IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. When must breaches be reported?

Personal data 105

Personal data Data breaches Data collection GDPR 105

Hunton Privacy

JUNE 4, 2021

On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation (“GDPR”), as well as the final version of the new standard contractual clauses (the “SCCs”).

Personal data 105

Personal data GDPR Government Access 105

DLA Piper Privacy Matters

SEPTEMBER 10, 2018

Italian privacy law integrating the GDPR is finally in place, but a number of provisions remain unclear, but need immediate action. The Italian Privacy Code changes after the GDPR. The result is a very confusing text which inevitably cannot be 100% aligned to the GDPR and might contain mistakes.

GDPR 49

GDPR Privacy Compliance Marketing 49

DLA Piper Privacy Matters

DECEMBER 3, 2021

The United Arab Emirates (“UAE”) has enacted its long awaited federal level data protection law. 45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. This article examines some of its key features. What does the PDPL cover and who does it apply to? Definitions.

Personal data 105

Personal data Data breaches GDPR Compliance 105

IT Governance

OCTOBER 6, 2020

Data loss refers to the destruction of sensitive information. It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’). What causes data loss? The impact of data loss on your business.

IT 98

IT Computer and Electronics Data breaches Risk 98

Hunton Privacy

NOVEMBER 13, 2020

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (“GDPR”), along with its draft set of new standard contractual clauses (the “SCCs”). Key Takeaways.

Personal data 105

Personal data GDPR Data collection Access 105

The Last Watchdog

OCTOBER 19, 2020

For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer. They are responding to a trend of companies moving to meet rising compliance requirements, such as PCI-DSS and GDPR.

Cybersecurity 235

Cybersecurity B2B Sales Compliance 235

IT Governance

JUNE 25, 2018

We all know by now that, on 25 May 2018, the General Data Protection Regulation (GDPR) came into effect. The GDPR is not an IT issue. Rather, it is a business issue: organisations in every sector collect, access and use personal data for many purposes – hiring, marketing, sales, customer service and so on.

Retail 71

Retail GDPR IT Compliance 71

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. Step 1: Appointing a Data Protection Officer (“DPO”) or “Pilot”.

GDPR 75

GDPR Personal data Compliance Privacy 75

IT Governance

NOVEMBER 23, 2018

DPIAs (data protection impact assessments) are a type of risk assessment that identify the risks affecting the security of personal data, and work out their likely effects. It’s particularly important to carry one out when introducing new processes, systems or technologies for processing personal data.

GDPR 67

GDPR Personal data Risk Marketing 67

Data Matters

JUNE 5, 2021

The European Commission ( EC ) on June 4, 2021 adopted a new set of Standard Contractual Clauses for international data transfers ( New SCCs ). Scope of the New SCCs : the New SCCs can only be used to legitimize transfers of personal data to a data importer (i.e., However, their formulation (i.e.,

GDPR 117

GDPR Personal data IT Data breaches 117

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR 79

GDPR Privacy Sales Data breaches 79

DLA Piper Privacy Matters

JUNE 27, 2022

The Italian privacy authority, the Garante, deemed that the use of Google Analytics results in unlawful transfers of personal data to the United States in violation of the principles outlined in the Schrems II ruling. In Order No. The disputed facts. Code § 1881(b)(4), which subjects the company to the surveillance of U.S.

Personal data 98

Personal data Analytics GDPR Privacy 98

eSecurity Planet

SEPTEMBER 23, 2022

Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. While the new security proposals have not yet become law, cybersecurity managers can begin to prepare metrics and audits that will not only help comply with those laws, but can also help create positive change now.

Cybersecurity 132

Cybersecurity Compliance Risk Communications 132

CILIP

FEBRUARY 1, 2024

Specifically, the ICO states that General Data Protection Regulations (GDPR) create specific requirements around the provision of information about and the explanation of AI-assisted decisions. As a result, many organisations are operating with a significant degree of risk in the impact of AI on their compliance with GDPR.

Artificial Intelligence 52

Artificial Intelligence Libraries GDPR Risk 52

DLA Piper Privacy Matters

APRIL 9, 2018

Italian companies can now rely on guidelines on how to comply with the European privacy regulation (GDPR) which unvail some interesting positions. . As already provided by the current regime, any type of processing of personal data needs to have a legal basis justifying it. In particular, among others, with reference to.

GDPR 40

GDPR Personal data Privacy Data breaches 40

IT Governance

FEBRUARY 1, 2019

Follow our advice to successfully manage risks and respond to a variety of information security incidents. Under the GDPR (General Data Protection Regulation) , organisations have 72 hours from the moment they become aware of a breach to report the incident. Assess the affected data. DPOs: the key to data breach response.

Data breaches 99

Data breaches GDPR Personal data Compliance 99

Hunton Privacy

DECEMBER 20, 2017

The Guidelines aim to provide practical guidance and clarification on the transparency obligations introduced by the EU General Data Protection Regulation (“GDPR”). The transparency obligations require controllers to provide certain information to data subjects regarding the processing of their personal data.

GDPR 62

GDPR Personal data Privacy Communications 62

Data Matters

AUGUST 9, 2019

First, it should be noted that the ICO can take into account compliance with such statutory codes when assessing whether an organisation has complied with its data sharing obligations including when considering principles of fairness, lawfulness, transparency and accountability. whistleblowing).

GDPR 79

GDPR Personal data Compliance Privacy 79

Data Protection Report

JUNE 7, 2021

On Friday 4 June, the European Commission published the finalised version of the new Standard Contractual Clauses for transferring personal data from the EU to third countries (the New SCCs). Companies now have 18 months to update their supplier contracts and other data export arrangements. Module 1, clause 8.5(e) Module 1, clauses 8.5;

Personal data 119

Personal data GDPR Data breaches Access 119

Hunton Privacy

DECEMBER 2, 2020

On November 25, 2020, the European Commission published its Proposal for a Regulation on European Data Governance (the “Data Governance Act”). The Data Governance Act is part of a set of measures announced in the 2020 European Strategy for Data , which is aimed at putting the EU at the forefront of the data empowered society.

Government 70

Government Personal data Compliance GDPR 70

Data Matters

NOVEMBER 4, 2020

Third, it creates a new category of businesses: those that voluntarily agree to be subject to the CCPA. Businesses familiar with GDPR will recognize the reference to automated decision-making, as Article 22 gives data subjects similar opt-out rights. However, in some cases, the definition of “business” is narrowed.

Privacy 122

Privacy B2B Sales Data breaches 122

DLA Piper Privacy Matters

AUGUST 23, 2021

Rather than bringing substantial changes to the existing China data privacy framework, the PIPL helpfully consolidates and clarifies obligations on processing of personal information at a national law level. To be clear, this is not China’s own GDPR.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR 60

GDPR Privacy Sales Data breaches 60

Hunton Privacy

MARCH 26, 2019

On March 14, 2019, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , the “Dutch DPA”) published a press release announcing its policy (in Dutch ) for calculating administrative fines (the “Policy”). The Dutch DPA divided qualifying infringements into three or four categories.

GDPR 55

GDPR Personal data Authentication Compliance 55

DLA Piper Privacy Matters

FEBRUARY 2, 2018

Article 32 of the GDPR requires data controllers and processors to “ implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk ”. Although the GDPR provides some guidance as to the types of measures that may be considered appropriate (i.e., Workstations security.

Security 49

Security Personal data GDPR Compliance 49

DLA Piper Privacy Matters

FEBRUARY 7, 2019

Given the potential financial exposure under GDPR, it is no surprise that a great deal of time is being spent working out how to allocate the risk and liability when negotiating commercial contracts. Before we look at limiting liability, we need to first consider how liability can arise in the first place in the context of GDPR.

GDPR 49

GDPR Risk Data breaches Personal data 49

HL Chronicle of Data Protection

APRIL 21, 2020

The French Data Protection Authority (CNIL) has recently released new guidelines (French only) regarding human resources processing operations. The new guidelines are applicable to public and private companies for the processing of their employees’ personal data. Categories of personal data. Legal basis.

Personal data 133

Personal data GDPR Big data Compliance 133

DLA Piper Privacy Matters

JULY 23, 2019

The European Data Protection Board ( “EDPB” ) has published guidelines on the processing of personal data through video devices (the “ Guidelines “) (currently subject to a public consultation process). technical and organisational measures required for such data processing.

Personal data 40

Personal data GDPR Access Marketing 40

Data Protection Report

JANUARY 16, 2020

CB(2) 512/19-20(03 ) (the Paper ) seeking views on changes to Personal Data (Privacy) Ordinance (Cap.486) Certainty around data retention periods. It is proposed that data users will be required to have clear retention policies. 486) (the PDPO ). details on the method of notification, as well as the content.

Paper 56

Paper Personal data Data breaches Privacy 56

Data Matters

NOVEMBER 13, 2020

The publication of the EC’s Draft comes just one day after the European Data Protection Board (EDPB) published its draft recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

Personal data 68

Personal data GDPR Privacy Compliance 68

DLA Piper Privacy Matters

JANUARY 21, 2019

On 12 December 2018, the French Government issued an ordinance [1] finalizing, at the legislative level [2] , the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation [3] (“GDPR”) and the Directive 2016/680 [4].

GDPR 49

GDPR Personal data Communications Government 49

Thales Cloud Protection & Licensing

NOVEMBER 28, 2022

The European Union enacted the Network and Information System (NIS) regulation in July 2016 with the intention of ensuring a specific level of security for networks and information systems belonging to critical and sensitive infrastructures in EU member states. As a result, security in the public and private sectors became fragmented.

IT 71

IT Encryption Compliance Cybersecurity 71

Data Protection Report

JANUARY 16, 2020

CB(2) 512/19-20(03 ) (the Paper ) seeking views on changes to Personal Data (Privacy) Ordinance (Cap.486) Certainty around data retention periods. It is proposed that data users will be required to have clear retention policies. 486) (the PDPO ). details on the method of notification, as well as the content.

Paper 40

Paper Personal data Data breaches Privacy 40

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

30 of 2018 on the Personal Data Protection Law (PDPL). It will provide individuals with rights in relation to how their personal data can be collected, processed and stored. The PDPL also imposes new obligations upon businesses to ensure that the personal data they collect is kept secure.

Personal data 49

Personal data GDPR Compliance Risk 49

eSecurity Planet

DECEMBER 9, 2021

We make IT, security, or any business decision by weighing the risks and the rewards. Or as is often the case with security, what costs can we skip and still escape big penalties later? Unfortunately for those of us indulging in wishful thinking, the likelihood and costs of data breaches continue to increase.

Insurance 125

Insurance Ransomware Data breaches Cloud 125

eSecurity Planet

MAY 24, 2024

Cloud security fundamentals are the core requirements that ensure data protection, regulatory compliance, and access management in a cloud environment. Understanding cloud security challenges and knowing the cloud security tools available in the market significantly contribute to enhanced cloud security.

Cloud 119

Cloud Security Compliance Encryption 119