2020 and GDPR - Information Management Today

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them. PIPL Compliance CCPA Compliance GDPR Compliance How to Stay Up to Date with Changing Compliance Regulations. GDPR Compliance.

GDPR

GDPR Compliance Data Privacy Privacy

Ireland: Non-material damages under GDPR – Irish law developments and the international approach

DLA Piper Privacy Matters

SEPTEMBER 7, 2023

Authors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR. The factors that he set out are: “Mere breach” of the GDPR is not sufficient to warrant an award of compensation.

GDPR

GDPR Data breaches Risk Personal data

CIPL Submits Response to European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to the GDPR

Hunton Privacy

DECEMBER 16, 2020

The European Commission (the “Commission”) issued its draft on November 12, 2020, updating the SCCs to align with the GDPR and taking into account the requirements of the Court of Justice of the European Union Schrems II ruling of July 16, 2020.

Personal data

Personal data GDPR Compliance Government

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

California Privacy Rights Act to Appear on November 2020 Ballot

HL Chronicle of Data Protection

JUNE 24, 2020

The California Privacy Rights Act (CPRA) has received enough valid signatures to appear on the November 2020 ballot. June 25, 2020, is the 131 st day before the next statewide general election, and the Secretary of State has announced that his office will qualify the measure on June 25, 2020. art II section 10(a).

Privacy

Privacy B2B GDPR Government

2020 in review: July to December

IT Governance

DECEMBER 23, 2020

Welcome to the second part of our cyber security review of 2020, in which we look back at the biggest stories from July to December. After six months of lockdown, the cyber security community got its first significant look at COVID-19’s effect on data protection with the release of Ponemon Institute’s Cost of a Data Breach Report 2020.

Data breaches

Data breaches Ransomware Government GDPR

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

Whereas the previous guidance set out general principles for when to impose fines under Article 83 GDPR, the new Guidelines provide a detailed five-step methodology for calculating a starting point for a fine and clarify how to determine the turnover of an undertaking in order to harmonise the approach across Member States.

GDPR

GDPR Compliance Personal data IT

European Commission Publishes Draft of New Standard Contractual Clauses

Hunton Privacy

NOVEMBER 12, 2020

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (“GDPR”) along with its draft set of new standard contractual clauses (the “New SCCs”).

GDPR

GDPR Personal data IT

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

DLA Piper Privacy Matters

AUGUST 19, 2021

On 17 December 2019, the ICO issued the first administrative fine under the GDPR (known as a monetary penalty notice in the UK), alongside an Enforcement Notice, against Doorstep Disparensee Limited (“ DDL ”).

GDPR

GDPR Personal data Compliance Risk

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Data Matters

JUNE 1, 2022

There is a lot to digest, so below is our breakdown of the top 10 key points you should know about the EU’s new rules. Gatekeepers will only be able to rely on (GDPR-grade) user consent with respect to processing data for advertising purposes. Key dates and next steps. determine the ranking of its own and third parties’ offerings.

Marketing

Marketing Computer and Electronics Communications GDPR

Hindsight is 2020. Looking back so we can move forward

Thales Cloud Protection & Licensing

FEBRUARY 11, 2020

2020 ends a decade, and the new year prompted me to think “Wow it’s been two decades since we started Vormetric.” So, in 2020 we’re looking at frontiers like the cloud and cloud native technologies (including microservices). In 2000, there was no PCI DSS, no HIPAA-HITECH, no NIST 800-53, no GDPR, or anything like them.

Cloud

Cloud Government Financial Services Access

ICO Publishes Its Accountability Framework

Hunton Privacy

SEPTEMBER 14, 2020

On September 9, 2020, the UK Information Commissioner’s Office (“ICO”) published an Accountability Framework , designed to assist organizations in complying with their accountability obligations under the EU General Data Protection Regulation (“GDPR”). Feedback may be submitted on the Framework before November 2, 2020.

IT

IT Compliance Records Management GDPR

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave.

Compliance

Compliance Risk Government Retail

French CNIL Rules EU-U.S. Data Transfers Through the Use of Analytics Cookie to be Unlawful

Hunton Privacy

FEBRUARY 10, 2022

On February 10, 2022, the French Data Protection Authority (the “CNIL”) ruled the transfer of EU personal data from the EU to the U.S. In its decision, the CNIL held that an organization using Google Analytics was in violation of the GDPR’s data transfer requirements. through the use of the Google Analytics cookie to be unlawful.

Analytics

Analytics Personal data GDPR Compliance

CIPL Submits Response to European Commission’s Article 28 Standard Contractual Clauses

Hunton Privacy

DECEMBER 15, 2020

Article 28 of the GDPR sets out specific provisions that must be executed between data controllers and processors when personal data is shared. Once finalized, the SCCs will remain optional but demonstrate the level of detail that the Commission expects to see in data processing agreements.

GDPR

GDPR Personal data IT

European Commission Releases Draft Standard Contractual Clauses for Article 28 Data Processing Agreements

Hunton Privacy

NOVEMBER 16, 2020

On November 12, 2020, somewhat in the shadow of the new standard contractual clauses for data transfers to recipients outside the European Economic Area (“EEA”), the European Commission also adopted draft standard contractual clauses to be used between controllers and processors in the EEA (“EEA Controller-Processor SCCs”).

GDPR

GDPR Personal data Data breaches Information Security

Québec’s new privacy bill: a comparison of Bill 64, PIPEDA and the GDPR

Privacy and Cybersecurity Law

JULY 9, 2020

On June 12, 2020, the Québec government proposed a significant overhaul of its current privacy laws through the introduction of the highly anticipated Bill 64, An Act to Modernize Legislative Provisions Respecting the Protection of Personal Information (“Bill”).

GDPR

GDPR Privacy Personal data Government

CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer

Hunton Privacy

AUGUST 11, 2020

On August 5, 2020, the French Data Protection Authority (the “CNIL”) announced that it has levied a fine of €250,000 on French online shoe retailer, Spartoo, for various infringements of the EU General Data Protection Regulation (“GDPR”). As part of its activities, the company operates a website that is accessible in 13 EU countries.

Retail

Retail GDPR IT Personal data

State of the Union: CCPA and Beyond in 2020

Data Protection Report

JANUARY 13, 2020

access, deletion, or opt-out) and a few companies seem to use the same tool, third party, and/or infrastructure for GDPR requests. On October 10, 2019, the California Attorney General (AG) issued for public comment the Proposed Text of Regulations to clarify components of the CCPA. email, phone, mail). Ballot Initiative.

Privacy

Privacy B2B Sales Compliance

Standard contractual clauses and data transfers after Schrems II: EDPB-EDPS Joint Opinion on Draft SCCs

DLA Piper Privacy Matters

APRIL 20, 2021

The CJEU’s long-awaited Schrems II decision of 16 July 2020, raised important questions on the validity of data processing activities involving the transfer of personal data outside the EEA. GDPR), the CJEU stated that due to their inherently contractual nature, they cannot bind the public authorities of third countries.

Personal data

Personal data GDPR Compliance Privacy

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

ARMA International

DECEMBER 26, 2019

For 2019, 34% of RIM professionals reported they had restructured their programs, with an additional 31% planning to do so into 2020. A further 32% expect to use a cloud records management platform into 2020, up substantially from 18% in 2017. Intelligent Content Services and Automation: Must-Haves for 2020 Roadmaps.

Content services

Content services Cloud Records Management Privacy

European Union Reached a Political Agreement on the Digital Markets Act

Hunton Privacy

MARCH 29, 2022

Supporting the European Parliament’s position to restrict gatekeepers from combining data across platform services, unless consent has been obtained in an explicit and clear manner in line with the EU General Data Protection Regulation (“GDPR”). The DMA imposes a set of obligations on “gatekeeper” platforms.

Marketing

Marketing GDPR Compliance Paper

Payments and Fintech: Addressing Key EU, UK and U.S. Cybersecurity Issues

Data Matters

JULY 17, 2020

July 21 & 22, 2020. Tuesday, July 21, 2020 – Register. Wednesday, July 22, 2020 – Register. Panelists will discuss: How PSD2, GDPR, GLBA, CCPA, NY SHIELD Act, and NYDFS cybersecurity regulations and the PCI framework are affecting payments and fintech. PT | 11:00 a.m. ET | 4:00 p.m. BST | 11:00 a.m.

Cybersecurity

Cybersecurity Financial Services GDPR Privacy

Automated Security and Compliance Attracts Venture Investors

eSecurity Planet

FEBRUARY 14, 2023

When Markowitz departed Portfolium after selling the company to Instructure, he teamed up with Daniel Marashalin and Troy Markowitz to launch Drata in the summer of 2020. The vision was to automate security and compliance across 14 frameworks, including SOC 2, ISO 27001, HIPAA and GDPR. Growth has definitely been robust.

Compliance

Compliance Security Cybersecurity Marketing

Analysing Data Breaches Caused by Human Error

IT Governance

DECEMBER 21, 2023

Also note that this blog only accounts for the data from 2020–2022, because these are the only years the ICO has released its full data set on. According to the ICO’s data from 2020–2022, the answer is 34% – or 33.6%, to be more exact. At the time of writing, the data set starts in Q2 2019 and goes up to Q2 2023.

Data breaches

Data breaches Personal data Government GDPR

Three Italian universities hacked by LulzSec_ITA collective

Security Affairs

FEBRUARY 13, 2020

[link] Una piccolissima parte del leak: [link] pic.twitter.com/DvrWkBxW9Z — LulzSecITA (@LulzSec_ITA) February 7, 2020. The hacktivists claim that once hacked the universities did not disclose the data breach and attempted to hide the incident, violating the European Privacy Law GDPR.

Data breaches

Data breaches GDPR Education Passwords

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The CNIL’s inspection included the insurer’s compliance with Section 5-1(e) of GDPR , which reads: Personal data shall be. (e) In 2020, the insurer’s turnover amounted to €9.3 that the failure to comply with the retention periods concerned a very large number of persons, in particular the company’s customers.

Personal data

Personal data Insurance GDPR Record destruction

The California Consumer Privacy Act: What Happened and What’s to Come

Data Matters

JANUARY 22, 2020

Moreover, the California Attorney General will finalize regulations during 2020 that are likely to expand compliance obligations and narrow flexibility. What should companies be doing to prepare for CCPA enforcement beginning on July 1, 2020? EST / 10:00-11:30 a.m. How are companies handling these uncertainties? 1:00-2:30 p.m.

Privacy

Privacy Data breaches GDPR Cybersecurity

Enel Group suffered the second ransomware attack this year

Security Affairs

OCTOBER 27, 2020

The Italian cyber security firm TG soft publicly shared the news of the attack in a tweet: 2020-10-27 #Enel colpita di nuovo da #ransomware. Questa volta è #NetWalker a colpire @EnelGroupIT a rubare 5 TB di dati. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Data breaches GDPR Compliance

European data export bonanza: revised SCCs and EDPB Schrems II guidance published

Data Protection Report

NOVEMBER 13, 2020

A feedback period on the draft documents will run until 10 December. The new SCCs aim to modernise the clauses in line with the GDPR and to cover a multitude of different types of transfers to cater for “ the complexity of modern processing chains ”. a “warrant canary”); and.

Personal data

Personal data GDPR Encryption Government

Wednesday LTNY 2020 Sessions: eDiscovery Trends

eDiscovery Daily

FEBRUARY 4, 2020

I’ve opened them all up, so you don’t have to. : o ) Sessions in the main conference tracks include: 9:00am – 10:00am: Plenary Session – Blockchain and Emerging Technology Researcher Bettina Warburg. Key takeaways: Briefing update on GDPR & CCPA. How do these data privacy laws impact social media & the IoT.

e-Discovery

e-Discovery Data Privacy Blockchain Privacy

How to protect healthcare and life-sciences data from a cyber attack pandemic

Thales Cloud Protection & Licensing

APRIL 25, 2022

Today it is estimated that there are 10 to 15 million medical devices at U.S. hospitals with an impressive average of 10 to 15 connected medical devices per patient bed. It is estimated the cost of US healthcare ransomware attacks alone at $21 billion in 2020. A pandemic of cyber attacks. But the threat is a lot more insidious.

Healthcare

Healthcare Big data Cloud Compliance

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

Tue, 12/22/2020 - 10:08. The 2020 analysis found that customer data was by far the most-commonly compromised type of record with 80% of breached organizations saying that customer PII was affected. The problem is not limited to the requirements of GDPR. Multinationals are uniquely impacted by these compliance regulations.

Data Privacy

Data Privacy Privacy Security Encryption

State of the Union: CCPA and Beyond in 2020

Data Protection Report

JANUARY 13, 2020

access, deletion, or opt-out) and a few companies seem to use the same tool, third party, and/or infrastructure for GDPR requests. On October 10, 2019, the California Attorney General (AG) issued for public comment the Proposed Text of Regulations to clarify components of the CCPA. email, phone, mail). Ballot Initiative.

Privacy

Privacy B2B Sales Compliance

EU Council Agrees on Proposed ePrivacy Regulation

Data Matters

MARCH 10, 2021

On February 10, 2021, the Council of the European Union (which includes representatives of the European Union (EU) member states, hereinafter Council) reached an agreement on the ePrivacy Regulation proposal that governs the protection of privacy and confidentiality of electronic communications services (ePrivacy Regulation).

GDPR

GDPR Metadata Communications Privacy

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Countries and organizations within the European Union (EU), must comply with the requirements of the General Data Protection Regulation (GDPR) 1. Many countries outside of the EU have created and implemented their own data protection laws that are similar to the GDPR 2. 10 California Privacy Rights Act (CPRA). Bill C-11, Sec.

Personal data

Personal data GDPR Privacy Records Management

Thursday LTNY 2020 Sessions: eDiscovery Trends

eDiscovery Daily

FEBRUARY 5, 2020

: o ) Sessions in the main conference tracks include: 9:00am – 10:00am: Cite Early! The 2019-2020 Cases That Every Practitioner Should Know. Join us for ALM’s open-to-all legendary Judicial Keynote Session as the panel discusses the cases that made (or missed) the ALM headlines in 2019-2020. Cite Often!

Information governance

Information governance Privacy Cloud Government

Universities across the UK and North America confirm cyber attack

IT Governance

JULY 28, 2020

This looks like a clear violation of the GDPR (General Data Protection Regulation) , which states that organisations must report significant breaches within 72 hours of discovery. Helping schools with the GDPR. million) or 2% of the organisation’s annual global turnover. million) or 2% of the organisation’s annual global turnover.

GDPR

GDPR Education Ransomware Data breaches

Will CCPA Be a “Dumpster Fire” for Those Trying to Comply? Here are 10 Reasons it Might Be: Data Privacy Trends

eDiscovery Daily

JULY 7, 2019

We’re less than six months away from the scheduled start of the California Consumer Privacy Act (CCPA) on January 1, 2020. In Truth on the Market ( 10 Reasons Why the California Consumer Privacy Act (CCPA) Is Going to Be a Dumpster Fire , written by Alec Stapp), real estate developer Alastair Mactaggart spent nearly $3.5

Data Privacy

Data Privacy Privacy GDPR IT

Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

DLA Piper Privacy Matters

MAY 23, 2023

For Meta, the decision has resulted in a record administrative fine of €1.2bn, an order to suspend further transfers of EEA personal data to the US within five months, and an order to cease all unlawful processing of EEA personal data transferred to the US in violation of GDPR, within six months.

Personal data

Personal data GDPR Risk Privacy

European Commission Publishes Draft of New Standard Contractual Clauses

Hunton Privacy

NOVEMBER 13, 2020

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (“GDPR”), along with its draft set of new standard contractual clauses (the “SCCs”). Key Takeaways.

Personal data

Personal data GDPR Data collection Access

New Guidance on the Revised Swiss Data Protection Act Published by the Swiss Regulator

Data Matters

MARCH 17, 2021

The revDPA will implement many of the requirements of the EU General Data Protection Regulation (GDPR) into Swiss law, although sometimes with a Swiss flourish. It sets itself apart from the GDPR not only in its brevity, but also in the sometimes different terminology it uses.”.

GDPR

GDPR Personal data Paper Privacy

Welcome to Legaltech New York 2020!: eDiscovery Trends

eDiscovery Daily

FEBRUARY 3, 2020

In just 10 years the case law around eDiscovery AI & Analytics has exploded. GDPR & CCPA are Fueling High Demand for On-Point RegTech Solutions Presented by Thomson Reuters. Key takeaways: Key updates on GDPR & CCPA. The post Welcome to Legaltech New York 2020!:

Education

Education Data Privacy GDPR Compliance

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Hunton Privacy

MARCH 25, 2020

The Report first notes that the EU General Data Protection Regulation (“GDPR”) contains necessary safeguards and rules with respect to personal data processing in a general health emergency. Accordingly, data protection considerations should not be used to hinder or limit measures authorities adopt in their fight against the pandemic.

Personal data

Personal data GDPR Risk Insurance

CNIL Publishes Standard on HR Data Processing

Hunton Privacy

APRIL 20, 2020

On April 15, 2020, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes. That Referential was adopted following a public consultation launched by the CNIL on April 11, 2019.

Personal data

Personal data GDPR Compliance Archiving

How to Comply with GDPR, PIPL, and CCPA

Ireland: Non-material damages under GDPR – Irish law developments and the international approach

Webinars

Trending Sources

CIPL Submits Response to European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to the GDPR

Webinars

California Privacy Rights Act to Appear on November 2020 Ballot

2020 in review: July to December

EDPB publishes guidance on calculating GDPR fines

European Commission Publishes Draft of New Standard Contractual Clauses

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Hindsight is 2020. Looking back so we can move forward

ICO Publishes Its Accountability Framework

Top 10 Governance, Risk and Compliance (GRC) Vendors

French CNIL Rules EU-U.S. Data Transfers Through the Use of Analytics Cookie to be Unlawful

CIPL Submits Response to European Commission’s Article 28 Standard Contractual Clauses

European Commission Releases Draft Standard Contractual Clauses for Article 28 Data Processing Agreements

Québec’s new privacy bill: a comparison of Bill 64, PIPEDA and the GDPR

CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer

State of the Union: CCPA and Beyond in 2020

Standard contractual clauses and data transfers after Schrems II: EDPB-EDPS Joint Opinion on Draft SCCs

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

European Union Reached a Political Agreement on the Digital Markets Act

Payments and Fintech: Addressing Key EU, UK and U.S. Cybersecurity Issues

Automated Security and Compliance Attracts Venture Investors

Analysing Data Breaches Caused by Human Error

Three Italian universities hacked by LulzSec_ITA collective

Over-Retention of Personal Data

The California Consumer Privacy Act: What Happened and What’s to Come

Enel Group suffered the second ransomware attack this year

European data export bonanza: revised SCCs and EDPB Schrems II guidance published

Wednesday LTNY 2020 Sessions: eDiscovery Trends

How to protect healthcare and life-sciences data from a cyber attack pandemic

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

State of the Union: CCPA and Beyond in 2020

EU Council Agrees on Proposed ePrivacy Regulation

The Impact of Data Protection Laws on Your Records Retention Schedule

Thursday LTNY 2020 Sessions: eDiscovery Trends

Universities across the UK and North America confirm cyber attack

Will CCPA Be a “Dumpster Fire” for Those Trying to Comply? Here are 10 Reasons it Might Be: Data Privacy Trends

Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

European Commission Publishes Draft of New Standard Contractual Clauses

New Guidance on the Revised Swiss Data Protection Act Published by the Swiss Regulator

Welcome to Legaltech New York 2020!: eDiscovery Trends

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

CNIL Publishes Standard on HR Data Processing

Stay Connected