Examples and Personal data - Information Management Today

Examples of data processing activities that require a DPIA

IT Governance

JUNE 19, 2019

The GDPR (General Data Protection Regulation) requires organisations to conduct a DPIA (data protection impact assessment) whenever processing is ‘likely to result in a high risk’ to the rights and freedoms of individuals. Before we crack on with our examples, we should explain how you can identify high-risk data processing activities.

GDPR

GDPR Personal data Risk Data breaches

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

DLA Piper Privacy Matters

MARCH 24, 2021

The Measures for the Supervision and Administration of Online Transactions (“Measures”) will come into force on 1 May 2021. This is on top of general consent to processing of personal data obtained from the data subject.

Personal data

Personal data Data Privacy Marketing Compliance

India Releases Fourth Draft of Data Protection Bill

Hunton Privacy

NOVEMBER 22, 2022

reports that, on November 18, 2022, the Government of India (“Government”) released the long-awaited fourth draft of India’s proposed privacy law, now renamed the Digital Personal Data Protection Bill. There is no separate category of sensitive personal data. . Kochhar & Co. Terms and Application.

Personal data

Personal data Data breaches Government Compliance

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

Data Matters

AUGUST 9, 2021

In recent weeks, Connecticut passed An Act Concerning Data Privacy Breaches (“The Act”), and the Uniform Law Commission approved and recommended the Uniform Personal Data Protection Act (“UPDPA”). Connecticut: An Act Concerning Data Privacy Breaches. Uniform Personal Data Protection Act.

Data breaches

Data breaches Privacy Personal data Data Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

CHINA: mobile apps remain a high privacy risk, and face stringent requirements

DLA Piper Privacy Matters

AUGUST 17, 2022

Mobile apps pervade all aspects of life in Mainland China, and in turn remain a high enforcement priority for data privacy regulators in China. For the past couple of years, operators of mobile apps in China have had to comply with over thirty additional, specific privacy compliance obligations (i.e. Minor’s Data.

Privacy

Privacy Risk Personal data Data collection

GDPR for small business: the ultimate guide

IT Governance

JULY 2, 2020

The Regulation came into effect on 25 May 2018, and was designed to strengthen the rights of EU residents regarding the way organisations process and use their personal data. Second, if you process EU residents’ personal data, the GDPR still applies. What is personal data?

GDPR

GDPR Personal data Data breaches Compliance

How Companies Need to Treat User Data and Manage Their Partners

Security Affairs

MAY 12, 2021

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. Data Protection.

GDPR

GDPR Privacy Personal data Data breaches

China Releases Draft Regulations on Network Data Security Management

Hunton Privacy

JANUARY 26, 2022

The definition of “data handler” under the Draft Regulations is similar to that of “data controller” in other privacy laws, such as the EU General Data Protection Regulation (“GDPR”). Records Retention When Transferring Data to Third Parties. Cybersecurity Review.

Security

Security Data breaches Personal data Cybersecurity

New guidance on direct marketing

Data Protection Report

JANUARY 10, 2023

The Direct Marketing Guidance is accompanied by various resources, including checklists, FAQs, an online training module, specific guidance relating to SMEs, B2B marketing, data brokers, political campaigning and direct marketing in the public sector. 122 of the Data Protection Act 2018. How long consent lasts.

Marketing

Marketing B2B Personal data Retail

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The CNIL provides practical advice to the management and the operational staff who process personal data, in order to ensure that such processing is carried out in compliance with the applicable data protections laws. The DPO is the key contact for the CNIL and data subjects. Provide information and advice.

GDPR

GDPR Compliance Personal data Communications

UK ICO Releases Draft Direct Marketing Code of Practice for Public Consultation

Data Matters

FEBRUARY 10, 2020

Summarised below are the key takeaways from the Draft Code: Service messages: According to the Draft Code, consent is not required under the Privacy and Electronic Communications Regulation ( PECR ) where an organisation sends service or operational messages to individuals (e.g.,

Marketing

Marketing GDPR Personal data Communications

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

The Last Watchdog

JULY 27, 2020

Likewise, the COVID-19 contact tracing app developed by Apple and Google continues to evoke concerns that it will end up leveraging AI to normalize privacy invasion. AI tools are designed to put people into categories, Shashanka says. For example, if an AI algorithm causes significant loss in revenue or even death, who is responsible?

IT

IT Government Artificial Intelligence Personal data

5 Topics CCPA-Compliant Privacy Awareness Training Needs to Cover

KnowBe4

SEPTEMBER 16, 2019

Employees handling the sensitive data of California residents need to know this stuff; the California Consumer Privacy Act says so. The California Consumer Privacy Act (CCPA) is set to take effect on January 1, 2020. Under the CCPA, personal information is pretty broadly defined. Commercial information (invoices).

Privacy

Privacy Personal data Compliance Data collection

DPIAs for retail and hospitality

IT Governance

MARCH 26, 2019

Your organisation may have huge amounts of customer data, based on their purchases or bookings. You can build a picture of their behaviour and may even process special category data, such as health data. Online tracking by third parties. Monitoring of employees’ activities. Wi-Fi/Bluetooth/RFID tracking.

Retail

Retail Risk GDPR Government

EU: NEW GUIDELINES ON ONLINE SERVICES AND ‘PERFORMANCE OF A CONTRACT’ BASIS FOR PROCESSING

DLA Piper Privacy Matters

APRIL 17, 2019

The European Data Protection Board has released for consultation a new set of guidelines on the topic of the processing of personal data in the context of online services (“ Guidelines “). 6(1)(b)) as the lawful basis for processing personal data, and those in which other bases, such as consent (Art.

Personal data

Personal data Privacy Sales Risk

CCPA compliance: A sustainable approach

Collibra

DECEMBER 30, 2020

CCPA stands for California Consumers Privacy Act (2018), intended to enhance privacy rights and consumer protection for residents of California, United States. . The CCPA provides California residents with the right to know what personal data is being collected about them, whether it is sold or disclosed, and to whom.

Compliance

Compliance Sales Privacy Data Privacy

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act. . As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR).

GDPR

GDPR Privacy Personal data Sales

Security Outlook 2023: Cyber Warfare Expands Threats

eSecurity Planet

JANUARY 5, 2023

“In 2022, governments fought wars online, businesses were affected by multiple ransomware gangs, and regular users’ data was constantly on hackers’ radars,” said NordVPN CTO Marijus Briedis. 2023, he predicted, “will not be any easier when it comes to keeping users’ data safe and private.”

Security

Security Ransomware Cybersecurity Privacy

Spanish DPA on Use of Cookies: Continued Browsing is Consent

HL Chronicle of Data Protection

NOVEMBER 19, 2019

On November 8, the Spanish data protection authority (AEPD) published new Guidelines on the Use of Cookies (Guidelines) (Spanish only). The Guidelines have been prepared in collaboration with different organisations in the marketing and online advertising industries ( e.g. , Adigital , Iab Spain , etc.), Categories of cookies.

Compliance

Compliance Personal data GDPR Privacy

Top 8 Cyber Insurance Companies for 2022

eSecurity Planet

APRIL 22, 2022

He added that while ransomware may have gotten the most attention and headlines, claims for standard privacy-related incidents, breaches, and more continue. Joel Friedman, CTO and co-founder of Aclaimant, cited automation as an increasingly necessary element as this insurance category grows sharply.

Insurance

Insurance Ransomware Cybersecurity Marketing

Europe: New guidelines on the application and setting of fines under GDPR

DLA Piper Privacy Matters

NOVEMBER 7, 2017

Less than 6 months remain for individuals and companies to get ready for the breakthrough regulation in personal data protection envisaged by the Regulation 2016/679 of 27 April 2016 [1] (furthermore as “ GDPR “). That provides a fair overview on how should the potential fine be calculated.

GDPR

GDPR Personal data Privacy Government

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

GDPR: What’s the difference between personal data and sensitive data? There are also times when you must also complete a specific type of risk assessment, called a DPIA (data protection impact assessment) , to review the way you process personal data. See also: List of free GDPR resources and templates.

GDPR

GDPR Risk Compliance Personal data

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act. . As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR).

GDPR

GDPR Privacy Personal data Sales

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act. . As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR).

GDPR

GDPR Privacy Personal data Sales

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

know where the data is being transferred and to whom, where it is hosted and for how long it’s retained. This prioritization must be carried out, taking into consideration the risks to the rights and freedoms of the data subjects. verifying the data security measures implemented. verifying the data security measures implemented.

GDPR

GDPR Personal data Compliance Privacy

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Data Matters

JUNE 1, 2022

The Digital Markets Act (DMA) will impose a stringent regulatory regime on large online platforms (so-called “gatekeepers”) and give the European Commission (Commission) new enforcement powers, including an ability to impose severe fines and remedies for noncompliance. process and use personal data.

Marketing

Marketing Computer and Electronics Communications GDPR

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. This personal data was still being held by late May 2018 and had been subject to unauthorised use by a third party.

GDPR

GDPR Personal data Privacy Information architecture

What UK charities need to know about GDPR compliance

IT Governance

AUGUST 2, 2019

The Regulation treats charities in much the same way as any organisation, because although they’re not using personal data to make a profit, they still run the risk of data breaches and privacy violations. The organisation that gathers and processes personal data is the data processor.

GDPR

GDPR Compliance Personal data Risk

ICO update report into adtech and real time bidding

DLA Piper Privacy Matters

JULY 3, 2019

On 20 June the ICO issued its interim report into a its review of the adtech industry and real time bidding process (“RTB”) that forms an integral part of the online advertising ecosystem. RTB is the process which culminates in targeted adverts displayed to website and app users (“ users “). This should be rectified.

GDPR

GDPR Data collection Personal data Marketing

UK: ICO PUBLISHES SIGNIFICANT NEW GUIDANCE ON COOKIES AND SIMILAR TECHNOLOGIES

DLA Piper Privacy Matters

JULY 4, 2019

Whilst cookies are primarily regulated in the UK by what is commonly referred to as ‘e-privacy law’ (i.e. the Privacy and Electronic Communication Regulations (“ PECR “), implementing Directive 2002/58/EC), and not by the GDPR, e-privacy and data protection law are closely related.

GDPR

GDPR Personal data Privacy Communications

California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses

Hunton Privacy

JUNE 29, 2018

On June 28, 2018, the Governor of California signed AB 375 , the California Consumer Privacy Act of 2018 (the “Act”). The Act introduces key privacy requirements for businesses, and was passed quickly by California lawmakers in an effort to remove a ballot initiative of the same name from the November 6, 2018, statewide ballot.

Privacy

Privacy Sales Personal data Communications

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). It is intended to give consumers more transparency regarding and control over their data and establishes highly detailed requirements for what companies that collect personal data about California residents must disclose. .

GDPR

GDPR Privacy Sales Data breaches

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). It is intended to give consumers more transparency regarding and control over their data and establishes highly detailed requirements for what companies that collect personal data about California residents must disclose. .

GDPR

GDPR Privacy Sales Data breaches

Ensure you’re #BreachReady in the media sector

IT Governance

JULY 26, 2018

But despite increased excitement and relaxed engagement online, it’s important to remember that your media-rich content requires its own SPF (security protection factor) to defend against a costly data-breach burn… especially during the holiday months when your workforce is reduced and your resources are limited. What is Timehop?

Data breaches

Data breaches GDPR Personal data Government

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

We have shared below some interesting points that we’ve seen arising recently, all of which relate to how things are likely to develop from today onwards, including enforcement predictions, challenges related to operationalizing data subject access procedures, and how the GDPR may change the data privacy litigation landscape in Europe.

GDPR

GDPR Personal data Compliance Data breaches

FRANCE: New Data Protection Law has been Adopted

DLA Piper Privacy Matters

MAY 16, 2018

French rules adopted on the basis of GDPR apply to the extent the data subject is a French resident, even when the data controller is not established in France (with an exception for processing carried out for journalistic purposes or the purpose of academic, artistic or literary expression). Processing of the social security number.

GDPR

GDPR Personal data Compliance Data Privacy

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

Data Protection Report

JUNE 29, 2018

On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to give California consumers more control over how businesses collect and use their data. Consumer access and data portability rights.

Privacy

Privacy GDPR Personal data Risk

California Passes Major Legislation, Expanding Consumer Privacy Rights and Legal Exposure for US and Global Companies

Data Protection Report

JUNE 29, 2018

On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to give California consumers more control over how businesses collect and use their data. Consumer Access and Data Portability Rights.

Privacy

Privacy GDPR Personal data Risk

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. by a person without valid authorization or by an unauthorized person.

Security

Security Financial Services Passwords Risk

EUROPE: Domain names and WHOIS information in a post-GDPR world (gTLDs update)

DLA Piper Privacy Matters

JUNE 29, 2018

This means that you can still obtain “thin” WHOIS data (i.e. Note – the Temporary Specification does not require a different approach to data relating to legal and natural persons. Note – the Temporary Specification does not require a different approach to data relating to legal and natural persons.

GDPR

GDPR Personal data Access Compliance

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

Consumer privacy rights in California are well established. The California Constitution expressly grants California citizens a right to privacy. Derives 50% or more of annual revenues from selling consumer “personal information”. The International Association of Privacy Professionals estimates at least 500,000 U.S.

Privacy

Privacy Sales Compliance Cybersecurity

Proposed Indiana Law Would Raise Bar for Security and Privacy Requirements

Hunton Privacy

JANUARY 20, 2015

Indiana Attorney General Greg Zoeller has prepared a new bill that, although styled a “security breach” bill, would impose substantial new privacy obligations on companies holding the personal data of Indiana residents. privacy laws, and designing and implementing the necessary procedures could be a challenge for many companies.

Privacy

Privacy Security Personal data Compliance

Examples of data processing activities that require a DPIA

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

Webinars

Trending Sources

India Releases Fourth Draft of Data Protection Bill

Webinars

How to implement the General Data Protection Regulation (GDPR)

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

Security Compliance & Data Privacy Regulations

CHINA: mobile apps remain a high privacy risk, and face stringent requirements

GDPR for small business: the ultimate guide

How Companies Need to Treat User Data and Manage Their Partners

China Releases Draft Regulations on Network Data Security Management

New guidance on direct marketing

France: The CNIL publishes a practical guide on Data Protection Officers

UK ICO Releases Draft Direct Marketing Code of Practice for Public Consultation

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

5 Topics CCPA-Compliant Privacy Awareness Training Needs to Cover

DPIAs for retail and hospitality

EU: NEW GUIDELINES ON ONLINE SERVICES AND ‘PERFORMANCE OF A CONTRACT’ BASIS FOR PROCESSING

CCPA compliance: A sustainable approach

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

Security Outlook 2023: Cyber Warfare Expands Threats

Spanish DPA on Use of Cookies: Continued Browsing is Consent

Top 8 Cyber Insurance Companies for 2022

Europe: New guidelines on the application and setting of fines under GDPR

Why risk assessments are essential for GDPR compliance

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

GDPR – The Year in Review

What UK charities need to know about GDPR compliance

ICO update report into adtech and real time bidding

UK: ICO PUBLISHES SIGNIFICANT NEW GUIDANCE ON COOKIES AND SIMILAR TECHNOLOGIES

California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses

California Enacts Broad Privacy Laws Modeled on GDPR

California Enacts Broad Privacy Protections Modeled on GDPR

Ensure you’re #BreachReady in the media sector

GDPR is upon us: are you ready for what comes next?

FRANCE: New Data Protection Law has been Adopted

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

California Passes Major Legislation, Expanding Consumer Privacy Rights and Legal Exposure for US and Global Companies

New York’s Breach Law Amendments and New Security Requirements

EUROPE: Domain names and WHOIS information in a post-GDPR world (gTLDs update)

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Proposed Indiana Law Would Raise Bar for Security and Privacy Requirements

Stay Connected