GDPR - Information Management Today

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them. PIPL Compliance CCPA Compliance GDPR Compliance How to Stay Up to Date with Changing Compliance Regulations. GDPR Compliance.

GDPR

GDPR Compliance Data Privacy Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Irish Data Protection Commission Publishes Annual Report for 2022

Hunton Privacy

MARCH 7, 2023

Highlights from the Report include: During 2022, the DPC received 2,700 complaints from data subjects under the General Data Protection Regulation (“GDPR”). During 2022, the DPC received 5,828 personal data breach notifications, 5,695 of which were valid GDPR personal data breaches.

Personal data

Personal data GDPR Data breaches Compliance

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. Tusla collects and processes highly sensitive, often special category data concerning children, vulnerable women and families across Ireland. Eilis McDonald & John Magee.

GDPR

GDPR Personal data Government Paper

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

DLA Piper Privacy Matters

AUGUST 19, 2021

On 17 December 2019, the ICO issued the first administrative fine under the GDPR (known as a monetary penalty notice in the UK), alongside an Enforcement Notice, against Doorstep Disparensee Limited (“ DDL ”). Some of these contained personal data and special category (health) data.

GDPR

GDPR Personal data Compliance Risk

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. Processing special category personal data for AI bias mitigation purposes. The test will be relative and it appears lower than under the EU GDPR, although the precise approach is not set out in the response.

GDPR

GDPR Government Personal data Risk

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

GDPR

GDPR Personal data Risk IT

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

Recently, the Association of German Data Protection Authorities (“ Datenschutzkonferenz ” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. 5-Step Process.

GDPR

GDPR Personal data Privacy Manufacturing

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

Recently, the Association of German Data Protection Authorities (“ Datenschutzkonferenz ” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. 5-Step Process.

GDPR

GDPR Personal data Privacy Manufacturing

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

Whereas the previous guidance set out general principles for when to impose fines under Article 83 GDPR, the new Guidelines provide a detailed five-step methodology for calculating a starting point for a fine and clarify how to determine the turnover of an undertaking in order to harmonise the approach across Member States.

GDPR

GDPR Compliance Personal data IT

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

Hunton Privacy

MARCH 4, 2020

Article 97 of the GDPR requires the European Commission to submit, by May 25, 2020, and every four years thereafter, a report on the evaluation and review of the GDPR to the European Parliament and to the Council of the EU. In order to prepare its report, the European Commission may request information from DPAs.

GDPR

GDPR Personal data Data breaches Communications

GDPR: What’s the difference between personal data and sensitive data?

IT Governance

JULY 29, 2019

Now that the EU GDPR (General Data Protection Regulation) has been in effect for over a year, you’ve likely become acquainted with the term ‘personal data’ But what exactly does personal data mean? And did you know that the GDPR includes a sub-category of sensitive personal data that comes with its own requirements?

Personal data

Personal data GDPR Encryption Compliance

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. You can find more information about GDPR compliance on our website >> Data processing principles (Article 5).

GDPR

GDPR Personal data Privacy Access

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

Background: How to calculate GDPR fines? How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR?

GDPR

GDPR Authentication Compliance Personal data

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Privacy Data Privacy

Show-me: Spanish Data Protection laws shaken by the Supreme Court

DLA Piper Privacy Matters

SEPTEMBER 15, 2021

By the end of the 2018, the Spanish Parliament belatedly completed the framework provided by EU’s GDPR approving a new Data Protection Act. Nevertheless, it decided to go a bit farther and to analyze whether the GDPR, the Spanish law developing it and data protection rights in general could be affected.

GDPR

GDPR Privacy Government Personal data

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

The GDPR: Do you know the difference between personal data and sensitive data?

IT Governance

JULY 18, 2018

Now that the EU GDPR (General Data Protection Regulation) has been in effect for a couple of months, you’ve hopefully become acquainted with its definition of personal data: “any information relating to an identified or identifiable natural person”. GDPR training. Certified EU GDPR Practitioner Training Course. Getting consent.

Personal data

Personal data GDPR Encryption Compliance

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

HMRC forced to delete 5 million voice records after GDPR gaffe

IT Governance

MAY 9, 2019

HMRC (HM Revenue and Customs) has been told to delete more than five million people’s voice records after it was discovered that the way the information was collected breached the GDPR (General Data Protection Regulation). The organisation changed the way it obtained consent in October 2018, which the ICO says now complies with the GDPR.

GDPR

GDPR Personal data Education Passwords

GDPR – the facts and what it means for the retail sector

IT Governance

JUNE 25, 2018

We all know by now that, on 25 May 2018, the General Data Protection Regulation (GDPR) came into effect. The GDPR is not an IT issue. Despite the benefits of good data management, it was widely acknowledged that many organisations would not be GDPR-compliant on 25 May. GDPR c ompliance is not a choice .

Retail

Retail GDPR IT Compliance

GERMANY: Data Protection Authorities Issue GDPR Fining Guidelines

DLA Piper Privacy Matters

OCTOBER 24, 2019

On 16 October 2019 – after weeks of rumors and speculations – the German data protection authorities (‘DPAs’) published their guidelines (‘ Guidelines’ ) for calculating administrative fines under Article 83 General Data Protection Regulation (‘ GDPR’ ). This is used to assign the undertaking to a specific size-category. 18 GDPR (i.e.

GDPR

GDPR Compliance Personal data IT

A guide to the GDPR for insurance companies

IT Governance

MAY 30, 2018

The EU General Data Protection Regulation (GDPR) is designed to harmonise data protection laws across the EU, but certain industries will have to respond differently in order to achieve compliance. A report published by research and consultancy company Celent highlights the challenges that the GDPR presents to insurers.

Insurance

Insurance GDPR Compliance Data collection

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

CIPL Submits Comments to UK DCMS Consultation on UK Data Reform

Hunton Privacy

DECEMBER 17, 2021

Federal Trade Commission model for anonymized data into an updated UK data protection regime, rather than rely on Recital 26 of the UK GDPR ( e.g. , a practical rather than theoretical approach). supports DCMS’ proposal to incorporate a test based on the U.S. supports DCMS’ proposal to incorporate a test based on the U.S.

GDPR

GDPR B2B Risk Government

ICO issue fine of £4.4 to Interserve for security failings

DLA Piper Privacy Matters

OCTOBER 25, 2022

for violations of the GDPR (the violations were pre-Brexit). The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal data (in contravention of Articles 5(1)(f) and 32 GDPR) for a period of ~20 months. The Incident. Digest of points to note in the MPN.

Security

Security GDPR Personal data Insurance

First multi-million Euro GDPR fine: Google LLC fined €50 million under GDPR for transparency and consent infringements in relation to use of personal data for personalised ads

Data Protection Report

JANUARY 21, 2019

It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net. Retention periods were not included for some categories of data. The legal bases for ad personalisation were confusing and unclear. Reason for the size of the fine.

GDPR

GDPR Personal data Privacy Access

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

Finland: Data Protection Authority sends GDPR anniversary greetings issuing its first fines

DLA Piper Privacy Matters

MAY 25, 2020

Just as the second anniversary of the GDPR was looming close, the Data Protection Ombudsman’s collegial body, responsible for determining administrative fines in Finland, issued administrative fines against three Finnish companies for their infringements of data protection laws. THREE ADMINISTRATIVE FINES ISSUED IN FINLAND. Going forward.

GDPR

GDPR IT Personal data Privacy

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Countries and organizations within the European Union (EU), must comply with the requirements of the General Data Protection Regulation (GDPR) 1. 2 DLA Piper.

Personal data

Personal data GDPR Privacy Records Management

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

WP29 brings Binding Corporate Rules in line with the GDPR

Data Protection Report

FEBRUARY 28, 2018

In contrast to the Directive , the General Data Protection Regulation (the “ GDPR “) incorporates BCRs into legislation and sets out at Article 47 various conditions that must be met when relying on BCRs. 28 of GDPR. The updates draw attention to the following elements: Controllers. Processors. Data Protection Principles.

GDPR

GDPR Personal data Compliance IT

UK’s Draft GDPR Implementation Law: The Starting Point

HL Chronicle of Data Protection

SEPTEMBER 27, 2017

Ensuring that the GDPR, as implemented by the bill, will continue to apply to the U.K. Data Protection Act 1998, the bill replicates much of the content of the 1998 Act, particularly in relation to derogations and exemptions from the GDPR. First and foremost, the bill applies the GDPR to U.K. after Brexit. domestic law.

GDPR

GDPR Personal data Government Privacy

GDPR interview with Anne Gilliland, Scholarly Communications Officer, University of North Carolina

The Schedule

FEBRUARY 28, 2020

As part of an ongoing series on General Data Protection Regulation (GDPR) , the RMS Steering Committee virtually met up with Anne Gilliland of the University of North Carolina to ask her questions regarding GDPR and records management. What are the risks of not being in compliance with GDPR for EU researchers in the United States?

GDPR

GDPR Communications Privacy Compliance

CIPL and its GDPR Project Stakeholders Discuss DPOs and Risk under GDPR

Hunton Privacy

OCTOBER 5, 2016

In September, the Centre for Information Policy Leadership (“CIPL”) held its second GDPR Workshop in Paris as part of its two-year GDPR Implementation Project. There was a sense of shared responsibility for the successful and timely implementation of the GDPR between industry, DPAs, national governments and the EU Commission.

GDPR

GDPR Risk IT Compliance

European Commission Adopts New Standard Contractual Clauses

Data Matters

JUNE 5, 2021

The New SCCs take into account the Court of Justice of the European Union’s ( CJEU ) decision in Schrems II , requirements under the EU General Data Protection Regulation ( GDPR ), and according to the EC “address the realities faced by modern business”. However, their formulation (i.e.,

GDPR

GDPR Personal data IT Data breaches

US: Virginia passes comprehensive consumer data protection law

DLA Piper Privacy Matters

MARCH 18, 2021

The VCDPA takes effect January 1, 2023 and is a broad, multi-rights privacy law that, in some ways, resembles the CCPA, GDPR, and other recently proposed state privacy legislation. Unlike the CCPA and GDPR, the VCDPA does not provide any of these rights to individuals acting in a commercial (e.g., Enforcement.

Personal data

Personal data Sales GDPR Privacy

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

Third, it creates a new category of businesses: those that voluntarily agree to be subject to the CCPA. Businesses familiar with GDPR will recognize the reference to automated decision-making, as Article 22 gives data subjects similar opt-out rights. The CPRA creates a new category of information called “sensitive personal information.”

Privacy

Privacy B2B Sales Data breaches

Europe: New guidelines on the application and setting of fines under GDPR

DLA Piper Privacy Matters

NOVEMBER 7, 2017

Less than 6 months remain for individuals and companies to get ready for the breakthrough regulation in personal data protection envisaged by the Regulation 2016/679 of 27 April 2016 [1] (furthermore as “ GDPR “). That provides a fair overview on how should the potential fine be calculated.

GDPR

GDPR Personal data Privacy Government

Belgium: ePrivacy proposal in progress: Council agrees on its position to start off ‘trilogue’ negotiations

DLA Piper Privacy Matters

FEBRUARY 16, 2021

The Draft sets forth several modifications regarding metadata processing and subjects this category of data to specific obligations. To align with the GDPR, metadata collected for one purpose can be further processed for a compatible purpose. 6 (1)(b) GDPR added as an additional legal basis for processing metadata.

Metadata

Metadata GDPR IT Communications

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). The GDPR and CCPA take different approaches to defining the types of entities that must comply with the law.

GDPR

GDPR Privacy Personal data Sales

EUROPE: Domain names and WHOIS information in a post-GDPR world (gTLDs update)

DLA Piper Privacy Matters

JUNE 29, 2018

With the General Data Protection Regulation (GDPR) having taken effect across the EU on 25 May 2018, this has meant a big change to the availability of WHOIS data (ie data recording – among other things – the persons who own domain names). By Claire Sng (Senior Associate, London) and John Wilks (Partner, London).

GDPR

GDPR Personal data Access Compliance

GDPR compliance checklist

How to Comply with GDPR, PIPL, and CCPA

Webinars

Trending Sources

How to implement the General Data Protection Regulation (GDPR)

Webinars

Irish Data Protection Commission Publishes Annual Report for 2022

IRELAND: First GDPR fine issued in Ireland

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

German DSK Issues GDPR Fining Methodology Guidelines

German DSK Issues GDPR Fining Methodology Guidelines

EDPB publishes guidance on calculating GDPR fines

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

GDPR: What’s the difference between personal data and sensitive data?

CCTV and the GDPR – an overview for small businesses

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Show-me: Spanish Data Protection laws shaken by the Supreme Court

Security Compliance & Data Privacy Regulations

The GDPR: Do you know the difference between personal data and sensitive data?

GDPR – The Year in Review

HMRC forced to delete 5 million voice records after GDPR gaffe

GDPR – the facts and what it means for the retail sector

GERMANY: Data Protection Authorities Issue GDPR Fining Guidelines

A guide to the GDPR for insurance companies

California Enacts Broad Privacy Laws Modeled on GDPR

CIPL Submits Comments to UK DCMS Consultation on UK Data Reform

ICO issue fine of £4.4 to Interserve for security failings

First multi-million Euro GDPR fine: Google LLC fined €50 million under GDPR for transparency and consent infringements in relation to use of personal data for personalised ads

California Enacts Broad Privacy Protections Modeled on GDPR

Finland: Data Protection Authority sends GDPR anniversary greetings issuing its first fines

The Impact of Data Protection Laws on Your Records Retention Schedule

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

WP29 brings Binding Corporate Rules in line with the GDPR

UK’s Draft GDPR Implementation Law: The Starting Point

GDPR interview with Anne Gilliland, Scholarly Communications Officer, University of North Carolina

CIPL and its GDPR Project Stakeholders Discuss DPOs and Risk under GDPR

European Commission Adopts New Standard Contractual Clauses

US: Virginia passes comprehensive consumer data protection law

California Privacy Law Overhaul – Proposition 24 Passes

Europe: New guidelines on the application and setting of fines under GDPR

Belgium: ePrivacy proposal in progress: Council agrees on its position to start off ‘trilogue’ negotiations

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

EUROPE: Domain names and WHOIS information in a post-GDPR world (gTLDs update)

Stay Connected