Events and GDPR - Information Management Today

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Hunton Privacy

JANUARY 5, 2024

After becoming aware of the fact that a report concerning himself had been prepared, an employee of MDK sought compensation under Article 82 of the GDPR. of the GDPR (which provides that processing based on Article 9.2 (h) of the GDPR (which provides that processing based on Article 9.2 (h) Read the judgement.

GDPR

GDPR Personal data Insurance Access

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

GDPR

GDPR Personal data Risk IT

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. GDPR Compliance Starts with Data Discovery. GDPR Compliance Starts with Data Discovery. Compliance with GDPR is just a short five months away. The Privacy and Security Dichotomy.

GDPR

GDPR Compliance Data collection Privacy

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

Whereas the previous guidance set out general principles for when to impose fines under Article 83 GDPR, the new Guidelines provide a detailed five-step methodology for calculating a starting point for a fine and clarify how to determine the turnover of an undertaking in order to harmonise the approach across Member States.

GDPR

GDPR Compliance Personal data IT

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Privacy Data Privacy

List of mandatory documents required by the GDPR

IT Governance

JULY 31, 2019

The documentation of processing activities is a new legal requirement under the EU GDPR (General Data Protection Regulation). Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance with other aspects of the GDPR. Personal Data Protection Policy (Article 24).

GDPR

GDPR Data breaches Personal data Compliance

GDPR data breach notification: A quick guide

IT Governance

NOVEMBER 28, 2018

The data breach notification requirements of the EU GDPR (General Data Protection Regulation) are complicated, so it’s no surprise that many organisations aren’t sure what they’re supposed to be doing. A data breach is any event in which the confidentiality, integrity and availability of information is compromised.

Data breaches

Data breaches GDPR Personal data Compliance

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. However, the GDPR is clear that data is also vulnerable to accidental or unlawful destruction, loss or disclosure. The GDPR risk assessment methodology. Get started with vsRisk.

GDPR

GDPR Risk Compliance Personal data

European Commission Publishes Final Version of Updated Standard Contractual Clauses

Hunton Privacy

JUNE 4, 2021

On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation (“GDPR”), as well as the final version of the new standard contractual clauses (the “SCCs”).

Personal data

Personal data GDPR Government Access

GDPR – the facts and what it means for the retail sector

IT Governance

JUNE 25, 2018

We all know by now that, on 25 May 2018, the General Data Protection Regulation (GDPR) came into effect. The GDPR is not an IT issue. Despite the benefits of good data management, it was widely acknowledged that many organisations would not be GDPR-compliant on 25 May. GDPR c ompliance is not a choice .

Retail

Retail GDPR IT Compliance

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. This will allow them to be one step ahead and better organized to comply with the upcoming GDPR.

GDPR

GDPR Personal data Compliance Privacy

ITALY: Data Protection law integrating the GDPR in place

DLA Piper Privacy Matters

SEPTEMBER 10, 2018

Italian privacy law integrating the GDPR is finally in place, but a number of provisions remain unclear, but need immediate action. The Italian Privacy Code changes after the GDPR. The result is a very confusing text which inevitably cannot be 100% aligned to the GDPR and might contain mistakes.

GDPR

GDPR Privacy Compliance Marketing

European Commission Publishes Draft of New Standard Contractual Clauses

Hunton Privacy

NOVEMBER 13, 2020

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (“GDPR”), along with its draft set of new standard contractual clauses (the “SCCs”). Key Takeaways.

Personal data

Personal data GDPR Data collection Access

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

They are responding to a trend of companies moving to meet rising compliance requirements, such as PCI-DSS and GDPR. Until CyberXchange, there was no easy way for IT buyers to shop for a security product or service mapped to thousands of categories and compliance requirements. The vendors are well-intentioned.

Cybersecurity

Cybersecurity B2B Sales Compliance

Article 29 Working Party Published Guidelines on Transparency under the GDPR

Hunton Privacy

DECEMBER 20, 2017

The Guidelines aim to provide practical guidance and clarification on the transparency obligations introduced by the EU General Data Protection Regulation (“GDPR”). This means controllers that attempt to hide processing information in the middle of wider terms and conditions will be in breach of the GDPR.

GDPR

GDPR Personal data Privacy Communications

Why every librarian needs to be involved in shaping your AI Policy

CILIP

FEBRUARY 1, 2024

Specifically, the ICO states that General Data Protection Regulations (GDPR) create specific requirements around the provision of information about and the explanation of AI-assisted decisions. As a result, many organisations are operating with a significant degree of risk in the impact of AI on their compliance with GDPR.

Artificial Intelligence

Artificial Intelligence Libraries GDPR Risk

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The guide is in line with the Article 29 Working Party Guidelines on Data Protection Officers (WP 243 rev 01) , but provides additional insights and practical guidance to organizations that designate a DPO in respect of GDPR and French data protection act requirements. Be the point of contact on GDPR issues.

GDPR

GDPR Compliance Personal data Communications

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

European Commission Adopts New Standard Contractual Clauses

Data Matters

JUNE 5, 2021

The New SCCs take into account the Court of Justice of the European Union’s ( CJEU ) decision in Schrems II , requirements under the EU General Data Protection Regulation ( GDPR ), and according to the EC “address the realities faced by modern business”. However, their formulation (i.e.,

GDPR

GDPR Personal data IT Data breaches

Dutch DPA Updates Policy on Administrative Fines

Hunton Privacy

MARCH 26, 2019

The Dutch DPA divided qualifying infringements into three or four categories. It assigned each category a specific penalty bandwidth ( i.e. , a range between a minimum fine and a maximum fine), as well as a basic fine. The Policy provides insight into how the Dutch DPA will use its fining powers.

GDPR

GDPR Personal data Authentication Compliance

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

DLA Piper Privacy Matters

FEBRUARY 7, 2019

Given the potential financial exposure under GDPR, it is no surprise that a great deal of time is being spent working out how to allocate the risk and liability when negotiating commercial contracts. Before we look at limiting liability, we need to first consider how liability can arise in the first place in the context of GDPR.

GDPR

GDPR Risk Data breaches Personal data

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Therefore, we should examine each category and consider what the rules fundamentally request. These incidents will typically be measured in financial terms; however, Europe’s GDPR and the U.S. In the event of a breach, the last thing the tech team will want to do is figure out how to make a report.

Cybersecurity

Cybersecurity Compliance Risk Communications

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Countries and organizations within the European Union (EU), must comply with the requirements of the General Data Protection Regulation (GDPR) 1. 2 DLA Piper.

Personal data

Personal data GDPR Privacy Records Management

ITALY: New GDPR Guidelines from the Italian data protection authority

DLA Piper Privacy Matters

APRIL 9, 2018

Italian companies can now rely on guidelines on how to comply with the European privacy regulation (GDPR) which unvail some interesting positions. . health related data that are now incorporated in the broader “ special ” category of data) and to the processing based on automated decision making, including profiling.

GDPR

GDPR Personal data Privacy Data breaches

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. The ICO defines a personal data breach as any event that results in. What constitutes a personal data breach. When must breaches be reported?

Personal data

Personal data Data breaches Data collection GDPR

French DPA Publishes Updated Data Protection Impact Assessment Guidance

Data Matters

JANUARY 17, 2019

Under Article 64(1) of the GDPR, where a Member State data protection authority (DPA) intends to adopt a list of processing operations which require a DPIA, the DPA must submit the draft list to the EDPB. The EDPB also requested refinement of references to DPIAs in the event of employee monitoring.

GDPR

GDPR Personal data Risk Privacy

A deeper dive into the new Standard Contractual Clauses

Data Protection Report

JUNE 7, 2021

In particular, the New SCCs now helpfully provide for processor-to-processor transfers; (b) give the clauses a GDPR ‘face lift’, including to update cross references to legislation and to ensure alignment with the requirements of the GDPR; and. (c) Instead, they can provide details of the “recipients or categories of recipients”.

Personal data

Personal data GDPR Data breaches Access

Why every organisation needs data protection impact assessments

IT Governance

NOVEMBER 23, 2018

They are a useful accountability tool: the results of a DPIA will help you demonstrate that you have taken the appropriate technical and organisational measures required by the GDPR (General Data Protection Regulation). Data controllers are responsible for conducting DPIAs as required by Article 35 of the GDPR.

GDPR

GDPR Personal data Risk Marketing

Records Managers—Become the Easy, Adjustable, Reliable Tool of the Organization

ARMA International

JUNE 19, 2023

For example, if the time for a record starts when a record is created, received, or when an easy-to-define event occurs, then IT can automatically start a clock for electronic record disposition. Examples of this include “final disposition,” “resolution,” or “obsolete” event codes. This would include data.

Records Management

Records Management Compliance Privacy IT

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

Third, it creates a new category of businesses: those that voluntarily agree to be subject to the CCPA. Businesses familiar with GDPR will recognize the reference to automated decision-making, as Article 22 gives data subjects similar opt-out rights. The CPRA creates a new category of information called “sensitive personal information.”

Privacy

Privacy B2B Sales Data breaches

What is data loss and how does it work?

IT Governance

OCTOBER 6, 2020

It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’). There are several types of data loss, which can be separated into four categories. Data loss refers to the destruction of sensitive information. What causes data loss?

IT

IT Computer and Electronics Data breaches Risk

China Releases Draft Regulations on Network Data Security Management

Hunton Privacy

JANUARY 26, 2022

The definition of “data handler” under the Draft Regulations is similar to that of “data controller” in other privacy laws, such as the EU General Data Protection Regulation (“GDPR”). Data Breach.

Security

Security Data breaches Personal data Cybersecurity

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

DLA Piper Privacy Matters

JUNE 27, 2022

224 of June 9, 2022 , the Italian data protection authority found that transfers of personal data to the United States by an Italian website through the use of Google Analytics violates the GDPR. the absence of special categories of personal data and the negligent conduct undertaken. In Order No. The disputed facts.

Personal data

Personal data Analytics GDPR Privacy

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. Notably, there is no broad “legitimate interests” style lawful basis for processing, as is found in the GDPR. issue guidance and instructions in relation to the PDPL.

Personal data

Personal data Data breaches GDPR Compliance

Germany: Schrems II: And now? First German supervisory authority provides guidance on data transfers

DLA Piper Privacy Matters

AUGUST 27, 2020

According to the CJEU, the SCC in principle are still valid but must safeguard a level of protection to individuals whose personal data is transferred essentially equivalent to that guaranteed by the EU General Data Protection Regulation (“GDPR”). encryption, agreement that data will be hosted in a country where GDPR applies).

Personal data

Personal data GDPR Encryption Privacy

UK ICO Issues New Draft Data Sharing Code of Practice

Data Matters

AUGUST 9, 2019

It will therefore be important for organisations to take the guidance contained in this Draft Code, once finalized, into account, as a method of helping to demonstrate compliance with the GDPR. whistleblowing). These considerations will also apply in an M&A context (e.g.,

GDPR

GDPR Personal data Compliance Privacy

CNIL’s New Guidelines on HR Processing

HL Chronicle of Data Protection

APRIL 21, 2020

When the GDPR became effective, the CNIL’s previous set of HR Data guidelines became out of date as they did not incorporate the new law’s requirements ( e.g. obligations relating to records of processing activities and Data Protection Impact Assessments). Categories of personal data.

Personal data

Personal data GDPR Big data Compliance

FRANCE: NEW GUIDANCE FOR DATA RETENTION

DLA Piper Privacy Matters

SEPTEMBER 4, 2020

However, the Guidelines do not include the retention period applicable to each category of data processed. Organization of data retention to comply with GDPR requirements is known as one of the most burdensome and complex task to achieve. Scope of application. The CNIL’s Guidelines and Data Retention Standards are thus very welcome.

Personal data

Personal data Archiving GDPR Government

European Commission Proposes Revised Standard Contractual Clauses

Data Matters

NOVEMBER 13, 2020

In relation to special categories of personal data (e.g., The draft SCCs are intended to also satisfy the requirements of Article 28(3) of the GDPR (i.e., a Master Services Agreement), but provide that in the event of a conflict, the SCCs shall prevail.

Personal data

Personal data GDPR Privacy Compliance

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

1. Application of the GDPR. Note however that if relying on consent, this must meet the GDPR standard. Entering a marked monitored area is unlikely constitute a statement or a clear affirmative action needed for consent, unless it meets the criteria of Articles 4 and 7 of the GDPR.

Personal data

Personal data GDPR Access Marketing

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

DLA Piper Privacy Matters

OCTOBER 10, 2022

For example, the ML system could be used to determine likely trends of categories of persons to default on loan agreements through the processing of financial default information. The General Data Protection Regulation (“ GDPR ”) requires that processing of personal data be proportionate to its purpose.

Personal data

Personal data GDPR Privacy Marketing

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

DLA Piper Privacy Matters

NOVEMBER 19, 2018

the processing is listed in the CNIL’s list of categories of processing operations for which no DPIA is required in accordance with Article 35 (5) of the GDPR and after the opinion of the European Data Protection Board (the EDPB) has been received (in that respect, such list has not been established by the CNIL yet.

Data Privacy

Data Privacy IT GDPR Privacy

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

How to implement the General Data Protection Regulation (GDPR)

Webinars

Trending Sources

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

Webinars

Guest Post - Three Critical Steps for GDPR Compliance

EDPB publishes guidance on calculating GDPR fines

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

List of mandatory documents required by the GDPR

GDPR data breach notification: A quick guide

Why risk assessments are essential for GDPR compliance

European Commission Publishes Final Version of Updated Standard Contractual Clauses

GDPR – the facts and what it means for the retail sector

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

ITALY: Data Protection law integrating the GDPR in place

European Commission Publishes Draft of New Standard Contractual Clauses

California Enacts Broad Privacy Laws Modeled on GDPR

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

Article 29 Working Party Published Guidelines on Transparency under the GDPR

Why every librarian needs to be involved in shaping your AI Policy

France: The CNIL publishes a practical guide on Data Protection Officers

California Enacts Broad Privacy Protections Modeled on GDPR

European Commission Adopts New Standard Contractual Clauses

Dutch DPA Updates Policy on Administrative Fines

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

New SEC Cybersecurity Rules Could Affect Private Companies Too

The Impact of Data Protection Laws on Your Records Retention Schedule

ITALY: New GDPR Guidelines from the Italian data protection authority

When are schools required to report personal data breaches?

French DPA Publishes Updated Data Protection Impact Assessment Guidance

A deeper dive into the new Standard Contractual Clauses

Why every organisation needs data protection impact assessments

Records Managers—Become the Easy, Adjustable, Reliable Tool of the Organization

California Privacy Law Overhaul – Proposition 24 Passes

What is data loss and how does it work?

China Releases Draft Regulations on Network Data Security Management

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

UAE: Federal level data protection law enacted

Germany: Schrems II: And now? First German supervisory authority provides guidance on data transfers

UK ICO Issues New Draft Data Sharing Code of Practice

CNIL’s New Guidelines on HR Processing

FRANCE: NEW GUIDANCE FOR DATA RETENTION

European Commission Proposes Revised Standard Contractual Clauses

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

Stay Connected