2018, Document, GDPR and Security - Information Management Today

GDPR: lawful bases for processing, with examples

IT Governance

MARCH 13, 2020

First published June 2018. Under the EU GDPR (General Data Protection Regulation) , you need to identify a lawful basis before processing personal data. Lawfulness of processing under the GDPR. In this context, a contract doesn’t have to be a formal legal document, as long as it meets the requirements of contract law.

GDPR

GDPR Personal data Compliance Marketing

Irish DPA Issues €450,000 Fine Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

Hunton Privacy

DECEMBER 17, 2020

The fine is the largest issued by the Irish DPC under the EU General Data Protection Regulation (“GDPR”) to date and is also its first against a U.S.-based Twitter estimated that 88,726 Twitter users in Europe were affected between September 5, 2017 and January 11, 2019. The bug was discovered on December 26, 2018.

GDPR

GDPR Data breaches Personal data Compliance

Weekly podcast: Exactis, BetVictor, Ticketmaster, and GDPR complaints

IT Governance

JUNE 29, 2018

This week, we discuss the apparent leak of 340 million data records, a vulnerability that exposed sensitive BetVictor data, a data breach affecting up to 40,000 Ticketmaster customers, and the number of GDPR complaints since 25 May. Hello and welcome to the IT Governance podcast for Friday, 29 June 2018. Here are this week’s stories.

GDPR

GDPR Passwords Data breaches Access

CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report

Hunton Privacy

APRIL 30, 2019

The French Data Protection Authority (the “CNIL”) recently published its Annual Activity Report for 2018 (the “Report”) and released its annual inspection program for 2019. The Report provides an overview of the CNIL’s enforcement activities in 2018. The CNIL received 1,170 data breach notifications in 2018.

GDPR

GDPR Personal data Data breaches Marketing

GDPR: lawful bases for processing, with examples

IT Governance

JUNE 15, 2018

What is a lawful basis for processing under the GDPR? Like the Data Protection Act 1998 (DPA 1998) that it superseded, the General Data Protection Regulation (GDPR) sets out six lawful bases for processing personal data. Lawful processing under the GDPR. Do you always need individuals’ consent to process their data?

GDPR

GDPR Personal data Compliance Privacy

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

Weekly podcast: 2018 end-of-year roundup

IT Governance

DECEMBER 13, 2018

This week, in our last podcast of the year, we revisit some of the biggest information security stories from the past 12 months. Hello and welcome to the final IT Governance podcast of 2018. The year started with the revelation of Spectre and Meltdown – major security flaws affecting processors manufactured by Intel, ARM and AMD.

Data breaches

Data breaches Personal data Access GDPR

UK businesses are reporting fewer data breaches, but is this as positive as it sounds?

IT Governance

MAY 2, 2019

A third of businesses and a fifth of charities were hit by a cyber attack or data breach in the past year, the UK government’s Cyber Security Breaches Survey 2019 has found. The report says this may be because businesses and charities are going to greater lengths to become cyber secure. The effects of the GDPR.

Data breaches

Data breaches GDPR IT Compliance

The Scottish Cyber Resilience Strategy for health boards

IT Governance

MAY 3, 2018

The framework is a response to the impact of large-scale cyber attacks, such as WannaCry and its effect on various NHS organisations across Scotland, as well as impending regulatory changes with the introduction of the Directive on security of network and information systems (NIS Directive) (transposed into UK law as the NIS Regulations).

Paper

Paper GDPR Government Compliance

CNIL Publishes DPIA Guidelines and List of Processing Operations Subject To DPIA

Hunton Privacy

NOVEMBER 9, 2018

On November 6, 2018, the French Data Protection Authority (the “CNIL”) published its own guidelines on data protection impact assessments (the “Guidelines”) and a list of processing operations that require a data protection impact assessment (“DPIA”). The CNIL adopted its final list on October 11, 2018, based on that opinion.

GDPR

GDPR Risk IT Compliance

Wednesday LTNY 2018 Sessions: eDiscovery Trends

eDiscovery Daily

JANUARY 30, 2018

The Legaltech Judges Panel returns for 2018 to examine critical issues in ESI: Rule 34(b) Implications: why are courts still struggling with lawyers who don’t know the rules have changed and why lawyers are still struggling with “reasonable time specified to respond”. 2018 Global Discovery: International Compliance in the Cloud.

e-Discovery

e-Discovery Artificial Intelligence GDPR Education

Business of Data – issue 6

Information Matters

NOVEMBER 27, 2018

Issue 6 (27 November 2018). Getting value from your data under GDPR – Information Age, 15 November 2018. ” [link] com/data-under-gdpr-123476524/. Algorithms tame ambiguities in use of legal data – Financial Times, 15 November 2018. You can sign up to receive future copies by email HERE.

Artificial Intelligence

Artificial Intelligence Insurance Big data GDPR

Weekly podcast: German data breach, poor passwords, Marriott, NHS Digital and Patch Tuesday

IT Governance

JANUARY 10, 2019

This week, we discuss a high-profile German data breach, the top worst passwords of 2018, the resignation of NHS Digital’s CISO, and Microsoft’s latest patches. Hello and welcome to the first IT Governance podcast of 2019 – for Friday, 11 January. The top ten worst passwords of 2018 were, counting down from ten to one: 10.

Data breaches

Data breaches Passwords GDPR Personal data

Age Appropriate Design: ICO Issues Draft Code of Practice for Online Services Used by Children

Hunton Privacy

APRIL 26, 2019

Given the extraterritorial reach of the UK Data Protection Act 2018, organizations based outside of the UK may be subject to the code, which is expected to take effect by the end of 2019. The finalized code will be enforced by the ICO under the Data Protection Act 2018.

Personal data

Personal data Privacy GDPR Access

Will the UK Meet the EU Adequacy Test?

HL Chronicle of Data Protection

SEPTEMBER 18, 2018

Since the adequacy concept was introduced in the 1995 Data Protection Directive, only 11 jurisdictions in the world have been declared adequate. These are succinctly spelled out in their Adequacy Referential document, which was updated as recently as February 2018. But will it be? Achieving adequacy status is not easy.

GDPR

GDPR Personal data Privacy Government

The Burden of Privacy In Discovery

Data Matters

SEPTEMBER 29, 2021

To pick just two recent examples of the latter, the EU’s General Data Protection Regulation1 (GDPR) and the California Consumer Privacy Act2 (CCPA) both impose sweeping requirements on businesses with the aim of increasing consumers’ privacy and control over how their personal data is used.

Privacy

Privacy e-Discovery Computer and Electronics e-Delivery

The debate on the Data Protection Bill in the House of Lords

Data Protector

OCTOBER 11, 2017

Where the Information Commissioner gives notices to data controllers, she can now secure compliance, with the power to issue substantial administrative penalties of up to 4% of global turnover. Where she finds criminality, she can prosecute. This is “Hamlet” without the prince.

GDPR

GDPR Personal data Government IT

Key takeaways for the private sector from The Bridges v South Wales police facial recognition case

Data Protection Report

AUGUST 27, 2020

On 11 August 2020, the Court of Appeal ( CA ) handed down its judgement in the case of R (on the application of Edward BRIDGES) v The Chief Constable of South Wales Police. The High Court was wrong to hold that SWP’s Data Protection Impact Assessment ( DPIA ) complied with the requirements of section 64 of the Data Protection Act 2018.

Risk

Risk Retail IT GDPR

Relativity Fest is Here! And So Are We!: eDiscovery Trends

eDiscovery Daily

SEPTEMBER 30, 2018

The 2018 Relativity Fest conference is here! Here are some of the eDiscovery-related sessions for today: 11:00 AM – 12:00 PM: PD160424 – Women in e-Discovery: Bust That Career Plateau. PR186045 – Cybersecurity Due Diligence: Data Security Best Practices For Law Firms and Solution Providers.

e-Discovery

e-Discovery Education Computer and Electronics Privacy

Tuesday’s Relativity Fest 2019 Sessions: eDiscovery Trends

eDiscovery Daily

OCTOBER 21, 2019

Moderated by Chris Dale of the United Kingdom’s eDisclosure Information Project, the International Panel will go beyond the first year of Europe’s General Data Protection Regulation (GDPR) to examine data discovery issues facing practioners in South America and APAC as well. Find out: How they really feel about security?

e-Discovery

e-Discovery e-Delivery GDPR Education

Thursday LTNY 2020 Sessions: eDiscovery Trends

eDiscovery Daily

FEBRUARY 5, 2020

10:00am – 11:00am: ARMA’s Information Governance Implementation Model: The Way Forward For Information Governance. In the summer of 2018, California passed its landmark set of privacy statutes, the California Consumer Privacy Act (“CCPA”), effective January 1, 2020. State Privacy Regimes.

Information governance

Information governance Privacy Cloud Government

Part 3: OMG! Not another digital transformation article! Is it about effecting risk management and change management?

ARMA International

SEPTEMBER 27, 2021

In fact, “the Independent Panel for Pandemic Preparedness and Response, pointedly noted that since the H1N1 pandemic in 2009, there have been 11 high-level commissions and panels that produced more than 16 reports, with the vast majority of recommendations never implemented” (Fink 2021). 2020, p 1).

Digital transformation

Digital transformation Risk IT Computer and Electronics

Information Management Today

GDPR: lawful bases for processing, with examples

Irish DPA Issues €450,000 Fine Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

Trending Sources

Weekly podcast: Exactis, BetVictor, Ticketmaster, and GDPR complaints

CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report

GDPR: lawful bases for processing, with examples

GDPR – The Year in Review

Weekly podcast: 2018 end-of-year roundup

UK businesses are reporting fewer data breaches, but is this as positive as it sounds?

The Scottish Cyber Resilience Strategy for health boards

CNIL Publishes DPIA Guidelines and List of Processing Operations Subject To DPIA

Wednesday LTNY 2018 Sessions: eDiscovery Trends

Business of Data – issue 6

Weekly podcast: German data breach, poor passwords, Marriott, NHS Digital and Patch Tuesday

Age Appropriate Design: ICO Issues Draft Code of Practice for Online Services Used by Children

Will the UK Meet the EU Adequacy Test?

The Burden of Privacy In Discovery

The debate on the Data Protection Bill in the House of Lords

Key takeaways for the private sector from The Bridges v South Wales police facial recognition case

Relativity Fest is Here! And So Are We!: eDiscovery Trends

Tuesday’s Relativity Fest 2019 Sessions: eDiscovery Trends

Thursday LTNY 2020 Sessions: eDiscovery Trends

Part 3: OMG! Not another digital transformation article! Is it about effecting risk management and change management?

Stay Connected