Compliance and Personal data - Information Management Today

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements

Thales Cloud Protection & Licensing

AUGUST 29, 2023

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements andrew.gertz@t… Tue, 08/29/2023 - 13:41 Modern-day business transactions heavily rely on international data transfers. The new “data bridge” would extend the EU-US Data Privacy Framework.

Personal data

Personal data Data Privacy Privacy GDPR

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

DLA Piper Privacy Matters

FEBRUARY 17, 2021

Securities and Exchange Commission (“ SEC ”) confirming that SEC-regulated UK domiciled firms (“ UK Regulated Firms ”) can share personal data with the SEC when seeking to comply with regulatory obligations, in compliance with the UK GDPR. As the GDPR places restrictions on the transfer of personal data to the U.S.,

Personal data

Personal data GDPR Security Compliance

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

Data Beyond Borders: The Schrems II Aftermath

Thales Cloud Protection & Licensing

MARCH 1, 2021

On July 16, 2020 the Court of Justice of the European Union issued the Schrems II decision in the case Data Protection Commission v. That decision invalidates the European Commission’s adequacy decision for the EU-U.S. companies rely to conduct trans-Atlantic trade in compliance with EU data protection rules.

GDPR

GDPR Compliance Privacy Cloud

Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context

Hunton Privacy

JANUARY 20, 2023

The DPC’s investigation began after None of Your Business (“NOYB”), a non-governmental organization co-founded by privacy activist Max Schrems, submitted complaints alleging that Facebook and Instagram “forced” users to consent to the processing of personal data for behavioral advertising and other services.

GDPR

GDPR Personal data Compliance Privacy

A Guide to CCPA Compliance and How the California Consumer Privacy Act Compares to GDPR

erwin

APRIL 18, 2019

California Consumer Privacy Act (CCPA) compliance shares many of the same requirements in the European Unions’ General Data Protection Regulation (GDPR). Data governance , thankfully, provides a framework for compliance with either or both – in addition to other regulatory mandates your organization may be subject to.

GDPR

GDPR Compliance Privacy Personal data

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

30 of 2018 on the Personal Data Protection Law (PDPL). It will provide individuals with rights in relation to how their personal data can be collected, processed and stored. The PDPL also imposes new obligations upon businesses to ensure that the personal data they collect is kept secure.

Personal data

Personal data GDPR Compliance Risk

Ethical Use of Data for Training Machine Learning Technology - Part 2

AIIM

JANUARY 28, 2020

As Fortune Magazine has described it, the European Commission (the executive body for the E.U.) The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Artificial Intelligence

Artificial Intelligence GDPR Personal data Privacy

New Cybersecurity Directives (NIS2 and CER) Enter into Force

Hunton Privacy

JANUARY 18, 2023

On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union (the “NIS2 Directive”) and the Directive on the resilience of critical entities (“CER Directive”) entered into force. Key Takeaways from the NIS2 Directive. A broader scope of application. Reinforced obligations.

Cybersecurity

Cybersecurity Healthcare Encryption Risk

ICO Publishes Draft New Guidance on PETs

Data Matters

OCTOBER 6, 2022

The Guidance is divided into two sections: (i) how can PETs help with data protection compliance; and (ii) what are PETs. This is the idea that data protection should be ‘baked in’ to your processing from the design stage through to the deployment of any technology. PETs that control access to certain parts of the data.

GDPR

GDPR Privacy Encryption Compliance

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. What are the objectives of the Data Governance Regulation? Public-sector data sharing .

Government

Government Personal data Marketing Artificial Intelligence

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information.

Personal data

Personal data GDPR Privacy Records Management

DUBAI – DIFC Data Protection Law 2020

DLA Piper Privacy Matters

JUNE 4, 2020

This gives affected businesses a very short time frame in which to consider the Updated Law and implement any required changes to their regulatory compliance program, particularly for those DIFC businesses that do not already have a GDPR compliant framework. What are the key changes? It remains to be seen how this will apply in practice.

Personal data

Personal data GDPR Compliance Privacy

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. They will be the only third parties able to run so-called data exchanges or trusts for data pools.

Government

Government Personal data GDPR Access

Europe: EDPB issues Recommendations on Supplementary Measures and European Essential Guarantees for surveillance measures following Schrems II

DLA Piper Privacy Matters

NOVEMBER 12, 2020

On 11 November, the European Data Protection Board (“ EDPB ”) published recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (“ Recommendations ”) as well as recommendations on the European Essential Guarantees for surveillance measures (“ EEGs ”).

Paper

Paper Personal data Privacy Access

EU: EU Data Protection : COVID-19

DLA Piper Privacy Matters

MARCH 19, 2020

Various countries are in lockdown and emergency measures being implemented to contain the pandemic, with European countries currently at the epicentre of the outbreak. The world is facing unprecedented challenges in its fight to contain Coronavirus (COVID-19). carrying out temperature checks on entry to sites.

GDPR

GDPR Personal data Compliance Privacy

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). It is not necessary that controllers have access to the personal data. Background.

GDPR

GDPR Personal data Data breaches Compliance

The NIS Directive (NIS Regulations) – the UK law businesses need to know about

IT Governance

JULY 20, 2018

Although much of the focus in 2018 has been on ensuring compliance with the EU GDPR (General Data Protection Regulation) , another EU directive became UK law in May – the NIS Regulations (Network and Information Systems Regulations 2018). What are the penalties for non-compliance? What are the NIS Regulations?

Compliance

Compliance GDPR Personal data Cloud

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

Heeding the call, the European Commission issued some communications, such as the communication on “Europe on the Move” (COM(2018) 293 final), to guarantee a smooth transition towards a European mobility system which is safe, clean, connected and automated. geolocation data; biometric data; etc.) 23(1) GDPR.

Privacy

Privacy Personal data GDPR Insurance

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

In August, the Government announced that it intended to “seize the opportunity” afforded by the UK’s exit from the European Union to makes some changes (see our blog The UK Government unveils its post-Brexit plans to shake up data protection laws | Data Protection Report ). Compliance program.

Government

Government FOIA GDPR Compliance

UK: ICO issues new guidance on special category data

DLA Piper Privacy Matters

DECEMBER 9, 2019

On 14 th November, the Information Commissioner’s Office (“ ICO ”) published an update to its guidance on the processing of special category data (“ Guidance ”). data concerning a person’s sexual orientation. data concerning a person’s sexual orientation. Genetic and biometric data. Background.

Personal data

Personal data GDPR Compliance IT

Germany: Schrems II: And now? First German supervisory authority provides guidance on data transfers

DLA Piper Privacy Matters

AUGUST 27, 2020

The Commissioner for Data Protection and Freedom of Information for the German State of Baden-Württemberg ( Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg – “LfDI BW”) recently published guidance for international transfers of personal data in the post- Schrems II era. Background.

Personal data

Personal data GDPR Encryption Privacy

Data Privacy Day: Looking Back on the Privacy Events of 2020

Thales Cloud Protection & Licensing

JANUARY 27, 2021

First, it provides a comprehensive, specific and historically more wide-reaching definition for Sensitive Personal Information (SPI), a category of data which comes with certain rights for consumers and certain compliance burdens for organizations. Find out more in our CipherTrust Data Security Platform white paper.

Data Privacy

Data Privacy Privacy GDPR Encryption

Dark Side of the Moon: Extraterritorial Applicability of the UK Data Protection Act 2018 After Brexit

HL Chronicle of Data Protection

MARCH 4, 2019

Subject to the deadlock in parliament being broken, or an extension of the Article 50 Brexit process, the UK’s 46-year European Union membership will cease in a matter of days. For example, personal data breaches would have to be notified to the ICO in addition to any EU27 lead supervisory authority.

GDPR

GDPR Personal data Privacy Communications

Irish data protection authority launches new cookie guidance and indicates cookie investigations are on the horizon

Data Protection Report

APRIL 16, 2020

The DPC will allow a period of six months from the date of publication of the Guidance for data controllers to bring their websites and mobile apps into compliance, after which enforcement action will commence. This is broadly the same approach taken by other European regulators, with the exception of the Spanish authority.

Analytics

Analytics Data collection Compliance Privacy

EU: Binding Corporate Rules are Generating Greater Interest

DLA Piper Privacy Matters

OCTOBER 16, 2019

Multinationals increasingly turning to BCRs as providing more legal certainty for personal data transfers from the EU. The EU General Data Protection Regulation (“GDPR”) brought about stricter data protection rules, and increased penalties for breaching these rules. Why are BCRs gaining popularity?

GDPR

GDPR Personal data Marketing Healthcare

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

MARCH 4, 2021

Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA). The VCDPA, which will not enter into effect until January 1, 2023, borrows heavily from the California Consumer Privacy Act (CCPA) and the European Union (EU) General Data Protection Regulation (GDPR). Exemptions.

Personal data

Personal data GDPR Sales Privacy

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

eDiscovery Daily

NOVEMBER 26, 2017

While we were preparing to eat turkey and stuff ourselves with various goodies last week, the Cloud Security Alliance (CSA) provided an important guideline for compliance with the European Union General Data Protection Regulation (GDPR). Transfer of personal data to third countries.

Cloud

Cloud GDPR Personal data Compliance

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Data Matters

JUNE 1, 2022

The Digital Markets Act (DMA) will impose a stringent regulatory regime on large online platforms (so-called “gatekeepers”) and give the European Commission (Commission) new enforcement powers, including an ability to impose severe fines and remedies for noncompliance. process and use personal data. Key dates and next steps.

Marketing

Marketing Computer and Electronics Communications GDPR

Croatia Joins the European Union and Its Data Protection Regime

Hunton Privacy

JULY 1, 2013

On July 1, 2013, the Republic of Croatia joined the European Union, increasing the number of EU Member States to 28. As of the day of its accession, Croatia must implement the acquis communautaire (the complete body of the EU legislation), which includes the EU Data Protection Directive 95/46/EC (“Data Protection Directive”).

Personal data

Personal data IT Compliance Communications

GERMANY: Data Protection Authorities Issue GDPR Fining Guidelines

DLA Piper Privacy Matters

OCTOBER 24, 2019

Importantly the methodology set out in the Guidelines for calculating fines is not intended to be exhaustive and will be subject to further specification by the European Data Protection Board (‘ EDPB’ ). This is used to assign the undertaking to a specific size-category. 18 GDPR (i.e. Step 3: Calculation of base value.

GDPR

GDPR Compliance Personal data IT

ITALY: New GDPR Guidelines from the Italian data protection authority

DLA Piper Privacy Matters

APRIL 9, 2018

Italian companies can now rely on guidelines on how to comply with the European privacy regulation (GDPR) which unvail some interesting positions. . As already provided by the current regime, any type of processing of personal data needs to have a legal basis justifying it. In particular, among others, with reference to.

GDPR

GDPR Personal data Privacy Data breaches

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. For many readers of this post, a huge amount of work will have been done in recent months in building up to compliance with the new regime. What do we expect in terms of enforcement priorities?

GDPR

GDPR Personal data Compliance Data breaches

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, particularly regarding the competence, tasks, and powers of data protection authorities (12.3.2019) – The EDPB confirmed that where the ePD provides for a more specific rule than the GDPR, the specific rule will prevail.

GDPR

GDPR Personal data Privacy Information architecture

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! In the UK, the Information Commissioner’s Office (ICO) has been very outspoken on the ad tech industry’s use of special category personal data and onwards data sharing without explicit consent. Brace yourself (for export turbulence).

Privacy

Privacy GDPR Data breaches Risk

AUSTRALIA: One month to go – EU GDPR implications for Australian businesses

DLA Piper Privacy Matters

APRIL 26, 2018

We are now one month away from the historic enforcement of the EU General Data Protection Regulation ( GDPR ) and it is clear that there is still much to do by many Australian organisations to ensure compliance by the 25 May 2018 deadline. Public sector organisations are not immune. Enforceability and Take-up.

GDPR

GDPR Compliance Personal data Privacy

Council of the European Union Releases Draft Compromise Text on the Proposed EU Data Protection Regulation

Hunton Privacy

JUNE 4, 2013

On May 31, 2013, the Council of the European Union’s Justice and Home Affairs released a draft compromise text in response to the European Commission’s proposed General Data Protection Regulation (the “Proposed Regulation”). The European Commission published the Proposed Regulation in January 2012.

Personal data

Personal data Risk Data breaches Marketing

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

Data Protection Report

JUNE 29, 2018

For companies that have implemented a compliance plan for European Union data subjects under the EU General Data Protection Regulation (“GDPR”), this law means many of the similar protections will now need to be extended to California residents. Consumer access and data portability rights. Private actions.

Privacy

Privacy GDPR Personal data Risk

California Passes Major Legislation, Expanding Consumer Privacy Rights and Legal Exposure for US and Global Companies

Data Protection Report

JUNE 29, 2018

For companies that have implemented a compliance plan for European Union data subjects under the EU General Data Protection Regulation (“GDPR”), this law means many of the similar protections will now need to be extended to California residents. Consumer Access and Data Portability Rights. Private Actions.

Privacy

Privacy GDPR Personal data Risk

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! In the UK, the Information Commissioner’s Office (ICO) has been very outspoken on the ad tech industry’s use of special category personal data and onwards data sharing without explicit consent. Brace yourself (for export turbulence).

Privacy

Privacy GDPR Data breaches Risk

Italy: Privacy law integrating the GDPR adopted, what to do?

DLA Piper Privacy Matters

MAY 14, 2018

Privacy-related compliance organization supplemented. There has been a long debate in Italy on whether the GDPR requires to keep the roles of the so called “ internal data processors ” ( responsabili interni del trattamento ) as officers of the company in charge of monitoring privacy compliance provided by the Italian Privacy Code.

GDPR

GDPR Privacy Systems administration Compliance

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

Data Protection Report

DECEMBER 20, 2019

Yesterday, the Advocate General (“ AG ”) concluded that, in his opinion, the EU Standard Contractual Clauses (“ SCCs ”) are a valid mechanism to transfer personal data outside of the European Economic Area (“ EEA ”). What has happened? However, the AG suggested new obligations for those using SCCs.

Privacy

Privacy Personal data Risk Access

GDPR compliance checklist

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements

Webinars

Trending Sources

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

Webinars

How to implement the General Data Protection Regulation (GDPR)

How to Comply with GDPR, PIPL, and CCPA

Data Beyond Borders: The Schrems II Aftermath

Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context

A Guide to CCPA Compliance and How the California Consumer Privacy Act Compares to GDPR

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

Ethical Use of Data for Training Machine Learning Technology - Part 2

New Cybersecurity Directives (NIS2 and CER) Enter into Force

ICO Publishes Draft New Guidance on PETs

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

The Impact of Data Protection Laws on Your Records Retention Schedule

DUBAI – DIFC Data Protection Law 2020

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

Europe: EDPB issues Recommendations on Supplementary Measures and European Essential Guarantees for surveillance measures following Schrems II

EU: EU Data Protection : COVID-19

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

The NIS Directive (NIS Regulations) – the UK law businesses need to know about

EUROPE: New privacy rules for connected vehicles in Europe?

UK Government sets out proposals to shake up UK data protection laws

UK: ICO issues new guidance on special category data

Germany: Schrems II: And now? First German supervisory authority provides guidance on data transfers

Data Privacy Day: Looking Back on the Privacy Events of 2020

Dark Side of the Moon: Extraterritorial Applicability of the UK Data Protection Act 2018 After Brexit

Irish data protection authority launches new cookie guidance and indicates cookie investigations are on the horizon

EU: Binding Corporate Rules are Generating Greater Interest

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Croatia Joins the European Union and Its Data Protection Regime

GERMANY: Data Protection Authorities Issue GDPR Fining Guidelines

ITALY: New GDPR Guidelines from the Italian data protection authority

GDPR is upon us: are you ready for what comes next?

GDPR – The Year in Review

The Privacy Officers’ New Year’s Resolutions

AUSTRALIA: One month to go – EU GDPR implications for Australian businesses

Council of the European Union Releases Draft Compromise Text on the Proposed EU Data Protection Regulation

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

California Passes Major Legislation, Expanding Consumer Privacy Rights and Legal Exposure for US and Global Companies

The Privacy Officers’ New Year’s Resolutions

Italy: Privacy law integrating the GDPR adopted, what to do?

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

Stay Connected