GDPR: Data Breach Notification 101

Data Breach Today

Brian Honan of BH Consulting on When to Notify - or Not Since the EU's new GDPR privacy law came into effect in May 2018, one challenge for organizations that suffer a breach is knowing whether or not they must report it to authorities, says Brian Honan, president and CEO of BH Consulting in Dublin

Under GDPR, UK Data Breach Reports Quadruple

Data Breach Today

After Privacy Law Went Into Full Effect, Data Security Complaints Doubled One year after Europe's tough new GDPR privacy law went into full effect last May, authorities in Britain have seen the number of annual data breach notifications more than quadruple.

Is GDPR Compliance Tougher Than HIPAA Compliance?

Data Breach Today

Analysts: GDPR Case in Portugal Offers Lessons for U.S. Healthcare Entities An EU General Data Protection Regulation enforcement action against a hospital in Portugal demonstrates complying with GDPR may be even tougher than complying with HIPAA.

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Data Breach Today

Privacy regulators have also imposed at least $63 million in GDPR fines

Why Isn't GDPR Being Enforced?

Schneier on Security

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices. cybersecurity gdpr ireland loopholes nationalsecuritypolicy

GDPR 111

GDPR: Still Plenty of Lessons to Learn

Data Breach Today

GDPR 198

Cisco Studies Global Impact of GDPR

Data Breach Today

Cisco is out with findings from its 2019 Data Privacy Benchmark Study, which shows the impact of GDPR compliance as well as how customers are asking more questions about how their data is secured. Cisco Chief Privacy Officer Michelle Dennedy analyzes the survey

Study 210

Europe Catches GDPR Breach-Notification Fever

Data Breach Today

Privacy Law is Fast Revealing the True Extent of Data Breaches Across UK and EU Less than four months after GDPR went into enforcement, Europe has arguably entered the modern data breach era.

GDPR 247

Data Breach Reports in Europe Under GDPR Exceed 59,000

Data Breach Today

Netherlands, Germany and UK Have Logged the Most Data Breach Reports Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K.

List of free GDPR resources and templates

IT Governance

This blog was originally published before the GDPR took effect in May 2018. The EU’s GDPR (General Data Protection Regulation) requires all organisations that process EU residents’ personal data to abide by its strict terms. Conducting a data flow mapping exercise under the GDPR.

GDPR 90

15 GDPR Probes in Ireland Target Facebook, Twitter, Others

Data Breach Today

Ten of the 15 major investigations that the Data Protection Commission launched since the EU's tough new privacy law, GDPR, went into full effect in May 2018 are focused on Facebook

GDPR 233

3 GDPR compliance tips for small businesses

IT Governance

This week marks one year since the GDPR (General Data Protection Regulation) took effect, and although we’ve seen organisations take huge strides in their commitment to information security, many are still struggling to implement the necessary measures. Teach your staff about the GDPR.

Tips 76

ITALY: First GDPR fine issued!

DLA Piper Privacy Matters

The first GDPR fine was issued in Italy by the Garante for the lack of implementation of privacy security measures following a data breach on the so-called Rousseau platform operating the websites of the Movimento 5 Stelle party. The first GDPR fine issued in Italy. Uncategorized GDPR Italy Privacy

GDPR 81

Marriott Mega-Breach: Will GDPR Apply?

Data Breach Today

With GDPR in full effect since May, organizations with data security practices face the potential of massive fines Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation?

GDPR 196

Cyber resilience and the GDPR

IT Governance

Cyber resilience is referred to broadly throughout the GDPR (General Data Protection Regulation) , meaning its framework will help you achieve compliance, protect your customers and prevent disciplinary action. What the GDPR says. Cyber Resilience GDPR

GDPR 102

The GDPR: A year in review

IT Governance

A year ago this week, the GDPR (General Data Protection Regulation) took effect, promising to revolutionise information security. According to some of our experts, like Senior Consultancy Manager Nicky Whiting, many organisations have become complacent about their GDPR compliance requirements.

GDPR 70

Ten steps to a GDPR gap analysis

IT Governance

Most GDPR (General Data Protection Regulation) compliance projects start with a gap analysis. Can I use a free GDPR gap analysis tool? More concerningly, these free tools can prove troublesome for users who have limited knowledge of their compliance obligations under the GDPR.

Bestselling GDPR solutions

IT Governance

For many, 2018 will go down as the year of the GDPR (General Data Protection Regulation). The GDPR is not any less relevant in 2019. That means any slack your organisation was given in the first few months of the GDPR will be tightened. EU GDPR GDPR

GDPR 63

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Data Breach Today

Privacy Watchdog Counts 41 Daily Breach Reports Since GDPR Enforcement Began The U.K.'s

The Reasons Behind Google's GDPR Fine

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of why Google was one of the first companies to be hit with a major GDPR fine, plus a global update on GDPR compliance trends and an in-depth report on shifts in malware

GDPR 142

Kickstart your GDPR program

OpenText Information Management

The role of Data Discovery in General Data Protection Regulation (GDPR) compliance is the essential first step to building a successful GDPR program, but it’s one that many companies are struggling to take.

GDPR 76

GDPR: One Year On

Data Matters

The 25th of May, 2019 marked a year since the EU General Data Protection Regulation (“ GDPR ”) came into force. To commemorate the “first birthday” of the GDPR, the European Commission (“ Commission ”) has issued an infographic which provides some interesting statistics about these key activities during the GDPR’s first year which we discuss further below. We await to see if privacy litigation will start to develop in the GDPR’s second year.

GDPR 65

GDPR: How the definition of personal data has changed

IT Governance

On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. Let’s start with the circumstances under which the processing of personal data must meet the GDPR’s requirements. DPO as a service (GDPR).

The GDPR for the Little Guy (or Gal)

Weissman's World

What is the GDPR? The GDPR is the European Union’s General Data Protection Regulation, and as the EU’s new take on privacy protection, it took effect a month ago to much fanfare. The post The GDPR for the Little Guy (or Gal) appeared first on Holly Group. GDPR infogov

GDPR 190

GDPR fines are coming and here’s why

IT Governance

Stop us if you’ve heard this one before: organisations that fail to meet the requirements of the GDPR (General Data Protection Regulation) face fines of up to €20 million (about £17.3 That’s somewhat understandable, given that no UK organisation has yet been disciplined under the GDPR.

GDPR 89

More than half of schools not compliant with the GDPR

IT Governance

In a recent survey from edtech giant RM Learning and Trend Micro , 14% of respondents also admitted to not having a clear plan to become compliant with the GDPR (General Data Protection Regulation). Easy steps to reduce the risks and demonstrate GDPR compliance.

GDPR 79

Take your GDPR project to the next level with our compliance packages

IT Governance

For many organisations, last year’s GDPR (General Data Protection Regulation) compliance deadline was a whirlwind of privacy policy updates, data protection training courses and hours spent online researching exactly what a ‘controller’ and ‘processor’ are. EU GDPR Documentation Toolkit.

GDPR 99

Facebook Submits GDPR Breach Notification to Irish Watchdog

Data Breach Today

Report Into 50 Million Breached Accounts Is Incomplete, Privacy Watchdog Warns To comply with GDPR, Facebook has notified Ireland's data privacy watchdog about the massive breach it has suffered, resulting in 50 million accounts being exposed.

GDPR 219

Is your organisation equipped for long-term GDPR compliance?

IT Governance

Last week, the GDPR (General Data Protection Regulation) turned one year old. GDPR compliance is an ongoing process and should be embedded by design in your data protection practices. A data protection policy is an internal document that explains the GDPR’s requirements to employees.

GDPR 70

Life Under GDPR: Data Breach Cost Unknown

Data Breach Today

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International

How the ICO measures GDPR compliance

IT Governance

Whenever someone mentions the GDPR (General Data Protection Regulation) , one of the first things they discuss is the potential for huge fines that it brings. This includes the GDPR, the Freedom of Information Act and the PECR (Privacy and Electronic Communications Regulations).

GDPR 82

The GDPR: Requirements for encryption

IT Governance

Six months since the GDPR (General Data Protection Regulation) came into force, pseudonymisation and data encryption remain the only technology measures specifically mentioned in the famously technology-agnostic Regulation. BreachReady EU GDPR GDPR ISO 27001

GDPR: Is Australia Ready?

Data Breach Today

With Europe's GDPR enforcement set to take effect on May 25, Australian organizations vary in readiness. Steve Ingram of PwC says it's not too late for companies to prepare for GDPR, but it will be too late to ask regulators for forgiveness if something goes wrong

GDPR 100

The Effects of GDPR's 72-Hour Notification Rule

Schneier on Security

The EU's GDPR regulation requires companies to report a breach within 72 hours. disclosure facebook gdpr

GDPR 108

A guide to the GDPR’s EU representative requirements

IT Governance

You might have heard increased chatter recently about the need for an EU representative under the GDPR (General Data Protection Regulation). This requirement wasn’t widely discussed in the UK when the GDPR took effect, because it didn’t apply.

GDPR 89

Life Under GDPR: Sizing Up the Long-Term Costs

Data Breach Today

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International

Google fined £44 million in landmark GDPR ruling

IT Governance

Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). . The CNIL concluded that Google had violated the GDPR in two ways. Cyber Security EU GDPR

GDPR 108

Data Governance Best Practices in the GDPR Era

Data Breach Today

Matt Lock of Varonis on the Need to Have a Baseline for Data Access Behavior GDPR requires organizations to "have a governance model in terms of access and control and accountability," says Matt Lock of Varonis, who describes essential steps

GDPR Compliance: Common Misconceptions

Data Breach Today

Attorney Elizabeth Harding clears up confusion about certain provisions of the EU's General Data Protection Regulation, including the issue of when organizations need to obtain a European consumer's consent to process their data

GDPR automated decision-making and profiling: what are the requirements?

IT Governance

In addition to data subjects’ rights to be informed, of access, to rectification, to erasure, to restrict processing, to data portability and to object, the EU’s GDPR (General Data Protection Regulation) sets out requirements relating to automated individual decision-making, including profiling.

GDPR 87