Data, GDPR, Information Security and Security - Information Management Today

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. The Irish Data Protection Commission filed papers in the Circuit Court on Friday to confirm the €75,000 fine against the Agency. Eilis McDonald & John Magee. It is reported the fine will not be challenged by Tusla.

GDPR

GDPR Personal data Government Paper

What Is Data Minimisation? Definition & Examples

IT Governance

APRIL 18, 2023

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur.

GDPR

GDPR Personal data Data breaches Marketing

Building cyber security careers

IT Governance

OCTOBER 21, 2021

The need for experienced and qualified cyber security professionals is a highlight of Cybersecurity Career Awareness Week , led by NICE (National Initiative for Cybersecurity Education). The most common skills gaps are “storing or transferring personal data, setting up configured firewalls, and detecting and removing malware”.

Security

Security Information Security GDPR Data Privacy

ISO 27001 and Physical Security

IT Governance

MAY 15, 2024

Physical access control, physical security monitoring, CCTV, and more When we hear the term ‘information security’ – or, for that matter, ‘ISO 27001’ – our thoughts usually turn straight to cyber security. However, physical security is also an important aspect of information and data security.

Security

Security Information Security Access Cloud

7 steps to highly effective GDPR compliance

IT Governance

AUGUST 21, 2019

The GDPR (General Data Protection Regulation) hasn’t exactly crept up unnoticed over the past year or so, but it’s still caught many organisations by surprise. Meanwhile, although the specifics of Brexit are still unclear, one thing is certain: whatever happens, UK-based organisations will be subject to the GDPR’s requirements.

GDPR

GDPR Compliance Personal data Access

China Releases Draft Regulations on Network Data Security Management

Hunton Privacy

JANUARY 26, 2022

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released for public comment its draft Regulations on Network Data Security Management (the “Draft Regulations”). In addition, the Draft Regulations add new requirements related to data processing activities. Data Handler and Entrusted Party.

Security

Security Data breaches Personal data Cybersecurity

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy.

GDPR

GDPR Compliance Privacy Data Privacy

The GDPR: A guide for small businesses

IT Governance

MARCH 27, 2018

Businesses are starting to panic as they try to comply with the General Data Protection Regulation (GDPR) before the May 2018 deadline. Many even believe that the GDPR won’t apply to them because they have fewer than 250 employees. Our small business guide to the GDPR should help clarify some of the key factors affecting SMEs.

GDPR

GDPR Compliance Personal data Information Security

Key steps to GDPR compliance – Part 3

IT Governance

DECEMBER 20, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, but some businesses are not even thinking about it yet, or are only just starting to. Data subject access requests, incident reporting and data breach reporting will all need written processes, too.

GDPR

GDPR Compliance Data breaches Information Security

New Dubai International Financial Centre Data Protection Law Comes into Effect

Hunton Privacy

JULY 9, 2020

On July 1, 2020, the Dubai International Financial Centre (“DIFC”) Data Protection Law No. Data Protection Principles: The New DP Law sets out requirements for processing that are largely identical to the data protection principles under the GDPR. 5 of 2020 came into effect (“New DP Law”).

Personal data

Personal data GDPR Data breaches Compliance

The UK Data Protection Regulator Fines TikTok £12.7 Million

Hunton Privacy

APRIL 4, 2023

On April 4, 2023, the data protection regulator of the UK, the Information Commissioner’s Office (ICO), issued a fine of a £12.7 million to TikTok Information Technologies UK Limited and TikTok Inc (together, “TikTok”) for a number of breaches of UK data protection law, including failing to use children’s personal data lawfully.

Personal data

Personal data GDPR IT Information Security

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. Kept in a form that allows data subjects to be identified for no longer than is necessary. To erasure.

GDPR

GDPR Personal data Privacy Access

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. Step 1: Data Discovery.

GDPR

GDPR Compliance Data collection Privacy

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. However, the GDPR is clear that data is also vulnerable to accidental or unlawful destruction, loss or disclosure. The GDPR risk assessment methodology. Get started with vsRisk.

GDPR

GDPR Risk Compliance Personal data

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

Hunton Privacy

OCTOBER 25, 2022

On October 24, 2022, the UK Information Commissioner’s Office (“ICO”) issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the EU General Data Protection Regulation (“GDPR”), during the period of March 2019 to December 2020.

Security

Security Personal data GDPR Insurance

6 tools to help you prevent and respond to data breaches

IT Governance

JANUARY 1, 2019

There are few things organisations fear more than data breaches. The stakes were raised with the enforcement of the EU GDPR (General Data Protection Regulation) in May 2018. It demands adequate security measures and has been widely publicised, as it has the potential to levy large fines against non-compliant organisations.

Data breaches

Data breaches GDPR Information Security Risk

6 tools to help you prevent and respond to data breaches

IT Governance

OCTOBER 8, 2018

There are few things organisations fear more than data breaches. The stakes were raised with the introduction of the EU GDPR (General Data Protection Regulation) in May 2018. An effective cyber incident response programme helps organisations prepare for and respond to data breaches. Data Flow Mapping Tool.

Data breaches

Data breaches GDPR Information Security Risk

What UK charities need to know about GDPR compliance

IT Governance

AUGUST 2, 2019

If you think that charities might be shown lenience under the GDPR (General Data Protection Regulation) , you’re wrong. The Regulation treats charities in much the same way as any organisation, because although they’re not using personal data to make a profit, they still run the risk of data breaches and privacy violations.

GDPR

GDPR Compliance Personal data Risk

ICO issue fine of £4.4 to Interserve for security failings

DLA Piper Privacy Matters

OCTOBER 25, 2022

for violations of the GDPR (the violations were pre-Brexit). The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal data (in contravention of Articles 5(1)(f) and 32 GDPR) for a period of ~20 months. The Incident. Digest of points to note in the MPN.

Security

Security GDPR Personal data Insurance

How Companies Need to Treat User Data and Manage Their Partners

Security Affairs

MAY 12, 2021

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. Data breaches and other threats.

GDPR

GDPR Privacy Personal data Data breaches

How long do you have to report a data breach?

IT Governance

DECEMBER 13, 2018

The first 72 hours after you become aware of a data breach are critical. This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. Most breaches fit into this category, but not all of them.

Data breaches

Data breaches GDPR Personal data Compliance

CNIL Publishes Initial Assessment on Blockchain and GDPR

Hunton Privacy

OCTOBER 2, 2018

Recently, the French Data Protection Authority (“CNIL”) published its initial assessment of the compatibility of blockchain technology with the EU General Data Protection Regulation (GDPR) and proposed concrete solutions for organizations wishing to use blockchain technology when implementing data processing activities.

Blockchain

Blockchain GDPR Personal data Compliance

How long do you have to report a data breach?

IT Governance

OCTOBER 24, 2018

The first 72 hours after you become aware of a data breach are critical. This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. Most breaches fit into this category, but not all of them.

Data breaches

Data breaches GDPR Compliance Personal data

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

On 16 November 2021, the French data protection supervisory authority (the “CNIL”) published a practical guide (“Guide”) on Data Protection Officers (“DPOs”). The DPO is responsible for the monitoring of the organization’s compliance with the GDPR. Be the point of contact on GDPR issues.

GDPR

GDPR Compliance Personal data Communications

Achieve GDPR compliance with our software tools

IT Governance

APRIL 27, 2018

General Data Protection Regulation (GDPR) compliance should be a priority and high on every organisation’s agenda with less than two months until the regulation comes into effect on 25 May 2018. Organisations need to be aware of what data they process and ensure it is processed in accordance with the law. Compliance Manager.

GDPR

GDPR Compliance Personal data Information Security

What to expect when you’ve suffered a data breach

IT Governance

SEPTEMBER 25, 2018

According to our figures, there were at least 488 reported data breaches in 2017 , and we’re on pace for an even bigger year in 2018. The first 72 hours after you identify a data breach are crucial. This is the window given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents.

Data breaches

Data breaches GDPR Information Security Personal data

ICO Issues Data Protection and Coronavirus Guidance

Data Matters

MARCH 12, 2020

In light of the ongoing Coronavirus (COVID-19) pandemic, the ICO has today issued guidance on “Data protection and coronavirus: what you need to know” for data controllers. Guidance has also been issued by many other Data Protection Authorities in other European countries. These types of communications are not direct marketing.

GDPR

GDPR Communications Privacy Government

The Impacts of Data Loss on Your Organization

Security Affairs

JULY 3, 2023

What are the causes of Data Loss and which are their impact on your organization? In today’s digital age, data has become the lifeblood of organizations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data.

Unstructured data

Unstructured data Metadata Encryption Data structuring

Unactioned data subject access requests could lead to legal action

IT Governance

FEBRUARY 19, 2019

Buckinghamshire-based housing developer Magnacrest has been fined for failing to respond to DSARs (data subject access requests) , giving organisations a fresh reminder of the importance of the public’s legal rights to review the information that’s processed about them. The categories of personal data involved.

Access

Access GDPR Personal data Compliance

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer. They are responding to a trend of companies moving to meet rising compliance requirements, such as PCI-DSS and GDPR.

Cybersecurity

Cybersecurity B2B Sales Compliance

CIPL Submits Response to China’s Personal Information Protection Law

Hunton Privacy

NOVEMBER 19, 2020

In its response, CIPL highlights several possible modifications of the PIPL, which it believes the NPC should consider and adopt during its review, not only to ensure China’s standing in the international data protection space but also to ensure the protection of China’s citizens, businesses and government data.

GDPR

GDPR Privacy Risk Government

The UK ICO Publishes Opinion on UK Government’s Assessment of Adequacy for the UK Extension to the EU-U.S. DPF

Hunton Privacy

SEPTEMBER 25, 2023

On September 21, 2023, the UK Information Commissioner’s Office (“ICO”) published an opinion on the UK Government’s assessment of adequacy for the UK Extension to the EU-U.S. Data Privacy Framework (the “UK Extension”). certified organization to ensure it will be treated as sensitive information under the UK Extension.

GDPR

GDPR Personal data Risk Data Privacy

A 6-step guide to surviving data breaches

IT Governance

FEBRUARY 1, 2019

Follow our advice to successfully manage risks and respond to a variety of information security incidents. Under the GDPR (General Data Protection Regulation) , organisations have 72 hours from the moment they become aware of a breach to report the incident. Assess the affected data. Describe the impact.

Data breaches

Data breaches GDPR Personal data Compliance

EDPB Adopts Opinion on Draft UK Adequacy Decision

Hunton Privacy

APRIL 19, 2021

On April 14, 2021, the European Data Protection Board (“EDPB”) announced that it had adopted its Opinion on the draft UK adequacy decision issued by the European Commission on February 19, 2021. The EDPB stated in its press release that there were key areas of strong alignment between the data protection regimes in the EU and UK.

GDPR

GDPR Personal data Access Security

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. Step 1: Appointing a Data Protection Officer (“DPO”) or “Pilot”.

GDPR

GDPR Personal data Compliance Privacy

Spotlight On: BCS Practitioner Certificate in Data Protection

Managing Your Information

SEPTEMBER 10, 2022

If you are considering taking our BCS Practitioner Certificate in Data Protection, you might have some questions about whether this is the right course for you. Candidates will need a basic understanding of UK GDPR and the Data Protection Act 2018 and some previous experience of working within the realm of data protection. .

GDPR

GDPR Information governance Compliance Paper

Do small organisations need to appoint a DPO?

IT Governance

SEPTEMBER 20, 2018

Small organisations often try to claim exemption from the EU’s GDPR (General Data Protection Regulation) based on their size. In most cases this is in vain, but there is one requirement where they might be justified: the appointment of a DPO (data protection officer). Process special categories of data on a large scale.

GDPR

GDPR Compliance Communications Privacy

U.S. states pass data protection laws on the heels of the GDPR

Data Protection Report

JULY 9, 2018

states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections provided by Europe’s newly enacted General Data Protection Regulation (“GDPR”). See our previous blog posts on GDPR here and here. On the security front, as of March 2018, all 50 U.S.

GDPR

GDPR Data breaches Personal data Insurance

Belgian Privacy Commission Issues Recommendation on Internal Records Under the GDPR

Hunton Privacy

JULY 7, 2017

The Belgian Privacy Commission (the “Belgian DPA”) recently released a Recommendation (in French and Dutch ) regarding the requirement to maintain internal records of data processing activities (the “Recommendation”) pursuant to Article 30 of the EU General Data Protection Regulation (“GDPR”). Content of internal records.

GDPR

GDPR Privacy Personal data Data breaches

Article 29 Working Party Publishes Guidance on Consent Under the GDPR

Hunton Privacy

DECEMBER 15, 2017

Recently, the EU’s Article 29 Working Party (the “Working Party”) adopted guidelines (the “Guidance”) on the meaning of consent under the EU General Data Protection Regulation (“GDPR”). The Guidance provides further detail on what is necessary to ensure that consent satisfies the requirements of the GDPR: Freely given.

GDPR

GDPR Personal data Risk Compliance

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

In good news for organisations handling personal information, China’s Personal Information Protection Law (“ PIPL ”) was finalised on 20 August 2021, and will come into force on 1 November 2021. To be clear, this is not China’s own GDPR.

Data Privacy

Data Privacy Privacy Compliance Analytics

Dutch DPA Updates Policy on Administrative Fines

Hunton Privacy

MARCH 26, 2019

On March 14, 2019, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , the “Dutch DPA”) published a press release announcing its policy (in Dutch ) for calculating administrative fines (the “Policy”). The Dutch DPA divided qualifying infringements into three or four categories.

GDPR

GDPR Personal data Authentication Compliance

How to implement the General Data Protection Regulation (GDPR)

Security Compliance & Data Privacy Regulations

Trending Sources

IRELAND: First GDPR fine issued in Ireland

What Is Data Minimisation? Definition & Examples

Building cyber security careers

ISO 27001 and Physical Security

7 steps to highly effective GDPR compliance

China Releases Draft Regulations on Network Data Security Management

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

The GDPR: A guide for small businesses

Key steps to GDPR compliance – Part 3

New Dubai International Financial Centre Data Protection Law Comes into Effect

The UK Data Protection Regulator Fines TikTok £12.7 Million

CCTV and the GDPR – an overview for small businesses

Guest Post - Three Critical Steps for GDPR Compliance

Why risk assessments are essential for GDPR compliance

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

6 tools to help you prevent and respond to data breaches

6 tools to help you prevent and respond to data breaches

What UK charities need to know about GDPR compliance

ICO issue fine of £4.4 to Interserve for security failings

How Companies Need to Treat User Data and Manage Their Partners

How long do you have to report a data breach?

CNIL Publishes Initial Assessment on Blockchain and GDPR

How long do you have to report a data breach?

France: The CNIL publishes a practical guide on Data Protection Officers

Achieve GDPR compliance with our software tools

What to expect when you’ve suffered a data breach

ICO Issues Data Protection and Coronavirus Guidance

The Impacts of Data Loss on Your Organization

Unactioned data subject access requests could lead to legal action

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

CIPL Submits Response to China’s Personal Information Protection Law

The UK ICO Publishes Opinion on UK Government’s Assessment of Adequacy for the UK Extension to the EU-U.S. DPF

A 6-step guide to surviving data breaches

EDPB Adopts Opinion on Draft UK Adequacy Decision

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Spotlight On: BCS Practitioner Certificate in Data Protection

Do small organisations need to appoint a DPO?

U.S. states pass data protection laws on the heels of the GDPR

Belgian Privacy Commission Issues Recommendation on Internal Records Under the GDPR

Article 29 Working Party Publishes Guidance on Consent Under the GDPR

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Dutch DPA Updates Policy on Administrative Fines

Stay Connected