Examples, Exercises and GDPR - Information Management Today

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

GDPR Article 17: What Is the Right to Erasure?

IT Governance

MARCH 30, 2023

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. Failure to fulfil this requirement is considered a serious breach and could be penalised under the GDPR’s upper tier of fines of €20 million (£17.5 What is the right to erasure? Can you charge a fee?

GDPR

GDPR Personal data Compliance Government

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

GDPR

GDPR Personal data Risk IT

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant. Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant.

GDPR

GDPR Privacy Retail Personal data

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

Whereas the previous guidance set out general principles for when to impose fines under Article 83 GDPR, the new Guidelines provide a detailed five-step methodology for calculating a starting point for a fine and clarify how to determine the turnover of an undertaking in order to harmonise the approach across Member States.

GDPR

GDPR Compliance Personal data IT

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The test will be relative and it appears lower than under the EU GDPR, although the precise approach is not set out in the response. However, the precise approach will be set out in the AI white paper.

GDPR

GDPR Government Personal data Risk

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Data Matters

DECEMBER 2, 2019

On 4 November 2019, the European Data Protection Board (EDPB), the EU-wide data supervisory authority, held a stakeholders’ event on data subject rights under the GDPR. Stakeholders noted some requests were too broad, in turn, making it difficult to identify which data subject right was being exercised (e.g.,

GDPR

GDPR Compliance Personal data Access

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

Recently, the Association of German Data Protection Authorities (“ Datenschutzkonferenz ” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. The involvement of an entity is triggered when it exercises ‘decisive influence’.

GDPR

GDPR Personal data Privacy Manufacturing

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

Recently, the Association of German Data Protection Authorities (“ Datenschutzkonferenz ” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. The involvement of an entity is triggered when it exercises ‘decisive influence’.

GDPR

GDPR Personal data Privacy Manufacturing

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

Data Matters

JULY 8, 2019

Today we saw the ICO issue a notice of its intention to fine British Airways £183.39m for infringements of the GDPR – a record fine and the largest seen in the UK and the EU. This action by the ICO demonstrates that they are prepared to enforce the GDPR and levy significant fines.

GDPR

GDPR Privacy Data breaches Risk

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Privacy Data Privacy

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

AUGUST 17, 2020

If the EU’s ‘level data protection playing field’ means continuing to fully implement all aspects of European data protection law, including all aspects of the two-year-old General Data Protection Regulation (GDPR), then what was the point of Brexit? The GDPR has had a profound impact on many organisations.

Privacy

Privacy GDPR Personal data Computer and Electronics

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

Driving GDPR Compliance

Collibra

FEBRUARY 25, 2021

The General Data Protection Regulation (GDPR) mandates businesses to make provisions for EU citizens to exercise their right to access and control their personal data, including the export of personal data outside the EU. But hurriedly planning for the GDPR is not the solution. Six phases of GDPR compliance.

GDPR

GDPR Compliance Personal data Data Privacy

How to write a GDPR-compliant data subject access request procedure

IT Governance

MARCH 20, 2018

In the lead up to May, it is important your organisation prioritises steps to prove that you are making an effort to comply with the EU General Data Protection Regulation (GDPR). D ata subject access request procedures under the GDPR. What is a data subject access request?

GDPR

GDPR Access Personal data Compliance

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Data Protection Report

JUNE 6, 2023

Whilst a significant part of the MPN is focussed on TikTok’s non compliance with the rules around processing children’s personal data, the MPN also clarifies how the ICO interprets the requirements in Article 13 of the UK GDPR more generally.

Privacy

Privacy GDPR Personal data Compliance

Is your organisation equipped for long-term GDPR compliance?

IT Governance

MAY 28, 2019

Last week, the GDPR (General Data Protection Regulation) turned one year old. GDPR compliance is an ongoing process and should be embedded by design in your data protection practices. The GDPR is as broad as possible when it comes to the security measures that organisations should implement.

GDPR

GDPR Compliance Personal data Risk

How to write a GDPR-compliant data subject access request procedure – with template

IT Governance

NOVEMBER 8, 2018

This blog was originally published before the GDPR took effect in May 2018. This blog explains how to write a GDPR-compliant DSAR (data subject access request) procedure to ensure you meet your obligations as a data controller. Data subject access request procedures under the GDPR. Updated X November 2018.

GDPR

GDPR Access Personal data Compliance

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

AUGUST 23, 2021

For example, suppose you have workers in the EU. In that case, you must abide by the General Data Protection Regulation (GDPR), which imposes fines on some activities that are perfectly legal in the U.S. Similarly, different nations exercise varying amounts of authority over internet traffic. •Inconsistent data regulations.

Communications

Communications Cybersecurity GDPR Risk

Where does data flow mapping fit into your GDPR compliance project?

IT Governance

MAY 9, 2018

A data flow map should be one of the first things your organisation produces as you prepare for the EU General Data Protection Regulation (GDPR). You might be surprised at how often your information is copied or transferred, which is why the GDPR makes it such a top priority. Where to begin? names, email addresses, records).

GDPR

GDPR Compliance Personal data Paper

How to comply with Article 30 of the GDPR

IT Governance

JUNE 21, 2018

Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. You might be surprised at how often your information is copied or transferred, which is why the GDPR makes it such a top priority. What does Article 30 require? Formats (e.g.

GDPR

GDPR Personal data Risk Cloud

10 key areas to identify gaps in your GDPR compliance

IT Governance

APRIL 12, 2018

Compliance with the EU General Data Protection Regulation (GDPR) should be a priority for all EU organisations, and non-EU organisations that monitor the behaviour or offer goods and services to EU residents. The GDPR is far more extensive in scope and application than the current Data Protection Act.

GDPR

GDPR Compliance Personal data Risk

The Netherlands – DPA imposes EUR 830,00 fine for access request fees

DLA Piper Privacy Matters

JULY 8, 2020

Companies like financial institutions and telecom providers use this information, for example, to assess whether new customers can pay a loan. The fine has been imposed due to the fact that BKR’s procedure for data subjects to obtain access to their personal data was not in line with GDPR.

Access

Access GDPR Personal data IT

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. This will allow them to be one step ahead and better organized to comply with the upcoming GDPR.

GDPR

GDPR Personal data Compliance Privacy

Belgium: Belgian data protection authority clarifies the public interest legal basis in the context of decision on a vehicle tracking system

DLA Piper Privacy Matters

MARCH 6, 2023

f) GDPR) as a legal basis for processing vehicle tracking data by public authorities. GDPR in fine that excludes the possibility for public authorities to rely on legitimate interest for processing carried out “in the performance of their tasks” and concludes that the vehicle tracking system falls within the relevant authority’s tasks.

GDPR

GDPR Personal data Compliance IT

CIPL Issues White Paper on GDPR Implementation in Respect of Children’s Data and Consent

Hunton Privacy

MARCH 8, 2018

On March 6, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP issued a white paper on GDPR Implementation in Respect of Children’s Data and Consent (the “White Paper”). To read CIPL’s position on the points above, in addition to its other recommendations, please view the full White Paper.

Paper

Paper GDPR Personal data Marketing

Article 29 Working Party Publishes Guidance on Consent Under the GDPR

Hunton Privacy

DECEMBER 15, 2017

Recently, the EU’s Article 29 Working Party (the “Working Party”) adopted guidelines (the “Guidance”) on the meaning of consent under the EU General Data Protection Regulation (“GDPR”). The Guidance provides further detail on what is necessary to ensure that consent satisfies the requirements of the GDPR: Freely given.

GDPR

GDPR Personal data Risk Compliance

Polish DPA issues the first fine for a violation of the GDPR – and it’s harsh

DLA Piper Privacy Matters

APRIL 2, 2019

On 25 March 2019, the Polish data protection authority (DPA) (referred to in Polish as “PUODO”) announced the imposition of the first GDPR-related fine in Poland. EUR 230,415 ) for a failure to comply with the information obligation set forth in Article 14 of the GDPR. 14 5(b) of the GDPR. 2 of the GDPR.

GDPR

GDPR Personal data IT Paper

EDPB Releases Opinion on Interplay Between the ePrivacy Directive and the GDPR and a Statement on the ePrivacy Regulation

Hunton Privacy

MARCH 19, 2019

On March 12, 2019, the European Data Protection Board (“EDPB”) adopted an opinion on the interplay between the EU Directive on Privacy and Electronic Communications (“the ePrivacy Directive”) and the General Data Protection Regulation (“GDPR”) (the “Opinion”). Interplay between the ePrivacy Directive and the GDPR.

GDPR

GDPR Personal data Communications Government

The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

HL Chronicle of Data Protection

MARCH 5, 2020

The Recommendation provides a methodology on how to comply with the General Data Protection Regulation (GDPR) when conducting direct marketing. In line with Article 5 of the GDPR, The Belgian DPA underlines the importance of identifying the personal data that is absolutely necessary for achieving the purpose of direct marketing.

Marketing

Marketing GDPR Personal data Healthcare

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. law, consumers and the marketplace have been comfortable with to date.

GDPR

GDPR Privacy Sales Data breaches

Europe: Advocate General delivers Opinion on the right of access for purposes unrelated to data protection

DLA Piper Privacy Matters

APRIL 25, 2023

15(3) GDPR must be interpreted as requiring a data controller to provide the data subject with a copy of his or her personal data, even where the data subject requests the copy for purposes unrelated to data protection. 15(3) GDPR. In particular, the AG took the view that Art. 12(5) and Art. 12(5) and Art. 12(5) and Art.

Access

Access GDPR Personal data IT

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. Many of our clients ask us when and how they may be called upon to demonstrate compliance with the GDPR.

GDPR

GDPR Personal data Compliance Data breaches

EDPB Published Guidelines on Certification and Derogations under the GDPR

Hunton Privacy

JUNE 1, 2018

On May 30, 2018, the European Data Protection Board (“EDPB”), replacing the Article 29 Working Party , published the final version of Guidelines 2/2018 on derogations in the context of international data transfers and draft Guidelines 1/2018 on certification under the EU General Data Protection Regulation (“GDPR”). .

GDPR

GDPR Personal data Compliance Risk

Advocate General Issues Opinion on GDPR’s One-Stop-Shop

Hunton Privacy

JANUARY 14, 2021

Facebook had asserted that with the General Data Protection Regulation (“GDPR”) becoming applicable in May 2018, the Belgian DPA did not have competence to continue the judicial proceedings for infringements of the GDPR in relation to cross-border data processing. and Facebook Ireland Ltd. AG Opinion.

GDPR

GDPR Personal data Risk IT

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The guide is in line with the Article 29 Working Party Guidelines on Data Protection Officers (WP 243 rev 01) , but provides additional insights and practical guidance to organizations that designate a DPO in respect of GDPR and French data protection act requirements. Be the point of contact on GDPR issues.

GDPR

GDPR Compliance Personal data Communications

Avoiding, Managing And Responding To Cyber Incidents

Data Protection Report

NOVEMBER 2, 2023

Regulated firms remain responsible for any data that they outsource and, in line with this, they must exercise appropriate oversight of any outsourcing – firms may want to consider, for example, what would happen if there was an issue, including whether back-up is adequate and if they would receive appropriate information if something did go wrong.

GDPR

GDPR Risk Cybersecurity Compliance

What is ‘privacy by design’?

IT Governance

FEBRUARY 28, 2018

Privacy by design and the GDPR. The upcoming EU General Data Protection Regulation (GDPR) will supersede the DPA. Article 25 of the GDPR, “[d]ata protection by design and default”, requires you to “implement appropriate technical and organisational measures” throughout your data processing project.

Privacy

Privacy GDPR Personal data Compliance

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

DLA Piper Privacy Matters

JANUARY 15, 2021

In late 2019, the Claimant issued proceedings and sought various relief, including in connection with an allegation that the Defendant had failed to provide data, contrary to the Data Protection Act 2018 ( “DPA 18” ) and the General Data Protection Regulation (EU) 2016/679 ( “GDPR” ). In each case, the answer had been adequate.

Access

Access GDPR Personal data Retail

What is data protection by design and default

IT Governance

JUNE 13, 2019

If your organisation is subject to the GDPR (General Data Protection Regulation) , you’re probably aware of your requirement to “implement appropriate technical and organisational measures” to protect the personal data you hold. Data protection by design and by default has been recommended good practice since long before the GDPR took effect.

GDPR

GDPR Personal data Compliance Privacy

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. law, consumers and the marketplace have been comfortable with to date.

GDPR

GDPR Privacy Sales Data breaches

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

One week into GDPR – what you need to know

Data Protection Report

JUNE 4, 2018

Websites go dark, complaints are filed within an hour, European Commission suffers an embarrassing data leak, and the US Commerce Secretary warns about the unintended trade impact of the law – all in the first week of the GDPR. billion – roughly 4 percent of each company’s revenue for 2017, the maximum penalty allowed under the GDPR.

GDPR

GDPR Compliance Personal data Privacy

GDPR compliance checklist

GDPR Article 17: What Is the Right to Erasure?

Webinars

Trending Sources

How to implement the General Data Protection Regulation (GDPR)

Webinars

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

Does your use of CCTV comply with the GDPR?

EDPB publishes guidance on calculating GDPR fines

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

German DSK Issues GDPR Fining Methodology Guidelines

German DSK Issues GDPR Fining Methodology Guidelines

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Data Protection: Where’s the Brexit Privacy Dividend?

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Driving GDPR Compliance

How to write a GDPR-compliant data subject access request procedure

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Is your organisation equipped for long-term GDPR compliance?

How to write a GDPR-compliant data subject access request procedure – with template

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

Where does data flow mapping fit into your GDPR compliance project?

How to comply with Article 30 of the GDPR

10 key areas to identify gaps in your GDPR compliance

The Netherlands – DPA imposes EUR 830,00 fine for access request fees

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Belgium: Belgian data protection authority clarifies the public interest legal basis in the context of decision on a vehicle tracking system

CIPL Issues White Paper on GDPR Implementation in Respect of Children’s Data and Consent

Article 29 Working Party Publishes Guidance on Consent Under the GDPR

Polish DPA issues the first fine for a violation of the GDPR – and it’s harsh

EDPB Releases Opinion on Interplay Between the ePrivacy Directive and the GDPR and a Statement on the ePrivacy Regulation

The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

California Enacts Broad Privacy Laws Modeled on GDPR

Europe: Advocate General delivers Opinion on the right of access for purposes unrelated to data protection

GDPR is upon us: are you ready for what comes next?

EDPB Published Guidelines on Certification and Derogations under the GDPR

Advocate General Issues Opinion on GDPR’s One-Stop-Shop

France: The CNIL publishes a practical guide on Data Protection Officers

Avoiding, Managing And Responding To Cyber Incidents

What is ‘privacy by design’?

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

What is data protection by design and default

California Enacts Broad Privacy Protections Modeled on GDPR

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

One week into GDPR – what you need to know

Stay Connected