Document, GDPR and Security - Information Management Today

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S. PIPL Raises the Bar – And the Stakes.

Data Privacy

Data Privacy Compliance Privacy Security

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

DLA Piper Privacy Matters

AUGUST 19, 2021

On 17 December 2019, the ICO issued the first administrative fine under the GDPR (known as a monetary penalty notice in the UK), alongside an Enforcement Notice, against Doorstep Disparensee Limited (“ DDL ”). Some of these contained personal data and special category (health) data.

GDPR

GDPR Personal data Compliance Risk

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Compliance Privacy Data Privacy

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. You can find more information about GDPR compliance on our website >> Data processing principles (Article 5).

GDPR

GDPR Personal data Privacy Access

ICO issue fine of £4.4 to Interserve for security failings

DLA Piper Privacy Matters

OCTOBER 25, 2022

for violations of the GDPR (the violations were pre-Brexit). The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal data (in contravention of Articles 5(1)(f) and 32 GDPR) for a period of ~20 months. The Incident. Digest of points to note in the MPN.

Security

Security GDPR Personal data Insurance

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

Background: How to calculate GDPR fines? How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR?

GDPR

GDPR Authentication Compliance Personal data

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

European Commission Adopts New Standard Contractual Clauses

Data Matters

JUNE 5, 2021

The New SCCs take into account the Court of Justice of the European Union’s ( CJEU ) decision in Schrems II , requirements under the EU General Data Protection Regulation ( GDPR ), and according to the EC “address the realities faced by modern business”. However, their formulation (i.e.,

GDPR

GDPR Personal data IT Data breaches

AUSTRALIA: One month to go – EU GDPR implications for Australian businesses

DLA Piper Privacy Matters

APRIL 26, 2018

We are now one month away from the historic enforcement of the EU General Data Protection Regulation ( GDPR ) and it is clear that there is still much to do by many Australian organisations to ensure compliance by the 25 May 2018 deadline. Public sector organisations are not immune.

GDPR

GDPR Compliance Personal data Privacy

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. While the new security proposals have not yet become law, cybersecurity managers can begin to prepare metrics and audits that will not only help comply with those laws, but can also help create positive change now.

Cybersecurity

Cybersecurity Compliance Risk Communications

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

How long do you have to report a data breach?

IT Governance

DECEMBER 13, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. Most breaches fit into this category, but not all of them. You can focus on assessing the incident, cauterising the damage and documenting the steps you’ve taken.

Data breaches

Data breaches GDPR Personal data Compliance

EDPB Adopts Guidelines on Data Processing Through Video Devices

Hunton Privacy

JULY 26, 2019

The Guidelines aim to provide guidance on how to apply the EU General Data Protection Regulation (“GDPR”) in all potential areas of video device use. In compliance with the accountability requirement of the GDPR, these purposes should be documented in writing and specified for every surveillance camera in use.

GDPR

GDPR Personal data Privacy Compliance

How long do you have to report a data breach?

IT Governance

OCTOBER 24, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. Most breaches fit into this category, but not all of them. You can focus on assessing the incident, cauterising the damage and documenting the steps you’ve taken.

Data breaches

Data breaches GDPR Compliance Personal data

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. What do we expect in terms of enforcement priorities?

GDPR

GDPR Personal data Compliance Data breaches

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

European Commission publishes long-awaited draft Regulation on Artificial Intelligence

DLA Piper Privacy Matters

APRIL 26, 2021

There are parallels here with the extra-territorial effect of the GDPR. High-risk AI systems are defined by a classification model that focuses on the risk associated with the product itself: A first category covers AI systems intended to be used as a safety component of products (or which are themselves a product).

Artificial Intelligence

Artificial Intelligence Risk Marketing GDPR

A deeper dive into the new Standard Contractual Clauses

Data Protection Report

JUNE 7, 2021

The documentation published comprises both an Implementing Decision and an Annex setting out the New SCCs themselves. Greater alignment with the GDPR: Many of the provisions in the New SCCs have been brought more in line with the GDPR requirements. They will also be a lawful mechanism for UK companies to use too.

Personal data

Personal data GDPR Data breaches Access

New UK guidance on Transfer Risk Assessments

Data Protection Report

DECEMBER 8, 2022

The TRA Guidance and TRA Tool are relevant whenever an organisation that is subject to the UK GDPR transfers personal data to a non-adequate jurisdiction based on one of the transfer mechanisms in Article 46 of the UK GDPR (i.e. 46 transfer mechanism will likely be enforceable in the UK and any other relevant jurisdiction.

Risk

Risk Personal data GDPR Privacy

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

DLA Piper Privacy Matters

FEBRUARY 7, 2019

Given the potential financial exposure under GDPR, it is no surprise that a great deal of time is being spent working out how to allocate the risk and liability when negotiating commercial contracts. Before we look at limiting liability, we need to first consider how liability can arise in the first place in the context of GDPR.

GDPR

GDPR Risk Data breaches Personal data

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. Data retention is a rising trend in GDPR enforcement. Overwhelmed at the prospect?

Privacy

Privacy GDPR Data breaches Risk

Cloud Security Fundamentals: Understanding the Basics

eSecurity Planet

MAY 24, 2024

Cloud security fundamentals are the core requirements that ensure data protection, regulatory compliance, and access management in a cloud environment. Understanding cloud security challenges and knowing the cloud security tools available in the market significantly contribute to enhanced cloud security.

Cloud

Cloud Security Compliance Encryption

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. Data retention is a rising trend in GDPR enforcement. Overwhelmed at the prospect?

Privacy

Privacy GDPR Data breaches Risk

The ICO Updates Its Data Sharing Code of Practice

HL Chronicle of Data Protection

AUGUST 5, 2019

On the same day, the ICO also announced its intention to fine Marriott International just over £99m for infringements of the General Data Protection Regulation (GDPR), highlighting the importance of due diligence in the context of data sharing. Are data sharing agreements required under the GDPR? Specific data sharing cases.

GDPR

GDPR IT Personal data Compliance

US: The CCPA ‘Moving Target’ One Month Before Privacy Enforcement Begins

DLA Piper Privacy Matters

JUNE 18, 2020

With the California Consumer Privacy Act (CCPA) enforcement deadline only a month away, Chief Privacy Officers still must grapple with significant uncertainties about what exactly the law requires. They remain far apart on preemption and private class action enforcement. By Jim Halpert.

Privacy

Privacy Compliance Sales Risk

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

MARCH 4, 2021

The VCDPA, which will not enter into effect until January 1, 2023, borrows heavily from the California Consumer Privacy Act (CCPA) and the European Union (EU) General Data Protection Regulation (GDPR). It remains to be seen how Virginia regulators will interpret this “targeting” test — which obviously echoes a similar approach in the GDPR.

Personal data

Personal data GDPR Sales Privacy

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

We make IT, security, or any business decision by weighing the risks and the rewards. Or as is often the case with security, what costs can we skip and still escape big penalties later? Document the incident response process as a plan. The building manager to handle threats to physical security at a specific office.

Insurance

Insurance Ransomware Data breaches Cloud

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

The EDPB acknowledges the ubiquity of video devices in modern life (everything from smartphone cameras to video-enabled doorbells and home security systems), and accepts that many individuals may be comfortable with the use of such devices for certain purposes such as security. 1. Application of the GDPR.

Personal data

Personal data GDPR Access Marketing

The debate on the Data Protection Bill in the House of Lords

Data Protector

OCTOBER 11, 2017

Where the Information Commissioner gives notices to data controllers, she can now secure compliance, with the power to issue substantial administrative penalties of up to 4% of global turnover. We think that this super-complainant system would help to protect anonymity and create a stronger enforcement framework.

GDPR

GDPR Personal data Government IT

Considering Customer Data Management? Taking the Right Approach in 2020

Reltio

MARCH 18, 2020

As teams look to pursue their customer data initiatives, they have traditionally focused on two key categories of offerings: Customer data platforms (CDPs). Think of the holistic data strategy that includes master data, analytics, compliance, privacy & security, investments in AI/ML. Does it aligns with the customer expectations?

MDM

MDM Analytics Customer Experience Marketing

Security Considerations for Data Lakes

eSecurity Planet

AUGUST 11, 2022

Many of the basic principles for securing a data lake will be familiar to anyone who has secured a cloud security storage container. Essentially, we are securing an app at scale with enormous requirements for stored data, incoming data, data interactions, and network connections. Data Lake Security Scope.

Security

Security Encryption Cloud Access

The Burden of Privacy In Discovery

Data Matters

SEPTEMBER 29, 2021

Although these proportionality factors began as an integral part of the definition of the scope of discovery, for more than two decades these limitations resided in a separate subsection of the Rule, resulting in considerable confusion and less-than-rigorous enforcement. The principle of proportionality in civil discovery is hardly new.4

Privacy

Privacy e-Discovery Computer and Electronics e-Delivery

Key takeaways for the private sector from The Bridges v South Wales police facial recognition case

Data Protection Report

AUGUST 27, 2020

The High Court should have reached a conclusion about whether SWP had an “appropriate policy document ” in place, as is required under section 35 of the UK Data Protection Act 2018. For example, regular reviews, oversight mechanisms and clear (and narrow) criteria setting out when and where AFT may be used.

Risk

Risk Retail IT GDPR

California Privacy Protection Agency Officially Commences CPRA Rulemaking Process

Hunton Privacy

JULY 8, 2022

The Notice of Proposed Rulemaking notes that the CPPA has taken into consideration privacy laws in other jurisdictions, and that the proposed regulations would allow businesses to implement compliance with the CCPA/CPRA “in such a way that would not contravene a business’s compliance with other privacy laws,” such as the GDPR, and the U.S.

Privacy

Privacy Sales Compliance Access

How to Improve Email Security for Enterprises & Businesses

eSecurity Planet

JUNE 8, 2023

Organizations that understand email security in detail can adopt email security options that are a good fit for their needs and resources. Microsoft estimates that 94% of cyberattacks begin with a malicious email — a horrific statistic that can be dramatically reduced by adopting email security standards, tools, and services.

Security

Security Authentication Encryption Phishing

Relativity Fest is Here! And So Are We!: eDiscovery Trends

eDiscovery Daily

SEPTEMBER 30, 2018

In this session, hear leading national experts with perspectives from major law firms, federal law enforcement, and computer forensics as we examine recent case law, practical technical challenges, current issues—including the regulation of self-driving cars, and the legal considerations of IoT data tracking.

e-Discovery

e-Discovery Education Computer and Electronics Privacy

Nevada, New York and other states follow California’s CCPA

Data Protection Report

JUNE 6, 2019

Instead, enforcement authority is granted to the Attorney General, which can institute a legal proceeding and have the court issue a temporary or permanent injunction, or impose a civil penalty not to exceed $5,000 for each violation. Narrows disclosure requirement to categories of third parties sold to.

Sales

Sales Privacy Insurance Manufacturing

Part 3: OMG! Not another digital transformation article! Is it about effecting risk management and change management?

ARMA International

SEPTEMBER 27, 2021

Thus, common tools and techniques are risk matrices, risk registers, risk logs, risk breakdown structures, risk categories, Monte Carlo simulations, and sensitivity analyses. law enforcement agencies recovered most of the bitcoin paid in ransomware. In May 2021, Colonial Pipeline paid $ 4.4 In this case, U.S.

Digital transformation

Digital transformation Risk IT Computer and Electronics

GDPR compliance checklist

How to Comply with GDPR, PIPL, and CCPA

Trending Sources

How to implement the General Data Protection Regulation (GDPR)

Security Compliance & Data Privacy Regulations

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

CCTV and the GDPR – an overview for small businesses

ICO issue fine of £4.4 to Interserve for security failings

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

GDPR – The Year in Review

European Commission Adopts New Standard Contractual Clauses

AUSTRALIA: One month to go – EU GDPR implications for Australian businesses

New SEC Cybersecurity Rules Could Affect Private Companies Too

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

How long do you have to report a data breach?

EDPB Adopts Guidelines on Data Processing Through Video Devices

How long do you have to report a data breach?

GDPR is upon us: are you ready for what comes next?

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

European Commission publishes long-awaited draft Regulation on Artificial Intelligence

A deeper dive into the new Standard Contractual Clauses

New UK guidance on Transfer Risk Assessments

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

The Privacy Officers’ New Year’s Resolutions

Cloud Security Fundamentals: Understanding the Basics

The Privacy Officers’ New Year’s Resolutions

The ICO Updates Its Data Sharing Code of Practice

US: The CCPA ‘Moving Target’ One Month Before Privacy Enforcement Begins

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

How to Develop an Incident Response Plan

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

The debate on the Data Protection Bill in the House of Lords

Considering Customer Data Management? Taking the Right Approach in 2020

Security Considerations for Data Lakes

The Burden of Privacy In Discovery

Key takeaways for the private sector from The Bridges v South Wales police facial recognition case

California Privacy Protection Agency Officially Commences CPRA Rulemaking Process

How to Improve Email Security for Enterprises & Businesses

Relativity Fest is Here! And So Are We!: eDiscovery Trends

Nevada, New York and other states follow California’s CCPA

Part 3: OMG! Not another digital transformation article! Is it about effecting risk management and change management?

Stay Connected