2020, Compliance and Personal data - Information Management Today

Organisations received £155 million in GDPR fines in 2020

IT Governance

MARCH 28, 2021

In 2020, organisations received €182 million (about £155 million) in fines for violating the GDPR (General Data Protection Regulation) , according to an IT Governance report. There were at least 92 GDPR fines in Q4 2020, with more than a quarter of them coming from Spain. The surge is most likely tied to COVID-19.

GDPR

GDPR Personal data Government Compliance

Organizations Struggle with Cloud Security in the Post Digital Transformation Era – Highlights from our 2020 Data Threat Report-Global Edition

Thales Cloud Protection & Licensing

FEBRUARY 24, 2020

2020 marks the launch of the Thales Data Threat Report-Global Edition for the seventh consecutive year. The 2020 Thales Data Threat Report-Global Edition indicates that we have reached a tipping point. Whatever the nature of the data stored in the cloud, it needs to be secured. A look ahead—quantum computing.

Digital transformation

Digital transformation Cloud Encryption Security

European data export bonanza: revised SCCs and EDPB Schrems II guidance published

Data Protection Report

NOVEMBER 13, 2020

On 11 November, the European Data Protection Board ( EDPB ) published its much anticipated guidance on the Schrems II judgment. Recommendations 02/2020 on the European Essential Guarantees for surveillance Measures (the EEG Recommendations ). a “warrant canary”); and.

Personal data

Personal data GDPR Encryption Government

CNIL Publishes Standard on HR Data Processing

Hunton Privacy

APRIL 20, 2020

On April 15, 2020, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes. Main Changes in the Referential on HR Data Processing. telephone call listening/recording.

Personal data

Personal data GDPR Compliance Archiving

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

European Data Protection Board Issues Schrems II Recommendations

Data Matters

NOVEMBER 11, 2020

Privacy Shield program (“Privacy Shield”) and potentially required supplementary protections to be implemented when Standard Contractual Clauses (“SCCs”) are used to ensure an ‘essentially equivalent’ level of data protection. The EDPB on November 11 issued two sets of recommendations.

Personal data

Personal data GDPR Privacy Compliance

FRANCE: NEW GUIDANCE FOR DATA RETENTION

DLA Piper Privacy Matters

SEPTEMBER 4, 2020

They provide more practical guidance and update the CNIL previous Recommendations dated 11 October 2005 on the conditions of archiving personal data [2]. The CNIL’s Guidelines apply to all private companies and public organizations processing personal data. An organization based on the personal data lifecycle.

Personal data

Personal data Archiving GDPR Government

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). This follows the invalidation of the EU-US Privacy Shield, by the Court of Justice of the European Union on 16 July 2020.

Data Privacy

Data Privacy Personal data Privacy Cloud

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

3 The SEC and its staff followed the September 2017 statement with various cybersecurity-related initiatives and guidance, including January 27, 2020, cybersecurity guidance and observations published by the SEC’s Division of Examinations (formerly Office of Compliance Inspections and Examinations). 27, 2020). 27, 2020).

Cybersecurity

Cybersecurity Financial Services Risk Compliance

EDPB adopts final Recommendations on Supplementary Measures

DLA Piper Privacy Matters

JUNE 23, 2021

On 21 June 2021, the European Data Protection Board (“ EDPB ”) published the final Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (“ Recommendations ”). Key takeaways.

GDPR

GDPR Personal data Compliance Risk

Ireland: Non-material damages under GDPR – Irish law developments and the international approach

DLA Piper Privacy Matters

SEPTEMBER 7, 2023

The scrutiny by national courts over the lawfulness of certain processing, and commentary on the factors that will aggravate or mitigate an infringement, should be considered by these organisations and inform their approach to data protection compliance. The Comparative View – how are non-material damages assessed elsewhere?

GDPR

GDPR Data breaches Risk Personal data

EDPB Publishes Guidelines on Data Protection by Design and by Default

Hunton Privacy

NOVEMBER 22, 2019

appropriate technical and organizational measures for ensuring that, by default, only personal data, which is necessary for each specific purpose of the data processing, is processed (“Data protection by default”). on how to handle personal data.

Personal data

Personal data GDPR Compliance Risk

EDPB Publishes FAQs on Recent Schrems II Judgment

Data Matters

JULY 24, 2020

The CJEU invalidated the EU-US Privacy Shield but upheld the use of Standard Contractual Clauses (“SCCs”) to transfer personal data to the U.S.: to ensure compliance with a level of protection “essentially equivalent” to that guaranteed within the EU by the GDPR). .: domestic law, in particular the ability for U.S.

Personal data

Personal data GDPR Privacy Access

ICO Consultation on International Data Transfer Agreement to Replace SCCs

Hunton Privacy

AUGUST 12, 2021

On August 11, 2021, the UK Information Commissioner’s Office (“ICO”) launched a consultation on its draft international data transfer agreement (“IDTA”) and guidance for organizations on international transfers (the “Guidance”). Once finalized, the IDTA will replace the existing EU Standard Contractual Clauses (“SCCs”) in the UK.

GDPR

GDPR Personal data Risk Access

The Schrems Saga Continues: Schrems II Case Heard Before the CJEU

Hunton Privacy

JULY 10, 2019

authorities access to his personal data in violation with EU data protection law. Instead, it authorized the bulk collection of personal data transferred from the EU to the U.S. and did not set forth any objective criteria for determining limits to the access and use of this personal data by public authorities.

Personal data

Personal data Privacy Compliance Access

Irish DPA Issues €450,000 Fine Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

Hunton Privacy

DECEMBER 17, 2020

On December 15, 2020, the Irish Data Protection Commission (“DPC”) announced its fine of €450,000 against Twitter International Company (“Twitter”), following its investigation into a breach resulting from a bug in Twitter’s design. The bug was discovered on December 26, 2018. Investigation and GDPR Dispute Resolution Procedure.

GDPR

GDPR Data breaches Personal data Compliance

UK: ICO rules regarding the online privacy of children enter into force

DLA Piper Privacy Matters

SEPTEMBER 2, 2021

The Children’s Code is not new law, but a statutory Code of Practice under the Data Protection Act 2018. The Code was laid before Parliament on 11 June 2020, under s. Therefore, whilst its recommendations are not themselves legally binding, compliance with the Code is strongly recommended. 125(1)(b) of the DPA.

Privacy

Privacy Education Personal data Compliance

Thermal cameras and COVID-19 – The German DPAs have spoken

Data Protection Report

OCTOBER 9, 2020

On September 11, 2020, the German Datenschutzkonferenz (DSK), the joint body of the German data protection authorities, published its position on the use of thermal cameras and electronic temperature checks in the context of the COVID-19 pandemic. 25 GDPR and security of data processing in to Art.

GDPR

GDPR Manufacturing Personal data Privacy

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR? million Euro as was too high.

GDPR

GDPR Authentication Compliance Personal data

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

DLA Piper Privacy Matters

JULY 1, 2019

If this happens, many organisations will be left without any practical solution to legitimise the international transfer of personal data outside the EEA and exposure to the threat of GDPR revenue based fines, regulatory sanctions including injunctions and third party claims for compensation.

Privacy

Privacy Personal data GDPR Risk

Europe: EDPB issues Recommendations on Supplementary Measures and European Essential Guarantees for surveillance measures following Schrems II

DLA Piper Privacy Matters

NOVEMBER 12, 2020

On 11 November, the European Data Protection Board (“ EDPB ”) published recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (“ Recommendations ”) as well as recommendations on the European Essential Guarantees for surveillance measures (“ EEGs ”).

Paper

Paper Personal data Privacy Access

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

In its second full year overseeing and regulating the GDPR in Ireland, the Data Protection Commission ( DPC ) has published its 2020 Annual Report , highlighting key observations, emerging guidance, and large scale inquiries and decisions of 2020. 90% of the recorded breach cases were concluded in 2020. Enforcement.

GDPR

GDPR Compliance Data breaches Marketing

FRANCE: New Data Protection Law has been Adopted

DLA Piper Privacy Matters

MAY 16, 2018

Despite a lack of agreement between the Senate and the National Assembly, France has finally passed its new data protection law , 11 days prior to the entry into application of the EU General Data Protection Regulation (GDPR) on May 25. By Denise Lebeau-Marianna and Caroline Chancé. Prior formalities. Children’s consent.

GDPR

GDPR Personal data Compliance Data Privacy

How to process employees’ health data in France after lockdown: dos and don’ts for employers

Data Protection Report

MAY 4, 2020

A few weeks ago, we provided you with a summary of the rights and obligations of employers with regard to the personal data of their employees during lockdown. On 11 May, many employees will return to their workplaces. Below you will find answers to the main questions you may have ahead as the end of the lockdown approaches.

Government

Government GDPR Access Personal data

UK: Supreme Court judgment in Morrisons – employer not vicariously liable for data breach

DLA Piper Privacy Matters

APRIL 1, 2020

A few months later, he uploaded the data onto a file-sharing website and later sent it to newspapers. this applies whether the data controller is the employer or the employee (in this case it was the employee). this applies whether the data controller is the employer or the employee (in this case it was the employee).

Data breaches

Data breaches GDPR Personal data Information governance

GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019

Data Protection Report

FEBRUARY 27, 2019

The California Consumer Privacy Act (CCPA), passed in June 2018 in response to the Cambridge Analytica scandal, is slated to become the most comprehensive data privacy law in the US. Not to be outdone by California, eleven (11) states—including Maryland, New Jersey and Washington—have recently introduced similar legislation.

Data Privacy

Data Privacy GDPR Privacy Risk

2019 end-of-year review part 1: January to June

IT Governance

DECEMBER 27, 2019

Among other news: B&Q breached the personal data of 70,000 people who had been caught stealing products from its stores. million) fine with the US Federal Trade Commission after it was accused of illegally collecting minors’ personal data. Mumsnet disclosed a data breach affecting 4,000 people. million (£4.2

Data breaches

Data breaches GDPR Passwords Personal data

CNIL publishes a draft TIA guide

Data Protection Report

FEBRUARY 6, 2024

The Court of Justice of the European Union ( CJEU )’s Schrems II decision [1] clarified strict rules for personal data transfers outside of the European Union. Article 44 GDPR places restrictions on transfers of personal data outside the European Economic Area ( EEA ). When is a TIA required?

GDPR

GDPR Personal data Compliance IT

UK Supreme Court Rules Morrisons Not Vicariously Liable for Malicious Data Breach by Employee

Data Matters

APRIL 20, 2020

Case: WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12. 1 [2016] UKSC 11. 2 [2002] UKHL 48. 4 E.g., Morris v C W Martin & Sons Ltd [1966] 1 QB 716, 737; Lister v Hesley Hall Ltd [2001] UKHL 22. 5 E.g., Joel v Morison (1834) 6 C & P 501.

Data breaches

Data breaches GDPR Privacy IT

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Additionally in 2017, Connecticut passed legislation requiring that health insurers, third-party administrators, and related entities implement and maintain a comprehensive information security program with specific minimum requirements to protect insureds’ personal data. More states are sure to follow.

Insurance

Insurance Cybersecurity Data breaches Financial Services

DUBAI – DIFC Data Protection Law 2020

DLA Piper Privacy Matters

JUNE 4, 2020

Although the Updated Law will come into effect from 1 July 2020, affected businesses will have a transition period of three months, until 1 October 2020. What are the key changes? It remains to be seen how this will apply in practice. It remains to be seen how this will apply in practice. able to easily change such preferences.

Personal data

Personal data GDPR Compliance Privacy

South Africa’s Protection of Personal Information Act, 2013, Goes into Effect July 1

Hunton Privacy

JUNE 29, 2020

Zeyn Bhyat of ENSafrica reports that on June 22, 2020, it was announced that South Africa’s comprehensive privacy law known as the Protection of Personal Information Act, 2013 (the “POPIA”) will become effective on July 1, 2020. Accountability: This condition requires that all processing of data occurs in compliance with POPIA.

Compliance

Compliance Privacy GDPR Personal data

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

IT Governance

JANUARY 30, 2024

Data breached: 2 PB. Mobile network database breach exposes 750 million Indians’ personal data The Indian security company CloudSEK claims to have found the personal data of 750 million Indians for sale on an “underground forum”. Data breached: 750 million victims’ personal data.

Data Privacy

Data Privacy Retail Privacy Manufacturing

GDPR: lawful bases for processing, with examples

IT Governance

MARCH 13, 2020

Last updated March 2020. Under the EU GDPR (General Data Protection Regulation) , you need to identify a lawful basis before processing personal data. Do you always need individuals’ consent to process their data? First published June 2018. But what is a lawful basis for processing?

GDPR

GDPR Personal data Compliance Marketing

Two new CJEU judgments further tighten limits of government surveillance – significant for impending UK adequacy decision and “Schrems II country assessments”

Data Protection Report

OCTOBER 15, 2020

On 6 October 2020, the Court of Justice of the European Union ( CJEU ) published two decisions that further define the permitted scope of governmental access to personal data. traffic and location data, not message content) collected by telecommunications providers.

Metadata

Metadata Government Communications Personal data

Information Management Today

Organisations received £155 million in GDPR fines in 2020

Organizations Struggle with Cloud Security in the Post Digital Transformation Era – Highlights from our 2020 Data Threat Report-Global Edition

Trending Sources

European data export bonanza: revised SCCs and EDPB Schrems II guidance published

CNIL Publishes Standard on HR Data Processing

The Impact of Data Protection Laws on Your Records Retention Schedule

European Data Protection Board Issues Schrems II Recommendations

FRANCE: NEW GUIDANCE FOR DATA RETENTION

Navigating the EU-US Data Protection Framework

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

EDPB adopts final Recommendations on Supplementary Measures

Ireland: Non-material damages under GDPR – Irish law developments and the international approach

EDPB Publishes Guidelines on Data Protection by Design and by Default

EDPB Publishes FAQs on Recent Schrems II Judgment

ICO Consultation on International Data Transfer Agreement to Replace SCCs

The Schrems Saga Continues: Schrems II Case Heard Before the CJEU

Irish DPA Issues €450,000 Fine Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

UK: ICO rules regarding the online privacy of children enter into force

Thermal cameras and COVID-19 – The German DPAs have spoken

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

Europe: EDPB issues Recommendations on Supplementary Measures and European Essential Guarantees for surveillance measures following Schrems II

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

FRANCE: New Data Protection Law has been Adopted

How to process employees’ health data in France after lockdown: dos and don’ts for employers

UK: Supreme Court judgment in Morrisons – employer not vicariously liable for data breach

GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019

2019 end-of-year review part 1: January to June

CNIL publishes a draft TIA guide

UK Supreme Court Rules Morrisons Not Vicariously Liable for Malicious Data Breach by Employee

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

DUBAI – DIFC Data Protection Law 2020

South Africa’s Protection of Personal Information Act, 2013, Goes into Effect July 1

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

GDPR: lawful bases for processing, with examples

Two new CJEU judgments further tighten limits of government surveillance – significant for impending UK adequacy decision and “Schrems II country assessments”

Stay Connected