Document, GDPR and Security - Information Management Today

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

IT Governance

DECEMBER 24, 2019

Doorstep Dispensaree has been fined £275,000 for failing to comply with the GDPR (General Data Protection Regulation) , making it the first organisation in the UK to be penalised for breaching its requirements. Haven’t there already been GDPR fines in the UK? What went wrong?

GDPR

GDPR Personal data Government Access

7 steps to highly effective GDPR compliance

IT Governance

AUGUST 21, 2019

The GDPR (General Data Protection Regulation) hasn’t exactly crept up unnoticed over the past year or so, but it’s still caught many organisations by surprise. Meanwhile, although the specifics of Brexit are still unclear, one thing is certain: whatever happens, UK-based organisations will be subject to the GDPR’s requirements.

GDPR

GDPR Compliance Personal data Access

How to comply with Article 30 of the GDPR

IT Governance

JUNE 21, 2018

Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. One key part of this record-keeping activity is to document the category of individuals (employees, customers, etc.) post, telephone, internal/external).

GDPR

GDPR Personal data Risk Cloud

Key steps to GDPR compliance – Part 3

IT Governance

DECEMBER 20, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, but some businesses are not even thinking about it yet, or are only just starting to. The EU GDPR Documentation Toolkit is a complete set of GDPR-compliant templates that are easy to use and customisable.

GDPR

GDPR Compliance Data breaches Information Security

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. You can find more information about GDPR compliance on our website >> Data processing principles (Article 5).

GDPR

GDPR Personal data Privacy Access

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

What UK charities need to know about GDPR compliance

IT Governance

AUGUST 2, 2019

If you think that charities might be shown lenience under the GDPR (General Data Protection Regulation) , you’re wrong. This is a lesson that the transgender advocacy charity Mermaids learned recently , after it accidentally made internal emails containing confidential client information available online. GDPR exemptions for charities.

GDPR

GDPR Compliance Personal data Risk

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. However, the GDPR is clear that data is also vulnerable to accidental or unlawful destruction, loss or disclosure. The GDPR risk assessment methodology. The software tool is: Easy to use.

GDPR

GDPR Risk Compliance Personal data

Written IT Security Policies: Why You Need Them & How to Create Them

eSecurity Planet

MARCH 18, 2022

Many security professionals think that if they have done the hard work of securing their organization, that should be enough. There is, however, a next step: Documenting policies. Written documentation. Written security policies. However, even a handwritten spiral notebook could work for a small organization.

IT

IT Compliance Security Access

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. This person will internally carry out informational, advisory and control tasks.

GDPR

GDPR Personal data Compliance Privacy

Belgian Privacy Commission Issues Recommendation on Internal Records Under the GDPR

Hunton Privacy

JULY 7, 2017

The Belgian Privacy Commission (the “Belgian DPA”) recently released a Recommendation (in French and Dutch ) regarding the requirement to maintain internal records of data processing activities (the “Recommendation”) pursuant to Article 30 of the EU General Data Protection Regulation (“GDPR”). Content of internal records.

GDPR

GDPR Privacy Personal data Data breaches

Belgian Privacy Commission Issues Priorities and Thematic Dossier to Prepare for GDPR

Hunton Privacy

SEPTEMBER 21, 2016

On September 16, 2016, the Belgian Data Protection Authority (the “Privacy Commission”) published a 13-step guidance document (in French and Dutch ) to help organizations prepare for the EU General Data Protection Regulation (“GDPR”). Internal Records. Review existing privacy notices and update them to comply with the GDPR.

GDPR

GDPR Privacy Personal data Data breaches

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The guide is in line with the Article 29 Working Party Guidelines on Data Protection Officers (WP 243 rev 01) , but provides additional insights and practical guidance to organizations that designate a DPO in respect of GDPR and French data protection act requirements. Be the point of contact on GDPR issues. i) Appointment of the DPO.

GDPR

GDPR Compliance Personal data Communications

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. While the new security proposals have not yet become law, cybersecurity managers can begin to prepare metrics and audits that will not only help comply with those laws, but can also help create positive change now.

Cybersecurity

Cybersecurity Compliance Risk Communications

European Commission Adopts New Standard Contractual Clauses

Data Matters

JUNE 5, 2021

The European Commission ( EC ) on June 4, 2021 adopted a new set of Standard Contractual Clauses for international data transfers ( New SCCs ). ex-EEA) whose processing of the personal data is not subject to the requirements of the GDPR. However, their formulation (i.e.,

GDPR

GDPR Personal data IT Data breaches

GDPR Italian Implementing Decree Has Been Published

HL Chronicle of Data Protection

SEPTEMBER 14, 2018

101 of 10 August 2018 (the “Decree”) for the national implementation of General Data Protection Regulation (EU) 2016/679 (the “GDPR”) has been published in the Official Journal. Below, a brief summary of the most relevant provisions: PROVISIONS WHICH INTEGRATE THE GDPR. On 4 September, the Legislative Decree no.

GDPR

GDPR Personal data Privacy Communications

FRANCE: CNIL New Security Guidelines

DLA Piper Privacy Matters

FEBRUARY 2, 2018

Article 32 of the GDPR requires data controllers and processors to “ implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk ”. Although the GDPR provides some guidance as to the types of measures that may be considered appropriate (i.e., Workstations security.

Security

Security Personal data GDPR Compliance

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

Unactioned data subject access requests could lead to legal action

IT Governance

FEBRUARY 19, 2019

The investigation into Magnacrest predates the GDPR (General Data Protection Regulation) , resulting in a relatively small fine. The categories of personal data involved. The recipients (or categories of recipients) to whom the personal data has been or will be disclosed. Documenting the facts relating to the DSARs.

Access

Access GDPR Personal data Compliance

ITALY: New GDPR Guidelines from the Italian data protection authority

DLA Piper Privacy Matters

APRIL 9, 2018

Italian companies can now rely on guidelines on how to comply with the European privacy regulation (GDPR) which unvail some interesting positions. . health related data that are now incorporated in the broader “ special ” category of data) and to the processing based on automated decision making, including profiling.

GDPR

GDPR Personal data Privacy Data breaches

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. Many of our clients ask us when and how they may be called upon to demonstrate compliance with the GDPR.

GDPR

GDPR Personal data Compliance Data breaches

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

Belgian DPA decision on IAB Transparency and Consent Framework

DLA Piper Privacy Matters

MARCH 2, 2022

In addition, the Belgian DPA’s Inspection Service (the body within the DPA which investigates potential violations of the GDPR) also carried out inspections on its own behalf. The Belgian DPA handled this case as lead supervisory authority drawing its jurisdiction from a combined reading of articles 56 and 4(23)b GDPR. 13 and 14 GDPR.

GDPR

GDPR Personal data IT Compliance

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

DLA Piper Privacy Matters

FEBRUARY 7, 2019

Given the potential financial exposure under GDPR, it is no surprise that a great deal of time is being spent working out how to allocate the risk and liability when negotiating commercial contracts. Before we look at limiting liability, we need to first consider how liability can arise in the first place in the context of GDPR.

GDPR

GDPR Risk Data breaches Personal data

One Year and Counting – a GDPR Checklist

Managing Your Information

MAY 25, 2017

With just one year to go until the GDPR applies, now is the time for action. With one year to go, it must be time for a GDPR checklist! It is essential to make a start on preparations for compliance with the GDPR as there is lots to do. Initial Preparations. Awareness raising is essential at all levels of the organisation.

GDPR

GDPR Personal data Compliance Data breaches

UK ICO Publishes New Guidance and a Tool for Transfer Risk Assessments

Hunton Privacy

NOVEMBER 18, 2022

On November 17, 2022, the UK data protection regulator, the Information Commissioner’s Office (“ICO”), published updated guidance on international transfers that includes a new section on transfer risk assessments (“TRAs”) and a TRA tool. The TRA tool is a template document with six questions and guidance on how to complete the TRA.

Risk

Risk Privacy Government Access

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. In this regard we expect it will be welcomed by local, regional and international businesses, in particular those that rely heavily upon personal data and international personal data flows.

Personal data

Personal data Data breaches GDPR Compliance

One Year and Counting – a GDPR Checklist

Managing Your Information

MAY 25, 2017

With just one year to go until the GDPR applies, now is the time for action. With one year to go, it must be time for a GDPR checklist! It is essential to make a start on preparations for compliance with the GDPR as there is lots to do. Initial Preparations. Awareness raising is essential at all levels of the organisation.

GDPR

GDPR Personal data Compliance Data breaches

Appointing a data protection officer: A quick guide for schools and multi-academy trusts

IT Governance

MARCH 28, 2018

Whatever the size and setting of your school, the General Data Protection Regulation (GDPR) places high expectations on protecting the personal data of your data subjects, especially children. Sensitive personal data is a specific set of “special categories” that must be treated with extra security, such as genetic and biometric data.

GDPR

GDPR Personal data Compliance Data breaches

The French data protection authority (CNIL) adopts a new standard on whistleblowing systems

Data Protection Report

FEBRUARY 5, 2020

The “standard” is essentially a reference document which serves as guidance for those implementing whistleblowing systems. This new standard replaces the single authorisation AU-004 of 22 June 2017 (as amended) which, since the GDPR came into force, no longer has legal force. Clarifications on security measures.

GDPR

GDPR Compliance Personal data Privacy

New UK guidance on Transfer Risk Assessments

Data Protection Report

DECEMBER 8, 2022

On 17 November 2022, the Information Commissioner’s Office ( ICO ) published an update to its guidance on international transfers ( Transfers Guidance ). the ICO’s International Data Transfer Agreement, the EU Standard Contractual Clauses (together with the UK Addendum) or Binding Corporate Rules). When is a TRA required? The TRA Tool.

Risk

Risk Personal data GDPR Privacy

7 key stages of the data protection impact assessment (DPIA)

IT Governance

SEPTEMBER 4, 2019

Under the GDPR, DPIAs (data protection impact assessments) are mandatory for data processing that is “likely to result in a high risk to the rights and freedoms of data subjects” Effectively a type of risk assessment, DPIAs assess how these high-risk processing activities could impact data subjects.

Personal data

Personal data GDPR Risk Access

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

We make IT, security, or any business decision by weighing the risks and the rewards. Or as is often the case with security, what costs can we skip and still escape big penalties later? Document the incident response process as a plan. The building manager to handle threats to physical security at a specific office.

Insurance

Insurance Ransomware Data breaches Cloud

European Commission Proposes Revised Standard Contractual Clauses

Data Matters

NOVEMBER 13, 2020

In relation to special categories of personal data (e.g., The draft SCCs are intended to also satisfy the requirements of Article 28(3) of the GDPR (i.e., data concerning health) the data importer must agree to apply additional safeguards adapted to the specific nature of the data and the risks.

Personal data

Personal data GDPR Privacy Compliance

The ICO Updates Its Data Sharing Code of Practice

HL Chronicle of Data Protection

AUGUST 5, 2019

On the same day, the ICO also announced its intention to fine Marriott International just over £99m for infringements of the General Data Protection Regulation (GDPR), highlighting the importance of due diligence in the context of data sharing. Are data sharing agreements required under the GDPR? Specific data sharing cases.

GDPR

GDPR IT Personal data Compliance

Keeping an ‘AI’ on your data: UK data regulator recommends lawful methods of using personal information and artificial intelligence

DLA Piper Privacy Matters

NOVEMBER 8, 2022

Most AI will typically fall within the remit of ‘high-risk’ if it engages with personal information for the purposes of the proposed EU AI Regulation (“ AI Act ”) (and likely a similar category within the developing UK framework). accounting for other additional factors that weren’t included as part of the initial input data.

Artificial Intelligence

Artificial Intelligence Data Privacy Personal data Privacy

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

The EDPB acknowledges the ubiquity of video devices in modern life (everything from smartphone cameras to video-enabled doorbells and home security systems), and accepts that many individuals may be comfortable with the use of such devices for certain purposes such as security. 1. Application of the GDPR.

Personal data

Personal data GDPR Access Marketing

Cloud Security Fundamentals: Understanding the Basics

eSecurity Planet

MAY 24, 2024

Cloud security fundamentals are the core requirements that ensure data protection, regulatory compliance, and access management in a cloud environment. Understanding cloud security challenges and knowing the cloud security tools available in the market significantly contribute to enhanced cloud security.

Cloud

Cloud Security Compliance Encryption

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

MARCH 4, 2021

The VCDPA, which will not enter into effect until January 1, 2023, borrows heavily from the California Consumer Privacy Act (CCPA) and the European Union (EU) General Data Protection Regulation (GDPR). It remains to be seen how Virginia regulators will interpret this “targeting” test — which obviously echoes a similar approach in the GDPR.

Personal data

Personal data GDPR Sales Privacy

FRANCE: THE FIRST CNIL STANDARD REGULATION FOR BIOMETRIC SYSTEMS IN THE WORKPLACE

DLA Piper Privacy Matters

APRIL 11, 2019

employees, agents, interns and contractors). The CNIL reminds that the rules resulting from the Regulation do not exclude the application of the general obligations under the GDPR, notably regarding compliance with the general principles for processing personal data, data subject rights and international transfers.

Personal data

Personal data GDPR Access Compliance

How to Comply with GDPR, PIPL, and CCPA

How to implement the General Data Protection Regulation (GDPR)

Trending Sources

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

7 steps to highly effective GDPR compliance

How to comply with Article 30 of the GDPR

Key steps to GDPR compliance – Part 3

CCTV and the GDPR – an overview for small businesses

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

What UK charities need to know about GDPR compliance

Why risk assessments are essential for GDPR compliance

Written IT Security Policies: Why You Need Them & How to Create Them

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Belgian Privacy Commission Issues Recommendation on Internal Records Under the GDPR

Belgian Privacy Commission Issues Priorities and Thematic Dossier to Prepare for GDPR

France: The CNIL publishes a practical guide on Data Protection Officers

GDPR – The Year in Review

New SEC Cybersecurity Rules Could Affect Private Companies Too

European Commission Adopts New Standard Contractual Clauses

GDPR Italian Implementing Decree Has Been Published

FRANCE: CNIL New Security Guidelines

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

Unactioned data subject access requests could lead to legal action

ITALY: New GDPR Guidelines from the Italian data protection authority

GDPR is upon us: are you ready for what comes next?

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

Belgian DPA decision on IAB Transparency and Consent Framework

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

One Year and Counting – a GDPR Checklist

UK ICO Publishes New Guidance and a Tool for Transfer Risk Assessments

UAE: Federal level data protection law enacted

One Year and Counting – a GDPR Checklist

Appointing a data protection officer: A quick guide for schools and multi-academy trusts

The French data protection authority (CNIL) adopts a new standard on whistleblowing systems

New UK guidance on Transfer Risk Assessments

7 key stages of the data protection impact assessment (DPIA)

How to Develop an Incident Response Plan

European Commission Proposes Revised Standard Contractual Clauses

The ICO Updates Its Data Sharing Code of Practice

Keeping an ‘AI’ on your data: UK data regulator recommends lawful methods of using personal information and artificial intelligence

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

Cloud Security Fundamentals: Understanding the Basics

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

FRANCE: THE FIRST CNIL STANDARD REGULATION FOR BIOMETRIC SYSTEMS IN THE WORKPLACE

Stay Connected