Events, Exercises and GDPR - Information Management Today

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

Data Privacy Day: Looking Back on the Privacy Events of 2020

Thales Cloud Protection & Licensing

JANUARY 27, 2021

Data Privacy Day: Looking Back on the Privacy Events of 2020. This message gives consumers and organizations alike an opportunity to look back on the events that shaped privacy in 2020 with an eye towards the future. GDPR Fines Increase. Thu, 01/28/2021 - 06:42. Each year, the world observes Data Privacy Day on January 28th.

Data Privacy

Data Privacy Privacy GDPR Encryption

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

GDPR

GDPR Personal data Risk IT

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. GDPR Compliance Starts with Data Discovery. GDPR Compliance Starts with Data Discovery. Compliance with GDPR is just a short five months away. The Privacy and Security Dichotomy.

GDPR

GDPR Compliance Data collection Privacy

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

Whereas the previous guidance set out general principles for when to impose fines under Article 83 GDPR, the new Guidelines provide a detailed five-step methodology for calculating a starting point for a fine and clarify how to determine the turnover of an undertaking in order to harmonise the approach across Member States.

GDPR

GDPR Compliance Personal data IT

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Privacy Data Privacy

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. This will allow them to be one step ahead and better organized to comply with the upcoming GDPR.

GDPR

GDPR Personal data Compliance Privacy

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The guide is in line with the Article 29 Working Party Guidelines on Data Protection Officers (WP 243 rev 01) , but provides additional insights and practical guidance to organizations that designate a DPO in respect of GDPR and French data protection act requirements. Be the point of contact on GDPR issues.

GDPR

GDPR Compliance Personal data Communications

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

A deeper dive into the new Standard Contractual Clauses

Data Protection Report

JUNE 7, 2021

In particular, the New SCCs now helpfully provide for processor-to-processor transfers; (b) give the clauses a GDPR ‘face lift’, including to update cross references to legislation and to ensure alignment with the requirements of the GDPR; and. (c) Instead, they can provide details of the “recipients or categories of recipients”.

Personal data

Personal data GDPR Data breaches Access

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Therefore, we should examine each category and consider what the rules fundamentally request. These incidents will typically be measured in financial terms; however, Europe’s GDPR and the U.S. In the event of a breach, the last thing the tech team will want to do is figure out how to make a report.

Cybersecurity

Cybersecurity Compliance Risk Communications

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. Notably, there is no broad “legitimate interests” style lawful basis for processing, as is found in the GDPR. issue guidance and instructions in relation to the PDPL.

Personal data

Personal data Data breaches GDPR Compliance

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Countries and organizations within the European Union (EU), must comply with the requirements of the General Data Protection Regulation (GDPR) 1.

Personal data

Personal data GDPR Privacy Records Management

ITALY: New GDPR Guidelines from the Italian data protection authority

DLA Piper Privacy Matters

APRIL 9, 2018

Italian companies can now rely on guidelines on how to comply with the European privacy regulation (GDPR) which unvail some interesting positions. . health related data that are now incorporated in the broader “ special ” category of data) and to the processing based on automated decision making, including profiling.

GDPR

GDPR Personal data Privacy Data breaches

What is data loss and how does it work?

IT Governance

OCTOBER 6, 2020

It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’). There are several types of data loss, which can be separated into four categories. Data loss refers to the destruction of sensitive information. What causes data loss?

IT

IT Computer and Electronics Data breaches Risk

CNIL’s New Guidelines on HR Processing

HL Chronicle of Data Protection

APRIL 21, 2020

When the GDPR became effective, the CNIL’s previous set of HR Data guidelines became out of date as they did not incorporate the new law’s requirements ( e.g. obligations relating to records of processing activities and Data Protection Impact Assessments). Categories of personal data.

Personal data

Personal data GDPR Big data Compliance

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

Third, it creates a new category of businesses: those that voluntarily agree to be subject to the CCPA. Businesses familiar with GDPR will recognize the reference to automated decision-making, as Article 22 gives data subjects similar opt-out rights. The CPRA creates a new category of information called “sensitive personal information.”

Privacy

Privacy B2B Sales Data breaches

DUBAI – DIFC Data Protection Law 2020

DLA Piper Privacy Matters

JUNE 4, 2020

The Updated Law builds upon the DIFC’s 2007 data protection law ( “Old Data Protection Law” ) and now includes concepts from the EU’s GDPR, as well as other laws from around the world, notably the California Consumer Privacy Act. For those familiar with the GDPR many of the key changes will not be surprising. What are the key changes?

Personal data

Personal data GDPR Compliance Privacy

Considerations on embedding the new standard contractual clauses in IT contracts

DLA Piper Privacy Matters

AUGUST 3, 2021

Both article 14(f) and article 16 specifically provide for that when the data exporter is entitled to terminate the data processing as per the SCCs, it may exercise its right to termination but only with respect to the relevant party (ie the data importer(s) in breach of the SCCs), unless the parties have agreed otherwise.

IT

IT Personal data Compliance Risk

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

1. Application of the GDPR. Note however that if relying on consent, this must meet the GDPR standard. Entering a marked monitored area is unlikely constitute a statement or a clear affirmative action needed for consent, unless it meets the criteria of Articles 4 and 7 of the GDPR.

Personal data

Personal data GDPR Access Marketing

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

MARCH 4, 2021

The VCDPA, which will not enter into effect until January 1, 2023, borrows heavily from the California Consumer Privacy Act (CCPA) and the European Union (EU) General Data Protection Regulation (GDPR). It remains to be seen how Virginia regulators will interpret this “targeting” test — which obviously echoes a similar approach in the GDPR.

Personal data

Personal data GDPR Sales Privacy

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

DLA Piper Privacy Matters

NOVEMBER 19, 2018

the processing is listed in the CNIL’s list of categories of processing operations for which no DPIA is required in accordance with Article 35 (5) of the GDPR and after the opinion of the European Data Protection Board (the EDPB) has been received (in that respect, such list has not been established by the CNIL yet.

Data Privacy

Data Privacy IT GDPR Privacy

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

An incident is an event that affects our scope of responsibility, and a response is how we deal with the incident. For IT managers, the scope might expand to encompass physical IT systems and events such as a flooded data center, a lost executive laptop, or squirrels chewing on network cables. Incident Response Execution.

Insurance

Insurance Ransomware Data breaches Cloud

FRANCE : THE CNIL ADOPTS REVISED GUIDELINES AND FINAL RECOMMENDATIONS ON COOKIES AND OTHER TRACKERS

DLA Piper Privacy Matters

OCTOBER 6, 2020

through the use of a website or mobile application, pre-ticked boxes or “bundled” consent to terms of use) does not meet the GDPR standard of consent. and 7 of the GDPR, consent can only result from “ a statement of clear affirmative action ” from the individual. WHAT ARE THE KEY TAKEWAYS? Indeed, under Articles 4.11

GDPR

GDPR Communications Access Data collection

European Commission Publishes Draft Data Governance Act

Hunton Privacy

DECEMBER 2, 2020

The Data Governance Act outlines (1) the conditions for re-use of certain categories of data held by public sector bodies in the EU; (2) a notification and supervisory framework for the provision of data sharing services; and (3) a framework for voluntary registration of entities that collect and process data made available for altruistic purposes.

Government

Government Personal data Compliance GDPR

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

While the PDPL can be compared to laws such as the European Union’s General Data Protection Regulation (GDPR), there are important differences that need to be considered. Like the GDPR, the PDPL requires that personal data: Is processed fairly and legitimately. Is collected for a legitimate, specific and clear purpose.

Personal data

Personal data GDPR Compliance Risk

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

DLA Piper Privacy Matters

JANUARY 21, 2019

On 12 December 2018, the French Government issued an ordinance [1] finalizing, at the legislative level [2] , the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation [3] (“GDPR”) and the Directive 2016/680 [4]. Following-up the adoption of the GDPR, the French Law No.

GDPR

GDPR Personal data Communications Government

Cloud Security Fundamentals: Understanding the Basics

eSecurity Planet

MAY 24, 2024

10 Fundamentals of Cloud Security 5 Common Cloud Security Challenges 5 Common Cloud Security Solutions Bottom Line: Develop a Strong Cloud Security Fundamental Strategy ICP Plugin - body top3 - Category: Country: US --> How Secure Is the Cloud? Highlight areas for improvement and familiarize team members with their roles and duties.

Cloud

Cloud Security Compliance Encryption

ICO’s update report into adtech and real time bidding – a sobering read for participants in the adtech industry

Data Protection Report

JUNE 25, 2019

The ICO notes that there is generally a lack of understanding amongst the RTB participants about how the requirements of the Privacy and Electronic Communications Regulations ( PECR ) sit alongside the General Data Protection Regulation (GDPR) requirements. Lawful basis for processing special category data.

Personal data

Personal data GDPR Compliance Privacy

The debate on the Data Protection Bill in the House of Lords

Data Protector

OCTOBER 11, 2017

The new right to be forgotten will allow children to enjoy their childhood without having every personal event, achievement, failure, antic or prank that they posted online to be digitally recorded for ever more. Of course, as new rights like this are created, the Bill will ensure that they cannot be taken too far.

GDPR

GDPR Personal data Government IT

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

Managing Your Information

JULY 22, 2019

Some of the hype about the General Data Protection Regulation (the GDPR) has been given renewed focus over the last couple of weeks by the issuing of two Notices of Intent by the Information Commissioner’s Office (ICO) with a nominal value of over £283m. What is a Data Protection Officer?

GDPR

GDPR Personal data Compliance Information governance

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

Managing Your Information

JULY 22, 2019

Some of the hype about the General Data Protection Regulation (the GDPR) has been given renewed focus over the last couple of weeks by the issuing of two Notices of Intent by the Information Commissioner’s Office (ICO) with a nominal value of over £283m. What is a Data Protection Officer?

GDPR

GDPR Personal data Compliance Information governance

Join Our Webinar on November 16th: IGI & Preservica Address the Governance of Long-Term Digital Information

IGI

NOVEMBER 10, 2017

Every organization had at least a few categories of information that they keep long-term, whether that was 25+ years, permanently or indefinitely until a future trigger event. And more than a few of my clients had dozens of categories of content that internal and external stakeholders expect will be managed well into the future.

Digital preservation

Digital preservation Government Digital transformation Access

How Much Does Penetration Testing Cost? 11 Pricing Factors

eSecurity Planet

JUNE 20, 2023

Scan-only penetration tests often cannot satisfy the definition of a penetration test, do not provide the organization with a true test of their systems, and are unlikely to provide protection against future lawsuits in the event of a breach. Organizations required to comply with a standard (Ex: HIPAA, ISO 27001, GDPR, SOC 2, etc.)

Compliance

Compliance Cloud Security Phishing

Vint Cerf: Maybe We Need an Internet Driver’s License

John Battelle's Searchblog

FEBRUARY 9, 2024

This is a classic category error on the part of the legislators. So the problem we run into is that if we would like to use AI as important sources of information – to exercise our democratic rights to vote among other practices – we really need help figuring out whether or not the information we get back is valid.

Artificial Intelligence

Artificial Intelligence Computer and Electronics IT Risk

The Burden of Privacy In Discovery

Data Matters

SEPTEMBER 29, 2021

To pick just two recent examples of the latter, the EU’s General Data Protection Regulation1 (GDPR) and the California Consumer Privacy Act2 (CCPA) both impose sweeping requirements on businesses with the aim of increasing consumers’ privacy and control over how their personal data is used. 4 See, e.g. , Welty v. Clute , 1 F.R.D.

Privacy

Privacy e-Discovery Computer and Electronics e-Delivery

How to implement the General Data Protection Regulation (GDPR)

Data Privacy Day: Looking Back on the Privacy Events of 2020

Webinars

Trending Sources

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

Webinars

Guest Post - Three Critical Steps for GDPR Compliance

EDPB publishes guidance on calculating GDPR fines

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

California Enacts Broad Privacy Laws Modeled on GDPR

France: The CNIL publishes a practical guide on Data Protection Officers

California Enacts Broad Privacy Protections Modeled on GDPR

A deeper dive into the new Standard Contractual Clauses

New SEC Cybersecurity Rules Could Affect Private Companies Too

UAE: Federal level data protection law enacted

The Impact of Data Protection Laws on Your Records Retention Schedule

ITALY: New GDPR Guidelines from the Italian data protection authority

What is data loss and how does it work?

CNIL’s New Guidelines on HR Processing

California Privacy Law Overhaul – Proposition 24 Passes

DUBAI – DIFC Data Protection Law 2020

Considerations on embedding the new standard contractual clauses in IT contracts

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

How to Develop an Incident Response Plan

FRANCE : THE CNIL ADOPTS REVISED GUIDELINES AND FINAL RECOMMENDATIONS ON COOKIES AND OTHER TRACKERS

European Commission Publishes Draft Data Governance Act

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

Cloud Security Fundamentals: Understanding the Basics

ICO’s update report into adtech and real time bidding – a sobering read for participants in the adtech industry

The debate on the Data Protection Bill in the House of Lords

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

New to the Role of Data Protection Officer? We’ve Put Together a Few Points to Help You Get Started

Join Our Webinar on November 16th: IGI & Preservica Address the Governance of Long-Term Digital Information

How Much Does Penetration Testing Cost? 11 Pricing Factors

Vint Cerf: Maybe We Need an Internet Driver’s License

The Burden of Privacy In Discovery

Stay Connected