Examples, Exercises, Personal data and Security

GDPR: lawful bases for processing, with examples

IT Governance

MARCH 13, 2020

Under the EU GDPR (General Data Protection Regulation) , you need to identify a lawful basis before processing personal data. Do you always need individuals’ consent to process their data? For the purposes of legitimate interests pursued by the data controller. But what is a lawful basis for processing?

GDPR

GDPR Personal data Compliance Marketing

Thailand Personal Data Protection Law

Data Protection Report

FEBRUARY 28, 2020

The Personal Data Protection Act B.E. However, most of the operational provisions, including provisions relating to the rights of a data subject, the obligations of a data controller and the penalties for non-compliance, will become effective on 27 May 2020, 1 year after the PDPA is published. Definition of Personal Data.

Personal data

Personal data Compliance Privacy Access

GDPR personal data explained

Collibra

NOVEMBER 13, 2020

The General Data Protection Regulation (GDPR), in force since May 25, 2018, requires businesses to protect the personal data and privacy of European Union (EU) citizens, for transactions that occur within EU Member States. The GDPR also regulates the exportation of personal data outside the EU. Location data .

Personal data

Personal data GDPR Data Privacy Privacy

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

GDPR: lawful bases for processing, with examples

IT Governance

JUNE 15, 2018

Like the Data Protection Act 1998 (DPA 1998) that it superseded, the General Data Protection Regulation (GDPR) sets out six lawful bases for processing personal data. To comply with the data controller’s legal obligations. To protect the data subject’s vital interests.

GDPR

GDPR Personal data Compliance Privacy

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders. Security measures in place. Retention period.

Personal data

Personal data GDPR e-Delivery Communications

The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand

Hunton Privacy

NOVEMBER 7, 2022

On November 2, 2022, the ICO issued to the UK Department for Education (“ DfE ”) a formal reprimand following an investigation into the sharing of personal data stored on the Learning Records Service (“ LRS ”), a database which provides a record of pupils’ qualifications that the DfE has overall responsibility for.

Education

Education Personal data Access IT

Colorado AG Publishes Draft Colorado Privacy Act Rules

Hunton Privacy

NOVEMBER 1, 2022

Below are key examples of topics addressed by the proposed regulations. Right to Request to Exercise Personal Data Rights (Rule 4.02 – Rule 4.07; 6.11). Businesses are required to document and maintain records of all consumer data rights requests, in a readable format, for at least twenty-four (24) months.

Privacy

Privacy Personal data Data collection Compliance

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

30 of 2018 on the Personal Data Protection Law (PDPL). It will provide individuals with rights in relation to how their personal data can be collected, processed and stored. The PDPL also imposes new obligations upon businesses to ensure that the personal data they collect is kept secure. REGULATION.

Personal data

Personal data GDPR Compliance Risk

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

AUGUST 17, 2020

Some UK organisations will inevitably have to follow all the EU’s data protection rules because they will continue to process the personal data of individuals in the EU. Money spent on improving information security controls is always appropriate – and such expenditure should have been made, regardless of the GDPR.

Privacy

Privacy GDPR Personal data Computer and Electronics

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. In this regard we expect it will be welcomed by local, regional and international businesses, in particular those that rely heavily upon personal data and international personal data flows. Exceptions.

Personal data

Personal data Data breaches GDPR Compliance

Irish DPA Issues Guidance to Secure Cloud-Based Environments

Hunton Privacy

MARCH 20, 2020

On March 19, 2020, the Irish Data Protection Authority (the “DPC”) published guidance to assist organizations in understanding their data security obligations and to mitigate their risks of a personal data breach when using cloud-based services (the “Guidance”). Reviewing Default Security Settings.

Cloud

Cloud Security Personal data Encryption

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. Everything from email addresses to political opinions counts as personal data.

GDPR

GDPR Compliance Personal data Privacy

Schrems II judgement due in July – what this might mean for your outsourcing deal

Data Protection Report

JUNE 17, 2020

This judgement concerns the legality of the European Commission approved Standard Contractual Clauses ( SCCs ) which many organisations rely on to transfer personal data outside of the UK and the European Economic Area ( EEA ), particularly in relation to outsourcing services.

Personal data

Personal data Communications Access GDPR

CNIL’s New Guidelines on HR Processing

HL Chronicle of Data Protection

APRIL 21, 2020

The new guidelines are applicable to public and private companies for the processing of their employees’ personal data. For example, for recruitment purposes, pre-contractual measures or legitimate interests are acceptable legal bases for the CNIL. Categories of personal data. Retention periods.

Personal data

Personal data GDPR Big data Compliance

The risk of pasting confidential company data into ChatGPT

Security Affairs

MARCH 12, 2023

This percentage could rapidly increase in the next months with the integration of the technology in multiple services, for example through the use of ChatGPT API. The experts also warn that enterprise security software cannot monitor the use of ChatGPT by employees and prevent the leak of sensitive/confidential company data.

Risk

Risk Artificial Intelligence Privacy Personal data

UK: ICO’s Data Sharing Code of Practice enters into force

DLA Piper Privacy Matters

OCTOBER 5, 2021

A The data sharing code (“ Code ”), published by the UK Information Commissioner’s Office (“ ICO ”), enters into force today (5 October 2021) following its publication on 14 September 2021. Any sharing of personal data must be reasonable and proportionate and individuals must know what is happening to their data.

Personal data

Personal data Compliance Risk Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR puts forth a litany of rules for how organizations in and outside of Europe handle the personal data of EU residents. The details of any organization’s plan to become fully GDPR compliant will vary based on the data the organization collects and what it does with that data.

GDPR

GDPR Compliance Personal data Privacy

U.S. Government White Paper to Help Companies Address the EU’s National Security Concerns in Schrems II

Data Matters

SEPTEMBER 30, 2020

of personal data of EU residents, following the decision of the Court of Justice of the European Union (“CJEU,” or “ECJ”) in Schrems II – more formally known as Data Protection Commissioner v. Privacy Shield as a basis for transferring EU personal data to the United States because of the Court’s view that U.S.

Paper

Paper Government Security Privacy

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan.

Cybersecurity

Cybersecurity Financial Services Authentication Government

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape. Cyber criminals continued to wreak havoc, with the likes of Twitter , Uber and Neopets all reporting mammoth data breaches.

Security

Security Data breaches Ransomware Military

Japan: Protection of Personal Information (APPI) Act to be Amended: Is your Business Ready?

DLA Piper Privacy Matters

AUGUST 3, 2020

The amended APPI could have a significant impact on companies that handle personal information. Under the current APPI, data subjects have the right to request access, correction, deletion and cessation of the use of their personal data that is or is intended to be retained for six months or more (the “ Rights of Data Subjects “).

Personal data

Personal data Data breaches Compliance Analytics

A deeper dive into the new Standard Contractual Clauses

Data Protection Report

JUNE 7, 2021

On Friday 4 June, the European Commission published the finalised version of the new Standard Contractual Clauses for transferring personal data from the EU to third countries (the New SCCs). Companies now have 18 months to update their supplier contracts and other data export arrangements. Article 4 of Implementing Decision ).

Personal data

Personal data GDPR Data breaches Access

China Issues Second Version of the Draft Personal Information Protection Law for Public Comments

Hunton Privacy

MAY 4, 2021

Decedent’s Personal Information. Article 49 adds provisions regarding the protection of personal information of decedents, whose rights provided under the Draft PIPL may be exercised by near relatives on the decedent’s behalf. Specific Data Processor. Inversion of Burden of Proof.

Personal data

Personal data IT Information Security Privacy

Dangerous permissions detected in top Android health apps

Security Affairs

SEPTEMBER 15, 2023

Behind the sleek interfaces and promising functionalities lurks a hidden concern that has captured the attention of security researchers and users alike – dangerous Android app permissions. Android permissions The Android operating system has a comprehensive permission system designed to protect a user’s privacy and security.

Privacy

Privacy Access IT Security

How to Tackle the Information Management Challenges of Legacy Applications

AIIM

SEPTEMBER 3, 2020

And relying on legacy technology creates business risk because these older systems are much harder to fix when things go wrong and more vulnerable to security threats. A smarter alternative is decommissioning those legacy applications and extracting important historical data to a searchable repository, accessible for business use.

ECM

ECM Digital transformation Compliance Access

Important Changes to the Singapore Data Privacy Regime

Data Matters

NOVEMBER 16, 2020

On November 2, 2020, Singapore’s legislature finally approved amendments to the Personal Data Protection Act (PDPA). NEW mandatory data breach notification requirement. Consent to the processing of personal data will now be deemed to have been obtained based on. Expanded scope of “deemed consent”.

Data Privacy

Data Privacy Privacy Data breaches Personal data

Saudi Arabia’s New Data Protection Law – What you need to know

DLA Piper Privacy Matters

OCTOBER 7, 2021

The Middle East’s data protection regulatory landscape is complex, and continues to develop with Saudi Arabia’s ( KSA ) newly published Personal Data Protection Law ( PDPL ). While the PDPL contains the main features of a modern data protection law, it cannot be considered a direct analogue of the GDPR.

Personal data

Personal data Compliance Computer and Electronics IoT

What is data protection by design and default

IT Governance

JUNE 13, 2019

If your organisation is subject to the GDPR (General Data Protection Regulation) , you’re probably aware of your requirement to “implement appropriate technical and organisational measures” to protect the personal data you hold. An essential principle of this is data protection by design and by default.

GDPR

GDPR Personal data Compliance Privacy

Avoiding, Managing And Responding To Cyber Incidents

Data Protection Report

NOVEMBER 2, 2023

In 2017, Equifax Inc, suffered a cybersecurity breach, with hackers able to access the personal data of around 13.8 Firms should seek to avoid barriers for customers hindering access to any incident pages set up – for example, cookies should not obscure key links or information.

GDPR

GDPR Risk Cybersecurity Compliance

In praise of. the Investigatory Powers Act 2016

Data Protector

AUGUST 17, 2020

I see the IPA as an outstanding example that Governments of all countries should adopt to ensure that public authorities act transparently and put effective mechanisms in place to ensure that human rights are appropriately respected. Where opinion formers had concerns, these issues should be addressed.

Communications

Communications Government Personal data Compliance

5 best online cyber security training courses and certifications in 2020

IT Governance

APRIL 20, 2020

With the coronavirus pandemic keeping us stuck inside and struggling to find ways to remain productive, now might be the perfect time to take an online cyber security training course. Let’s take a look at five of the best online courses for cyber security. Certified Cyber Security Foundation Training Course.

Security

Security GDPR Phishing Data breaches

What is ‘privacy by design’?

IT Governance

FEBRUARY 28, 2018

This method also enables you to assess the risks in your data processing activities and identify where controls are required, for example, assessing privacy and data security risks. Data flow mapping may seem daunting, but you can simplify the process with the Data Flow Mapping Tool.

Privacy

Privacy GDPR Personal data Compliance

ICO Consultation on Draft AI Auditing Framework Guidance for Organizations

Hunton Privacy

FEBRUARY 24, 2020

The Guidance contains advice on how to understand data protection law in relation to artificial intelligence (“AI”) and recommendations for organizational and technical measures to mitigate the risks AI poses to individuals. It also provides a methodology to audit AI applications and ensure they process personal data fairly.

Personal data

Personal data Artificial Intelligence Risk Privacy

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

AIIM

JANUARY 10, 2019

One of the most notable blockchain skeptics – David Gerard –argues that if “you were silly enough to put personal data into an append-only ledger which is a proof-of-work blockchain — that’d be flat-out insane.”. Both blockchain and GDPR are designed to “democratize” data by giving more control over its use to individuals.

Blockchain

Blockchain GDPR Privacy Personal data

“Dark patterns?” EDPB draft guidance sets out its expectations on subliminal privacy eroding practices

Data Protection Report

MAY 3, 2022

The “dark patterns” highlighted in the Guidelines aim to influence users’ behaviour through content or visual presentation so that users make unintended and potentially harmful decisions regarding their personal data, for example, deciding to disclose more data than they otherwise planned or agreeing to limited protections of their data.

Privacy

Privacy IT GDPR Data collection

California proposes rules for automated decision-making

Data Protection Report

NOVEMBER 29, 2023

In general, the proposed rules would require businesses using automated decision-making technology to provide consumers with a “pre-use notice” about the purpose of the technology’s use and consumers’ rights to opt-out of and access additional information about such use, including instructions for how to exercise these rights.

Access

Access Privacy Personal data Authentication

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The CNIL provides practical advice to the management and the operational staff who process personal data, in order to ensure that such processing is carried out in compliance with the applicable data protections laws. The DPO is the key contact for the CNIL and data subjects. Provide information and advice.

GDPR

GDPR Compliance Personal data Communications

How to write a GDPR-compliant data subject access request procedure – with template

IT Governance

NOVEMBER 8, 2018

The EU’s GDPR (General Data Protection Regulation) gives data subjects the right to access their personal data from data controllers that are processing it and “to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing”.

GDPR

GDPR Access Personal data Compliance

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

MARCH 4, 2021

Rather, to be covered by the VCDPA, an entity must either “(i) during a calendar year, control or process personal data of at least 100,000 consumers or (ii) control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.”. Exemptions.

Personal data

Personal data GDPR Sales Privacy

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

You must tell people when you’re collecting their personal information to give them the opportunity to exercise their data subject rights. These rights enable individuals to access the personal data organisations store on them and to challenge the way their information is used.

GDPR

GDPR Privacy Retail Personal data

EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’

DLA Piper Privacy Matters

FEBRUARY 23, 2022

In the proposal, “data” is broadly defined and contains both personal and non-personal data. This means that the Data Act would further regulate personal data in addition to the GDPR. The Data Act would apply to all types of enterprises, in principle, including small and micro businesses.

GDPR

GDPR Personal data IoT Access

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

IT Governance

DECEMBER 6, 2023

As privacy professionals, we see consumers exercising their rights to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. Having one or more of the following can significantly help with this: An ISO 27001 ISMS (information security management system).

Data Privacy

Data Privacy Privacy GDPR IT

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

Data Protection Report

DECEMBER 17, 2020

The EC anticipates that providers of data sharing services, or data intermediaries, will play a key role in facilitating the aggregation and exchange of substantial amounts of relevant data (personal and non-personal data). Intermediation services between data subjects: personal data.

Government

Government Personal data GDPR Access

5 things HR departments need to know about data protection

IT Governance

OCTOBER 7, 2019

HR plays a crucial role in an organisation’s GDPR (General Data Protection Regulation) compliance. The department is full of personal data, whether it’s of employees, their next of kin or candidates responding to job adverts. Let’s take a look at five issues that HR must address when handling personal data.

GDPR

GDPR Personal data Compliance Communications

GDPR: lawful bases for processing, with examples

Thailand Personal Data Protection Law

Webinars

Trending Sources

GDPR personal data explained

Webinars

GDPR: lawful bases for processing, with examples

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand

Colorado AG Publishes Draft Colorado Privacy Act Rules

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

Data Protection: Where’s the Brexit Privacy Dividend?

UAE: Federal level data protection law enacted

Irish DPA Issues Guidance to Secure Cloud-Based Environments

GDPR compliance checklist

Schrems II judgement due in July – what this might mean for your outsourcing deal

CNIL’s New Guidelines on HR Processing

The risk of pasting confidential company data into ChatGPT

UK: ICO’s Data Sharing Code of Practice enters into force

How to implement the General Data Protection Regulation (GDPR)

U.S. Government White Paper to Help Companies Address the EU’s National Security Concerns in Schrems II

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

2022 Cyber Security Review of the Year

Japan: Protection of Personal Information (APPI) Act to be Amended: Is your Business Ready?

A deeper dive into the new Standard Contractual Clauses

China Issues Second Version of the Draft Personal Information Protection Law for Public Comments

Dangerous permissions detected in top Android health apps

How to Tackle the Information Management Challenges of Legacy Applications

Important Changes to the Singapore Data Privacy Regime

Saudi Arabia’s New Data Protection Law – What you need to know

What is data protection by design and default

Avoiding, Managing And Responding To Cyber Incidents

In praise of. the Investigatory Powers Act 2016

5 best online cyber security training courses and certifications in 2020

What is ‘privacy by design’?

ICO Consultation on Draft AI Auditing Framework Guidance for Organizations

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

“Dark patterns?” EDPB draft guidance sets out its expectations on subliminal privacy eroding practices

California proposes rules for automated decision-making

France: The CNIL publishes a practical guide on Data Protection Officers

How to write a GDPR-compliant data subject access request procedure – with template

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Does your use of CCTV comply with the GDPR?

EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

5 things HR departments need to know about data protection

Stay Connected