2020, Examples, GDPR and Security - Information Management Today

EDPB Adopts Guidelines on Restrictions on Data Subject Rights Under GDPR

Hunton Privacy

OCTOBER 27, 2021

On October 13, 2021, the European Data Protection Board (“EDPB”) adopted Guidelines 10/2020 on restrictions under Article 23 of the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”) following public consultation. Further, the restrictions do not always need to be limited to a specific timeframe.

GDPR

GDPR Data breaches Communications Risk

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

Hunton Privacy

SEPTEMBER 3, 2021

On September 2, 2021, Ireland’s Data Protection Commission (“DPC”) announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd (“WhatsApp”) for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Compliance Personal data Privacy

CNIL publishes a draft TIA guide

Data Protection Report

FEBRUARY 6, 2024

The European Data Protection Board ( EDPB ) followed up with recommendations [2] setting out its expectations on what the Schrems II decision meant for carrying out a data transfer impact assessment ( TIA ) for Article 46 GDPR instruments. When is a TIA required?

GDPR

GDPR Personal data Compliance IT

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

European Commission Releases Assessment of the EU Member States’ Rules on Health Data in Light of GDPR

Data Matters

MARCH 9, 2021

On February 12, 2021, the European Commission ( Commission ) published an “Assessment of the EU Member States’ rules on health data in the light of GDPR” (the Assessment ). primary use.

GDPR

GDPR e-Delivery Government Access

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

Background: How to calculate GDPR fines? How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR?

GDPR

GDPR Authentication Compliance Personal data

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

Data Protection Report

JANUARY 20, 2020

2019 saw continued growth and change in data protection and cyber-security across the Asia-Pacific. Following the implementation of the GDPR in May, 2018, many jurisdictions moved to review and strengthen existing data privacy and cyber-security laws. Cybersecurity Act was passed addressing cyber risks and national security.

Personal data

Personal data Security Data Privacy GDPR

EU Council Presidency Releases Proposed Amendments to Draft ePrivacy Regulation

Hunton Privacy

FEBRUARY 27, 2020

Accordingly, the EU Council Presidency is proposing substantial revisions to these key provisions of the Draft ePrivacy Regulation, with the aim of further aligning the Draft ePrivacy Regulation with the EU General Data Protection Regulation (the “GDPR”).

Metadata

Metadata Personal data Communications GDPR

ICO Fines Ticketmaster £1.25 Million for Security Failures

Hunton Privacy

NOVEMBER 16, 2020

On November 13, 2020, the UK Information Commissioner’s Office (“ICO”) fined Ticketmaster UK Limited (“Ticketmaster”) £1.25 million for failing to keep its customers’ personal data secure. According to the ICO, Tickemaster “failed to implement a layered approach to security,” which would have been appropriate under the circumstances.

Security

Security GDPR Personal data Risk

State of the Union: CCPA and Beyond in 2020

Data Protection Report

JANUARY 13, 2020

access, deletion, or opt-out) and a few companies seem to use the same tool, third party, and/or infrastructure for GDPR requests. There are a few outliers; however, with some companies requesting notarized signatures, social security numbers, VIN numbers, and others refusing to accept requests unless the user has an account with the company.

Privacy

Privacy B2B Sales Compliance

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. 1, 2020, unless changed in the interim. biometric information.

GDPR

GDPR Privacy Sales Data breaches

European Commission Publishes Draft UK Adequacy Decisions

Data Matters

FEBRUARY 19, 2021

What transfers are restricted under the GDPR? The EU GDPR prohibits the transfer of personal data to a country outside the European Economic Area ( EEA ) (otherwise known as a third country ) that is not considered to provide an ‘adequate level’ of data protection by the EC unless ‘appropriate safeguards’ are implemented (e.g.,

GDPR

GDPR Personal data Privacy Access

State of the Union: CCPA and Beyond in 2020

Data Protection Report

JANUARY 13, 2020

access, deletion, or opt-out) and a few companies seem to use the same tool, third party, and/or infrastructure for GDPR requests. There are a few outliers; however, with some companies requesting notarized signatures, social security numbers, VIN numbers, and others refusing to accept requests unless the user has an account with the company.

Privacy

Privacy B2B Sales Compliance

European Commission Proposes Revised Standard Contractual Clauses

Data Matters

NOVEMBER 13, 2020

The European Commission (EC), on 12 November 2020, published a draft adequacy decision implementing revised Standard Contractual Clauses (draft SCCs) – (the EC’s Draft). The draft SCCs are intended to also satisfy the requirements of Article 28(3) of the GDPR (i.e., In relation to special categories of personal data (e.g.,

Personal data

Personal data GDPR Privacy Compliance

A deeper dive into the new Standard Contractual Clauses

Data Protection Report

JUNE 7, 2021

This approach was disputed by the European Data Protection Board (EDPB) and the European Data Protection Supervisor in their joint opinion on the Commission’s draft SCCs which was published in November 2020 (the Joint Opinion) who consider that even theoretical access to personal data is of concern. e) the liability regime ( Clause 12 ).

Personal data

Personal data GDPR Data breaches Access

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. 1, 2020, unless changed in the interim. biometric information.

GDPR

GDPR Privacy Sales Data breaches

Analysing Data Breaches Caused by Human Error

IT Governance

DECEMBER 21, 2023

Also note that this blog only accounts for the data from 2020–2022, because these are the only years the ICO has released its full data set on. Bigger sectors are likely to have more breaches; it doesn’t automatically follow that they’re less secure, or that staff working within those sectors are more careless.

Data breaches

Data breaches Personal data Government GDPR

CPRA Becomes the New Standard. Are You Ready?

Thales Cloud Protection & Licensing

NOVEMBER 30, 2020

Tue, 12/01/2020 - 07:53. In the November 3, 2020, election California voters upped the consumer digital privacy ante by passing Proposition 24, the California Privacy Rights Act (CPRA ). With 12% of the U.S. Social Security number, driver’s license number, etc.), CPRA Becomes the New Standard. Are You Ready?

Privacy

Privacy GDPR Compliance Data breaches

The ultimate guide to PCI DSS compliance

IT Governance

DECEMBER 21, 2021

If your business handles debit or credit card data, you’ve probably heard of the PCI DSS (Payment Card Industry Data Security Standard). It’s an information security framework designed to reduce payment card fraud by requiring organisations to implement technical and organisational defence measures. Benefits of PCI DSS compliance.

Compliance

Compliance Government Information Security Data breaches

South Africa’s Protection of Personal Information Act, 2013, Goes into Effect July 1

Hunton Privacy

JUNE 29, 2020

Zeyn Bhyat of ENSafrica reports that on June 22, 2020, it was announced that South Africa’s comprehensive privacy law known as the Protection of Personal Information Act, 2013 (the “POPIA”) will become effective on July 1, 2020.

Compliance

Compliance Privacy GDPR Personal data

EDPB Publishes FAQs on Recent Schrems II Judgment

Data Matters

JULY 24, 2020

to ensure compliance with a level of protection “essentially equivalent” to that guaranteed within the EU by the GDPR). for national security purposes, encroaches on the protections on personal data provided by EU law and rights of data subjects. domestic law, in particular the ability for U.S.

Personal data

Personal data GDPR Privacy Access

Brazilian Data Protection Law Update – Delayed Enforcement, Lack of Administrative Structure, and Market Unreadiness

Data Matters

JULY 22, 2020

Originally, the LGPD provided for a 12-month grace period for its enforcement; however, this term was subsequently extended to 24 months, as legislators understood the initial time frame wouldn’t give companies enough time to adapt. Compliance Costs and the 2020 Crisis. Nonetheless, on May 19, 2020, Congress approved bill n.

Marketing

Marketing Compliance Personal data GDPR

We’ve moved to the cloud. Now, where on earth did I put those keys?

Thales Cloud Protection & Licensing

JUNE 17, 2021

Thu, 06/17/2021 - 12:51. For example, PCI DSS requires dual control with respect to the separation of data and keys, as well as separation of duties in the form of role-based access to key management software. But what about the security required – specifically the way we manage keys in a multicloud transition? Cloud security.

Cloud

Cloud Encryption Compliance Digital transformation

EDPB Publishes Guidelines on Data Protection by Design and by Default

Hunton Privacy

NOVEMBER 22, 2019

On November 13, 2019, the European Data Protection Board (“EDPB”) published its draft guidelines 4/2019 (the “Guidelines”) on the obligation of Data Protection by Design and by Default (“DPbDD”) set out under Article 25 of the EU General Data Protection Regulation (“GDPR”). Background and Scope.

Personal data

Personal data GDPR Compliance Risk

UK Supreme Court Rules Morrisons Not Vicariously Liable for Malicious Data Breach by Employee

Data Matters

APRIL 20, 2020

Case: WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12. This is particularly important as enforcement actions and significant fines by European supervisory authorities under the GDPR, as well as moves to bring mass privacy claims, are increasing. Conclusion and Practical Impact for Employers.

Data breaches

Data breaches GDPR Privacy IT

Can visibility be the key to better privacy?

Thales Cloud Protection & Licensing

DECEMBER 8, 2020

Wed, 12/09/2020 - 05:45. A research report issued by International Association of Privacy Professionals titled “Privacy in the wake of COVID-19” shows that 60 percent of those who adopted new technologies for working from home either skipped or expedited security/privacy reviews, creating a completely new set of risks for companies.

Privacy

Privacy Digital transformation Data Privacy Risk

Report: Nearly half of U.S.-based Employees Unfamiliar with California Consumer Privacy Act (CCPA)

KnowBe4

APRIL 29, 2019

Passed last year and going into effect in January 2020, the CCPA has been referred to as a U.S. General Data Protection Regulation (GDPR) for its scope and focus on data rights. 12% of employees said they were unsure if they should report a cybercriminal stealing sensitive client data while at work.

Privacy

Privacy Data Privacy GDPR Personal data

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

Data Protection Report

JUNE 29, 2018

On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to give California consumers more control over how businesses collect and use their data. Read more below for a summary of what was included in the law that was passed yesterday.

Privacy

Privacy GDPR Personal data Risk

California Passes Major Legislation, Expanding Consumer Privacy Rights and Legal Exposure for US and Global Companies

Data Protection Report

JUNE 29, 2018

On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to give California consumers more control over how businesses collect and use their data. Read more below for a summary of what was included in the law that was passed yesterday.

Privacy

Privacy GDPR Personal data Risk

2019 end-of-year review part 1: January to June

IT Governance

DECEMBER 27, 2019

A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. IT Governance is closing out the year by rounding up 2019’s biggest information security stories. Part one covers January to June, and will be followed by part in the coming days.

Data breaches

Data breaches GDPR Passwords Personal data

The Burden of Privacy In Discovery

Data Matters

SEPTEMBER 29, 2021

To pick just two recent examples of the latter, the EU’s General Data Protection Regulation1 (GDPR) and the California Consumer Privacy Act2 (CCPA) both impose sweeping requirements on businesses with the aim of increasing consumers’ privacy and control over how their personal data is used. For example, in John B.

Privacy

Privacy e-Discovery Computer and Electronics e-Delivery

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

California law also requires businesses that suffer a breach of security to disclose the breach to consumers, and in some instances law enforcement, if sensitive information is compromised. The CCPA goes into effect January 1, 2020. Its final status, however, is far from clear. CCPA Background. 17-0039). Who Is Covered? Businesses.

Privacy

Privacy Sales Compliance Cybersecurity

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

California law also requires businesses that suffer a breach of security to disclose the breach to consumers, and in some instances law enforcement, if sensitive information is compromised. The CCPA goes into effect January 1, 2020. Its final status, however, is far from clear. CCPA Background. 17-0039). Who Is Covered? Businesses.

Privacy

Privacy Sales Education Compliance

Welcome to Relativity Fest 2019!: eDiscovery Trends

eDiscovery Daily

OCTOBER 20, 2019

Here are some of the eDiscovery-related sessions for today: 11:00 AM – 12:00 PM: The Business of Law 2020: The FTI-Relativity General Counsel Survey. What does the future hold for law and business in 2020 and beyond? 3:55 PM – 4:55 PM: CFIUS: A Guide to Navigating National Security Requirements in the Data Economy.

e-Discovery

e-Discovery Data Privacy Education Privacy

Information Management Today

EDPB Adopts Guidelines on Restrictions on Data Subject Rights Under GDPR

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

Webinars

Trending Sources

CNIL publishes a draft TIA guide

Webinars

European Commission Releases Assessment of the EU Member States’ Rules on Health Data in Light of GDPR

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

EU Council Presidency Releases Proposed Amendments to Draft ePrivacy Regulation

ICO Fines Ticketmaster £1.25 Million for Security Failures

State of the Union: CCPA and Beyond in 2020

California Enacts Broad Privacy Laws Modeled on GDPR

European Commission Publishes Draft UK Adequacy Decisions

State of the Union: CCPA and Beyond in 2020

European Commission Proposes Revised Standard Contractual Clauses

A deeper dive into the new Standard Contractual Clauses

California Enacts Broad Privacy Protections Modeled on GDPR

Analysing Data Breaches Caused by Human Error

CPRA Becomes the New Standard. Are You Ready?

The ultimate guide to PCI DSS compliance

South Africa’s Protection of Personal Information Act, 2013, Goes into Effect July 1

EDPB Publishes FAQs on Recent Schrems II Judgment

Brazilian Data Protection Law Update – Delayed Enforcement, Lack of Administrative Structure, and Market Unreadiness

We’ve moved to the cloud. Now, where on earth did I put those keys?

EDPB Publishes Guidelines on Data Protection by Design and by Default

UK Supreme Court Rules Morrisons Not Vicariously Liable for Malicious Data Breach by Employee

Can visibility be the key to better privacy?

Report: Nearly half of U.S.-based Employees Unfamiliar with California Consumer Privacy Act (CCPA)

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

California Passes Major Legislation, Expanding Consumer Privacy Rights and Legal Exposure for US and Global Companies

2019 end-of-year review part 1: January to June

The Burden of Privacy In Discovery

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Welcome to Relativity Fest 2019!: eDiscovery Trends

Stay Connected