU citizens!

Read full article here >>

Privacy and Security by Design: The New Default under GDPR

Much more than a best practice, the practice of Privacy and Security by Design and by default is now also a legal requirement for many organizations. While the EU General Data Protection Regulation (GDPR) is the first to delineate Privacy by Design as a legal obligation, it’s certainly not a new concept in data protection. The GDPR requires not only privacy and security by design, but also by default. So this means that what was formerly considered to be a best practice will now be a mandate – and one that will need to be operationally demonstrable.

Read full article here >>

GDPR and the Right to Access: Evaluating the Risk Factor

Every organization carries some level of risk in its operational activities. In the Digital Era, information gathering, handling, and access presents significant challenges to companies – especially when it comes to data protection and data availability.

Almost every company, whether in the private or public sector, collects customer or personal data. This information can be stored in various repositories such as databases, file shares, email, collaboration systems like SharePoint, and even the cloud. As information flows from one system to another, organizations face some big questions:

  • How can you keep track of what data is where?
  • What’s the minimum level of risk required to place protection controls over personal data?

Read full article here >>

A Risk-Based Approach to GDPR Compliance

avepoint news


The European Union (EU) General Data Protection Regulation (GDPR) is paving the way for a new era in data privacy for the EU and global commerce. Due to be in full force by May 2018, organizations have less than two years to become compliant. With fines up to four percent of annual revenue for a data breach, waiting is not an option – now is the time to rethink your privacy, security and data governance strategy.

Find out how to reform your data management for GDPR compliance with our free response guide!

  • Understand the key components of the GDPR
  • Learn the impact of the GDPR on your data
  • How to identify, inventory, and map your data
  • How to proactively minimize your risk

Access GDPR Response Guide here:


“Understand the UK Government Security Classification and Use it to Your Advantage in the Cloud”

In October 2013, the UK government published the Government Security Classification (GSC) outline to ensure that all public sector organizations collect information appropriately. An important part of this outline is classifying information that is collected according to level of sensitivity. Under the GSC, there are three levels of classification:












Read full article here >>

For Data Protection Purposes, We are All European Citizens


I recently had the opportunity to author an article for CMSWire about how the European Union (EU) General Data Protection Regulation (GDPR) will have effects that reach beyond just the EU.

In addition to EU-based organizations, companies with a significant European presence will also be subject to the new requirements (e.g., greater fines for data breaches, privacy impact assessments)

Although organizations may have about two years to come into compliance, it’s time to rethink privacy and security strategy now– especially as it relates to IT.

Read full article here >>

AvePoint Partners with the Centre for Information Policy Leadership to Benchmark Global Readiness for the EU GDPR

The European Union General Data Protection Regulation (GDPR) is approved and will significantly alter the EU data protection landscape. Are you ready for it? We want to know!

What Does the GDPR Mean for Your Organization?

Along with enhanced rights for individuals, stricter data processing conditions, and new data security breach notification obligations, the GDPR will require significant changes to organizations’ privacy programs in order to ensure compliance. In addition, the GDPR will impose possible fines of up to four percent of annual worldwide revenue, and grant European privacy regulators enhanced enforcement powers.

Read full article here >>

Risky Business: A Risk-Based Approach to Your Data


I recently had the opportunity to author an article for CMSWire about taking an analytical approach to assessing risk.

With the new European Union General Data Protection Regulation (GDPR), companies with a significant European presence are required to take a risk-based approach to data protection. This means assessing how and why your employees currently work with sensitive data in your IT system on a daily basis and understanding where to limit risk.

Read full article here >>

“Protect Your Sensitive Information with a Unified Approach”
by Dana Simberkoff, Chief Compliance & Risk Officer, AvePoint

Security isn’t a standalone concept — it also involves mitigating risk at some cost. And in the absence of metrics, people tend to focus on familiar or recent risks. Which means we end up acting reactively rather than proactively.

Rather than waiting for risk to arise, understand how data, people and location (both system location and geographic location) create patterns — both good and bad — across your organization. The center — or pivot point — of that strategy should be around the data that you hold. Read full article here >>

“The big picture of protecting and securing Big Data”
by Marie Penot – Compliance Solution Specialist, AvePoint

Today almost every company is dealing with big data in one way or another – including customer data, tracking data, and behavioral marketing information – connecting every aspect of our lives. Although it can be considered trendy and useful, some of the latest “innovations” cross the line from creative to creepy. Read full article here >>

“AvePoint promises to protect file shares”
by David Roe, Contributing Author CMSWire

AvePoint has beefed up its portfolio with a product that aims to secure and protect sensitive data. The new AvePoint File Analysis Services discovers, maps and classifies unstructured data, especially in file shares, to help organizations identify what data can be retained and what data needs to be archived. Read full article here >>

“An Automated Strategy for Governance, Risk and Compliance and Data Loss Prevention”
by Dana Simberkoff, Chief Compliance & Risk Officer, AvePoint

In today’s marketplace, almost every employee is now a content contributor. This influx of new content, however, brings about new risks: Legal systems and government regulators worldwide are clamping down and demanding greater compliance, particularly on IT systems, making it essential that organizations quickly implement risk management protocols. Read full white paper here >>

“The Challenges of Data Classification”
by Dana Simberkoff, Chief Compliance & Risk Officer, AvePoint

I recently had the opportunity to write an article for Help Net Security about the importance of establishing a data classification policy.

Enterprise collaboration systems, social media, mobile devices, and the cloud are great for innovation. However, they can quickly become a compliance headache for companies without proper policies and enforcement systems in place. Read full article here >>

“Metadata is a Love Note to the Future”
by Dana Simberkoff, Chief Compliance & Risk Officer, AvePoint

I recently had the opportunity to author an article for CMSWire highlighting how data classification and compliance are transforming IT and collaboration as we know it.

Throughout information gateways such as websites, file shares, and collaboration systems both in the cloud and on premises, data is now free-flowing within and outside an organization’s walls. Due to this change in landscape, organizations must consider how they are implementing their governance, risk and compliance strategies to ensure that their information remains secure. Read full article here >>

“Why Information Governance Matters for Data Protection”
by Arthur Lynn, Product Manager at AvePoint

I recently authored an article for CMSWire discussing the importance of information governance as it relates to data protection.

Regardless of its size, every business must have a suitable solution for data protection. They must protect their information to lessen risk of loss or corruption, but doing this comes with some questions: How long does a document need to be retained? Where should it be stored? Who should or should not have access to it? Read full article here >>


A visit to the Nordic IT Security 2015 venue

A snapshot of Nordic IT Security 2014