Search Results

GDPR COMPLIANCE IN LIGHT OF HEAVIER SANCTIONS TO COME—AT LEAST IN THEORY ​ Ridiculously low ceilings on administrative fines hindered the effectiveness of EU data protection law for over twenty years. US tech giants may have seen these fines as a cost of doing business. Now, over two years after the commencement of the European Union’s widely heralded General Data Protection Regulation (GDPR), the anticipated billion-euro sanctions of EU Data Protection Authorities, or ‘DPAs’, which were to have changed the paradigm, have yet to be issued. Newspaper tribunes and Twitter posts by activists, policymakers and consumers evidence a sense of unfulfilled expectations. DPA action has not supported the theoretical basis for GDPR sanctions—that of deterrence. However, the experience to date and reactions to it inspire recommendations for DPAs and companies alike. ​ In our working paper, EU General Data Protection Regulation Sanctions in Theory and in Practice , forthcoming in Volume 37 of the Santa Clara High Technology Law Journal later in 2020, we explore the theoretical bases for GDPR sanctions and test the reality of DPA action against those bases. We use an analysis of the various functions of sanctions (confiscation, retribution, incapacitation, etc.) to determine that their main objective in the GDPR context is to act as a deterrent, inciting compliance. To achieve deterrence, sanctions must be severe enough to dissuade. This has not been the case under the GDPR as shown through an examination of the actual amount of the sanctions, which is paradoxical, given the substantial increase in the potential maximum fines under the GDPR. Sanctions prior to the GDPR, with certain exceptions, were generally capped at amounts under €1 million (e.g. £500,000 in the UK, €100,000 in Ireland, €300,000 in Germany and €105,000 in Sweden). Since the GDPR has applied, sanctions have ranged from €28 for Google Ireland Limited in Hungary to €50 million for Google Inc in France, far below the potential maximum fine of 4% of turnover, or approximately €5.74 billion for Google Inc. based on 2019 turnover. While the highest sanctions under the GDPR have been substantially greater than those assessed under the prior legislation, they have been far from the maximum fines allowed under the GDPR. ​ Nonetheless, this failure of DPAs, especially the Irish DPA responsible for overseeing most of the US Tech Giants, has not gone unnoticed, as shown by EU institutional reports on the GDPR’s first two years. Indeed, increased funding of DPAs and greater use of cooperation and consistency mechanisms are called for, highlighting the DPAs’ current lack of means. Here, we underscore the fact that, in the area of data protection, there has been perhaps too much reliance on national regulators whereas in other fields (banking regulation, credit rating agencies, etc.), the European Union has tended to move toward centralization of enforcement. Despite these short-fallings, the GDPR’s beefing-up of the enforcement toolbox has allowed for actions by non-profit organizations mandated by individuals (such as La Quadrature du Net that took action against tech giants after the GDPR came into force), making it easier for individuals to bring legal proceedings against violators in the future, and an EU Directive on representative actions for the protection of consumer collective interests is in the legislative pipeline. ​ On the side of businesses, there has been a lack of understanding of certain key provisions of the GDPR and, as compliance theorists tell us, certain firms may be overly conservative and tend to over-comply out of too great a fear of sanction. This seems to be the case with the GDPR’s provisions regarding data breach notifications, where unnecessary notifications have overtaxed DPAs. The one-stop-shop mechanism, which is admittedly complex, also created misunderstanding. This mechanism allows the DPA of the main establishment in the European Union of a non-EU company to become the lead supervisory authority in procedures involving that company, which potentially could lead to companies’ forum-shopping on this basis. However, there is also a requirement that the main establishment has decision-making power with respect to the data processing to which the procedure relates. Failure to consider the latter requirement could result in companies selecting main establishments in countries where there is not such decision-making power, and thereby halt attempts at forum-shopping for a lead supervisory authority for certain processing. One example of this culminated in the French DPA (CNIL)’s largest fine so far, imposed on Google, whereas the latter argued that the Irish DPA was its lead supervisory authority. ​ As we explain in our paper, a lack of GDPR enforcement carries risks. Not only does it undercut the deterrent effect of the GDPR, but it also provides a tenuous basis for risk assessment by companies. While the GDPR’s first two years involved a sort of grace period when DPAs focused on educating companies and spent time painfully investigating complaints to litigation-proof their cases, some companies model their risk assessment of regulation based on enforcement histories. If there is a push for greater enforcement, which EU institutional reports would tend to foreshadow, the basis for companies’ models will be inaccurate. Furthermore, such dependence on risk evaluation ignores potential benefits to firms of increased trust and efficiency involved with expanding compliance to adopt a higher data protection compliance standard applied to customers worldwide. ​ Thus, we argue, not only should DPAs sanction offenders, but DPAs should sanction them severely when justified, establishing the necessary deterrence effect for EU data protection law. Moreover, DPA’s communication should in many cases be modified to stop downplaying sanctions: such communication is counterproductive to the desired effect of sanctions. Companies, on the other hand, should take efforts to fully understand the GDPR, and embrace compliance, leaving behind data protection forum-shopping as a potentially ineffective action. Furthermore, the typical securities lawyer warning that, ‘past performance is no guarantee of future results’, may be a forewarning to companies using past sanctions to create their compliance risk-assessment models that the results may not be accurate for the future. ​ W. Gregory Voss is an Associate Professor in the Human Resources Management & Business Law Department at TBS Business School ​ Hugues Bouthinon-Dumas is an Associate Professor in the Public and Private Policy Department at ESSEC Business School. ​ by Hugues Bouthinon-Dumas , 04.12.20 ​ Source : Knowledge Lab Essec

How secure access services edge security will transform networks During a media event at Netskope’s SASE Week , Steve Riley, the discussion moderator and field chief technology officer for Netskope , asked, “What’s the driving force for SASE? Why now? What’s changed?” The short take is that we are in the midst of a digital transformation, with a stronger reliance on mobile and cloud computing than ever before, according to various attendees, and we need to implement secure access services edge (SASE) now to properly address data security and networking issues that are quickly approaching. ​ Jason Clark, chief strategy officer at Netskope, said that business has been moving to a cloud-based framework and that cloud adoption has been accelerated by the pandemic. “Data is now sitting on a CPU that you don’t own or control because it’s on the cloud, and it’s being transmitted on a network — or the internet — that you don’t own, and the users are off the network. The security teams are being stretched by this,” he said. Clark stresses that moving to SASE means “a repositioning of security to consolidate to one new security inspection point. It’s a smart reset.” ​ When Ed Amoroso, founder, and CEO of cybersecurity consultancy TAG Cyber , was asked why he was advocating for a move to SASE, he used an easy-to-visualize model. “Hub and spoke networks consolidated and brought everything to the datacenter. Now data is scattered among apps, cloud, and different work clouds so the hub and spoke doesn’t make any sense anymore,” he said. “By conceptualizing what you need in your mind, you start putting together SASE. We’re at a time when people need different networks that can be controlled from the cloud. Anyone listening can self-generate that SASE is required just by thinking about how we use networks today.” ​ Meeting network engineers’ needs ​ After, Riley poised two thought-provoking questions — “If everything is on the cloud, is there a network to manage?” and “If there is no datacenter, are there now many centers of data?” — George Gerchow, chief security officer at Sumo Logic , led a discussion on the importance of focusing on data security and encryption. Gerchow stressed repeatedly the need for collaboration with control, saying, “You have to have availability, but that availability has to have seamless security. Availability matters because people have to use their services, but if you don’t have security to go with it, good luck, because it can be over in an instant.” ​ Clark suggested that there are two avenues in building a SASE framework: “If it’s security-led, then it’s about the data. Sometimes it’s network-led, and for networking, [then] it’s about access.” ​ Supporting the idea of a network-led framework, Amoroso said, “Many things that have nothing to do with security are an important part of the architecture.” He pointed out that he has a stack of laptops that he still uses for each company with whom he consults because that’s the only way to access his corporate clients’ perimeter. The reality is that network engineers are probably busier than they’ve ever been, and SASE can bring about needed improvements to network access. ​ Zero trust is adaptive trust ​ Introducing the topic of zero trust elicited some laughter from panelists. They all proceeded to comment on the buzzword aspect of the phrase, despite much misunderstanding about what it really is. Clark summarized by saying, “It’s a framework that needs to be embedded in how we operate. It’s not binary. Trust is not on or off. Zero trust has a zero to five scale in my mind.” ​ Riley added, “Zero is the starting point, but ultimately you’ll have to extend some level of trust in order for some level of interactivity to occur.” He followed that up by suggesting that the term “adaptive trust” would be more accurate, which was met with panel agreement. ​ ​ Clark described a zero-trust relationship as allowing its users to “give the least amount of access as possible, as much as possible, so that bad things can’t happen.” Gerchow added that zero trust is a fabric of many things, and that it entails working closely with vendors and partners to stop anything that isn’t supposed to happen. ​ The great SASE migration ​ Overall, the panel seemed to largely focus on a key question, “How do we convince the C-Suite?” Panelists agreed that SASE is the future of data security and secure access, but disagreed on how long it will take for a cloud adoption tipping point moment. ​ Clark brought up the importance of the shared responsibility model, where you can control what user has access to, as well as what data is included. He said that a company should have its own standard for considering third-party risk before granting any outside agency access to its cloud-based framework. ​ It was Amoroso who summarized the task of transitioning to SASE best. “It’s like if you have a new house, and you move your messy garage one piece at a time into the new garage, but you want to keep it organized as you go,” he explained. “The data that needs to move to the cloud is scattered. There are companies dealing with lost data. I think it’ll all eventually get to the cloud, but moving it is complicated.” ​ by Corinna Makris , 06.11.21 ​ Source: www.venturebeat.com

DOING GOOD WHILE DOING WELL: THE CASE OF BUSINESS IT INITIATIVES ​ How can organizations do good (help the environment) while doing well (boosting economic growth)? While both worthy goals, they can be at odds with each other, creating a dilemma for organizations who wish to both contribute to environmental sustainability while maintaining economic growth. ​ All that glitters is not green ​ Information technology (IT) is a major driver of economic and social development, but such advancement comes at a high environmental cost. Organizations’ reliance on IT has led to increased computing power and the development of large data centers that provide analytics and cloud computing services. These result in increased energy consumption, higher carbon emissions, and more electronic waste. This has led to the development of green IT initiatives to address the environmental consequences, meaning IT products and services that reduce the negative impact and improve sustainability. The existing research supports the idea that launching green IT efforts can improve sustainability outcomes, for example by managing energy consumption. Other examples of green IT initiatives include powering data centers with renewable energy sources, reducing waste from out-of-date computing equipment, and encouraging telecommuting/remote administration for reduced transportation-related emissions. There are a number of ways to go about a green IT initiative, but they all require a concerted effort from staff and involving IT processes and IT products. ​ This is likely to be a significant technological trend with wide-reaching social implications. However, all that glitters is not green, and implementing green IT measures comes with complications such as disruption to existing systems, unpredictable returns and market demand, cost, and how stakeholders will react. This leads to the dilemma between doing good while doing well: while companies may wish to do good by implementing green IT initiatives, they may have legitimate concerns about how this will affect their bottom line (doing well). Indeed, much of the research has focused on the sustainability implications and less on the economic ones. This dilemma led the researchers to examine the drivers that impact an organization’s motivation to adopt green IT initiatives and their link to this reconciliation between sustainability and profit. ​ What drives this process? ​ To explore this question, the researchers conducted a qualitative study on eight organizations in China and Singapore, as it is crucial to explore how green IT implementation plays out in the real world as opposed to an experimental setting. The companies operated in telecommunications and IT-related industries. All eight were large companies with over 3000 employees, and all eight were pioneers of green technology. The research team used a multi-prong data collection approach, conducting interviews and clarifying information via emails and phone calls, field observations, and archival data. ​ They looked at both internal and external drivers, separating them into three categories: competitiveness, legitimation, and ecological responsibility. Internal drivers, or organizational drivers, include factors like stakeholders’ attitudes, economic considerations, and technology skills. External drivers include factors like policy and industry pressures, like regulations on waste disposal and energy consumption. Breaking it down further, competitiveness is the link between ecological actions and long-term profitability; legitimation is the organization’s drive to align its actions within a certain set of norms or regulations; and ecological responsibility refers to an organization’s thoughts about its duty to society and its values. ​ Looking at the results, the researchers found that green IT practices were seen as essential strategic considerations for these companies. They also found that organizations did not always manage to reconcile the gap between sustainability and profit through meeting the objectives of competitiveness, legitimation, and ecological responsibility. For companies that noted a significant amount of government pressure, an external driver, only a middling level of reconciliation was achieved. Organizations tended to have one main driver, like government pressure for Chinese companies and corporate social responsibility for the Singaporean companies, but were also motivated by the other drivers. Overall, the organizations tended to be most motivated by cost reduction, market drivers, government pressure, and corporate social responsibility. ​ For reconciliation of sustainability and profit, the researchers found that the time frame matters: while IT initiatives tend to require a short-term investment, they will bring long-term benefits that surpass the initial investment. The strategy deployed also plays a role: one company invested in hybrid cloud computing, which set them apart from the competition, which will ultimately improve profits. Having a green image is also a competitive advantage, as it can boost customer satisfaction. Additionally, the dilemma becomes less of an issue in cases where companies experience external pressure, like from the government or external stakeholders. If going green is essential for market success, the financial investments become less of a consideration and more of a requirement. This shows that the dilemma can play out in different ways, and it is important to consider how both internal and external factors will impact the implementation of a green IT strategy. ​ Takeaways ​ IT services are ubiquitous in business and management, meaning that organizations and managers need to prioritize the implementation of green IT. Organizations may have different motivations for doing so, motivations that may fall into the categories of competitiveness (economic pressure), legitimation (shifting norms) or ecological responsibility (doing the right thing). These categories can include both external and internal factors. ​ In practice, this highlights two main ways to motivate companies to implement green IT practices: ​ A combination of pressure from the government and corporate social responsibility obligations Aligning green IT measures with the goal of improving profits by satisfying market demand and reducing operating costs ​ The researchers note that the latter is more sustainable, but that the former may be able to stimulate progress by implementing incentives (tax breaks) or punishments (high energy costs). ​ The climate crisis is increasingly urgent, and helping the environment requires an “all-hands on deck” approach. With soaring IT needs and their accompanying environmental consequences, green IT processes are likely to be a trend that won’t go away any time soon. With this research, we gain a better understanding of what motivates organizations to take on green IT initiatives and how they can reconcile “doing good” with “doing well”, enriching our understanding of the drivers of business IT initiatives, an understanding that can help organizations seeking to take such initiatives themselves. ​ Further reading ​ Yang, X., Li, Y., & Kang, L. (2020). Reconciling “doing good” and “doing well” in organizations’ green IT initiatives: A multi-case analysis. International Journal of Information Management, 51, 102052. ​ by Yan Li , 17.05.21 ​ Source : Knowledge Lab Essec

The role of venture capital securities in entrepreneurship For entrepreneurs to flourish, they need funding: venture capital is financial capital provided to early-stage, high-potential, high-risk, growing entrepreneurial companies. Venture capital is particularly attractive for new companies with a limited operating history that are too small to raise capital in the public markets, and have not reached the point where they are able to secure a bank loan or complete a debt offering. In exchange for the high risk that venture capitalists (VCs) shoulder by investing in smaller and less mature companies, venture capitalists usually get a significant portion of the company's ownership (and consequently their value). ​ Once a VC decides to invest in a venture, the involved parties need to settle on a deal structure. When negotiating the deal structure, parties need to keep a few considerations in mind: ​ The deal structure needs to protect the VC against losses and should encourage entrepreneurs to work hard to make the venture a success. Most VC investments are illiquid, which means that unlike shares of listed companies, they cannot be sold very easily. Finally, most investments are characterized by asymmetric information. In general, the entrepreneur knows more about the venture than the investor. ​ VCs typically use convertible preferred equity to finance ventures. As the name suggests there are two important features of these securities: conversion and preferred. Investors of convertible preferred equity have the option of either holding a debt-like claim -preferred equity or converting into common equity. Converting into common equity implies sharing ownership in the venture with the entrepreneur. Preferred terms make it similar to a loan (debt), gives holders a right to interest payment (dividends) and additionally gives preference in payments over common equity. In other words, the preferred feature ensures that preferred investors are paid before common equity holders. In a typical deal, VCs would hold preferred equity and the entrepreneur common equity, thus the VC can get paid before the entrepreneur if the venture does not do well. However, if the venture succeeds and its value increases, the VC would convert the preferred equity into common equity and share the fruits of this success with the entrepreneur. ​ AAnother feature of VC investments is that they are done in stages. VCs would never provide all the capital upfront to a venture; instead, they would only provide sufficient capital to reach the next milestone. Once the capital has been used up, the entrepreneur has to raise another round of financing to reach the next milestone. The advantage of staging is that VCs can stop financing if the venture is not doing well. It can also be advantageous for the entrepreneur, as the terms can be made more favorable to them if their venture is successful. Staging also helps reconcile the aforementioned asymmetric information levels between entrepreneurs and VCs, since future investments are only made based on past outcomes. ​ Finally, in addition to providing capital, VCs also monitor and guide the venture. The structure of most deals is designed to ensure the monitoring role of VCs. While VCs do not hold the majority of shares, they would have the right to nominate members to the board of directors. These rights help the VC monitor progress and guide the venture and gives them the power to replace managers if operations are not going smoothly. ​ Having discussed the general features of VC investments, we will now explore details of some specific securities used in VC contracting. It must be noted that convertible preferred securities come in various flavors. Dr. Arcot analyzes one such security called participating convertible preferred security (PCP), used widely in venture capital contracts (Arcot, 2014). Participating convertible preferred stock gives its holders the right to be paid first (before common shareholders generally held by the entrepreneurs) and at the same time, allows them to participate in excess earnings (i.e., the cash flow after all debt and preferred claims have been satisfied) along with the common stockholder. PCP holders thus concurrently hold both a debt-like claim (preferred equity) as well as an equity claim (participation rights). However, PCP holders lose their preferred rights if they convert this PCP stock into common stock. His research explores why venture capitalists are willing to convert their PCP stock into common equity and give up their preferred rights. ​ He proposes a signaling model for PCP stock based on its role in venture capital exits. The two major forms of exits observed in venture capital are the initial public offerings (IPOs) and the trade sale. IPOs are exits where shares of the venture are sold to investors and then listed on the stock market and trade sale is a transaction in which a venture is sold to another company. Typically, a PCP stake is converted into common equity during an IPO exit, but is not converted in a trade sale exit. The model shows that VCs can signal the quality of their venture in an IPO by converting their PCP stake into common equity and giving up some of their cash flow rights. By giving up something during an IPO, VCs are signaling to investors that the venture is of a high quality. Signaling is of particular importance in an IPO, because in an IPO shares are sold to new investors who do not have access to documents to analyze the venture’s performance. Investors in an IPO typically have to rely on a bank to perform the due diligence and hence are thus relatively uninformed about the venture. In contrast, potential trade buyers are given access to documents, which they can analyze to reach conclusions about the venture’s quality. Since trade buyers typically come from the same industry as the venture, they are likely to have industry knowledge and are better equipped to interpret the information provided. ​ When exit is through an IPO, the entrepreneur retains control of the firm. Thus, when the firm value is high, an IPO exit rewards the entrepreneur and should be the preferred exit route. However, the VC may be reluctant to take that route, given that investors in an IPO are less informed and the VC may not get the full value for his stake. When the firm value is high, the VCs may prefer to target investors who are more informed and get a higher value for their stake. In other words, exit through a trade sale. However, the interests of VCs and entrepreneurs are more easily aligned when the VCs convert their PCP stakes into common shares and exit through an IPO. ​ Venture capitalists investing in start-ups use sophisticated financial instruments to structure their investments. This article provides a rationale for the use of one such instrument, PCP stock, based on the venture capitalist’s exit strategy. In doing so, it makes a connection between the exit route and entrepreneurial effort. This highlights factors that have direct implications for the incentives of venture capitalists to invest in ventures and entrepreneurs to exert effort to make them a success. ​ by Sridhar Arcot , 04.01.22 ​ Source: Knowledge Lab

SUSTAINABLE DEVELOPMENT THANKS TO THE DATA FOOTPRINT ​ Since the start of the COVID-19 pandemic, companies have had to accelerate their digital transformation. This implies increased investments, so substantial that they require C-level support. The stakes are high for organizations. From accelerating sales to optimizing operational processes, digital impacts the value chain in every aspect. If the digital revolution generates an inevitable modernization of companies and a hope of value generation, it also provokes a major challenge for organizations: Data. ​ Data from transactions, customers, products, etc. invades the daily operations of organizations, constituting a potentially valuable asset, but above all an important challenge in terms of governance and management. Organizations must increase the understanding of these data as part of their transformation. ​ In the very short term and in an uncertain time, data becomes more crucial than ever to identify the levers of performance of companies. Optimizing costs, increasing business revenues, and driving process efficiency are all initiatives based on the availability of relevant data. As the decision cycles accelerate, many decision-makers will no longer be able to drive their businesses with approximate and often inaccurate data. Having good data - and just in time - has become a pressing necessity. But this prospect seems attainable only if the data heritage is better mastered. This is precisely the purpose of the "Data Footprint" method designed by Kearney and Essec. Evaluating the data footprint now constitutes an essential approach to secure investments and increase control over data assets. ​ The Data Footprint approach introduces a virtuous practice that aims to understand the data heritage, risks, challenges and limits linked to data within organizations. The Data Footprint is an evaluation process based on a 360° analysis of the data required as part of a company initiative steered by the entity in charge of Data Governance. ​ The aim of the Data Footprint is to assess the data assets to establish a risk assessment score. Based on multiple dimensions of analysis such as data quality or security, our method allows a quantified assessment of the data heritage in an organization. Today, the data heritage is still poorly controlled and exploited in many companies. What is the quality level of critical data sets in the organization (e.g customers/suppliers’ data)? What is the level of risk associated? What is the degree of control and ownership of data in the organization? These questions are often asked by decision makers without concrete answers based on a structured assessment. The complexity of information systems combined with the lack of governance make the data equation often complex and costly. ​ The Data Footprint allows companies to get a tangible data assessment across multiple dimensions in order to establish a risk score. The purpose of such a measure is to be able to accurately assess areas of weakness and to monitor data heritage improvements. The approach also allows internal and external benchmarks based on a standardized analysis grid. The strategy for implementing a Data Footprint should be progressive while focusing on the critical data sets in the context of companies’ major programs, projects or business transformation initiatives. The approach should involve several collaborators, at least representatives of business lines and IT, who jointly use a score sheet based on the following five dimensions:accessibility and availability,quality, ownership,risks, and identification of the future users. The overall score calculated on these five dimensions can range between 0 and 15, the lower the score the higher the risk related to the enterprise initiative. Consider as an example a company specializing in the distribution of electronic equipment to the general public through its distribution network of more than 2,000 stores. As part of its data strategy, the company decides to launch a priority project that deploys a “Customer-centric” approach in order to increase customer value. The objective is to capture a better understanding of customer preferences in order to meet their expectations. The company anticipates a significant potential risk linked to data (availability, quality, etc.) and decides to launch a Data footprint approach. The total Data risk score for this company was less than 5 in the evaluation exercise. On the recommendation of the Chief Data Officer in agreement with the rest of the team, the decision to launch the project is postponed pending the implementation of a specific data related action plan. This approach allowed the company to apprehend a major risk related to data on this project. Indeed, a rapid launch of this project without prior assessment would have potentially led to failure with economic consequences (losses estimated at a few hundred thousand euros). The approach also made it possible to initiate collaborative work around the data over the entire duration of this assessment (one month), and thus avoiding internal misunderstandings about the responsibilities of the various stakeholders (Business lines, IT teams, etc.). Finally, a clear action plan could be drawn justifying the investment of technical and human resources to upgrade the information system. ​ by Jeroen Rombouts , 19.10.20 ​ Source : Knowledge Lab Essec

Cookie Policy This is the Cookie Policy for Feyz International, accessible from www.feyzinternational.com . ​ What Are Cookies As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or 'break' certain elements of the sites functionality. ​ How We Use Cookies We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use. ​ Disabling Cookies You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies. ​ The Cookies We Set Account related cookies If you create an account with us then we will use cookies for the management of the signup process and general administration. These cookies will usually be deleted when you log out however in some cases they may remain afterwards to remember your site preferences when logged out. Login related cookies We use cookies when you are logged in so that we can remember this fact. This prevents you from having to log in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in. Forms related cookies When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence. Site preferences cookies In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences. ​ Third Party Cookies In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site. This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page. Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the site for you. The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you. For more information on Google AdSense see the official Google AdSense privacy FAQ. We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; LinkedIn, Instagram, Facebook, Twitter, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies. ​ More Information Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. ​ If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to it, you may send an email to : data-protection@feyzinternational.com ​ This document was last updated on March 31, 2022

HOW TO BUILD A PROACTIVE WORKFORCE: TRAINING PROBLEM SOLVERS OR STRATEGIC CHANGE AGENTS? Employees who take a proactive approach at work – who speak up with suggestions, try to bring about improvements, and take initiative – generally perform better, are more satisfied with their job, and progress more quickly in their career. For organizations, a proactive workforce which anticipates changes and is willing to contribute to innovation is seen as a competitive advantage. So how can organizations encourage employees to be more proactive? ​ Previous research has highlighted two potential avenues for organizations wishing to increase the proactivity of their workforce: hiring new human resources with particular personalities and skills sets, or changing the work context, for example by enriching existing employees’ work. However, these strategies often encounter two issues that may block their implementation: the lack of opportunity to hire due to difficult economic or budgetary contexts, and the lack in means and resources to enrich job roles. It therefore falls to training and development to offer a feasible approach to promoting employee proactivity. Indeed, in the United States alone, organizations spent over $165 billion on employee training and development in 2013. But how should training approaches aimed at encouraging proactivity in the workforce be designed? And which training approaches are most effective for employees with different needs and priorities? ​ Karoline Strauss, together with Sharon K. Parker of the University of Western Australia, decided to carry out research to address these questions. “It was clear to us that the training approach an organization should take would depend on the type of proactivity it is looking for in its employees”, says Prof. Strauss. The researchers suspected that a different training approach would be needed to encourage employees to become proactive in solving problems they encountered in their day-to-day work, or to encourage them to involve themselves in strategic change and become proactive in shaping the future of the organization. The researchers developed two distinct training interventions focused on encouraging these two types of proactivity. ​ The researchers then recruited 112 volunteers from a police force in the North of England. The volunteers were randomly allocated to one of the two training approaches, or to a third group that received no training whatsoever. “To test whether the training approaches were effective in promoting proactivity, we compare employees who took part in the training to employees in this third group”, explains Prof. Strauss. “This means that we can rule out that employees throughout the organization became more or less proactive because of other changes that took place during the time of our study”. The researchers then tracked employees over 9 months to see if their proactivity increased. The findings showed that both training approaches were potentially effective in encouraging employees to be more proactive, but that employees’ needs and preferences determined whether the training worked for them. ​ Prof. Strauss’s findings showed that employees faced with a high workload were most likely to respond positively to the training approach aimed at encouraging them to be proactive problem solvers. “These employees felt swamped by the demands they were facing”, states Prof. Strauss. “We succeeded in training them to approach their job in a more proactive way and take charge of challenges and obstacles they were facing”. Training these employees to identify problems in their job and to develop ways to address these problems helped them to find more efficient ways of completing their day-to-day tasks. ​ On the other hand, the training approach aimed at encouraging employees to become more proactive in shaping the future of the organization was most effective for those who are generally more focused on long-term rather than short-term benefits. Employees who were more interested in the short-term did not respond to the training approach in the same way – they did not become more proactive. “Our findings really show that there is no one-size-fits-all approach to proactivity training”, explains Prof. Strauss. “For organizations who want to enhance proactivity in their workforce this has two important implications. First, what kind of proactivity do they expect? Do they want employees to become proactive in overcoming obstacles and finding more efficient ways of working, or do they want employees who think about the long-term future and about strategic change at the organization level? Second, organizations need to consider the situation the employee is in. What are the employee’s needs and preferences? Pushing somebody who is generally not very interested in the long-term to contribute to bringing about a vision of the organization in the future is unlikely to be effective in making them more proactive, and our findings suggest that it can even backfire”. ​ Prof. Strauss’s work has been recognized for the strength of its experimental design which rules out alternative explanations for changes in employee proactivity. However, she suggests that more research is needed on the effects of training interventions on employee proactivity. “Our study is an important first step in determining which type of training approach can be effective in encouraging employees to be more proactive, and who is most likely to respond positively to the training. But can we, for example, combine the different training approaches, and are there other ways in which employees and organizations can benefit from proactivity training?” Further research will need to explore these questions in other organizational settings. ​ by Karoline Strauss , 03.10.16 ​ Source : Knowledge Lab Essec

A DAWN OF DATA REVOLUTION AND WHAT'S AT STAKE? ​ ​ It is estimated that by year 2025, individuals and businesses alike will produce about 463 exabytes of data per day globally and there will be an estimated 175 zettabytes of data in the global data sphere. Businesses use data for a variety of reasons; including but not limited to analyzing customer behavior, providing relevant ads, customer centric product trends and analyzing market value. ​ Thus today data is imperative to a business. As a result most companies are increasingly focusing on their data policies, individuals and businesses are increasingly concerned about ethics surrounding data and privacy laws. But even as these laws emerge, the time taken to comply with these laws officially or unofficially is not very promising. ​ In fact, in a report recently added to the net, it was disclosed that it takes companies about 62 days to discover a high severity data breach and another 71 days to disclose the said breach. Thus, purely relying on a business to do the right thing when it comes to data breaches and data privacy ethics is not enough. ​ Kuber Signal is a company that wants companies to be held accountable/responsible by the individual for their data related decisions. The company quantifies privacy policies for other companies into a standard 4-point metric and a final Goodness score that's comparable across board and then shows these scores to the individual so they can decide what companies keep their data safe. ​ The metrics are: 1. Personal Data Privacy Goodness Score 2.Behavioral Data Privacy Goodness Score 3.Technical Data Privacy Goodness Score 4. Data Sharing Goodness Score Each metric measures how much of an individual data is stored, used and shared by the Company, that individual is a customer of the company then shows what companies in the same industry, selling the same product, rank higher than the individual's company of choice. The company can also track public information around other companies and aims to provide users with the right tools and information so an individual can stay up to date with their specific security concerns, be it companies or other security threats and make better informed choices. ​ Kuber Signal ultimately provides the user with a privacy score that can help them evaluate them online behavior and help mitigate their data related threats. Kuber Signal is founded by a Data Scientist and a cyber-security expert whose expertise lies in investigating brands for their security posture using AI algorithms. The mission of the company is to ensure an individual is aware of their security posture and a know-how into how to improve it. The company also provides individual security assessment, cyber news and information on relevant scams in the individual's playground. In conclusion, data privacy and ethics have never had more value than in recent and coming years. Today a data breach is nothing less than a home invasion of yesterday. ​ This may sound extreme but almost every bit of useful information about a person is somewhere on the internet with some company whose 'terms and conditions' the customer didn't read and if a malicious actor gets access to that data, the consequences for the individuals can be devastating. ​ by P. Observer, 07.12.22 ​ Source : Factiva

Cybersecurity 2023: Cloud security is key issue for companies What challenges do companies currently face regarding security? What is their cybersecurity strategy for the future? And what role does digital sovereignty play in this? The results show that cloud security is the most important strategic security topic for 34% of companies in 2022 and 2023. Ranked second to fifth are secure backups/disaster recovery (20%), data security (19%), security awareness training (15%) and identity & access management (14%). ​ Along with the strategic issues, there are also the top cybersecurity challenges faced by companies. Nearly two-thirds of respondents say their security landscapes have become more complex over the past twelve months. In addition, 69% expect complexity to increase further over the next twelve months. The top five security challenges for companies in Germany, Austria and Switzerland are security complexity (24%), data protection/privacy (21%), ransomware attacks (19%), cybersecurity skills shortage (18%) and security of networked environments (16%). Fifty-seven percent of respondents agree that they already have an urgent shortage of cybersecurity personnel or will have one in the coming year. ​ Digital sovereignty is becoming more important ​ The economic and political situation has made the issue of digital sovereignty more important for three out of four companies. For 26%, it is "much more important" with strategic implications, and for another 49%, it is at least "more important" with implications for day-to-day business. This also means that many companies see numerous benefits in digital sovereignty. For example, it helps respondents to shape their own transformation in a self-determined way, to strengthen the trust of customers and other stakeholders, and to promote collaboration with partners in increasingly digital ecosystems (60% each). ​ The top 5 most common digital sovereignty challenges for companies are protecting and gaining visibility of data in clouds (31%), the cost of evaluating and adopting new technology (29%), expertise in dealing with cloud contracts and skilled employees to understand and implement individual digital sovereignty requirements (27%), the availability and cost of local compliance officers (25%), and dealing with competing requirements between regional and national jurisdictions (24%). ​ Ransomware attacks are on the rise ​ According to this study, 72% of companies in the German-speaking markets have been affected by ransomware. 40% have even seen an increase in cyberattacks over the past twelve months. Looking ahead, half of the respondents (50%) expect the number of attacks to increase even further. If a ransomware attack occurred, only 50% of companies were able to successfully defend against it. ​ "To remain competitive and successfully develop their own business model, companies must respond to technological innovations and act with digital sovereignty," analyzes Frank Sauber, Global Head of Sales & Business Enablement, secunet Security Networks AG. "Besides self-determination and independence, this also means freedom of choice, for example in terms of providers, data protection or transparency. This gives companies more influence over what happens to their data and ultimately enables them to better protect themselves against cybercrime, sabotage or espionage. Companies are already complaining about the lack of skilled personnel and the complexity of the security landscape - this can only be mastered with independent partners and secure services. ​ by Secunet, 12.07.2022 ​ Source: Factiva

EU SUSTAINABLE GROWTH REGULATIONS: THE CHALLENGES OF TRANSPARENCY, COMPARABILITY, AND LEADERSHIP With the European Green Deal of December 2019 supporting long-term signals to support green investments, and the proposed European Climate Law as a framework for achieving climate neutrality, low-carbon transition has recently featured prominently in European Union (EU) policy. “Greenwashing” (pretended concern about the environment) and false advertising in the marketing of supposedly “green” products tend to undermine this objective, and these phenomena have therefore come under scrutiny. In particular, the European Commission has adopted an Action Plan on Financing Sustainable Growth, which aims at reorienting capital flows towards sustainable investment, and fostering transparency and long-termism. The Action Plan has engendered three Regulations – “Disclosure”, “Benchmark”, and “Taxonomy” – between 2019 and 2021. The new legal framework represents a worthwhile beginning, but it is not yet fully mature. ​ The Disclosure Regulation, the Communication from the Commission on Reporting Climate-Related Information, and soft law principles targeting green bonds specifically, have together updated the 2014 requirements on non-financial information. They have increased transparency at almost all levels in the financial value-chain: issuers, investment funds, pension funds, and hedge funds, financial advisors, asset managers (all recognized as “financial market participants” in the Regulation) and rating agencies. ​ In addition, in order to facilitate investors’ access to data, the Commission has announced in its Capital Markets Union New Action Plan the establishment of a European Single Access Point for financial and non-financial information publicly disclosed by companies. ​ The low-carbon Benchmark Regulation sets out the requirements for “EU Climate Transition Benchmarks” and “EU Paris-aligned Benchmarks”, while the Taxonomy Regulation establishes a unified EU classification system to label economic activity as environmentally sustainable. The Taxonomy Regulation makes clear which economic activities contribute most to meeting the EU’s environmental objectives, and thereby guides – or nudges – investors towards “green” investments (on the model of energy consumption labelling, and its colour-gradient). Under Article 8(1) of the Taxonomy Regulation, certain large undertakings that were previously required to publish non-financial information pursuant to the Non-Financial Reporting Directive, are now required to disclose information to the public on how and to what extent their activities are associated with environmentally sustainable economic activities. SMEs and non-EU companies can of course decide to disclose information on a voluntary basis for the purpose of getting access to sustainable financing or for other business-related reasons. By December 31st, 2021, the Commission will report on how to label “brown” activities that significantly harm environmental sustainability, as well as activities that have low impact. The EU’s green finance taxonomy is, in other words, directed at avoiding greenwashing by establishing criteria for activities and financial instruments that claim to be environmentally sustainable or to contribute to a social objective. ​ This legal framework lays some groundwork for comparisons and sound decision-making on behalf of investors. However, more needs to be done in terms of standardising what is reported. In practice, the way environmental information reaches capital markets remains a sticking point. Labels, indices, and principles drawn up by various uncoordinated for-profit and nonprofit organizations have multiplied, creating complexity and confusion for companies and investors. Yet, as stressed by Robert Eccles, nonfinancial information that is of the same rigor and relevance as financial information, and that is also subject to the same degree of auditability, is indispensable for capital markets to operate sustainably. ​ Standards for nonfinancial information for companies’ environmental (as well as social, and governance) performance are important: like accounting standards, they are accepted simplified constructs to represent a company’s performance. Though imperfect (and evolving), standards enable comparability (without preventing additional information to be provided) and only fulfil their role in practice if they are mandatory. The European Financial Reporting Advisory Group’s Project Task Force issued its final report to prepare for “the elaboration of possible EU non-financial reporting standards in a revised EU Non-Financial Reporting Directive”. The European Union plans to announce its standards in April 2022. However, because the economy is global, what is really needed are standards that are also global, in addition to being independent and rigorous. ​ The EU has shown an interest in building up an international forum: with seven countries representing 55 % of the world’s greenhouse gas emissions and half of the world’s population and GDP, the EU launched the International Platform on Sustainable Finance (IPSF). Although the IPSF is not a standard-setting body, its work is aimed at preparing the ground for the international standard setters to develop globally applicable sustainable finance standards. As noted in the first IPSF annual report, the absence of coherent definitions of green investments (taxonomies) at the global level, and the low degree of standardisation of reporting, represent a limit to green and sustainable finance worldwide. Around the world, several countries have drawn up roadmaps for sustainable finance; various public and private bodies have also introduced frameworks to enhance standardisation. However, these uncoordinated initiatives tend to reflect local priorities and stages of market development and: they cause fragmentation. ​ The need to overcome this situation is also recognized in the EU-US agenda for global change announced a few weeks after the election of Joe Biden. The transatlantic initiative contemplates jointly designing a global regulatory framework for sustainable finance, based on the experience of the EU taxonomy. This illustrates the leading role that Europe is in a position to play as other major economies start to prioritize a coordinated response to climate change. ​ There is obviously a risk that collective action fails and that each entity insists on imposing its own standards rather than working towards global ones. In particular, there is a risk that the EU decides that because it can mandate standards, it should do so. Unless these are endorsed by market forces, such standards might trigger a mere compliance exercise, with little benefit to companies, investors and society as a whole. ​ If, however, the EU recognizes that it could be at the forefront of an international effort to help global standards emerge, it will be able to foster joint work with other bodies, such as the Impact Management Project, which has engaged in an effort to reconcile the various sets of existing standards, the World Economic Forum International Business Council , which can harness commitment from the corporate community, and the Sustainability Standards Board established in September 2020 to sit alongside the International Accounting Standards Board and engage in a similar role establishing international reporting standards. Were the EU to take on the role of midwife, it could deliver to the world the standards for nonfinancial information that US and Asian companies will adopt. Meanwhile a race started since the SEC proposed in March 2022 rules regarding compulsory climate-related disclosures. ​ by Geneviève Helleringer , 28.03.22 ​ Source : Knowledge Lab Essec

There’s Nothing Here... We can’t find the page you’re looking for. Check the URL, or head back home. Go Home

There’s Nothing Here... We can’t find the page you’re looking for. Check the URL, or head back home. Go Home