Analysis, Information Security and Personal data

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR puts forth a litany of rules for how organizations in and outside of Europe handle the personal data of EU residents. The details of any organization’s plan to become fully GDPR compliant will vary based on the data the organization collects and what it does with that data.

GDPR

GDPR Compliance Personal data Privacy

Building cyber security careers

IT Governance

OCTOBER 21, 2021

The most common skills gaps are “storing or transferring personal data, setting up configured firewalls, and detecting and removing malware”. The report also estimates that 33% of businesses surveyed have more advanced cyber security skills gaps in incident response, penetration testing, forensic analysis and security architecture.

Security

Security Information Security GDPR Data Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

The GDPR provision that may keep IT security teams busiest is Article 32, which requires “a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing” of personal data. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

7 steps to highly effective GDPR compliance

IT Governance

AUGUST 21, 2019

You can determine these by carrying out a gap analysis. Identify and minimise risks that result from your data processing. The GDPR requires you to implement “appropriate technical and organisational measures” to ensure the security and privacy of the personal data your organisation processes.

GDPR

GDPR Compliance Personal data Access

How long do you have to report a data breach?

IT Governance

DECEMBER 13, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. Most breaches fit into this category, but not all of them. For organisations in the UK, this is the ICO (Information Commissioner’s Office).

Data breaches

Data breaches GDPR Personal data Compliance

How long do you have to report a data breach?

IT Governance

OCTOBER 24, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. Most breaches fit into this category, but not all of them. For organisations in the UK, this is the ICO (Information Commissioner’s Office).

Data breaches

Data breaches GDPR Compliance Personal data

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

Notification processes in the event of personal data breach. Subject to specific circumstances data controllers and processors may be required to conduct a privacy impact assessment. There is some uncertainty as to the conditions that necessitate the need for a privacy impact assessment.

GDPR

GDPR Compliance Data collection Privacy

What UK charities need to know about GDPR compliance

IT Governance

AUGUST 2, 2019

If you think that charities might be shown lenience under the GDPR (General Data Protection Regulation) , you’re wrong. The Regulation treats charities in much the same way as any organisation, because although they’re not using personal data to make a profit, they still run the risk of data breaches and privacy violations.

GDPR

GDPR Compliance Personal data Risk

A 6-step guide to surviving data breaches

IT Governance

FEBRUARY 1, 2019

Follow our advice to successfully manage risks and respond to a variety of information security incidents. Under the GDPR (General Data Protection Regulation) , organisations have 72 hours from the moment they become aware of a breach to report the incident. Situational analysis. Assess the affected data.

Data breaches

Data breaches GDPR Personal data Compliance

CNIL Publishes Initial Assessment on Blockchain and GDPR

Hunton Privacy

OCTOBER 2, 2018

It is a technology that can be used to process personal data and is not a processing activity in itself. DLT solutions are not blockchains and are too recent and rare to allow the CNIL to carry out a generic analysis. In addition, the CNIL examined solutions to enable data subjects to exercise their data protection rights.

Blockchain

Blockchain GDPR Personal data Compliance

The NIS Directive (NIS Regulations) – the UK law businesses need to know about

IT Governance

JULY 20, 2018

On 10 May 2018, the NIS Directive (Directive on security of network and information systems) was transposed into UK law as the NIS Regulations. The NIS Regulations apply to two different categories of organisations: OES (operators of essential services) in the UK’s energy, transport, health, water and digital infrastructure sectors.

Compliance

Compliance GDPR Personal data Cloud

CIPL Submits Comments to Article 29 WP’s Proposed Guidelines on Data Breach Notification

Hunton Privacy

DECEMBER 7, 2017

On December 1, 2017, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP submitted formal comments to the Article 29 Working Party (the “Working Party”) on its Guidelines on Personal Data Breach Notification (the “Guidelines”). Risk Assessment. Timing of Notification.

Data breaches

Data breaches Personal data GDPR Risk

Creating a data governance framework

Collibra

JANUARY 1, 2021

Data governance champions should identify the business initiatives and the challenges that the organization faces in order to determine use cases. These use cases typically fall under three categories [Figure 2] : Grow the business ( revenue focused ). The number of use cases for data governance is practically limitless.

Government

Government Compliance Data Privacy Privacy

Final Rules for the Data Privacy Act Published in the Philippines

Hunton Privacy

SEPTEMBER 13, 2016

Some points of interest that have been resolved or finalized include the following: The IRR has two separate defined terms, “personal data” and “personal information,” but the potential discrepancy between the two terms has been resolved. This definition no longer appears in the final IRR.

Data Privacy

Data Privacy Privacy Personal data Data breaches

Article 29 Working Party Adopts Opinion on Cloud Computing

Hunton Privacy

JULY 4, 2012

On July 1, 2012, the Article 29 Working Party (the “Working Party”) adopted WP196 (the “Opinion”) setting out an analysis of the legal framework associated with cloud computing, as well as recommendations directed at both data controllers and data processors in the European Economic Area (the “EEA”). Risk Analysis and Checklist.

Cloud

Cloud Compliance Personal data Risk

Mitigating Third Party Risks Under GDPR

AIIM

MARCH 22, 2019

The relationship between data controllers and processors must be defined by a contract which “sets the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.”. 12, 2018; and.

GDPR

GDPR Risk Compliance Personal data

Information Management Today

How to implement the General Data Protection Regulation (GDPR)

Building cyber security careers

Trending Sources

Security Compliance & Data Privacy Regulations

7 steps to highly effective GDPR compliance

How long do you have to report a data breach?

How long do you have to report a data breach?

Guest Post - Three Critical Steps for GDPR Compliance

What UK charities need to know about GDPR compliance

A 6-step guide to surviving data breaches

CNIL Publishes Initial Assessment on Blockchain and GDPR

The NIS Directive (NIS Regulations) – the UK law businesses need to know about

CIPL Submits Comments to Article 29 WP’s Proposed Guidelines on Data Breach Notification

Creating a data governance framework

Final Rules for the Data Privacy Act Published in the Philippines

Article 29 Working Party Adopts Opinion on Cloud Computing

Mitigating Third Party Risks Under GDPR

Stay Connected