2022 and GDPR - Information Management Today

Irish Data Protection Commission Publishes Annual Report for 2022

Hunton Privacy

MARCH 7, 2023

On March 7, 2023, the Irish Data Protection Commission (“DPC”) published its Annual Report for 2022 (the “Report”). Highlights from the Report include: During 2022, the DPC received 2,700 complaints from data subjects under the General Data Protection Regulation (“GDPR”).

Personal data

Personal data GDPR Data breaches Compliance

The Irish DPC fined WhatsApp €5.5M for violating GDPR

Security Affairs

JANUARY 21, 2023

by the Irish Data Protection Commission (DPC) for violating the General Data Protection Regulation (GDPR). million (for breaches of the GDPR relating to its service).” million (for breaches of the GDPR relating to its service).” The Irish Data Protection Commission (DPC) fined Meta’s WhatsApp €5.5

GDPR

GDPR Metadata Encryption Communications

Ireland: Non-material damages under GDPR – Irish law developments and the international approach

DLA Piper Privacy Matters

SEPTEMBER 7, 2023

Authors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR. The factors that he set out are: “Mere breach” of the GDPR is not sufficient to warrant an award of compensation.

GDPR

GDPR Data breaches Risk Personal data

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

International Data Protection Day 2022

DLA Piper Privacy Matters

JANUARY 28, 2022

On behalf of DLA Piper’s Global Data Protection team, we would like to wish you a happy International Data Protection Day 2022. Fully refreshed and updated for 2022 we have new jurisdictional entries that now includes Sri Lanka and the Abu Dhabi Global Market Free Zone who launched their new data protection regime last year.

GDPR

GDPR Privacy Data breaches Personal data

Data Protection in Financial Services Week 2022

Data Matters

FEBRUARY 25, 2022

– 12:30 p.m. Join us from February 28 – March 3 for DPFS Week 2022 , a series of webinars looking at the impacts of data privacy across the financial sector. How to deal with and manage the key issues for 2022, such as AI, data governance, and international transfers. – 5:30 p.m. GMT | 11:00 a.m.

Financial Services

Financial Services Privacy Data Privacy Cybersecurity

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

2022 will go down as the year where some semblance of normality returned. In total, we have so far reported more than 1,000 data breaches in 2022, with almost half a billion breached records. Meanwhile, GDPR (General Data Protection Regulation) enforcement continues apace. million) fine for twelve breaches of the GDPR.

Security

Security Data breaches Ransomware Military

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

GDPR

GDPR Personal data Risk IT

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List. Thu, 01/12/2023 - 05:54. Fasten your seatbelts and enjoy the Top 5 list of Thales webinars for 2022. Trends in Cloud Security: Key Findings from the 2022 Cloud Security Study. Stay tuned! Data Security.

Compliance

Compliance Cloud Security Financial Services

Swedish data protection authority rules against the use of Google Analytics

Security Affairs

JULY 5, 2023

GDPR rules that personal data may be transferred to a country outside the EU/EEA, if the European Commission has decided that the country adopted an adequate level of protection for personal data that corresponds to that within the EU/EEA. IMY issues an administrative fine of 12 million SEK ($1.1

Analytics

Analytics Personal data GDPR Privacy

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

On 12 May 2022 EDPB adopted Guidelines on the calculation of administrative fines (the Guidelines ). where a breach of more specific provision of GDPR breaches a wider provision as well). 1) Category of infringement under Article 83(4) – (6) GDPR. the place of the infringed provision in the GDPR framework).

GDPR

GDPR Compliance Personal data IT

EU hits Meta with $1.3 billion fine for transferring European user data to the US

Security Affairs

MAY 22, 2023

This is the biggest fine since the adoption of the General Data Protection Regulation (GDPR) by the European Union (EU) on May 25, 2018. On December 13, 2022, the European Commission launched the formal process to adopt an adequacy decision for the EU-U.S. Data Privacy Framework on December 13, 2022. The EU-U.S.

GDPR

GDPR Personal data Privacy Data Privacy

CNIL Published Guidelines on Re-Use of Personal Data by Data Processors

Hunton Privacy

JANUARY 20, 2022

On January 12, 2022, the French Data Protection Authority (the “CNIL”) published guidelines on the re-use of personal data by data processors for their own purposes (such as product improvement or the development of new products and services) under the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”).

Personal data

Personal data GDPR Encryption IT

Europe: Advocate General delivers Opinion on the right of access for purposes unrelated to data protection

DLA Piper Privacy Matters

APRIL 25, 2023

12(5) and Art. 15(3) GDPR must be interpreted as requiring a data controller to provide the data subject with a copy of his or her personal data, even where the data subject requests the copy for purposes unrelated to data protection. The German Federal Court of Justice, in its decision of 29 March 2022 (Case No. 12(5) and Art.

Access

Access GDPR Personal data IT

Sam McNicholls-Novoa on CyberComply

IT Governance

DECEMBER 20, 2023

Making compliance easy with our Cloud-based solution CyberComply is a Cloud-based, end-to-end solution that simplifies compliance with a range of cyber security and data privacy standards and laws, including ISO 27001 , the GDPR (General Data Protection Regulation), and more. The number one software for GDPR compliance.

GDPR

GDPR Compliance Data Privacy Privacy

Portuguese Data Protection Authority fines the National Institute of Statistics € 4.3 million

DLA Piper Privacy Matters

DECEMBER 15, 2022

On 2 November 2022, the Portuguese Data Protection Authority (“ CNPD ”) issued a Decision imposing a fine of € 4,300,000 (four million three hundred euros) to the National Institute of Statistics (“ INE ”) for multiple violations in the processing of data subjects’ sensitive data during the Census 2021 operation. Background.

GDPR

GDPR Personal data IT

Ireland / Europe: DPC’s Record Fine Raises Expectations on Standards Applicable for Processing Children’s Data

DLA Piper Privacy Matters

OCTOBER 17, 2022

On 2 September 2022, the DPC imposed a record €405 million GDPR fine on Instagram (Meta Platforms Ireland Limited (“ Meta IE “)) (the “ Decision ”), the second highest fine (after Luxembourg’s regulators issued a fine of €746 million last year) since the GDPR came into effect, and the largest fine to date issued by the DPC.

GDPR

GDPR Personal data Risk Compliance

UK ICO Publishes Draft Employee Monitoring Guidance for Consultation

Hunton Privacy

OCTOBER 18, 2022

On October 12, 2022, the UK Information Commissioner’s Office (“ICO”) launched a public consultation on its draft guidance on employers’ obligations when monitoring at work (“Draft Guidance”). The public consultation on the Draft Guidance and Impact Scoping Document will remain open until 5pm on January 11, 2023.

GDPR

GDPR Personal data Compliance Access

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Countries and organizations within the European Union (EU), must comply with the requirements of the General Data Protection Regulation (GDPR) 1. Many countries outside of the EU have created and implemented their own data protection laws that are similar to the GDPR 2. Accessed March 13, 2022. 12 GDPR Enforcement Tracker.

Personal data

Personal data GDPR Privacy Records Management

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Data Protection Report

MARCH 21, 2023

12-10-1 into the French Insurance code. 12-10-1 ended up having a much broader scope, as it is now to apply to all forms of cyberattacks and to many cyber-security incidents. Under the GDPR, the 72 hour time limit starts from the knowledge of a personal data breach, which may be identified days after compromise of the system.

Insurance

Insurance Data breaches Personal data GDPR

Points to note on the European Commission’s questions and answers on the Revised Standard Contractual Clauses (SCCs)

Data Protection Report

JUNE 10, 2022

On May 25 th 2022, the European Commission published a series of questions and answers on the SCCs to be used between controllers and processors within the European Economic Area ( EEA ), and the SCCs to be used for transfers to countries not considered adequate by the European Commission ( Third Countries ) (the Q&As ).

GDPR

GDPR Government Personal data Access

ISO 27001 and Physical Security

IT Governance

MAY 15, 2024

In fact, in the 2022 versions of ISO 27001 and ISO 27002, ‘physical’ is one of just four control themes. Before joining IT Governance, Matthew served in the British Army Intelligence Corps for 12 years, providing intelligence and security advice to personnel and their families in the UK and abroad. So, control 7.4

Security

Security Information Security Access Cloud

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Thales Cloud Protection & Licensing

DECEMBER 11, 2023

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification madhav Tue, 12/12/2023 - 05:21 Given the pace of data growth and the complexity of hybrid IT environments, the discovery and classification of sensitive data is no simple task.

Unstructured data

Unstructured data Cloud Data Privacy GDPR

Thales CipherTrust Data Security Platform Validated For Microsoft Azure Stack Hub and HCI

Thales Cloud Protection & Licensing

DECEMBER 7, 2022

Thu, 12/08/2022 - 07:05. Regulations such as HIPAA, GDPR, and PCI-DSS have been put in place to address data security concerns and privacy regulations to protect data. Thales CipherTrust Data Security Platform Validated For Microsoft Azure Stack Hub and HCI.

Security

Security Cloud Digital transformation Compliance

Free Expert Insights

IT Governance

MARCH 29, 2024

Alan Calder on maintaining GDPR compliance 16 February 2024 Group CEO Alan takes us through what data privacy and GDPR (General Data Protection Regulation) compliance trends he foresees in 2024. Andrew Snow on a landmark GDPR ruling 12 January 2024 The ECJ (European Court of Justice) issued a landmark GDPR ruling in December 2023.

Data Privacy

Data Privacy Compliance GDPR Privacy

Exploring Consumer Trust in a Digital World

Thales Cloud Protection & Licensing

OCTOBER 30, 2022

Mon, 10/31/2022 - 06:06. The 2022 Thales Consumer Digital Trust Index : A Consumer Confidence in Data Security Report, found that Social Media companies (18%), Government (14%), and Media & Entertainment organizations (12%) all had the lowest level of consumer trust when it comes to keeping their personal data secure.

Data breaches

Data breaches Personal data Privacy Encryption

Analysing Data Breaches Caused by Human Error

IT Governance

DECEMBER 21, 2023

Also note that this blog only accounts for the data from 2020–2022, because these are the only years the ICO has released its full data set on. According to the ICO’s data from 2020–2022, the answer is 34% – or 33.6%, to be more exact. At the time of writing, the data set starts in Q2 2019 and goes up to Q2 2023.

Data breaches

Data breaches Personal data Government GDPR

Win the connected and autonomous car race while protecting data privacy

Thales Cloud Protection & Licensing

FEBRUARY 28, 2022

Tue, 03/01/2022 - 04:49. By 2025, 115 Million vehicles will be sold with over-the-air update capabilities, almost four times as much as in 2020, and the Boston Consulting Group expect 12 million fully autonomous vehicles a year to be sold by 2035. Win the connected and autonomous car race while protecting data privacy.

Data Privacy

Data Privacy Privacy Manufacturing Digital transformation

Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process

Hunton Privacy

APRIL 25, 2022

On April 12, 2022, Colorado Attorney General Phil Weiser made remarks at the International Association of Privacy Professionals Global Privacy Summit in Washington, D.C., where he invited stakeholders to provide informal public comments on the Colorado Privacy Act (“CPA”) rulemaking.

Privacy

Privacy Personal data Sales Compliance

Spotlight On: BCS Practitioner Certificate in Data Protection

Managing Your Information

SEPTEMBER 10, 2022

Candidates will need a basic understanding of UK GDPR and the Data Protection Act 2018 and some previous experience of working within the realm of data protection. . An understanding of the key requirements of the GDPR and the UK Data Protection Act 2018 . Who is the course for? . What candidates achieve during the course .

GDPR

GDPR Information governance Compliance Paper

US: As expected, California ballot initiative passes, significantly altering the California Consumer Privacy Act

DLA Piper Privacy Matters

NOVEMBER 16, 2020

As the business community takes stock of (and impatiently waits for) 2020 election results, it should place particular significance on the passage of Proposition 24, the California Privacy Rights Act (CPRA) by about a 12 percent margin. Conversely, the CPRA places some increased, GDPR-like obligations on businesses and service providers.

Privacy

Privacy Unstructured data B2B Sales

ICO issue fine of £4.4 to Interserve for security failings

DLA Piper Privacy Matters

OCTOBER 25, 2022

On 24 October 2022, the ICO issued a penalty notice (MPN) to Interserve Group Limited (Interserve), imposing a fine of £4.4m for violations of the GDPR (the violations were pre-Brexit). In the subsequent days, the threat actor compromised 283 systems and 16 accounts (12 being privileged admin accounts) across the estate.

Security

Security GDPR Personal data Insurance

Flurry of activity in the Privacy Act review, including tougher penalties and new online privacy framework

Data Protection Report

NOVEMBER 25, 2021

Public consultation for this discussion paper is open until 10 January 2022. The OP code is expected to be commissioned, developed, registered and implemented within 12 months of the Bill becoming law. In the coming weeks, we will share with you our insights on the 217 page discussion paper. An ambitious timetable has been proposed.

Privacy

Privacy Paper Compliance Government

EDPB Publishes Guidelines on the Calculation of Administrative Fines Under the GDPR

Hunton Privacy

JUNE 10, 2022

On May 12, 2022, the European Data Protection Board (“EDPB”) adopted Guidelines 04/2022 on the calculation of administrative fines under the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). The amount of a fine is at the discretion of the SA, subject to the calculation rules laid out in the GDPR.

GDPR

GDPR Compliance Sales IT

Best SIEM Tools & Software for 2022

eSecurity Planet

AUGUST 15, 2022

Compliance resources for HIPAA, SOX, ISO, PCI, NIST, GLBA, GDPR , and CCPA. Company Product Est HQ Fortinet FortiSIEM 2000 Sunnyvale, CA LogPoint LogPoint SIEM 2001 Copenhagen, Denmark Micro Focus ArcSight Enterprise Security Manager 1976 London, UK Rapid7 Rapid7 SIEM 2000 Boston, MA Trellix SecOps and Analytics 2022 Milpitas, CA.

Analytics

Analytics Cloud Compliance Cybersecurity

State of the Union: CCPA and Beyond in 2020

Data Protection Report

JANUARY 13, 2020

access, deletion, or opt-out) and a few companies seem to use the same tool, third party, and/or infrastructure for GDPR requests. Article 8: GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019. Article 12: Back At The Negotiating Table: CCPA Amendments Debate Continues.

Privacy

Privacy B2B Sales Compliance

US: CPRA analysis: The ‘good’ and ‘bad’ news for CCPA-regulated ‘businesses’

DLA Piper Privacy Matters

MAY 11, 2020

Right to know, access and receive personal information collected before the 12-month lookback period for data collected on or after Jan. Right to data minimization, as well as providing notice to consumers about the length of time each category of personal information will be retained. Right to correct inaccurate personal information.

Privacy

Privacy Unstructured data Access Data collection

10 Top Active Directory Security Tools for 2022

eSecurity Planet

APRIL 11, 2022

Auditor for AD can be used free for two weeks on a trial basis, and the full-priced version starts at $12 per AD user. It also generates standardized compliance reports designed for several different standards, including SOX, HIPAA, GDPR, PCI DSS, and more. Ossisto Active Directory Health Profiler. Standard, offered at $595 per year.

Security

Security Passwords Access Compliance

State of the Union: CCPA and Beyond in 2020

Data Protection Report

JANUARY 13, 2020

access, deletion, or opt-out) and a few companies seem to use the same tool, third party, and/or infrastructure for GDPR requests. Typically, the same online form is used regardless of the type of request (e.g., email, phone, mail). This version has some potential surprises for companies subject to CCPA and is worth monitoring.

Privacy

Privacy B2B Sales Compliance

Belgian DPA decision on IAB Transparency and Consent Framework

DLA Piper Privacy Matters

MARCH 2, 2022

By: Heidi Waem and Verena Grentzenberg On 2 February 2022, the Belgian Data Protection Authority ( Belgian DPA ) rendered its long-awaited decision against IAB Europe with regard to the IAB Transparency and Consent Framework ( TCF ). GDPR, the Belgian DPA submitted its draft decision to the CSAs. 13 and 14 GDPR.

GDPR

GDPR Personal data IT Compliance

CNIL publishes a draft TIA guide

Data Protection Report

FEBRUARY 6, 2024

The European Data Protection Board ( EDPB ) followed up with recommendations [2] setting out its expectations on what the Schrems II decision meant for carrying out a data transfer impact assessment ( TIA ) for Article 46 GDPR instruments. When is a TIA required?

GDPR

GDPR Personal data Compliance IT

Forrester Predicts 192% ROI with Thales CipherTrust Data Security Platform

Thales Cloud Protection & Licensing

DECEMBER 5, 2022

Tue, 12/06/2022 - 06:46. In addition to the quantified benefits, the interviewed organizations reported that they encountered nonquantified benefits, including: Increased ability to meet compliance regulations like GDPR, CCPA, LGPD, PCI DSS and HIPAA. Forrester Predicts 192% ROI with Thales CipherTrust Data Security Platform.

Encryption

Encryption Security Compliance Cloud

California Privacy Protection Agency Officially Commences CPRA Rulemaking Process

Hunton Privacy

JULY 8, 2022

On July 8, 2022, the California Privacy Protection Agency Board (“CPPA Board”) began the formal rulemaking process to establish regulations promulgating the amendments made to the California Consumer Privacy Act (“CCPA”) by the California Privacy Rights Act (“CPRA”) (collectively, the “CCPA/CPRA”). Access Requests (Section 7024). Next Steps.

Privacy

Privacy Sales Compliance Access

CPRA Becomes the New Standard. Are You Ready?

Thales Cloud Protection & Licensing

NOVEMBER 30, 2020

Tue, 12/01/2020 - 07:53. It amends the California Consumer Privacy Act (CCPA) and goes into effect January 1, 2023, for all data collected starting January 1, 2022 1. With 12% of the U.S. Fortunately, CCPA, CPRA, GDPR and all the privacy standards have many of the same controls. Are You Ready?

Privacy

Privacy GDPR Compliance Data breaches

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

This article looks at the top 40 cybersecurity startups to watch in 2022 based on their innovations in new and emerging technologies, length of operation, early funding rounds, scalability, and more. Read more: Top Enterprise Network Security Tools for 2022. Also read: Top Endpoint Detection & Response (EDR) Solutions for 2022.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Irish Data Protection Commission Publishes Annual Report for 2022

The Irish DPC fined WhatsApp €5.5M for violating GDPR

Webinars

Trending Sources

Ireland: Non-material damages under GDPR – Irish law developments and the international approach

Webinars

International Data Protection Day 2022

Data Protection in Financial Services Week 2022

2022 Cyber Security Review of the Year

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Swedish data protection authority rules against the use of Google Analytics

EDPB publishes guidance on calculating GDPR fines

EU hits Meta with $1.3 billion fine for transferring European user data to the US

CNIL Published Guidelines on Re-Use of Personal Data by Data Processors

Europe: Advocate General delivers Opinion on the right of access for purposes unrelated to data protection

Sam McNicholls-Novoa on CyberComply

Portuguese Data Protection Authority fines the National Institute of Statistics € 4.3 million

Ireland / Europe: DPC’s Record Fine Raises Expectations on Standards Applicable for Processing Children’s Data

UK ICO Publishes Draft Employee Monitoring Guidance for Consultation

The Impact of Data Protection Laws on Your Records Retention Schedule

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Points to note on the European Commission’s questions and answers on the Revised Standard Contractual Clauses (SCCs)

ISO 27001 and Physical Security

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Thales CipherTrust Data Security Platform Validated For Microsoft Azure Stack Hub and HCI

Free Expert Insights

Exploring Consumer Trust in a Digital World

Analysing Data Breaches Caused by Human Error

Win the connected and autonomous car race while protecting data privacy

Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process

Spotlight On: BCS Practitioner Certificate in Data Protection

US: As expected, California ballot initiative passes, significantly altering the California Consumer Privacy Act

ICO issue fine of £4.4 to Interserve for security failings

Flurry of activity in the Privacy Act review, including tougher penalties and new online privacy framework

EDPB Publishes Guidelines on the Calculation of Administrative Fines Under the GDPR

Best SIEM Tools & Software for 2022

State of the Union: CCPA and Beyond in 2020

US: CPRA analysis: The ‘good’ and ‘bad’ news for CCPA-regulated ‘businesses’

10 Top Active Directory Security Tools for 2022

State of the Union: CCPA and Beyond in 2020

Belgian DPA decision on IAB Transparency and Consent Framework

CNIL publishes a draft TIA guide

Forrester Predicts 192% ROI with Thales CipherTrust Data Security Platform

California Privacy Protection Agency Officially Commences CPRA Rulemaking Process

CPRA Becomes the New Standard. Are You Ready?

Top Cybersecurity Startups to Watch in 2022

Stay Connected