Events, Examples and Personal data - Information Management Today

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. When must breaches be reported?

Personal data

Personal data Data breaches Data collection GDPR

Thailand Personal Data Protection Law

Data Protection Report

FEBRUARY 28, 2020

The Personal Data Protection Act B.E. However, most of the operational provisions, including provisions relating to the rights of a data subject, the obligations of a data controller and the penalties for non-compliance, will become effective on 27 May 2020, 1 year after the PDPA is published. Definition of Personal Data.

Personal data

Personal data Compliance Privacy Access

CNIL’s New Guidelines on HR Processing

HL Chronicle of Data Protection

APRIL 21, 2020

The new guidelines are applicable to public and private companies for the processing of their employees’ personal data. For example, for recruitment purposes, pre-contractual measures or legitimate interests are acceptable legal bases for the CNIL. Categories of personal data. Retention periods.

Personal data

Personal data GDPR Big data Compliance

Considerations on embedding the new standard contractual clauses in IT contracts

DLA Piper Privacy Matters

AUGUST 3, 2021

Before Schrems II, the “old” SCCs were routinely included in IT contracts without actually considering thoroughly the interplay between those old SCCs and the IT agreement as such, for example, in case of suspension or termination of the data transfers, as such suspension or termination did not happen in practice.

IT

IT Personal data Compliance Risk

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

30 of 2018 on the Personal Data Protection Law (PDPL). It will provide individuals with rights in relation to how their personal data can be collected, processed and stored. The PDPL also imposes new obligations upon businesses to ensure that the personal data they collect is kept secure. REGULATION.

Personal data

Personal data GDPR Compliance Risk

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR puts forth a litany of rules for how organizations in and outside of Europe handle the personal data of EU residents. The details of any organization’s plan to become fully GDPR compliant will vary based on the data the organization collects and what it does with that data.

GDPR

GDPR Compliance Personal data Privacy

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. In this regard we expect it will be welcomed by local, regional and international businesses, in particular those that rely heavily upon personal data and international personal data flows. Exceptions.

Personal data

Personal data Data breaches GDPR Compliance

Is Artificial Intelligence relevant to insurance?

IBM Big Data Hub

MAY 1, 2023

That ground-shaking event divided the world with excitement and trepidation about a future with thinking machines. Continued advancement in AI development has resulted today in a definition of AI which has several categories and characteristics. The early versions of AI were capable of predictive modelling (e.g.,

Artificial Intelligence

Artificial Intelligence Insurance Risk Personal data

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Introduction to Data Protection Laws. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

DLA Piper Privacy Matters

OCTOBER 10, 2022

For example, the ML system could be used to determine likely trends of categories of persons to default on loan agreements through the processing of financial default information. During the development and training of their algorithms, ML systems begin to adapt and recognise patterns within its data.

Personal data

Personal data GDPR Privacy Marketing

List of mandatory documents required by the GDPR

IT Governance

JULY 31, 2019

Personal Data Protection Policy (Article 24). A data protection policy is a statement that sets out how your organisation protects personal data. If you are unsure what your data protection policy should include, this template , created by our expert GDPR practitioners, can help you create one in minutes.

GDPR

GDPR Data breaches Personal data Compliance

China Releases Draft Regulations on Network Data Security Management

Hunton Privacy

JANUARY 26, 2022

The definition of “data handler” under the Draft Regulations is similar to that of “data controller” in other privacy laws, such as the EU General Data Protection Regulation (“GDPR”). Data Breach. Records Retention When Transferring Data to Third Parties. Cybersecurity Review.

Security

Security Data breaches Personal data Cybersecurity

European Commission Adopts New Standard Contractual Clauses

Data Matters

JUNE 5, 2021

Scope of the New SCCs : the New SCCs can only be used to legitimize transfers of personal data to a data importer (i.e., ex-EEA) whose processing of the personal data is not subject to the requirements of the GDPR. in line with Article 28 of the GDPR).

GDPR

GDPR Personal data IT Data breaches

A deeper dive into the new Standard Contractual Clauses

Data Protection Report

JUNE 7, 2021

On Friday 4 June, the European Commission published the finalised version of the new Standard Contractual Clauses for transferring personal data from the EU to third countries (the New SCCs). Companies now have 18 months to update their supplier contracts and other data export arrangements. Module 1, clause 8.5(e)

Personal data

Personal data GDPR Data breaches Access

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The CNIL provides practical advice to the management and the operational staff who process personal data, in order to ensure that such processing is carried out in compliance with the applicable data protections laws. The DPO is the key contact for the CNIL and data subjects. Provide information and advice.

GDPR

GDPR Compliance Personal data Communications

European Commission Proposes Revised Standard Contractual Clauses

Data Matters

NOVEMBER 13, 2020

The publication of the EC’s Draft comes just one day after the European Data Protection Board (EDPB) published its draft recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

Personal data

Personal data GDPR Privacy Compliance

Germany: Schrems II: And now? First German supervisory authority provides guidance on data transfers

DLA Piper Privacy Matters

AUGUST 27, 2020

The Commissioner for Data Protection and Freedom of Information for the German State of Baden-Württemberg ( Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg – “LfDI BW”) recently published guidance for international transfers of personal data in the post- Schrems II era. Background.

Personal data

Personal data GDPR Encryption Privacy

Consultation paper published on Hong Kong’s data protection law

Data Protection Report

JANUARY 16, 2020

CB(2) 512/19-20(03 ) (the Paper ) seeking views on changes to Personal Data (Privacy) Ordinance (Cap.486) An example of, “as soon as practicable and, under all circumstances, in not more than five business days” is included in the Paper; and. Amendment to the definition of personal data. 486) (the PDPO ).

Paper

Paper Personal data Data breaches Privacy

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

The EDPB emphasises that it is important to consider this on a case-by-case basis and gives an example of “ the same or linked processing operations ” potentially constituting one and the same conduct. For example, the Guidelines state that for undertakings with an annual turnover of ? €2m, of the identified starting amount.

GDPR

GDPR Personal data Risk IT

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

For example, under GDPR data subjects and/or regulators may now pursue direct remedies against data processors in the event of infringement of obligations, whereas such remedies did not exist under the prior data privacy regulation.

GDPR

GDPR Compliance Privacy Data Privacy

Article 29 Working Party Published Guidelines on Transparency under the GDPR

Hunton Privacy

DECEMBER 20, 2017

The transparency obligations require controllers to provide certain information to data subjects regarding the processing of their personal data. Oral information may be provided on a person-by-person basis or by automated means. In addition, it stresses the importance of accountability for controllers.

GDPR

GDPR Personal data Privacy Communications

Consultation paper published on Hong Kong’s data protection law

Data Protection Report

JANUARY 16, 2020

CB(2) 512/19-20(03 ) (the Paper ) seeking views on changes to Personal Data (Privacy) Ordinance (Cap.486) An example of, “as soon as practicable and, under all circumstances, in not more than five business days” is included in the Paper; and. Amendment to the definition of personal data. 486) (the PDPO ).

Paper

Paper Personal data Data breaches Privacy

UK ICO Issues New Draft Data Sharing Code of Practice

Data Matters

AUGUST 9, 2019

First, it should be noted that the ICO can take into account compliance with such statutory codes when assessing whether an organisation has complied with its data sharing obligations including when considering principles of fairness, lawfulness, transparency and accountability. whistleblowing).

GDPR

GDPR Personal data Compliance Privacy

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

For example, a data controller collects data without proper legal basis and when it is later hacked, it fails to notify the supervisory authority. In any event if it determines this is one sanctionable conduct the total amount of the fine may not exceed the legal maximum for the gravest infringement.

GDPR

GDPR Compliance Personal data IT

Think Ransomware Can’t Put You Out of Business?

Adam Levin

JUNE 30, 2020

No industry, category, size, or group is safe from this cyber scourge. In the same survey, 35 percent thought CEOs should be fined for a cyber failure, and 30 percent wanted to see a CEO lose his or her right to run any company following a serious cyber event. 1-99-employee companies are a target. We hear about the big ones.

Ransomware

Ransomware Insurance Cybersecurity Manufacturing

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

GDPR: What’s the difference between personal data and sensitive data? There are also times when you must also complete a specific type of risk assessment, called a DPIA (data protection impact assessment) , to review the way you process personal data. See also: List of free GDPR resources and templates.

GDPR

GDPR Risk Compliance Personal data

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

know where the data is being transferred and to whom, where it is hosted and for how long it’s retained. This prioritization must be carried out, taking into consideration the risks to the rights and freedoms of the data subjects. verifying the data security measures implemented. Step 5: Organizing Internal Processes.

GDPR

GDPR Personal data Compliance Privacy

5 Topics CCPA-Compliant Privacy Awareness Training Needs to Cover

KnowBe4

SEPTEMBER 16, 2019

It’s imperative to be prepared: the law will regulate the use and disclosure of personal information of nearly 40 million consumers, and is expected to affect more than 500,000 companies across the U.S. Under the CCPA, personal information is pretty broadly defined. The CCPA emphasizes transparency about data collection and usage.

Privacy

Privacy Personal data Compliance Data collection

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

DLA Piper Privacy Matters

NOVEMBER 19, 2018

In the continuity of this accompaniment, the CNIL published on November 6th 2018 its DPIA guidelines supplementing the G29 Working Party’s opinion on DPIA along with its DPIA list which gives concrete examples of data processing operations likely to result in a high risk. connected cars, smart grid etc.);

Data Privacy

Data Privacy IT GDPR Privacy

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Data Matters

JUNE 1, 2022

1 To ensure the progressive nature of the obligations, a category of “emerging gatekeeper” is also provided for to enable the Commission to impose certain obligations on companies whose competitive position is “proven but not yet sustainable.” process and use personal data. Designation Process.

Marketing

Marketing Computer and Electronics Communications GDPR

Top 8 Cyber Insurance Companies for 2022

eSecurity Planet

APRIL 22, 2022

As the number and severity of data breaches continues to rise, organizations are recognizing that those costs are not theoretical. If your company has not already experienced a significant cybersecurity event, it is probably only a matter of time before it does. For example, security breaches pose a huge threat to companies nowadays.

Insurance

Insurance Ransomware Cybersecurity Marketing

Data Protection Regime in Turkey Takes Shape

Data Protection Report

DECEMBER 6, 2017

On October 28, 2017, the Turkish Data Protection Authority (the “ Authority ”) published an important regulation supplementing the Law on Protection of Personal Data (the “ Data Protection Law ”), namely the Regulation on the Deletion, Destruction and Anonymization of Personal Data (the “ Regulation ”).

Personal data

Personal data Paper Encryption Cloud

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

Data Protection Report

DECEMBER 20, 2019

Yesterday, the Advocate General (“ AG ”) concluded that, in his opinion, the EU Standard Contractual Clauses (“ SCCs ”) are a valid mechanism to transfer personal data outside of the European Economic Area (“ EEA ”). Therefore, storing data locally may become an appealing option. What has happened?

Privacy

Privacy Personal data Risk Access

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

Data Protection Report

DECEMBER 20, 2019

Yesterday, the Advocate General (“ AG ”) concluded that, in his opinion, the EU Standard Contractual Clauses (“ SCCs ”) are a valid mechanism to transfer personal data outside of the European Economic Area (“ EEA ”). Therefore, storing data locally may become an appealing option. What has happened?

Privacy

Privacy Personal data Risk Access

ITALY: Data Protection law integrating the GDPR in place

DLA Piper Privacy Matters

SEPTEMBER 10, 2018

In order to celebrate such event, but to also discuss the impact of such new provisions on companies operating in Italy, we arranged an Innovation MeetUp on the 13th of September 2018 at our Milan office whose details are available HERE. The regime for special categories of personal data still needs to be completed.

GDPR

GDPR Privacy Compliance Marketing

Ensure you’re #BreachReady in the media sector

IT Governance

JULY 26, 2018

It’s imperative that you’re equipped to handle a data breach correctly, swiftly and decisively. Data breach example. Timehop kick-started the digital nostalgia category across social media and continues to reinvent reminiscent behaviour online. So, let’s explore what that could mean for you in the media sector.

Data breaches

Data breaches GDPR Personal data Government

Proposed Indiana Law Would Raise Bar for Security and Privacy Requirements

Hunton Privacy

JANUARY 20, 2015

Indiana Attorney General Greg Zoeller has prepared a new bill that, although styled a “security breach” bill, would impose substantial new privacy obligations on companies holding the personal data of Indiana residents. The cap likely will be challenged as being too low during hearings on the bill.

Privacy

Privacy Security Personal data Compliance

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

UK data protection after Brexit – UK government Statement of Intent contains few surprises

Data Protection Report

AUGUST 16, 2017

A data subject will continue to have recourse to this right – consistent with the GDPR – in the event of unfavourable decisions based solely on automated means. tougher sanctions, including fines which mirroring those imposed by the GDPR, i.e., up to 20 million Euros or 4% global turnover.

Government

Government GDPR Personal data Insurance

When And How Cos. Should Address Cyber Legal Compliance

Data Matters

OCTOBER 30, 2017

They can, however, engage in probing internal due diligence of their companies’ cyber governance and compliance posture before it is too late — that is, before a cyber event occurs. These breaches may be of a company’s own systems, those with whom they have data sharing arrangements, or their vendors.

Compliance

Compliance Cybersecurity Risk Government

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

Managing Your Information

JULY 22, 2019

They are a public authority except for courts acting in their judicial capacity; The core activities of the organisation require regular and systematic monitoring of data subjects on a large scale. Again, make sure you do your due diligence to make sure any events you decide to attend is going to provide what you need it to.

GDPR

GDPR Personal data Compliance Information governance

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

Managing Your Information

JULY 22, 2019

They are a public authority except for courts acting in their judicial capacity; The core activities of the organisation require regular and systematic monitoring of data subjects on a large scale. Again, make sure you do your due diligence to make sure any events you decide to attend is going to provide what you need it to.

GDPR

GDPR Personal data Compliance Information governance

ICO’s draft Age Appropriate Design Code could seriously impact processing of under 18’s personal data

Data Protection Report

MAY 16, 2019

In keeping with the ICO’s earlier guidance on processing personal data of children, the primary factor for consideration here is whether the proposed activity is in the “best interests” of the child. However, this blanket application is mitigated by the different standards to be applied to five defined “Age Categories.”.

Personal data

Personal data Privacy GDPR Access

When are schools required to report personal data breaches?

Thailand Personal Data Protection Law

Trending Sources

CNIL’s New Guidelines on HR Processing

Considerations on embedding the new standard contractual clauses in IT contracts

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

How to implement the General Data Protection Regulation (GDPR)

UAE: Federal level data protection law enacted

Is Artificial Intelligence relevant to insurance?

The Impact of Data Protection Laws on Your Records Retention Schedule

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

List of mandatory documents required by the GDPR

China Releases Draft Regulations on Network Data Security Management

European Commission Adopts New Standard Contractual Clauses

A deeper dive into the new Standard Contractual Clauses

France: The CNIL publishes a practical guide on Data Protection Officers

European Commission Proposes Revised Standard Contractual Clauses

Germany: Schrems II: And now? First German supervisory authority provides guidance on data transfers

Consultation paper published on Hong Kong’s data protection law

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Article 29 Working Party Published Guidelines on Transparency under the GDPR

Consultation paper published on Hong Kong’s data protection law

UK ICO Issues New Draft Data Sharing Code of Practice

EDPB publishes guidance on calculating GDPR fines

Think Ransomware Can’t Put You Out of Business?

Why risk assessments are essential for GDPR compliance

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

5 Topics CCPA-Compliant Privacy Awareness Training Needs to Cover

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Top 8 Cyber Insurance Companies for 2022

Data Protection Regime in Turkey Takes Shape

California Enacts Broad Privacy Laws Modeled on GDPR

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

ITALY: Data Protection law integrating the GDPR in place

Ensure you’re #BreachReady in the media sector

Proposed Indiana Law Would Raise Bar for Security and Privacy Requirements

California Enacts Broad Privacy Protections Modeled on GDPR

UK data protection after Brexit – UK government Statement of Intent contains few surprises

When And How Cos. Should Address Cyber Legal Compliance

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

ICO’s draft Age Appropriate Design Code could seriously impact processing of under 18’s personal data

Stay Connected