GDPR - Information Management Today

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

Is it still necessary for data protection laws to have particular processing rules for specific types pf personal data?

Data Protector

OCTOBER 16, 2020

European laws have special rules for the processing of “sensitive data” or “special category data” regardless of the context within which the data will be processed. Some countries that have already enacted data protection laws that do not recognise the concept of special category data. Some countries include financial information.

Personal data

Personal data GDPR IT Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

This is the eighth post in a series on privacy by Andrew Pery. You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. Step 2: Record of Processing Activities.

GDPR

GDPR Compliance Data collection Privacy

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. Processing special category personal data for AI bias mitigation purposes. The test will be relative and it appears lower than under the EU GDPR, although the precise approach is not set out in the response.

GDPR

GDPR Government Personal data Risk

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

DLA Piper Privacy Matters

AUGUST 19, 2021

On 17 December 2019, the ICO issued the first administrative fine under the GDPR (known as a monetary penalty notice in the UK), alongside an Enforcement Notice, against Doorstep Disparensee Limited (“ DDL ”). Some of these contained personal data and special category (health) data.

GDPR

GDPR Personal data Compliance Risk

New Dubai International Financial Centre Data Protection Law Comes into Effect

Hunton Privacy

JULY 9, 2020

On July 1, 2020, the Dubai International Financial Centre (“DIFC”) Data Protection Law No. Data Protection Principles: The New DP Law sets out requirements for processing that are largely identical to the data protection principles under the GDPR. 5 of 2020 came into effect (“New DP Law”). The New DP Law replaces DIFC Law No.

Personal data

Personal data GDPR Data breaches Compliance

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

Hunton Privacy

MARCH 4, 2020

Article 97 of the GDPR requires the European Commission to submit, by May 25, 2020, and every four years thereafter, a report on the evaluation and review of the GDPR to the European Parliament and to the Council of the EU. In order to prepare its report, the European Commission may request information from DPAs.

GDPR

GDPR Personal data Data breaches Communications

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Thales Cloud Protection & Licensing

DECEMBER 11, 2023

ML builds on different types of models for different purposes, for example categorization to determine a document category or Named Entity Recognition (NER) to identify sensitive data across diverse locations. Figure 2 shows the category distribution by business department for all documents in a selected data store.

Unstructured data

Unstructured data Cloud Data Privacy GDPR

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Countries and organizations within the European Union (EU), must comply with the requirements of the General Data Protection Regulation (GDPR) 1.

Personal data

Personal data GDPR Privacy Records Management

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). This legislation was enacted on an extraordinarily accelerated timeframe as part of compromise with the sponsor of a comparable privacy ballot initiative, which had qualified to be placed before state voters on Election Day in November 2018.

GDPR

GDPR Privacy Sales Data breaches

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. This will allow them to be one step ahead and better organized to comply with the upcoming GDPR.

GDPR

GDPR Personal data Compliance Privacy

Article 29 Working Party Published Guidelines on Transparency under the GDPR

Hunton Privacy

DECEMBER 20, 2017

The Guidelines aim to provide practical guidance and clarification on the transparency obligations introduced by the EU General Data Protection Regulation (“GDPR”). This means controllers that attempt to hide processing information in the middle of wider terms and conditions will be in breach of the GDPR.

GDPR

GDPR Personal data Privacy Communications

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). This legislation was enacted on an extraordinarily accelerated timeframe as part of compromise with the sponsor of a comparable privacy ballot initiative, which had qualified to be placed before state voters on Election Day in November 2018.

GDPR

GDPR Privacy Sales Data breaches

US: Virginia passes comprehensive consumer data protection law

DLA Piper Privacy Matters

MARCH 18, 2021

The VCDPA takes effect January 1, 2023 and is a broad, multi-rights privacy law that, in some ways, resembles the CCPA, GDPR, and other recently proposed state privacy legislation. Unlike the CCPA and GDPR, the VCDPA does not provide any of these rights to individuals acting in a commercial (e.g., Key provisions.

Personal data

Personal data Sales GDPR Privacy

How Companies Need to Treat User Data and Manage Their Partners

Security Affairs

MAY 12, 2021

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. Vendor Assessment Process.

GDPR

GDPR Privacy Personal data Data breaches

Records Managers—Become the Easy, Adjustable, Reliable Tool of the Organization

ARMA International

JUNE 19, 2023

Records managers, compliance, finance, information technology, legal, and privacy departments are all concerned with the proper management of information. Privacy : Personal information should be limited in its collection and retention. For records managers, though, their primary focus is the proper management of information.

Records Management

Records Management Compliance Privacy IT

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

The results are in, and California voters have approved the California Privacy Rights Act (CPRA) which was listed on the ballot as Proposition 24. Even so, with these and other new requirements, the CPRA does not go as far as some consumer privacy advocates had hoped it would.

Privacy

Privacy B2B Sales Data breaches

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

A guide to data subject rights for data professionals

Collibra

JULY 15, 2020

In the world of data privacy, data subject rights are the hot topic for Chief Data Officers, Data Protection Officers, and all people who work with data right now. After months of anticipation, the newly enforced California Consumer Privacy Act (CCPA) is officially here and adding complexity to data subject rights.

Data Privacy

Data Privacy GDPR Privacy Personal data

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

DLA Piper Privacy Matters

FEBRUARY 7, 2019

Given the potential financial exposure under GDPR, it is no surprise that a great deal of time is being spent working out how to allocate the risk and liability when negotiating commercial contracts. Before we look at limiting liability, we need to first consider how liability can arise in the first place in the context of GDPR.

GDPR

GDPR Risk Data breaches Personal data

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

The Impacts of Data Loss on Your Organization

Security Affairs

JULY 3, 2023

Examples: Customer Personal Identifiable Information, transactional data, inventory records, and financial statements. Semi-Structured Data: Semi-structured data lies between the structured and unstructured categories. Some of the consequences of data loss are; Financial Loss: Financial loss can be devastating to organizations.

Unstructured data

Unstructured data Metadata Encryption Data structuring

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

DLA Piper Privacy Matters

FEBRUARY 17, 2021

Securities and Exchange Commission (“ SEC ”) confirming that SEC-regulated UK domiciled firms (“ UK Regulated Firms ”) can share personal data with the SEC when seeking to comply with regulatory obligations, in compliance with the UK GDPR. As the GDPR places restrictions on the transfer of personal data to the U.S., Background.

Personal data

Personal data GDPR Security Compliance

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

This requirement copies the strategies of previous legislation that dramatically improved financial reporting for both public and private companies. Also read: Security Compliance & Data Privacy Regulations. For the board, they must publicly disclose their financial auditing expertise and experience.

Cybersecurity

Cybersecurity Compliance Risk Communications

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. The GDPR states that this refers to anything that could lead to physical, material or non-material damage to an individual. Financial loss.

Personal data

Personal data Data breaches Data collection GDPR

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. Many of our clients ask us when and how they may be called upon to demonstrate compliance with the GDPR.

GDPR

GDPR Personal data Compliance Data breaches

A guide to data subject rights for data professionals

Collibra

JULY 15, 2020

In the world of data privacy, data subject rights are the hot topic for Chief Data Officers, Data Protection Officers, and all people who work with data right now. After months of anticipation, the newly enforced California Consumer Privacy Act (CCPA) is officially here and adding complexity to data subject rights.

Data Privacy

Data Privacy GDPR Privacy Personal data

How long do you have to report a data breach?

IT Governance

DECEMBER 13, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. This generally refers to the possibility of affected individuals facing economic or social damage, such as discrimination, reputational damage or financial losses.

Data breaches

Data breaches GDPR Personal data Compliance

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. International businesses with global privacy compliance programs should seek to expand those to cover the UAE and achieve some synergies.

Personal data

Personal data Data breaches GDPR Compliance

How to prepare for the California Consumer Privacy Act

Thales Cloud Protection & Licensing

AUGUST 15, 2019

375 the California Consumer Privacy Act (CCPA), making California the first U.S. state to pass its own data privacy law. A key variation with GDPR is the word “household” which adds more complexity to the implementation of the Act. Similar to GDPR, the CCPA excludes from its scope information that is publicly available.

Privacy

Privacy GDPR Digital transformation Sales

How long do you have to report a data breach?

IT Governance

OCTOBER 24, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. This generally refers to the possibility of affected individuals facing economic or social damage, such as discrimination, reputational damage or financial losses.

Data breaches

Data breaches GDPR Compliance Personal data

UK: New guidance on processing personal data for scientific research purposes

DLA Piper Privacy Matters

MARCH 1, 2022

Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. 6(1)(f)) and, in respect of special category data, the scientific research basis (Art. 9(2)(j)).

Personal data

Personal data GDPR Data collection Archiving

ISO 27001 and Physical Security

IT Governance

MAY 15, 2024

I’d say that the separate category just filters out those controls better. Having a separate category for those controls makes this more practical to do. In addition, you need to be aware of your privacy obligations. This guide to the GDPR and CCTV in the workplace discusses this in more detail. ] So, control 7.4

Security

Security Information Security Access Cloud

Examples of data processing activities that require a DPIA

IT Governance

JUNE 19, 2019

The GDPR (General Data Protection Regulation) requires organisations to conduct a DPIA (data protection impact assessment) whenever processing is ‘likely to result in a high risk’ to the rights and freedoms of individuals. Damage : the effects on the individual if a data breach or privacy violation occurs. What does ‘high risk’ mean?

GDPR

GDPR Personal data Risk Data breaches

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

Core elements of the GDPR: legal bases / conditions. For those organisations processing for research purposes, the Government proposes creating a new legal basis for research with safeguards, along with other proposals to clarify and consolidate the research related provisions of the UK GDPR and DPA, to help the UK’s research sector.

Government

Government FOIA GDPR Compliance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

UK ICO Releases Draft Direct Marketing Code of Practice for Public Consultation

Data Matters

FEBRUARY 10, 2020

The Draft Code is intended to update existing guidance published pre-GDPR and provide clarity on certain important issues. The ICO suggests that it is likely that all direct marketers will need to carry out a DPIA and that this will bring financial and reputable benefits and build trust with individuals. Legitimate interest.

Marketing

Marketing GDPR Personal data Communications

Government publishes consultation on post-Brexit data reforms

DLA Piper Privacy Matters

SEPTEMBER 10, 2021

amendments in relation to the processing of special category personal data necessary for the purposes of ensuring bias monitoring, detection and correction in relation to AI systems. The Consultation Paper explains that a “ key driver of unnecessary burdens on organisations is the accountability framework set out in the UK GDPR ”.

Government

Government Paper Personal data GDPR

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Rather than bringing substantial changes to the existing China data privacy framework, the PIPL helpfully consolidates and clarifies obligations on processing of personal information at a national law level. To be clear, this is not China’s own GDPR.

Data Privacy

Data Privacy Privacy Compliance Analytics

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

The Last Watchdog

JULY 27, 2020

Likewise, the COVID-19 contact tracing app developed by Apple and Google continues to evoke concerns that it will end up leveraging AI to normalize privacy invasion. AI tools are designed to put people into categories, Shashanka says. Categorizing people incorrectly, on the other hand, is a minefield of potential bad outcomes.”

IT

IT Government Artificial Intelligence Personal data

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

Data Protection Report

JUNE 29, 2018

On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to give California consumers more control over how businesses collect and use their data. Here are our ten takeaways: Covered entities. Right to be forgotten.

Privacy

Privacy GDPR Personal data Risk

California Passes Major Legislation, Expanding Consumer Privacy Rights and Legal Exposure for US and Global Companies

Data Protection Report

JUNE 29, 2018

On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to give California consumers more control over how businesses collect and use their data. Here are our ten takeaways: Covered Entities. Right to be Forgotten.

Privacy

Privacy GDPR Personal data Risk

How to Comply with GDPR, PIPL, and CCPA

Is it still necessary for data protection laws to have particular processing rules for specific types pf personal data?

Webinars

Trending Sources

Security Compliance & Data Privacy Regulations

Webinars

Guest Post - Three Critical Steps for GDPR Compliance

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

New Dubai International Financial Centre Data Protection Law Comes into Effect

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

The Impact of Data Protection Laws on Your Records Retention Schedule

California Enacts Broad Privacy Laws Modeled on GDPR

GDPR – The Year in Review

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Article 29 Working Party Published Guidelines on Transparency under the GDPR

California Enacts Broad Privacy Protections Modeled on GDPR

US: Virginia passes comprehensive consumer data protection law

How Companies Need to Treat User Data and Manage Their Partners

Records Managers—Become the Easy, Adjustable, Reliable Tool of the Organization

California Privacy Law Overhaul – Proposition 24 Passes

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

A guide to data subject rights for data professionals

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

The Privacy Officers’ New Year’s Resolutions

The Impacts of Data Loss on Your Organization

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

New SEC Cybersecurity Rules Could Affect Private Companies Too

When are schools required to report personal data breaches?

GDPR is upon us: are you ready for what comes next?

A guide to data subject rights for data professionals

How long do you have to report a data breach?

UAE: Federal level data protection law enacted

How to prepare for the California Consumer Privacy Act

How long do you have to report a data breach?

UK: New guidance on processing personal data for scientific research purposes

ISO 27001 and Physical Security

Examples of data processing activities that require a DPIA

UK Government sets out proposals to shake up UK data protection laws

The Privacy Officers’ New Year’s Resolutions

UK ICO Releases Draft Direct Marketing Code of Practice for Public Consultation

Government publishes consultation on post-Brexit data reforms

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

California Passes Major Legislation, Expanding Consumer Privacy Rights and Legal Exposure for US and Global Companies

Stay Connected