Compliance and Personal data - Information Management Today

DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors

Hunton Privacy

MARCH 6, 2024

On February 28, 2024, President Biden released an Executive Order (“EO”) “addressing the extraordinary and unusual national security threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain U.S. Government-related data.”

Personal data

Personal data Risk Government Access

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements

Thales Cloud Protection & Licensing

AUGUST 29, 2023

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements andrew.gertz@t… Tue, 08/29/2023 - 13:41 Modern-day business transactions heavily rely on international data transfers. The new “data bridge” would extend the EU-US Data Privacy Framework.

Personal data

Personal data Data Privacy Privacy GDPR

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

DLA Piper Privacy Matters

FEBRUARY 17, 2021

Securities and Exchange Commission (“ SEC ”) confirming that SEC-regulated UK domiciled firms (“ UK Regulated Firms ”) can share personal data with the SEC when seeking to comply with regulatory obligations, in compliance with the UK GDPR. As the GDPR places restrictions on the transfer of personal data to the U.S.,

Personal data

Personal data GDPR Security Compliance

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

DLA Piper Privacy Matters

NOVEMBER 16, 2021

The draft Network Data Security Management Regulation (“ Draft Regulation ”) was published for consultation on 14 November 2021, and is very wide-ranging in the compliance areas covered. This is a significant reminder to organisations to start data mapping and assessment of all China data sooner rather than later.

Compliance

Compliance Personal data Security Risk

7 steps to highly effective GDPR compliance

IT Governance

AUGUST 21, 2019

Organisations of all sizes have been put under regulatory pressure, and the ICO (Information Commissioner’s Office) has already stated its intention to issue fines totalling £282 million against British Airways and Marriott International. Assess your current data protection measures. But exactly how should you proceed?

GDPR

GDPR Compliance Personal data Access

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Data Protection Report

JUNE 6, 2023

This MPN and its accompanying annexes set out details of TikTok’s non-compliance with data protection law and the reasons why the ICO considered that a fine was appropriate. Separately, in contrast to the DPC’s position, the ICO does not say that specific laws need to be cited when companies rely on the “legal obligation” legal basis.

Privacy

Privacy GDPR Personal data Compliance

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

AUGUST 8, 2023

The Draft Measures regulate the processing of electronic data collected and generated during the course of business activities that are under the supervision and management of PBOC (“ Regulated Data ”). This is not dissimilar in practice to existing guidelines around categorization of “financial data”.

Financial Services

Financial Services Personal data Compliance Data collection

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

What UK charities need to know about GDPR compliance

IT Governance

AUGUST 2, 2019

The Regulation treats charities in much the same way as any organisation, because although they’re not using personal data to make a profit, they still run the risk of data breaches and privacy violations. So, if you run a charity and want to know how to meet your GDPR compliance requirements, take a look at our guide.

GDPR

GDPR Compliance Personal data Risk

New Dubai International Financial Centre Data Protection Law Comes into Effect

Hunton Privacy

JULY 9, 2020

On July 1, 2020, the Dubai International Financial Centre (“DIFC”) Data Protection Law No. Data Protection Principles: The New DP Law sets out requirements for processing that are largely identical to the data protection principles under the GDPR. 5 of 2020 came into effect (“New DP Law”).

Personal data

Personal data GDPR Data breaches Compliance

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

DLA Piper Privacy Matters

MARCH 24, 2021

Issues to be addressed include: Data privacy: compliant privacy notices/consents must be given to/obtained from customers using or buying via e-commerce or livestreaming platforms, sites, apps and services on or before collection or use of personal data, including appropriate direct marketing opt-ins and unsubscribe functions.

Personal data

Personal data Data Privacy Marketing Compliance

Key steps to GDPR compliance – Part 3

IT Governance

DECEMBER 20, 2017

In the first two blogs we set out key steps for starting compliance projects, along with some IT Governance solutions should you need any extra help. Each business will also need a privacy notice and a data protection policy, and to update or review contracts with employees and suppliers to ensure they are compliant.

GDPR

GDPR Compliance Data breaches Information Security

CHINA: mobile apps remain a high privacy risk, and face stringent requirements

DLA Piper Privacy Matters

AUGUST 17, 2022

For the past couple of years, operators of mobile apps in China have had to comply with over thirty additional, specific privacy compliance obligations (i.e. The regulators have now refreshed and combined a selection of the requirements into one standard, yet more compliance steps must be followed. Categorisation of Data Processed.

Privacy

Privacy Risk Personal data Data collection

Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process

Hunton Privacy

APRIL 25, 2022

On April 12, 2022, Colorado Attorney General Phil Weiser made remarks at the International Association of Privacy Professionals Global Privacy Summit in Washington, D.C., where he invited stakeholders to provide informal public comments on the Colorado Privacy Act (“CPA”) rulemaking. The CPA was enacted in July 2021 as the third U.S.

Privacy

Privacy Personal data Sales Compliance

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

The international standard for information security contains a best-practice framework for evaluating risks and is closely aligned with the GDPR. 3 GDPR compliance tips for small businesses. GDPR: What’s the difference between personal data and sensitive data? See also: List of free GDPR resources and templates.

GDPR

GDPR Risk Compliance Personal data

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. In this regard we expect it will be welcomed by local, regional and international businesses, in particular those that rely heavily upon personal data and international personal data flows.

Personal data

Personal data Data breaches GDPR Compliance

Colorado AG Publishes Draft Colorado Privacy Act Rules

Hunton Privacy

NOVEMBER 1, 2022

The proposed regulations, if adopted, would add certain significant new compliance obligations on businesses. Right to Request to Exercise Personal Data Rights (Rule 4.02 – Rule 4.07; 6.11). The CPA further provides that businesses should not place an unreasonable burden on consumers to submit data rights requests.

Privacy

Privacy Personal data Data collection Compliance

When And How Cos. Should Address Cyber Legal Compliance

Data Matters

OCTOBER 30, 2017

They can, however, engage in probing internal due diligence of their companies’ cyber governance and compliance posture before it is too late — that is, before a cyber event occurs. Growing Expectations of Director-Level Responsibility for Cyber Legal Compliance. 1] The U.S.

Compliance

Compliance Cybersecurity Risk Government

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

The European Data Protection Board ( “EDPB” ) has published guidelines on the processing of personal data through video devices (the “ Guidelines “) (currently subject to a public consultation process). technical and organisational measures required for such data processing.

Personal data

Personal data GDPR Access Marketing

CHINA: new Anti-Espionage Law and its impact on your China data and operations – how your organisation should respond

DLA Piper Privacy Matters

MAY 16, 2023

However, its effects have already been felt by some international businesses. So what should international businesses do to respond to these new risks? The new law broadens the scope of espionage activities, as well as the power for authorities to carry out anti-espionage investigations by gaining access to data and property.

IT

IT Compliance Communications Risk

CHINA: Clarifications of data classification and grading requirements

DLA Piper Privacy Matters

OCTOBER 3, 2022

Where some types of data have multiple categories (e.g. a set of telecommunications data which is also considered personal information), organisations should take note in ensuring compliance with the relevant rules and standards. Data grading. Accuracy, scale, and coverage.

Data collection

Data collection Personal data Access Compliance

EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle

DLA Piper Privacy Matters

JANUARY 26, 2022

Data is at the heart of the EU’s digital and green transformation, which are the two priorities of the European Commission. With the General Data Protection Regulation (GDPR), adopted in 2016, the EU has created a solid framework for the protection of personal data in line with the EU Charter of Fundamental Rights.

Personal data

Personal data GDPR Computer and Electronics Artificial Intelligence

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The CNIL provides practical advice to the management and the operational staff who process personal data, in order to ensure that such processing is carried out in compliance with the applicable data protections laws. The DPO is responsible for the monitoring of the organization’s compliance with the GDPR.

GDPR

GDPR Compliance Personal data Communications

US: Virginia passes comprehensive consumer data protection law

DLA Piper Privacy Matters

MARCH 18, 2021

during a calendar year, control or process personal data of at least 100,000 consumers, or. control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data. Key provisions. business-to-business) or employment context. Enforcement.

Personal data

Personal data Sales GDPR Privacy

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

Recall that the focus of the Executive Order was not on single transactions, but rather bulk transactions of Americans’ personal data. What is included in the special category of “government related data”? The regulation also proposes this chart with respect to risk levels and bulk thresholds: (at 25).

Access

Access Military Compliance Personal data

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

The consultation is structured around 5 objectives: reducing barriers to innovation; reducing burdens on business and delivering better outcomes for people; boosting trade and reducing barriers to data flows; delivering better public services; and reform of the ICO. Compliance program. Complaints and DSARs.

Government

Government FOIA GDPR Compliance

CNIL’s New Guidelines on HR Processing

HL Chronicle of Data Protection

APRIL 21, 2020

The new guidelines are applicable to public and private companies for the processing of their employees’ personal data. “Employees” is broadly understood as including permanent employees, temporary workers, interns and trainees, civil servants, apprentices, etc. Categories of personal data.

Personal data

Personal data GDPR Big data Compliance

CHINA: Privacy, Security and Content Regulation to Increase in 2020

DLA Piper Privacy Matters

JANUARY 13, 2020

The changes specifically introduce the following: Broader scope of prohibited content: in addition to the currently existing categories (e.g., defaming national integrity and unity), the new law prohibits publication of additional categories of content (e.g., New Personal Data Protection Law and Data Security Law.

Privacy

Privacy Security Personal data Compliance

How to comply with Article 30 of the GDPR

IT Governance

JUNE 21, 2018

Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. One key part of this record-keeping activity is to document the category of individuals (employees, customers, etc.) hard copy forms, online data entry, database).

GDPR

GDPR Personal data Risk Cloud

List of mandatory documents required by the GDPR

IT Governance

JULY 31, 2019

Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance with other aspects of the GDPR. Personal Data Protection Policy (Article 24). A data protection policy is a statement that sets out how your organisation protects personal data.

GDPR

GDPR Data breaches Personal data Compliance

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

However, as with all China laws, the PIPL is drafted as high level principles, and we anticipate additional guidelines will be published in the coming months outlining the practical compliance steps organisations will need to take when updating their China data protection compliance programmes.

Data Privacy

Data Privacy Privacy Compliance Analytics

Thailand’s National Legislative Assembly Passes Data Protection Law

Hunton Privacy

MARCH 15, 2019

On February 28, 2019, Thailand’s National Legislative Assembly finally approved and endorsed the draft Personal Data Protection Act (the “PDPA”), which will now be submitted for royal endorsement and subsequent publication in the Government Gazette. National Data Protection Authority. Sensitive Personal Data.

Personal data

Personal data GDPR Compliance Government

EU Data Governance Act – Edging Closer to a European Single Market for Data

Data Matters

APRIL 27, 2022

On 6 April 2022, the European Parliament formally approved the Data Governance Act (“DGA”), which establishes a legal framework to promote the availability of data and increase trust in data sharing across sectors in the EU. The DGA is part of the European Commission’s broader digital and data strategy. Data altruism.

Marketing

Marketing Government Personal data Artificial Intelligence

Unactioned data subject access requests could lead to legal action

IT Governance

FEBRUARY 19, 2019

There are no specific rules for how such a DSAR must be made; individuals can simply say, for instance, “I’d like to see what personal data you have on me.”. The categories of personal data involved. The recipients (or categories of recipients) to whom the personal data has been or will be disclosed.

Access

Access GDPR Personal data Compliance

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. To comply with the data controller’s legal obligations. To protect the data subject’s vital interests.

GDPR

GDPR Personal data Privacy Access

Government publishes consultation on post-Brexit data reforms

DLA Piper Privacy Matters

SEPTEMBER 10, 2021

where processing is for research purposes, disapplying the current requirement for controllers who collected personal data directly from the data subject to provide further information to the data subject prior to any further processing, where it would require a disproportionate effort to do so.

Government

Government Paper Personal data GDPR

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

Data Protection Report

DECEMBER 17, 2020

The EC anticipates that providers of data sharing services, or data intermediaries, will play a key role in facilitating the aggregation and exchange of substantial amounts of relevant data (personal and non-personal data). What are the other excluded categories? Requirement to notify.

Government

Government Personal data GDPR Access

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

Hunton Privacy

OCTOBER 5, 2017

Last week, at the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong, data protection authorities from around the world issued non-binding guidance on the processing of personal data collected by connected cars (the “Guidance”).

Privacy

Privacy Personal data Data collection Data Privacy

Preparing for CCPA? Follow these best practices

Collibra

AUGUST 29, 2019

With a January 1, 2020 deadline looming, the CCPA can seem like an immediate compliance project. Organizations can develop an expensive patchwork of point solutions to manage data privacy. Four best practices for organizations to consider when implementing CCPA compliance include: . Implement data privacy by design.

Data Privacy

Data Privacy Compliance Personal data Privacy

DUBAI – DIFC Data Protection Law 2020

DLA Piper Privacy Matters

JUNE 4, 2020

Dubai’s International Financial Centre, the world class financial hub and free zone established in 2004, has an updated data protection law ( “Updated Law” ). What are the key changes? For those familiar with the GDPR many of the key changes will not be surprising. It remains to be seen how this will apply in practice.

Personal data

Personal data GDPR Compliance Privacy

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

MARCH 4, 2021

Rather, to be covered by the VCDPA, an entity must either “(i) during a calendar year, control or process personal data of at least 100,000 consumers or (ii) control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.”. Exemptions.

Personal data

Personal data GDPR Sales Privacy

CIPL Submits Comments to UK DCMS Consultation on UK Data Reform

Hunton Privacy

DECEMBER 17, 2021

supports the proposal to exempt reverse transfers from the UK’s international transfer regime. supports DCMS’ proposal to incorporate a test based on the U.S. supports DCMS’ proposal to incorporate a test based on the U.S. Chapter 5: Reform of the ICO.

GDPR

GDPR B2B Risk Government

ICO Publishes Draft New Guidance on PETs

Data Matters

OCTOBER 6, 2022

The Guidance is divided into two sections: (i) how can PETs help with data protection compliance; and (ii) what are PETs. This is the idea that data protection should be ‘baked in’ to your processing from the design stage through to the deployment of any technology. PETs that control access to certain parts of the data.

GDPR

GDPR Privacy Encryption Compliance

DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements

Webinars

Trending Sources

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

Webinars

How to Comply with GDPR, PIPL, and CCPA

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

7 steps to highly effective GDPR compliance

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

How to implement the General Data Protection Regulation (GDPR)

What UK charities need to know about GDPR compliance

New Dubai International Financial Centre Data Protection Law Comes into Effect

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

Key steps to GDPR compliance – Part 3

CHINA: mobile apps remain a high privacy risk, and face stringent requirements

Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process

Why risk assessments are essential for GDPR compliance

UAE: Federal level data protection law enacted

Colorado AG Publishes Draft Colorado Privacy Act Rules

When And How Cos. Should Address Cyber Legal Compliance

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

CHINA: new Anti-Espionage Law and its impact on your China data and operations – how your organisation should respond

CHINA: Clarifications of data classification and grading requirements

EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle

France: The CNIL publishes a practical guide on Data Protection Officers

US: Virginia passes comprehensive consumer data protection law

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

UK Government sets out proposals to shake up UK data protection laws

CNIL’s New Guidelines on HR Processing

CHINA: Privacy, Security and Content Regulation to Increase in 2020

How to comply with Article 30 of the GDPR

List of mandatory documents required by the GDPR

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Thailand’s National Legislative Assembly Passes Data Protection Law

EU Data Governance Act – Edging Closer to a European Single Market for Data

Unactioned data subject access requests could lead to legal action

CCTV and the GDPR – an overview for small businesses

Government publishes consultation on post-Brexit data reforms

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

Preparing for CCPA? Follow these best practices

DUBAI – DIFC Data Protection Law 2020

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

CIPL Submits Comments to UK DCMS Consultation on UK Data Reform

ICO Publishes Draft New Guidance on PETs

Stay Connected