Archiving, GDPR and Personal data - Information Management Today

GDPR personal data explained

Collibra

NOVEMBER 13, 2020

The General Data Protection Regulation (GDPR), in force since May 25, 2018, requires businesses to protect the personal data and privacy of European Union (EU) citizens, for transactions that occur within EU Member States. The GDPR also regulates the exportation of personal data outside the EU.

Personal data

Personal data GDPR Data Privacy Privacy

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The declining cost of electronic data storage may have caused some company executives to conclude that retaining personal data forever is “cheap.” The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019.

Personal data

Personal data Insurance GDPR Record destruction

GDPR Article 17: What Is the Right to Erasure?

IT Governance

MARCH 30, 2023

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. It enshrines “the right to erasure” (sometimes referred to as “the right to be forgotten”), which allows people to request that an organisation deletes any personal data related to them.

GDPR

GDPR Personal data Compliance Government

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

UK: New guidance on processing personal data for scientific research purposes

DLA Piper Privacy Matters

MARCH 1, 2022

Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. The implication was that data controllers did not fully understand, and therefore were not effectively making use of, the research provisions.

Personal data

Personal data GDPR Data collection Archiving

GDPR Article 32: Your guide to the requirements

IT Governance

SEPTEMBER 28, 2020

Perhaps the most widely discussed set of compliance requirements within the GDPR (General Data Protection Regulation) are those found in Article 32. That’s because it contains the measures that organisations must implement to prevent cyber attacks and data breaches. What is Article 32 of the GDPR? So how can you do that?

GDPR

GDPR Personal data Compliance Risk

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

Data Protection Report

NOVEMBER 12, 2019

On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA ) issued a €14.5 million fine on a German real estate company, die Deutsche Wohnen SE ( Deutsche Wohnen ), the highest German GDPR fine to date.

GDPR

GDPR Personal data Records Management Archiving

Mitigating Third Party Risks Under GDPR

AIIM

MARCH 22, 2019

One of the most vexing problems for organizations is mitigating GDPR compliance risks when dealing with third parties, particularly the nature and extent of obligations between data controllers and processors. These obligations extend beyond the walls of an organization to third parties that process personally identifiable information.

GDPR

GDPR Risk Compliance Personal data

Top tips for data retention under the GDPR

IT Governance

NOVEMBER 12, 2018

Under the GDPR (General Data Protection Regulation) an organisation must not keep data for longer than it is needed. Article 5(1)(e) of the GDPR states: “1. Setting data retention periods. There are no specific retention periods set under the GDPR, so it is up to your organisation to establish or identify them.

GDPR

GDPR Personal data Paper Archiving

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

On November 26, 2020, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies.

GDPR

GDPR Personal data Data collection Marketing

GDPR Primer

The Schedule

MAY 9, 2019

A few weeks ago, Chuck Piotrwoski of PIOT presented a great webinar on the General Data Protection Regulation (GDPR). Chuck broke down GDPR into several basic principles: data about a person belongs to the person. archive, the personal data collected for this transaction is protected by GDPR.

GDPR

GDPR Personal data Privacy Data collection

EDPB Adopts Opinion on Interplay Between the EU Clinical Trials Regulation and the GDPR

Data Matters

FEBRUARY 7, 2019

On 23 January 2019, the European Data Protection Board (EDPB) adopted an opinion on the interplay between the EU Clinical Trials Regulation (CTR) and the EU General Data Protection Regulation (GDPR). Legal basis for the processing of personal data in a clinical trial (primary use). Rather, for a controller (e.g.,

GDPR

GDPR Personal data Archiving Privacy

Webinar: Know your rights! Smart strategies against GDPR fines

DLA Piper Privacy Matters

FEBRUARY 12, 2020

With the EU General Data Protection Regulation (GDPR) having been applicable for almost two years now, data protection supervisory authorities (DPAs) are entering into full enforcement mode all over Europe, resulting in significantly higher fines compared to the pre-GDPR world.

GDPR

GDPR Compliance Archiving Personal data

The GDPR and the right to be forgotten

IT Governance

APRIL 30, 2018

Something that’s drawn a lot of attention in the lead up to the General Data Protection Regulation (GDPR) compliance deadline is “the right to erasure”, also known as the “right to be forgotten”. You have processed the personal data to offer information society services to a child. a health professional).

GDPR

GDPR Personal data Archiving Compliance

Guest Post -- GDPR Compliance starts with Data Discovery

AIIM

NOVEMBER 16, 2017

GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. 50% of organizations not ready for GDPR. Compliance starts with data discovery. The Privacy and Security Dichotomy. Privacy by Design: The Intersection of Law and Technology.

GDPR

GDPR Compliance Privacy Paper

Germany: Berlin data protection authority imposes EUR 14.5 million fine for “data cemetery”

DLA Piper Privacy Matters

NOVEMBER 6, 2019

On 30 October 2019, the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – “ Berlin DPA ”) imposed an administrative fine of about EUR 14.5 million against Deutsche Wohnen SE for infringements of the General Data Protection Regulation (GDPR).

GDPR

GDPR Personal data Archiving Compliance

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

Data Protection Report

NOVEMBER 12, 2019

On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA ) issued a €14.5 million fine on a German real estate company, die Deutsche Wohnen SE ( Deutsche Wohnen ), the highest German GDPR fine to date.

GDPR

GDPR Personal data Records Management Archiving

FRANCE: NEW GUIDANCE FOR DATA RETENTION

DLA Piper Privacy Matters

SEPTEMBER 4, 2020

They provide more practical guidance and update the CNIL previous Recommendations dated 11 October 2005 on the conditions of archiving personal data [2]. The CNIL’s Guidelines apply to all private companies and public organizations processing personal data. An organization based on the personal data lifecycle.

Personal data

Personal data Archiving GDPR Government

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

The European Data Protection Board ( “EDPB” ) has published guidelines on the processing of personal data through video devices (the “ Guidelines “) (currently subject to a public consultation process). technical and organisational measures required for such data processing.

Personal data

Personal data GDPR Access Marketing

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

Hunton Privacy

JUNE 11, 2019

On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates.

Personal data

Personal data Security GDPR Archiving

IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi

IT Governance

SEPTEMBER 7, 2023

This week, we discuss security issues at the Electoral Commission, Meta’s appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi. Also available on Spotify , Amazon Music , Apple Podcasts and SoundCloud. The fines are due to continue until 3 November.

Government

Government IT Personal data GDPR

EDPB Releases Opinion on Interplay Between the Clinical Trial Regulation and the GDPR

Hunton Privacy

FEBRUARY 7, 2019

On January 23, 2019, the European Data Protection Board (“EDPB”) released an opinion on the interplay between the European Clinical Trials Regulation (“CTR”) and the EU General Data Protection Regulation (“GDPR”) (the “Opinion”).

GDPR

GDPR Personal data Archiving Compliance

UK ICO fines hotel chain giant Marriott over data breach

Security Affairs

NOVEMBER 2, 2020

. “The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure.” ” In July 2019, the UK’s data privacy regulator announced that the giant hotel chain Marriott International faces a £99 million ($123 million) fines under GDPR over 2014 data breach. .”

Data breaches

Data breaches Personal data GDPR Encryption

A guide to the GDPR for insurance companies

IT Governance

MAY 30, 2018

The EU General Data Protection Regulation (GDPR) is designed to harmonise data protection laws across the EU, but certain industries will have to respond differently in order to achieve compliance. A report published by research and consultancy company Celent highlights the challenges that the GDPR presents to insurers.

Insurance

Insurance GDPR Compliance Data collection

Preservica makes it easier for organizations to meet long-term GDPR obligations

Preservica

MAY 1, 2018

Suite of new GDPR enhancements simplify classification, search and reporting for long-term personal data. Reporting : Dashboard or on-demand reports show the types of pre-classified personal data held within Preservica, further addressing records of processing requirements (Article 30).

GDPR

GDPR Digital preservation Metadata Personal data

EDPB Adopts Opinion on Draft South Korea Adequacy Decision

Hunton Privacy

OCTOBER 1, 2021

In the Opinion, the EDPB concluded that there are key areas of alignment between the EU and Korean data protection frameworks, including on core provisions such as data protection, legal grounds for processing, purpose limitation, data retention, transparency, and security and confidentiality of personal data.

Personal data

Personal data GDPR Archiving Security

Genetic information – global privacy considerations – an Australian and UK perspective

DLA Piper Privacy Matters

SEPTEMBER 20, 2022

The UK GDPR identifies both ‘genetic data’ and ‘health data’ as ‘special category data’ that merit additional protection in comparison with normal personal data. The privacy regime for genetic data in the United Kingdom. The UK GDPR requires a lawful basis to process personal data.

Privacy

Privacy GDPR Personal data Risk

GDPR Is In Effect: The French Bill Has Been Adopted…But Referred to the French Constitutional Council

HL Chronicle of Data Protection

MAY 25, 2018

The General Data Protection Regulation (GDPR) entered into force on 25 May 2018. This procedure led to the adoption in final reading by the French National Assembly of the bill on personal data protection on 14 May 2018. The GDPR has an extended scope compared to the scope of the French Data Protection Act.

GDPR

GDPR Personal data Archiving Government

Data protection strategy: Key components and best practices

IBM Big Data Hub

MAY 28, 2024

It supports the same security measures as data security but also covers authentication, data backup, data storage and achieving regulatory compliance, as in the European Union’s General Data Protection Regulation (GDPR). Data breach victims also frequently face steep regulatory fines or legal penalties.

Data breaches

Data breaches GDPR Compliance Encryption

How does GDPR impact digital preservation solutions in the Cloud?

Preservica

OCTOBER 30, 2017

Inside and outside of Europe, everyone is talking about the General Data Protection Regulation (GDPR) and what it means to their organization. Whether you are a hare or an ostrich in your readiness, GDPR needn’t be just a deadline viewed with trepidation. First of all, the cloud. Now to digital preservation.

Digital preservation

Digital preservation GDPR Cloud Personal data

Berlin Commissioner Issues Fine to Deutsche Wohnen SE

Hunton Privacy

NOVEMBER 6, 2019

This is the highest fine issued in Germany since the EU General Data Protection Regulation (“GDPR”) became applicable. GDPR Violation. In some cases, it was possible to access personal data of affected tenants, some of which were years old, without the data serving the purpose of the original data collection.

GDPR

GDPR Archiving Personal data Insurance

CNIL Publishes Standard on HR Data Processing

Hunton Privacy

APRIL 20, 2020

On April 15, 2020, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes. Main Changes in the Referential on HR Data Processing. telephone call listening/recording.

Personal data

Personal data GDPR Compliance Archiving

EDPB issues new opinion on interplay between Clinical Trials Regulation and the GDPR

Data Protection Report

FEBRUARY 19, 2019

On January 23, 2019, the European Data Protection Board (“EDPB”) issued an opinion on the interplay between the Clinical Trials Regulation (“CTR”) and the General Data Protection Regulation (“GDPR”). See our previous blog posts on the GDPR here and here. The GDPR requires a legal basis for processing personal data.

GDPR

GDPR Personal data Compliance Risk

EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’

DLA Piper Privacy Matters

FEBRUARY 23, 2022

In the proposal, “data” is broadly defined and contains both personal and non-personal data. This means that the Data Act would further regulate personal data in addition to the GDPR. The Data Act would apply to all types of enterprises, in principle, including small and micro businesses.

GDPR

GDPR Personal data IoT Access

EDPB’s New Guidelines – Clinical Trials in the EU and COVID-19

HL Chronicle of Data Protection

MAY 1, 2020

This is not the first time that the EDPB has issued guidance on topics related to scientific research or clinical trials (see its analysis on the interplay between the GDPR and the Clinical Trials Regulation , which we covered, here). recent trip or presence in a region where COVID-19 is widespread).

GDPR

GDPR Personal data Privacy Data collection

PSD2 v. GDPR: Navigating the differences

CGI

JUNE 6, 2018

GDPR: Navigating the differences. Two very important, but, in some respects, seemingly contradictory pieces of regulation are at the center of attention in the European financial world—the Revised Payment Services Directive (PSD2) and the General Data Protection Regulation (GDPR). What is GDPR? Data Subject”).

GDPR

GDPR Marketing Personal data Retail

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Data Protection Report

JULY 8, 2019

In view of this, the CNIL identified two breaches of the General Data Protection Regulation [3] ( GDPR ): 1. The CNIL also noted that the company had failed to comply with the data retention provision as set out in Article 5-1-(e) of the GDPR.

GDPR

GDPR Personal data Compliance Security

The UK’s ICO issues a monetary penalty notice to professional services firm after ransomware attack

Data Protection Report

MARCH 22, 2022

On 10 March 2022, the Information Commissioner’s Office ( ICO ) issued a monetary penalty notice to a professional services firm (the Firm ) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection Regulation ( GDPR ). c) Failure to encrypt personal data.

Ransomware

Ransomware Personal data Encryption GDPR

CNIL’s New Guidelines on HR Processing

HL Chronicle of Data Protection

APRIL 21, 2020

The French Data Protection Authority (CNIL) has recently released new guidelines (French only) regarding human resources processing operations. The new guidelines are applicable to public and private companies for the processing of their employees’ personal data. Categories of personal data.

Personal data

Personal data GDPR Big data Compliance

New Belgian Data Protection Act Takes Effect

Data Matters

SEPTEMBER 7, 2018

On September 5, 2018, the new Belgian Data Protection Act implementing the GDPR (the Belgian Act ) was published and entered into force. The Belgian Act goes further than mere implementation of the GDPR, to cover data processing explicitly excluded from the scope of the GDPR. Criminal Data Processing.

GDPR

GDPR Archiving Privacy Compliance

Media Destruction and Privacy Law Compliance

Archive Document Data Storage

OCTOBER 10, 2018

New standards for the General Data Protection Rule (GDPR) went into effect on May 25, 2018. They affect any EU business that collects data from customers. GDPR non-compliance penalties are substantial: up to €20 million or 4 percent of annual turnover (whichever is greater). Appoint a Data Protection Officer.

Compliance

Compliance Privacy GDPR Archiving

Romania: Key aspects in the Romanian Data Protection Authority’s annual activity report (2019)

DLA Piper Privacy Matters

OCTOBER 22, 2020

On 28 September 2020, the Romanian National Supervisory Authority for the Processing of Personal Data (ANSPDCP) published on its website the annual activity report for 2019. Qualification of the parties involved in personal data processing activities. Obligation to carry out a data protection impact assessment.

Personal data

Personal data GDPR Communications Compliance

EU: DOMAIN NAMES AND WHOIS INFORMATION – CHANGES AFOOT WHEN THE GDPR COMES INTO FORCE – GET READY!

DLA Piper Privacy Matters

MAY 14, 2018

When the General Data Protection Regulation (GDPR) takes effect across the EU on 25 May 2018, large amounts of WHOIS data will no longer be publicly available. The registrant’s state/province will be published together with date of registration and some of the other technical data (e.g.

GDPR

GDPR Access Government Archiving

EDPB – more clarity on the legal basis for processing data in clinical trials

DLA Piper Privacy Matters

FEBRUARY 12, 2019

Since the implementation of the GDPR, there has been much discussion with respect to the appropriate legal basis for the processing of personal data in the context of a clinical trial, in particular how this relates to the Clinical Trials Regulation (CTR) which is expected to enter into force in 2020.

GDPR

GDPR Personal data Archiving Compliance

6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident

IT Governance

MAY 7, 2024

Data breached: 6,009,014 accounts. A further 381,000 New York City public school students affected by 2022 data breach In January 2022 , personal data from around 820,000 New York City public school students, both current and former, was breached. Under the EU GDPR, the Czech supervisory authority issued a €13.9

Data breaches

Data breaches Education Manufacturing Retail

GDPR personal data explained

Over-Retention of Personal Data

Webinars

Trending Sources

GDPR Article 17: What Is the Right to Erasure?

Webinars

UK: New guidance on processing personal data for scientific research purposes

GDPR Article 32: Your guide to the requirements

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

Mitigating Third Party Risks Under GDPR

Top tips for data retention under the GDPR

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

GDPR Primer

EDPB Adopts Opinion on Interplay Between the EU Clinical Trials Regulation and the GDPR

Webinar: Know your rights! Smart strategies against GDPR fines

The GDPR and the right to be forgotten

Guest Post -- GDPR Compliance starts with Data Discovery

Germany: Berlin data protection authority imposes EUR 14.5 million fine for “data cemetery”

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

FRANCE: NEW GUIDANCE FOR DATA RETENTION

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi

EDPB Releases Opinion on Interplay Between the Clinical Trial Regulation and the GDPR

UK ICO fines hotel chain giant Marriott over data breach

A guide to the GDPR for insurance companies

Preservica makes it easier for organizations to meet long-term GDPR obligations

EDPB Adopts Opinion on Draft South Korea Adequacy Decision

Genetic information – global privacy considerations – an Australian and UK perspective

GDPR Is In Effect: The French Bill Has Been Adopted…But Referred to the French Constitutional Council

Data protection strategy: Key components and best practices

How does GDPR impact digital preservation solutions in the Cloud?

Berlin Commissioner Issues Fine to Deutsche Wohnen SE

CNIL Publishes Standard on HR Data Processing

EDPB issues new opinion on interplay between Clinical Trials Regulation and the GDPR

EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’

EDPB’s New Guidelines – Clinical Trials in the EU and COVID-19

PSD2 v. GDPR: Navigating the differences

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

The UK’s ICO issues a monetary penalty notice to professional services firm after ransomware attack

CNIL’s New Guidelines on HR Processing

New Belgian Data Protection Act Takes Effect

Media Destruction and Privacy Law Compliance

Romania: Key aspects in the Romanian Data Protection Authority’s annual activity report (2019)

EU: DOMAIN NAMES AND WHOIS INFORMATION – CHANGES AFOOT WHEN THE GDPR COMES INTO FORCE – GET READY!

EDPB – more clarity on the legal basis for processing data in clinical trials

6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident

Stay Connected