Document, GDPR and Security - Information Management Today

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S. PIPL Raises the Bar – And the Stakes.

Data Privacy

Data Privacy Compliance Privacy Security

GDPR for small business: the ultimate guide

IT Governance

JULY 2, 2020

What is the GDPR? Second, organisations must implement security measures to protect personal data from being breached or misused, and they must disclose any security incidents involving this data. First, the UK has implemented the UK DPA (Data Protection Act) 2018 , which adopts the GDPR into national law.

GDPR

GDPR Personal data Data breaches Compliance

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

DLA Piper Privacy Matters

AUGUST 19, 2021

On 17 December 2019, the ICO issued the first administrative fine under the GDPR (known as a monetary penalty notice in the UK), alongside an Enforcement Notice, against Doorstep Disparensee Limited (“ DDL ”). Some of these contained personal data and special category (health) data.

GDPR

GDPR Personal data Compliance Risk

Google fined £44 million in landmark GDPR ruling

IT Governance

JANUARY 21, 2019

Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). . It’s by far the biggest fine related to the GDPR, which took effect in May 2018 and gave regulatory bodies much stronger disciplinary powers. .

GDPR

GDPR Access Government IT

What Is Data Minimisation? Definition & Examples

IT Governance

APRIL 18, 2023

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur. What is data minimisation?

GDPR

GDPR Personal data Data breaches Marketing

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Compliance Data collection Privacy

Written IT Security Policies: Why You Need Them & How to Create Them

eSecurity Planet

MARCH 18, 2022

Many security professionals think that if they have done the hard work of securing their organization, that should be enough. There is, however, a next step: Documenting policies. Written documentation. Written security policies. However, even a handwritten spiral notebook could work for a small organization.

IT

IT Compliance Security Access

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

IT Governance

DECEMBER 24, 2019

Doorstep Dispensaree has been fined £275,000 for failing to comply with the GDPR (General Data Protection Regulation) , making it the first organisation in the UK to be penalised for breaching its requirements. Haven’t there already been GDPR fines in the UK? What went wrong?

GDPR

GDPR Personal data Government Access

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Compliance Privacy Data Privacy

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

Key steps to GDPR compliance – Part 3

IT Governance

DECEMBER 20, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, but some businesses are not even thinking about it yet, or are only just starting to. Data subject access requests, incident reporting and data breach reporting will all need written processes, too. 8) Communications strategy.

GDPR

GDPR Compliance Data breaches Information Security

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. You can find more information about GDPR compliance on our website >> Data processing principles (Article 5).

GDPR

GDPR Personal data Privacy Access

How to comply with Article 30 of the GDPR

IT Governance

JUNE 21, 2018

Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. One key part of this record-keeping activity is to document the category of individuals (employees, customers, etc.) Where to begin with a data flow map? Formats (e.g.

GDPR

GDPR Personal data Risk Cloud

What UK charities need to know about GDPR compliance

IT Governance

AUGUST 2, 2019

If you think that charities might be shown lenience under the GDPR (General Data Protection Regulation) , you’re wrong. The Regulation treats charities in much the same way as any organisation, because although they’re not using personal data to make a profit, they still run the risk of data breaches and privacy violations.

GDPR

GDPR Compliance Personal data Risk

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. However, the GDPR is clear that data is also vulnerable to accidental or unlawful destruction, loss or disclosure. The GDPR risk assessment methodology. Get started with vsRisk.

GDPR

GDPR Risk Compliance Personal data

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

Background: How to calculate GDPR fines? How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR?

GDPR

GDPR Authentication Compliance Personal data

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. This will allow them to be one step ahead and better organized to comply with the upcoming GDPR.

GDPR

GDPR Personal data Compliance Privacy

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Data Protection Report

JULY 8, 2019

The issue giving rise to the financial penalty was a security breach relating to the company’s website notified by a user to the CNIL on 12 August 2018. According to SERGIC, the website’s security breach could have impacted around 29,440 users.

GDPR

GDPR Personal data Compliance Security

ICO issue fine of £4.4 to Interserve for security failings

DLA Piper Privacy Matters

OCTOBER 25, 2022

for violations of the GDPR (the violations were pre-Brexit). The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal data (in contravention of Articles 5(1)(f) and 32 GDPR) for a period of ~20 months. The Incident. Digest of points to note in the MPN.

Security

Security GDPR Personal data Insurance

How long do you have to report a data breach?

IT Governance

DECEMBER 13, 2018

The first 72 hours after you become aware of a data breach are critical. This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. Not all breaches need to be reported. How to report data breaches.

Data breaches

Data breaches GDPR Personal data Compliance

How long do you have to report a data breach?

IT Governance

OCTOBER 24, 2018

The first 72 hours after you become aware of a data breach are critical. This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. Not all breaches need to be reported. How to report data breaches.

Data breaches

Data breaches GDPR Compliance Personal data

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

Belgian Privacy Commission Issues Priorities and Thematic Dossier to Prepare for GDPR

Hunton Privacy

SEPTEMBER 21, 2016

On September 16, 2016, the Belgian Data Protection Authority (the “Privacy Commission”) published a 13-step guidance document (in French and Dutch ) to help organizations prepare for the EU General Data Protection Regulation (“GDPR”). Document what personal data is stored, where it came from and with whom it is shared.

GDPR

GDPR Privacy Personal data Data breaches

European Commission Adopts New Standard Contractual Clauses

Data Matters

JUNE 5, 2021

The New SCCs take into account the Court of Justice of the European Union’s ( CJEU ) decision in Schrems II , requirements under the EU General Data Protection Regulation ( GDPR ), and according to the EC “address the realities faced by modern business”. However, their formulation (i.e.,

GDPR

GDPR Personal data IT Data breaches

How Companies Need to Treat User Data and Manage Their Partners

Security Affairs

MAY 12, 2021

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. Data breaches and other threats.

GDPR

GDPR Privacy Personal data Data breaches

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. While the new security proposals have not yet become law, cybersecurity managers can begin to prepare metrics and audits that will not only help comply with those laws, but can also help create positive change now.

Cybersecurity

Cybersecurity Compliance Risk Communications

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. Data retention is a rising trend in GDPR enforcement. Address the ghost of Christmas past!

Privacy

Privacy GDPR Data breaches Risk

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

DLA Piper Privacy Matters

FEBRUARY 7, 2019

Given the potential financial exposure under GDPR, it is no surprise that a great deal of time is being spent working out how to allocate the risk and liability when negotiating commercial contracts. Before we look at limiting liability, we need to first consider how liability can arise in the first place in the context of GDPR.

GDPR

GDPR Risk Data breaches Personal data

Belgian Privacy Commission Issues Recommendation on Internal Records Under the GDPR

Hunton Privacy

JULY 7, 2017

The Belgian Privacy Commission (the “Belgian DPA”) recently released a Recommendation (in French and Dutch ) regarding the requirement to maintain internal records of data processing activities (the “Recommendation”) pursuant to Article 30 of the EU General Data Protection Regulation (“GDPR”). Aim of such requirement.

GDPR

GDPR Privacy Personal data Data breaches

Less than two months to go until DSP Toolkit submission deadline

IT Governance

FEBRUARY 19, 2019

Less than two months remain for healthcare organisations to demonstrate compliance with NHS Digital’s DSP (Data Security and Protection) Toolkit. Ask a healthcare expert >> Data security standards and the GDPR. Technology: Ensure technology is secure and up to date. Unsure if you need to comply? Staff awareness.

GDPR

GDPR Compliance Government Information Security

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. Many of our clients ask us when and how they may be called upon to demonstrate compliance with the GDPR.

GDPR

GDPR Personal data Compliance Data breaches

GDPR Italian Implementing Decree Has Been Published

HL Chronicle of Data Protection

SEPTEMBER 14, 2018

101 of 10 August 2018 (the “Decree”) for the national implementation of General Data Protection Regulation (EU) 2016/679 (the “GDPR”) has been published in the Official Journal. Below, a brief summary of the most relevant provisions: PROVISIONS WHICH INTEGRATE THE GDPR. On 4 September, the Legislative Decree no.

GDPR

GDPR Personal data Privacy Communications

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The guide is in line with the Article 29 Working Party Guidelines on Data Protection Officers (WP 243 rev 01) , but provides additional insights and practical guidance to organizations that designate a DPO in respect of GDPR and French data protection act requirements. Be the point of contact on GDPR issues.

GDPR

GDPR Compliance Personal data Communications

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. The requirements regarding keeping data secure, and new data breach obligations, will definitely up the ante for businesses in the UAE to take cyber security seriously. 44) of 2021.

Personal data

Personal data Data breaches GDPR Compliance

A deeper dive into the new Standard Contractual Clauses

Data Protection Report

JUNE 7, 2021

The documentation published comprises both an Implementing Decision and an Annex setting out the New SCCs themselves. Greater alignment with the GDPR: Many of the provisions in the New SCCs have been brought more in line with the GDPR requirements. They will also be a lawful mechanism for UK companies to use too.

Personal data

Personal data GDPR Data breaches Access

The Impacts of Data Loss on Your Organization

Security Affairs

JULY 3, 2023

Examples : emails, social media posts, customer feedback, audio and video files, images, and documents. Semi-Structured Data: Semi-structured data lies between the structured and unstructured categories. Example: Metadata can include information about the source, creation date, file format, or authorship of a document.

Unstructured data

Unstructured data Metadata Encryption Data structuring

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. Data retention is a rising trend in GDPR enforcement. Address the ghost of Christmas past!

Privacy

Privacy GDPR Data breaches Risk

ITALY: New GDPR Guidelines from the Italian data protection authority

DLA Piper Privacy Matters

APRIL 9, 2018

Italian companies can now rely on guidelines on how to comply with the European privacy regulation (GDPR) which unvail some interesting positions. . health related data that are now incorporated in the broader “ special ” category of data) and to the processing based on automated decision making, including profiling.

GDPR

GDPR Personal data Privacy Data breaches

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

The Company was found guilty of infringing the following provisions of Regulation EU 2016/679 (“ GDPR ”): Information provided to the riders pursuant to Article 13 of the GDPR. The Company was also charged with the violation of Articles 5(1)(c) and 25 of the GDPR. Security measures in place.

Personal data

Personal data GDPR e-Delivery Communications

GDPR compliance checklist

How to implement the General Data Protection Regulation (GDPR)

Trending Sources

How to Comply with GDPR, PIPL, and CCPA

Security Compliance & Data Privacy Regulations

GDPR for small business: the ultimate guide

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

Google fined £44 million in landmark GDPR ruling

What Is Data Minimisation? Definition & Examples

Guest Post - Three Critical Steps for GDPR Compliance

Written IT Security Policies: Why You Need Them & How to Create Them

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Key steps to GDPR compliance – Part 3

CCTV and the GDPR – an overview for small businesses

How to comply with Article 30 of the GDPR

What UK charities need to know about GDPR compliance

Why risk assessments are essential for GDPR compliance

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

ICO issue fine of £4.4 to Interserve for security failings

How long do you have to report a data breach?

How long do you have to report a data breach?

GDPR – The Year in Review

Belgian Privacy Commission Issues Priorities and Thematic Dossier to Prepare for GDPR

European Commission Adopts New Standard Contractual Clauses

How Companies Need to Treat User Data and Manage Their Partners

New SEC Cybersecurity Rules Could Affect Private Companies Too

The Privacy Officers’ New Year’s Resolutions

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

Belgian Privacy Commission Issues Recommendation on Internal Records Under the GDPR

Less than two months to go until DSP Toolkit submission deadline

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

GDPR is upon us: are you ready for what comes next?

GDPR Italian Implementing Decree Has Been Published

France: The CNIL publishes a practical guide on Data Protection Officers

UAE: Federal level data protection law enacted

A deeper dive into the new Standard Contractual Clauses

The Impacts of Data Loss on Your Organization

The Privacy Officers’ New Year’s Resolutions

ITALY: New GDPR Guidelines from the Italian data protection authority

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Stay Connected