IT Governance

DECEMBER 20, 2017

In the first two blogs we set out key steps for starting compliance projects, along with some IT Governance solutions should you need any extra help. The GDPR Staff Awareness E-learning Course is a simple-to-use interactive modular e-learning programme that introduces the GDPR and key compliance obligations. Birmingham: 15 January.

GDPR 70

GDPR Compliance Data breaches Information Security 70

Data Protection Report

JANUARY 9, 2023

With the year 2022 firmly in the rear view, and as we look to start the new year in 2023, Norton Rose Fulbright’s Regulatory Compliance and Investigations team looks back and rounds up the five key cyber and data protection developments that took place in Southeast Asia in 2022. . in damages to its customer over data leak.

Cybersecurity 114

Cybersecurity Personal data Data breaches Ransomware 114

Hunton Privacy

APRIL 30, 2019

The French Data Protection Authority (the “CNIL”) recently published its Annual Activity Report for 2018 (the “Report”) and released its annual inspection program for 2019. The Report provides an overview of the CNIL’s enforcement activities in 2018. The CNIL received 1,170 data breach notifications in 2018.

GDPR 48

GDPR Personal data Data breaches Marketing 48

IT Governance

DECEMBER 13, 2018

Hello and welcome to the final IT Governance podcast of 2018. And then there was the Cambridge Analytica scandal , which broke when the former employee and whistle-blower Christopher Wylie revealed to the Guardian that the political consulting firm had harvested 50 million Facebook users’ personal data and used it for political purposes.

Data breaches 71

Data breaches Personal data Access GDPR 71

Data Protection Report

MARCH 22, 2022

On 10 March 2022, the Information Commissioner’s Office ( ICO ) issued a monetary penalty notice to a professional services firm (the Firm ) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection Regulation ( GDPR ). c) Failure to encrypt personal data.

Ransomware 52

Ransomware Personal data Encryption GDPR 52

Hunton Privacy

APRIL 20, 2020

On April 15, 2020, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes. Main Changes in the Referential on HR Data Processing. Background.

Personal data 71

Personal data GDPR Compliance Archiving 71

IT Governance

JULY 20, 2018

Although much of the focus in 2018 has been on ensuring compliance with the EU GDPR (General Data Protection Regulation) , another EU directive became UK law in May – the NIS Regulations (Network and Information Systems Regulations 2018). What are the penalties for non-compliance? What are the NIS Regulations?

Compliance 67

Compliance GDPR Personal data Cloud 67

Data Protection Report

JUNE 22, 2022

An exemption to the requirement to provide further fair processing information where personal data was collected directly from data subjects initially and is repurposed for research purposes later has also been identified, where to do so would involve disproportionate effort. Delivering better public services.

GDPR 144

GDPR Government Personal data Risk 144

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data 100

Personal data GDPR Privacy Records Management 100

AIIM

MARCH 22, 2019

One of the most vexing problems for organizations is mitigating GDPR compliance risks when dealing with third parties, particularly the nature and extent of obligations between data controllers and processors. Data Breach notification obligations under Article 33 of GDPR.

GDPR 96

GDPR Risk Compliance Personal data 96

IT Governance

MARCH 13, 2020

First published June 2018. Under the EU GDPR (General Data Protection Regulation) , you need to identify a lawful basis before processing personal data. Do you always need individuals’ consent to process their data? Last updated March 2020. But what is a lawful basis for processing?

GDPR 92

GDPR Personal data Compliance Marketing 92

Data Protection Report

MAY 16, 2019

In keeping with the ICO’s earlier guidance on processing personal data of children, the primary factor for consideration here is whether the proposed activity is in the “best interests” of the child. 10-12: transition years. 0 – 5: pre-literate and early literacy. 6 – 9: core primary school years. 13-15: early teens.

Personal data 40

Personal data Privacy GDPR Access 40

Hunton Privacy

JULY 28, 2020

The Beta phase of the Regulatory Sandbox was launched in September 2019 as a pilot and involves the assessment of ten products and services that use personal data in innovative ways. a Data Protection Impact Assessment (“DPIA”) template with guidance for universities and pre-defined risk mitigation measures.

IT 91

IT GDPR Personal data Compliance 91

Hunton Privacy

AUGUST 11, 2020

On May 31, 2018 (a few days after the application of the GDPR), the CNIL carried out an on-the-spot inspection of Spartoo to determine whether the company was complying with all the provisions of the GDPR. As part of its activities, the company operates a website that is accessible in 13 EU countries.

Retail 114

Retail GDPR IT Personal data 114

DLA Piper Privacy Matters

AUGUST 19, 2021

Background On 24 July 2018, the Medicines and Healthcare Products Regulatory Agency (‘ MHRA’ ) executed a search warrant at premises at which personal data was held for which DDL was the controller. Some of these contained personal data and special category (health) data.

GDPR 105

GDPR Personal data Compliance Risk 105

Data Matters

JUNE 24, 2021

3 The SEC and its staff followed the September 2017 statement with various cybersecurity-related initiatives and guidance, including January 27, 2020, cybersecurity guidance and observations published by the SEC’s Division of Examinations (formerly Office of Compliance Inspections and Examinations). 20, 2017). 27, 2020). 5 83 FR 8166 (Feb.

Cybersecurity 68

Cybersecurity Financial Services Risk Compliance 68

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing. Tue, 12/22/2020 - 10:08. New EU restrictions could force companies to change data transfer practices and adopt more advanced data encryption methods. Data privacy is not a check-the-box compliance or security item. In the Dec.

Data Privacy 118

Data Privacy Privacy Security Encryption 118

IT Governance

FEBRUARY 26, 2019

Originally published 20 June 2018. Micro organisations (those with a maximum turnover of £632,000 for the financial year or no more than 10 members of staff) must pay £40. Personal, family or household affairs. A public consultation on exemptions will close at 4 pm on 1 August 2018. Accounts and records.

GDPR 71

GDPR Compliance Personal data Government 71

IT Governance

MARCH 27, 2018

Businesses are starting to panic as they try to comply with the General Data Protection Regulation (GDPR) before the May 2018 deadline. Any organisation, regardless of size, that regularly processes EU residents’ personal data must comply with the Regulation. Save 10% when you buy before the end of March >>

GDPR 77

GDPR Compliance Personal data Information Security 77

The Last Watchdog

NOVEMBER 4, 2021

Legacy filing systems were not built to keep track of the personal data of specific individuals primarily to be in compliance with the many data protection regulations popping up around the world. This is an important capability for organizations who need to satisfy this new type data handling regulations.

Personal data 237

Personal data Unstructured data Privacy Data Privacy 237

IT Governance

DECEMBER 3, 2018

Although the EU General Data Protection Regulation (GDPR) has come into effect, a large number of organisations are not yet compliant. A Ponemon Institute survey found that almost half of companies would not meet the 25 May 2018 deadline. At this stage, if necessary, a data protection officer (DPO) must be appointed.

GDPR 73

GDPR Compliance Risk Data breaches 73

Data Matters

JULY 22, 2020

13.709/2018 (the Brazilian Data Protection Law, or “ LGPD ”) in 2018 was followed by great enthusiasm from the general public in Brazil. Indeed, the comprehensive law has been viewed as a necessary measure for the country to join a select but growing group of nations in the systematic protection of individuals’ personal data.

Marketing 68

Marketing Compliance Personal data GDPR 68

DLA Piper Privacy Matters

SEPTEMBER 20, 2022

has within its possession and control), uses or discloses a record of genetic information falls within the scope of the Privacy Act (although the extent of the compliance requirement varies). Any organisation which collects, holds (i.e. United Kingdom. freedom from discrimination. freedom from discrimination.

Privacy 98

Privacy GDPR Personal data Risk 98

IT Governance

FEBRUARY 8, 2018

The Cyber Security Breaches Survey 2018 from the Department for Digital, Culture, Media and Sport (DCMS) has revealed that only 38% of businesses and 44% of charities have heard of the General Data Protection Regulation (GDPR). Clearly there is still work to be done to ensure compliance by the 25 May deadline. Key findings.

GDPR 63

GDPR Government Education Compliance 63

IT Governance

AUGUST 3, 2018

That’s left little room to discuss the NIS Regulations (Network and Information Systems Regulations 2018) , which quietly took effect on 10 May 2018. This blog redresses the balance, explaining why you need to take the NIS Regulations seriously and how you can achieve compliance. GDPR vs NIS Regulations. What’s an OES?

GDPR 60

GDPR Compliance Personal data Cloud 60

IT Governance

MAY 25, 2018

The General Data Protection Regulation is now in force. Hello and welcome to the IT Governance podcast for Friday, 25 May 2018, the day the EU’s General Data Protection Regulation (the GDPR) – the first major update to European data protection law in more than 20 years – applies across Europe and around the world.

GDPR 70

GDPR Compliance Personal data Government 70

DLA Piper Privacy Matters

JUNE 6, 2018

Only five days after the GDPR became applicable, the first German court, the Regional Court ( Landgericht ) Bonn (in a decision dated 29 May 2018, case number 10 O 171/18 – in German only), issued a ruling on the practical application of the GDPR. Click here for more details on processing of WHOIS information.

GDPR 75

GDPR Compliance Personal data Security 75

Thales Cloud Protection & Licensing

JANUARY 5, 2018

( Originally posted to CenturyLink’s blog on November 10 ). To help save time and money, a growing number of enterprises are storing sensitive customer data in the public cloud. Because the GDPR encourages “ pseudonymization ” of personal data. Increasingly, they’re also leveraging multiple cloud providers. Bottom line?

GDPR 91

GDPR Cloud Encryption Personal data 91

eDiscovery Daily

JANUARY 30, 2018

and Mary (as in Mary Mack, Executive Director of ACEDS) and Marc Zamsky (from ComplianceDS) at Ruth’s Chris Steak House at 148 West 51st Street on Wednesday from 4:00pm to 6:00pm. Sessions in the main conference tracks include: 9:00 – 10:00 AM: Legaltech Keynote – The ESI of Today and the ESI of Tomorrow. Come join us!

e-Discovery 34

e-Discovery Artificial Intelligence GDPR Education 34

Hunton Privacy

OCTOBER 29, 2018

Recently, the French Data Protection Authority (the “CNIL”) published a statistical review of personal data breaches during the first four months of the EU General Data Protection Regulation’s (“GDPR”) entry into application. Assessing the necessity to notify affected data subjects. View the review (in French). .

Data breaches 96

Data breaches GDPR Personal data Risk 96

IT Governance

JUNE 22, 2018

The EU General Data Protection Regulation (GDPR) , high-profile data breaches and new sector-specific frameworks such as the Data Security and Protection (DSP) Toolkit mean that many are looking for ways to improve data security practices and demonstrate their compliance with contractual and regulatory requirements.

GDPR 58

GDPR Compliance Data breaches Government 58

IT Governance

SEPTEMBER 14, 2018

Further reading: Why you should be concerned about payment card data breaches. The cost of a payment card data breach. What happened: In July 2018, the electronics retailer confirmed that 105,000 customers’ payment card details had been compromised , because they didn’t have chip-and-PIN protection. Dixons Carphone. Rail Europe.

Data breaches 99

Data breaches Paper Retail Manufacturing 99

Data Matters

FEBRUARY 19, 2021

The EU GDPR prohibits the transfer of personal data to a country outside the European Economic Area ( EEA ) (otherwise known as a third country ) that is not considered to provide an ‘adequate level’ of data protection by the EC unless ‘appropriate safeguards’ are implemented (e.g., consent of the data subject).

GDPR 68

GDPR Personal data Privacy Access 68

Hunton Privacy

APRIL 26, 2019

Given the extraterritorial reach of the UK Data Protection Act 2018, organizations based outside of the UK may be subject to the code, which is expected to take effect by the end of 2019. Generalized data sharing for the purposes of commercial reuse is unlikely to meet this standard.

Personal data 60

Personal data Privacy GDPR Access 60

IT Governance

JUNE 15, 2018

Like the Data Protection Act 1998 (DPA 1998) that it superseded, the General Data Protection Regulation (GDPR) sets out six lawful bases for processing personal data. This is particularly important because data subjects have the right to withdraw their consent at any time. Legal obligations.

GDPR 70

GDPR Personal data Compliance Privacy 70

Collibra

NOVEMBER 5, 2019

The importance of getting privacy by design right – and the damage that getting it wrong can do – is illustrated by a new study which looked at how 120 of the most used Android apps in Belgium handle the personal data of their users. . Breaking the personal data rules. Adopting a privacy by design approach.

Privacy 61

Privacy Data Privacy Personal data Compliance 61

DLA Piper Privacy Matters

JANUARY 10, 2023

Ireland’s Data Protection Commission ( DPC ) announced on January 4, 2023, that it has fined Meta a total of €390 million after finding that the company’s Facebook and Instagram platforms lacked proper legal grounds for processing millions of Europeans’ personal data for targeted advertising.

GDPR 52

GDPR Personal data IT Compliance 52