Document, GDPR and Security - Information Management Today

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Google fined £44 million in landmark GDPR ruling

IT Governance

JANUARY 21, 2019

Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). . It’s by far the biggest fine related to the GDPR, which took effect in May 2018 and gave regulatory bodies much stronger disciplinary powers. .

GDPR

GDPR Access Government IT

The GDPR: A guide for small businesses

IT Governance

MARCH 27, 2018

Businesses are starting to panic as they try to comply with the General Data Protection Regulation (GDPR) before the May 2018 deadline. Many even believe that the GDPR won’t apply to them because they have fewer than 250 employees. Our small business guide to the GDPR should help clarify some of the key factors affecting SMEs.

GDPR

GDPR Compliance Personal data Information Security

7 steps to highly effective GDPR compliance

IT Governance

AUGUST 21, 2019

The GDPR (General Data Protection Regulation) hasn’t exactly crept up unnoticed over the past year or so, but it’s still caught many organisations by surprise. Meanwhile, although the specifics of Brexit are still unclear, one thing is certain: whatever happens, UK-based organisations will be subject to the GDPR’s requirements.

GDPR

GDPR Compliance Personal data Access

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

IT Governance

DECEMBER 24, 2019

Doorstep Dispensaree has been fined £275,000 for failing to comply with the GDPR (General Data Protection Regulation) , making it the first organisation in the UK to be penalised for breaching its requirements. Haven’t there already been GDPR fines in the UK? What went wrong?

GDPR

GDPR Personal data Government Access

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

Key steps to GDPR compliance – Part 3

IT Governance

DECEMBER 20, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, but some businesses are not even thinking about it yet, or are only just starting to. The EU GDPR Documentation Toolkit is a complete set of GDPR-compliant templates that are easy to use and customisable.

GDPR

GDPR Compliance Data breaches Information Security

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Compliance Privacy Data Privacy

How to comply with Article 30 of the GDPR

IT Governance

JUNE 21, 2018

Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. One key part of this record-keeping activity is to document the category of individuals (employees, customers, etc.) What does Article 30 require? Formats (e.g.

GDPR

GDPR Personal data Risk Cloud

How to write a GDPR-compliant data subject access request procedure – with template

IT Governance

NOVEMBER 8, 2018

This blog was originally published before the GDPR took effect in May 2018. This blog explains how to write a GDPR-compliant DSAR (data subject access request) procedure to ensure you meet your obligations as a data controller. The categories of personal data involved. Data subject access request procedures under the GDPR.

GDPR

GDPR Access Personal data Compliance

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. Processed securely. Adequate, relevant and limited to what is necessary.

GDPR

GDPR Personal data Privacy Access

What Is Data Minimisation? Definition & Examples

IT Governance

APRIL 18, 2023

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur. What is data minimisation?

GDPR

GDPR Personal data Data breaches Marketing

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. However, the GDPR is clear that data is also vulnerable to accidental or unlawful destruction, loss or disclosure. The GDPR risk assessment methodology. Able to generate audit reports.

GDPR

GDPR Risk Compliance Personal data

What UK charities need to know about GDPR compliance

IT Governance

AUGUST 2, 2019

If you think that charities might be shown lenience under the GDPR (General Data Protection Regulation) , you’re wrong. The breach was reported to the ICO (Information Commissioner’s Office), which oversees GDPR compliance in the UK, and Mermaids is now subject to disciplinary action. What are charities’ GDPR requirements?

GDPR

GDPR Compliance Personal data Risk

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

Background: How to calculate GDPR fines? How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR?

GDPR

GDPR Authentication Compliance Personal data

Achieve GDPR compliance with our software tools

IT Governance

APRIL 27, 2018

General Data Protection Regulation (GDPR) compliance should be a priority and high on every organisation’s agenda with less than two months until the regulation comes into effect on 25 May 2018. In order to become GDPR-complaint, an organisation will need to conduct a data inventory and data flow audit.

GDPR

GDPR Compliance Personal data Information Security

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. This will allow them to be one step ahead and better organized to comply with the upcoming GDPR.

GDPR

GDPR Personal data Compliance Privacy

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

Belgian Privacy Commission Issues Recommendation on Internal Records Under the GDPR

Hunton Privacy

JULY 7, 2017

The Belgian Privacy Commission (the “Belgian DPA”) recently released a Recommendation (in French and Dutch ) regarding the requirement to maintain internal records of data processing activities (the “Recommendation”) pursuant to Article 30 of the EU General Data Protection Regulation (“GDPR”). Aim of such requirement.

GDPR

GDPR Privacy Personal data Data breaches

GDPR Italian Implementing Decree Has Been Published

HL Chronicle of Data Protection

SEPTEMBER 14, 2018

101 of 10 August 2018 (the “Decree”) for the national implementation of General Data Protection Regulation (EU) 2016/679 (the “GDPR”) has been published in the Official Journal. Below, a brief summary of the most relevant provisions: PROVISIONS WHICH INTEGRATE THE GDPR.

GDPR

GDPR Personal data Privacy Communications

European Commission Adopts New Standard Contractual Clauses

Data Matters

JUNE 5, 2021

The New SCCs take into account the Court of Justice of the European Union’s ( CJEU ) decision in Schrems II , requirements under the EU General Data Protection Regulation ( GDPR ), and according to the EC “address the realities faced by modern business”. However, their formulation (i.e.,

GDPR

GDPR Personal data IT Data breaches

Belgian Privacy Commission Issues Priorities and Thematic Dossier to Prepare for GDPR

Hunton Privacy

SEPTEMBER 21, 2016

On September 16, 2016, the Belgian Data Protection Authority (the “Privacy Commission”) published a 13-step guidance document (in French and Dutch ) to help organizations prepare for the EU General Data Protection Regulation (“GDPR”). Document what personal data is stored, where it came from and with whom it is shared.

GDPR

GDPR Privacy Personal data Data breaches

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Data Protection Report

JULY 8, 2019

The issue giving rise to the financial penalty was a security breach relating to the company’s website notified by a user to the CNIL on 12 August 2018. According to SERGIC, the website’s security breach could have impacted around 29,440 users.

GDPR

GDPR Personal data Compliance Security

Unactioned data subject access requests could lead to legal action

IT Governance

FEBRUARY 19, 2019

The investigation into Magnacrest predates the GDPR (General Data Protection Regulation) , resulting in a relatively small fine. The categories of personal data involved. The recipients (or categories of recipients) to whom the personal data has been or will be disclosed. Documenting the facts relating to the DSARs.

Access

Access GDPR Personal data Compliance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission).

Privacy

Privacy GDPR Data breaches Risk

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

How long do you have to report a data breach?

IT Governance

DECEMBER 13, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. This generally refers to the possibility of affected individuals facing economic or social damage, such as discrimination, reputational damage or financial losses.

Data breaches

Data breaches GDPR Personal data Compliance

EDPB Adopts Guidelines on Data Processing Through Video Devices

Hunton Privacy

JULY 26, 2019

The Guidelines aim to provide guidance on how to apply the EU General Data Protection Regulation (“GDPR”) in all potential areas of video device use. In compliance with the accountability requirement of the GDPR, these purposes should be documented in writing and specified for every surveillance camera in use.

GDPR

GDPR Personal data Privacy Compliance

How long do you have to report a data breach?

IT Governance

OCTOBER 24, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. This generally refers to the possibility of affected individuals facing economic or social damage, such as discrimination, reputational damage or financial losses.

Data breaches

Data breaches GDPR Compliance Personal data

Article 29 Working Party Publishes Guidance on Consent Under the GDPR

Hunton Privacy

DECEMBER 15, 2017

Recently, the EU’s Article 29 Working Party (the “Working Party”) adopted guidelines (the “Guidance”) on the meaning of consent under the EU General Data Protection Regulation (“GDPR”). The Guidance provides further detail on what is necessary to ensure that consent satisfies the requirements of the GDPR: Freely given.

GDPR

GDPR Personal data Risk Compliance

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The guide is in line with the Article 29 Working Party Guidelines on Data Protection Officers (WP 243 rev 01) , but provides additional insights and practical guidance to organizations that designate a DPO in respect of GDPR and French data protection act requirements. Be the point of contact on GDPR issues.

GDPR

GDPR Compliance Personal data Communications

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

DLA Piper Privacy Matters

FEBRUARY 7, 2019

Given the potential financial exposure under GDPR, it is no surprise that a great deal of time is being spent working out how to allocate the risk and liability when negotiating commercial contracts. Before we look at limiting liability, we need to first consider how liability can arise in the first place in the context of GDPR.

GDPR

GDPR Risk Data breaches Personal data

Less than two months to go until DSP Toolkit submission deadline

IT Governance

FEBRUARY 19, 2019

Less than two months remain for healthcare organisations to demonstrate compliance with NHS Digital’s DSP (Data Security and Protection) Toolkit. Ask a healthcare expert >> Data security standards and the GDPR. Technology: Ensure technology is secure and up to date. Unsure if you need to comply? Staff awareness.

GDPR

GDPR Compliance Government Information Security

FRANCE: CNIL New Security Guidelines

DLA Piper Privacy Matters

FEBRUARY 2, 2018

Article 32 of the GDPR requires data controllers and processors to “ implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk ”. Although the GDPR provides some guidance as to the types of measures that may be considered appropriate (i.e., Workstations security.

Security

Security Personal data GDPR Compliance

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. While the new security proposals have not yet become law, cybersecurity managers can begin to prepare metrics and audits that will not only help comply with those laws, but can also help create positive change now.

Cybersecurity

Cybersecurity Compliance Risk Communications

ITALY: New GDPR Guidelines from the Italian data protection authority

DLA Piper Privacy Matters

APRIL 9, 2018

Italian companies can now rely on guidelines on how to comply with the European privacy regulation (GDPR) which unvail some interesting positions. . health related data that are now incorporated in the broader “ special ” category of data) and to the processing based on automated decision making, including profiling.

GDPR

GDPR Personal data Privacy Data breaches

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. Many of our clients ask us when and how they may be called upon to demonstrate compliance with the GDPR.

GDPR

GDPR Personal data Compliance Data breaches

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission).

Privacy

Privacy GDPR Data breaches Risk

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

The Company was found guilty of infringing the following provisions of Regulation EU 2016/679 (“ GDPR ”): Information provided to the riders pursuant to Article 13 of the GDPR. The Company was also charged with the violation of Articles 5(1)(c) and 25 of the GDPR. Security measures in place.

Personal data

Personal data GDPR e-Delivery Communications

GDPR compliance checklist

How to implement the General Data Protection Regulation (GDPR)

Trending Sources

How to Comply with GDPR, PIPL, and CCPA

Security Compliance & Data Privacy Regulations

Google fined £44 million in landmark GDPR ruling

The GDPR: A guide for small businesses

7 steps to highly effective GDPR compliance

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Key steps to GDPR compliance – Part 3

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

How to comply with Article 30 of the GDPR

How to write a GDPR-compliant data subject access request procedure – with template

CCTV and the GDPR – an overview for small businesses

What Is Data Minimisation? Definition & Examples

Why risk assessments are essential for GDPR compliance

What UK charities need to know about GDPR compliance

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

Achieve GDPR compliance with our software tools

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

GDPR – The Year in Review

Belgian Privacy Commission Issues Recommendation on Internal Records Under the GDPR

GDPR Italian Implementing Decree Has Been Published

European Commission Adopts New Standard Contractual Clauses

Belgian Privacy Commission Issues Priorities and Thematic Dossier to Prepare for GDPR

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Unactioned data subject access requests could lead to legal action

The Privacy Officers’ New Year’s Resolutions

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

How long do you have to report a data breach?

EDPB Adopts Guidelines on Data Processing Through Video Devices

How long do you have to report a data breach?

Article 29 Working Party Publishes Guidance on Consent Under the GDPR

France: The CNIL publishes a practical guide on Data Protection Officers

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

Less than two months to go until DSP Toolkit submission deadline

FRANCE: CNIL New Security Guidelines

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

New SEC Cybersecurity Rules Could Affect Private Companies Too

ITALY: New GDPR Guidelines from the Italian data protection authority

GDPR is upon us: are you ready for what comes next?

The Privacy Officers’ New Year’s Resolutions

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Stay Connected