Compliance, Events and Personal data - Information Management Today

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. When must breaches be reported?

Personal data

Personal data Data breaches Data collection GDPR

Thailand Personal Data Protection Law

Data Protection Report

FEBRUARY 28, 2020

The Personal Data Protection Act B.E. However, most of the operational provisions, including provisions relating to the rights of a data subject, the obligations of a data controller and the penalties for non-compliance, will become effective on 27 May 2020, 1 year after the PDPA is published. Background.

Personal data

Personal data Compliance Privacy Access

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

DLA Piper Privacy Matters

JUNE 27, 2022

The Italian privacy authority, the Garante, deemed that the use of Google Analytics results in unlawful transfers of personal data to the United States in violation of the principles outlined in the Schrems II ruling. In Order No. In Order No. The disputed facts. Still, the same principles apply to any other transfer as well.

Personal data

Personal data Analytics GDPR Privacy

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

GDPR Compliance Starts with Data Discovery. Compliance with GDPR is just a short five months away. While there may be many dimensions to consider from a GDPR readiness perspective there are three steps that are particularly important in order to manage risk and ensure compliance. Step 1: Data Discovery.

GDPR

GDPR Compliance Data collection Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Compliance Privacy Data Privacy

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

Data Protection Report

MAY 21, 2020

On 14 May 2020, the Singapore Ministry of Communications and Information ( MCI ) and the Personal Data Protection Commission of Singapore ( PDPC ) announced a public consultation (the Public Consultation ) on the draft Personal Data Protection (Amendment) Bill (the Draft Bill ) and related amendments to the Spam Control Act ( SCA ).

Personal data

Personal data Data breaches Compliance Cybersecurity

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

3 GDPR compliance tips for small businesses. GDPR: What’s the difference between personal data and sensitive data? There are also times when you must also complete a specific type of risk assessment, called a DPIA (data protection impact assessment) , to review the way you process personal data.

GDPR

GDPR Risk Compliance Personal data

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

30 of 2018 on the Personal Data Protection Law (PDPL). It will provide individuals with rights in relation to how their personal data can be collected, processed and stored. The PDPL also imposes new obligations upon businesses to ensure that the personal data they collect is kept secure.

Personal data

Personal data GDPR Compliance Risk

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. In this regard we expect it will be welcomed by local, regional and international businesses, in particular those that rely heavily upon personal data and international personal data flows.

Personal data

Personal data Data breaches GDPR Compliance

Considerations on embedding the new standard contractual clauses in IT contracts

DLA Piper Privacy Matters

AUGUST 3, 2021

With this clause, the SCCs formalize the EDPB’s recommendation to perform a data transfer assessment before transferring personal data to a third country that does not provide for an adequate level of protection. The assessment must be documented and provided to the competent supervisory authority on request.

IT

IT Personal data Compliance Risk

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

The European Data Protection Board ( “EDPB” ) has published guidelines on the processing of personal data through video devices (the “ Guidelines “) (currently subject to a public consultation process). technical and organisational measures required for such data processing. 5.

Personal data

Personal data GDPR Access Marketing

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The CNIL provides practical advice to the management and the operational staff who process personal data, in order to ensure that such processing is carried out in compliance with the applicable data protections laws. The DPO is responsible for the monitoring of the organization’s compliance with the GDPR.

GDPR

GDPR Compliance Personal data Communications

When And How Cos. Should Address Cyber Legal Compliance

Data Matters

OCTOBER 30, 2017

They can, however, engage in probing internal due diligence of their companies’ cyber governance and compliance posture before it is too late — that is, before a cyber event occurs. Growing Expectations of Director-Level Responsibility for Cyber Legal Compliance. 1] The U.S.

Compliance

Compliance Cybersecurity Risk Government

CNIL’s New Guidelines on HR Processing

HL Chronicle of Data Protection

APRIL 21, 2020

The new guidelines are applicable to public and private companies for the processing of their employees’ personal data. The CNIL concludes that consent can be used as a legal basis for processing employee/applicant personal data only in cases where there are no consequences for them. Categories of personal data.

Personal data

Personal data GDPR Big data Compliance

CHINA: new Anti-Espionage Law and its impact on your China data and operations – how your organisation should respond

DLA Piper Privacy Matters

MAY 16, 2023

Following the observation of increased enforcement to target anti-espionage activities, organisations are advised to focus on adopting internal governance mechanisms to ensure compliance with the relevant laws, as well as being ready to react to any potential enforcement action in a responsive manner.

IT

IT Compliance Communications Risk

List of mandatory documents required by the GDPR

IT Governance

JULY 31, 2019

Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance with other aspects of the GDPR. Personal Data Protection Policy (Article 24). A data protection policy is a statement that sets out how your organisation protects personal data.

GDPR

GDPR Data breaches Personal data Compliance

FRANCE: NEW GUIDANCE FOR DATA RETENTION

DLA Piper Privacy Matters

SEPTEMBER 4, 2020

They provide more practical guidance and update the CNIL previous Recommendations dated 11 October 2005 on the conditions of archiving personal data [2]. However, the Guidelines do not include the retention period applicable to each category of data processed. An organization based on the personal data lifecycle.

Personal data

Personal data Archiving GDPR Government

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Introduction to Data Protection Laws. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

China Releases Draft Regulations on Network Data Security Management

Hunton Privacy

JANUARY 26, 2022

In addition, the Draft Regulations add new requirements related to data processing activities. Once effective, the Draft Regulations will impose even greater compliance obligations on companies than the PIPL. Data Breach. Records Retention When Transferring Data to Third Parties. Cybersecurity Review.

Security

Security Data breaches Personal data Cybersecurity

GDPR – the facts and what it means for the retail sector

IT Governance

JUNE 25, 2018

With all the noise, however, it’s possible that the key facts haven’t been heard clearly, especially by those in smaller businesses where there isn’t always a defined person to take the lead for IT. Any and all UK organisations that handle personal data (e.g. But what does compliance look like? So, what are the key facts?

Retail

Retail GDPR IT Compliance

European Commission Publishes Draft Data Governance Act

Hunton Privacy

DECEMBER 2, 2020

“Data” under the Data Governance Act means any digital representation of acts, facts or information and any compilation of the same, including in the form of sound, visual or audiovisual recording. Below are some key takeaways from the draft Data Governance Act: Re-Use of Protected Data by Public Sector Authorities.

Government

Government Personal data Compliance GDPR

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

However, as with all China laws, the PIPL is drafted as high level principles, and we anticipate additional guidelines will be published in the coming months outlining the practical compliance steps organisations will need to take when updating their China data protection compliance programmes.

Data Privacy

Data Privacy Privacy Compliance Analytics

UK ICO Issues New Draft Data Sharing Code of Practice

Data Matters

AUGUST 9, 2019

First, it should be noted that the ICO can take into account compliance with such statutory codes when assessing whether an organisation has complied with its data sharing obligations including when considering principles of fairness, lawfulness, transparency and accountability. whistleblowing).

GDPR

GDPR Personal data Compliance Privacy

Germany: Schrems II: And now? First German supervisory authority provides guidance on data transfers

DLA Piper Privacy Matters

AUGUST 27, 2020

The Commissioner for Data Protection and Freedom of Information for the German State of Baden-Württemberg ( Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg – “LfDI BW”) recently published guidance for international transfers of personal data in the post- Schrems II era. Background.

Personal data

Personal data GDPR Encryption Privacy

Dutch DPA Updates Policy on Administrative Fines

Hunton Privacy

MARCH 26, 2019

The Dutch DPA divided qualifying infringements into three or four categories. It assigned each category a specific penalty bandwidth ( i.e. , a range between a minimum fine and a maximum fine), as well as a basic fine. In certain cases, the Dutch DPA may also consider the financial situation of the data controller or processor.

GDPR

GDPR Personal data Authentication Compliance

GDPR data breach notification: A quick guide

IT Governance

NOVEMBER 28, 2018

The data breach notification requirements of the EU GDPR (General Data Protection Regulation) are complicated, so it’s no surprise that many organisations aren’t sure what they’re supposed to be doing. What is a personal data breach? In other words, any information that is clearly about a particular person.

Data breaches

Data breaches GDPR Personal data Compliance

FRANCE: CNIL New Security Guidelines

DLA Piper Privacy Matters

FEBRUARY 2, 2018

Ideally, the CNIL recommends to use this guide in the context of a broader risk management strategy, which should consist of at least the 4 following steps: List the personal data processing, including the categories of personal data concerned and the means of data processing (e.g.

Security

Security Personal data GDPR Compliance

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

The CNIL strongly recommends appointing a DPO (with internal relays) who will be in charge of ensuring GDPR compliance, even if the organization is not required to appoint a DPO under the GDPR. know where the data is being transferred and to whom, where it is hosted and for how long it’s retained. Step 5: Organizing Internal Processes.

GDPR

GDPR Personal data Compliance Privacy

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

Hunton Privacy

OCTOBER 5, 2017

Last week, at the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong, data protection authorities from around the world issued non-binding guidance on the processing of personal data collected by connected cars (the “Guidance”).

Privacy

Privacy Personal data Data collection Data Privacy

European Commission Proposes Revised Standard Contractual Clauses

Data Matters

NOVEMBER 13, 2020

The publication of the EC’s Draft comes just one day after the European Data Protection Board (EDPB) published its draft recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

Personal data

Personal data GDPR Privacy Compliance

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

DLA Piper Privacy Matters

OCTOBER 10, 2022

For example, the ML system could be used to determine likely trends of categories of persons to default on loan agreements through the processing of financial default information. During the development and training of their algorithms, ML systems begin to adapt and recognise patterns within its data.

Personal data

Personal data GDPR Privacy Marketing

European Commission Adopts New Standard Contractual Clauses

Data Matters

JUNE 5, 2021

Scope of the New SCCs : the New SCCs can only be used to legitimize transfers of personal data to a data importer (i.e., ex-EEA) whose processing of the personal data is not subject to the requirements of the GDPR. in line with Article 28 of the GDPR).

GDPR

GDPR Personal data IT Data breaches

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

While businesses have until January 2023 to comply with CPRA provisions, they should start taking steps to understand and build out compliance programs soon. Third, it creates a new category of businesses: those that voluntarily agree to be subject to the CCPA. New Rights for Sensitive Personal Information.

Privacy

Privacy B2B Sales Data breaches

5 Topics CCPA-Compliant Privacy Awareness Training Needs to Cover

KnowBe4

SEPTEMBER 16, 2019

It’s imperative to be prepared: the law will regulate the use and disclosure of personal information of nearly 40 million consumers, and is expected to affect more than 500,000 companies across the U.S. That said, here’s a quick overview of five aspects of the CCPA that compliance training needs to cover.

Privacy

Privacy Personal data Compliance Data collection

A 6-step guide to surviving data breaches

IT Governance

FEBRUARY 1, 2019

Assess the affected data. You must provide details of: The types of personal data compromised; The number of personal data records affected; The number of data subjects potentially affected; and. The categories of data subject affected. When you found out about it. Describe the impact.

Data breaches

Data breaches GDPR Personal data Compliance

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

In any event if it determines this is one sanctionable conduct the total amount of the fine may not exceed the legal maximum for the gravest infringement. 1) Category of infringement under Article 83(4) – (6) GDPR. Categories of personal data affected (e.g. diagram provided in the Guidelines.

GDPR

GDPR Compliance Personal data IT

Top 8 Cyber Insurance Companies for 2022

eSecurity Planet

APRIL 22, 2022

As the number and severity of data breaches continues to rise, organizations are recognizing that those costs are not theoretical. If your company has not already experienced a significant cybersecurity event, it is probably only a matter of time before it does. American International Group (AIG) has an 8.3%

Insurance

Insurance Ransomware Cybersecurity Marketing

FRANCE: THE FIRST CNIL STANDARD REGULATION FOR BIOMETRIC SYSTEMS IN THE WORKPLACE

DLA Piper Privacy Matters

APRIL 11, 2019

The CNIL reminds that the rules resulting from the Regulation do not exclude the application of the general obligations under the GDPR, notably regarding compliance with the general principles for processing personal data, data subject rights and international transfers. token or badge).

Personal data

Personal data GDPR Access Compliance

Final Rules for the Data Privacy Act Published in the Philippines

Hunton Privacy

SEPTEMBER 13, 2016

Some points of interest that have been resolved or finalized include the following: The IRR has two separate defined terms, “personal data” and “personal information,” but the potential discrepancy between the two terms has been resolved. The draft IRR might have been interpreted to require compliance in all instances.

Data Privacy

Data Privacy Privacy Personal data Data breaches

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

The French data protection authority (CNIL) has just adopted Single Authorization No. AU-054 (the “AU-054”) on July 13, 2017 in order to cover the processing of personal data implemented in relation to these fraud prevention/detection systems. The broad range of personal data that can be processed under the AU-054.

Personal data

Personal data Financial Services Insurance Risk

ITALY: New GDPR Guidelines from the Italian data protection authority

DLA Piper Privacy Matters

APRIL 9, 2018

As already provided by the current regime, any type of processing of personal data needs to have a legal basis justifying it. An explicit (but no longer written) consent is required with reference to the processing of sensitive data (e.g. In particular, among others, with reference to.

GDPR

GDPR Personal data Privacy Data breaches

ITALY: Data Protection law integrating the GDPR in place

DLA Piper Privacy Matters

SEPTEMBER 10, 2018

In order to celebrate such event, but to also discuss the impact of such new provisions on companies operating in Italy, we arranged an Innovation MeetUp on the 13th of September 2018 at our Milan office whose details are available HERE. The regime for special categories of personal data still needs to be completed.

GDPR

GDPR Privacy Compliance Marketing

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

Managing Your Information

JULY 22, 2019

This will almost certainly result in some discussion in boardrooms and, for those that have yet to appoint a Data Protection Officer (DPO), probably a much more serious discussion about whether or not they should. What is a Data Protection Officer? In the UK this will be the Information Commissioner’s Office.

GDPR

GDPR Personal data Compliance Information governance

When are schools required to report personal data breaches?

Thailand Personal Data Protection Law

Trending Sources

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

Guest Post - Three Critical Steps for GDPR Compliance

How to implement the General Data Protection Regulation (GDPR)

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

Why risk assessments are essential for GDPR compliance

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

UAE: Federal level data protection law enacted

Considerations on embedding the new standard contractual clauses in IT contracts

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

France: The CNIL publishes a practical guide on Data Protection Officers

When And How Cos. Should Address Cyber Legal Compliance

CNIL’s New Guidelines on HR Processing

CHINA: new Anti-Espionage Law and its impact on your China data and operations – how your organisation should respond

List of mandatory documents required by the GDPR

FRANCE: NEW GUIDANCE FOR DATA RETENTION

The Impact of Data Protection Laws on Your Records Retention Schedule

China Releases Draft Regulations on Network Data Security Management

GDPR – the facts and what it means for the retail sector

European Commission Publishes Draft Data Governance Act

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

UK ICO Issues New Draft Data Sharing Code of Practice

Germany: Schrems II: And now? First German supervisory authority provides guidance on data transfers

Dutch DPA Updates Policy on Administrative Fines

GDPR data breach notification: A quick guide

FRANCE: CNIL New Security Guidelines

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

European Commission Proposes Revised Standard Contractual Clauses

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

European Commission Adopts New Standard Contractual Clauses

California Privacy Law Overhaul – Proposition 24 Passes

5 Topics CCPA-Compliant Privacy Awareness Training Needs to Cover

A 6-step guide to surviving data breaches

EDPB publishes guidance on calculating GDPR fines

Top 8 Cyber Insurance Companies for 2022

FRANCE: THE FIRST CNIL STANDARD REGULATION FOR BIOMETRIC SYSTEMS IN THE WORKPLACE

Final Rules for the Data Privacy Act Published in the Philippines

FRANCE: CNIL adopts new single authorization on fraud prevention systems

ITALY: New GDPR Guidelines from the Italian data protection authority

ITALY: Data Protection law integrating the GDPR in place

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

Stay Connected