GDPR - Information Management Today

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Hunton Privacy

JANUARY 5, 2024

After becoming aware of the fact that a report concerning himself had been prepared, an employee of MDK sought compensation under Article 82 of the GDPR. of the GDPR (which provides that processing based on Article 9.2 (h) of the GDPR (which provides that processing based on Article 9.2 (h) Read the judgement.

GDPR

GDPR Personal data Insurance Access

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them. PIPL Compliance CCPA Compliance GDPR Compliance How to Stay Up to Date with Changing Compliance Regulations. GDPR Compliance.

GDPR

GDPR Compliance Data Privacy Privacy

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Data Protection Report

JUNE 6, 2023

Whilst a significant part of the MPN is focussed on TikTok’s non compliance with the rules around processing children’s personal data, the MPN also clarifies how the ICO interprets the requirements in Article 13 of the UK GDPR more generally. Where a generic email address (e.g.

Privacy

Privacy GDPR Personal data Compliance

Irish Data Protection Commission Publishes Annual Report for 2022

Hunton Privacy

MARCH 7, 2023

Highlights from the Report include: During 2022, the DPC received 2,700 complaints from data subjects under the General Data Protection Regulation (“GDPR”). During 2022, the DPC received 5,828 personal data breach notifications, 5,695 of which were valid GDPR personal data breaches.

Personal data

Personal data GDPR Data breaches Compliance

Google fined £44 million in landmark GDPR ruling

IT Governance

JANUARY 21, 2019

Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). . It’s by far the biggest fine related to the GDPR, which took effect in May 2018 and gave regulatory bodies much stronger disciplinary powers. .

GDPR

GDPR Access Government IT

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

GDPR

GDPR Personal data Risk IT

UK ICO Publishes Guidance on Workplace Monitoring

Hunton Privacy

OCTOBER 5, 2023

On October 3, 2023, the UK Information Commissioner’s Office (“ICO”) published new Guidance on lawful monitoring in the workplace, designed to help employees comply with their obligations under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA”). Read the full Guidance here.

GDPR

GDPR Privacy

The GDPR: A guide for small businesses

IT Governance

MARCH 27, 2018

Businesses are starting to panic as they try to comply with the General Data Protection Regulation (GDPR) before the May 2018 deadline. Many even believe that the GDPR won’t apply to them because they have fewer than 250 employees. Our small business guide to the GDPR should help clarify some of the key factors affecting SMEs.

GDPR

GDPR Compliance Personal data Information Security

7 steps to highly effective GDPR compliance

IT Governance

AUGUST 21, 2019

The GDPR (General Data Protection Regulation) hasn’t exactly crept up unnoticed over the past year or so, but it’s still caught many organisations by surprise. Meanwhile, although the specifics of Brexit are still unclear, one thing is certain: whatever happens, UK-based organisations will be subject to the GDPR’s requirements.

GDPR

GDPR Compliance Personal data Access

Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context

Hunton Privacy

JANUARY 20, 2023

In anticipation of the GDPR entering into force, Meta updated its Terms of Service and asked its users to accept the new terms before continuing to access its services. In addition, the EDPB directed the DPC to conduct a separate investigation into how Facebook and Instagram process special categories of data.

GDPR

GDPR Personal data Compliance Privacy

ITALY: First GDPR fine issued!

DLA Piper Privacy Matters

MAY 8, 2019

The first GDPR fine was issued in Italy by the Garante for the lack of implementation of privacy security measures following a data breach on the so-called Rousseau platform operating the websites of the Movimento 5 Stelle party. The first GDPR fine issued in Italy. The fact of the case relating to the Rousseau platform.

GDPR

GDPR Systems administration Privacy Data breaches

GDPR: What’s the difference between personal data and sensitive data?

IT Governance

JULY 29, 2019

Now that the EU GDPR (General Data Protection Regulation) has been in effect for over a year, you’ve likely become acquainted with the term ‘personal data’ But what exactly does personal data mean? And did you know that the GDPR includes a sub-category of sensitive personal data that comes with its own requirements?

Personal data

Personal data GDPR Encryption Compliance

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

Whereas the previous guidance set out general principles for when to impose fines under Article 83 GDPR, the new Guidelines provide a detailed five-step methodology for calculating a starting point for a fine and clarify how to determine the turnover of an undertaking in order to harmonise the approach across Member States.

GDPR

GDPR Compliance Personal data IT

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. Processing special category personal data for AI bias mitigation purposes. The test will be relative and it appears lower than under the EU GDPR, although the precise approach is not set out in the response.

GDPR

GDPR Government Personal data Risk

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

Hunton Privacy

MARCH 4, 2020

Article 97 of the GDPR requires the European Commission to submit, by May 25, 2020, and every four years thereafter, a report on the evaluation and review of the GDPR to the European Parliament and to the Council of the EU. In order to prepare its report, the European Commission may request information from DPAs. Adequacy decisions.

GDPR

GDPR Personal data Data breaches Communications

List of mandatory documents required by the GDPR

IT Governance

JULY 31, 2019

The documentation of processing activities is a new legal requirement under the EU GDPR (General Data Protection Regulation). Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance with other aspects of the GDPR. Personal Data Protection Policy (Article 24).

GDPR

GDPR Data breaches Personal data Compliance

GDPR automated decision-making and profiling: what are the requirements?

IT Governance

NOVEMBER 9, 2018

In addition to data subjects’ rights to be informed, of access, to rectification, to erasure, to restrict processing, to data portability and to object, the EU’s GDPR (General Data Protection Regulation) sets out requirements relating to automated individual decision-making, including profiling. What is profiling under the GDPR?

GDPR

GDPR Personal data Financial Services Compliance

Dutch Data Protection Authority Sets GDPR Fines Structure

HL Chronicle of Data Protection

MARCH 20, 2019

On 14 March 2019, the Dutch data protection authority ( Autoriteit Persoonsgegevens , DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law implementing the GDPR (Implementation Act). To view the proposal, click here.

GDPR

GDPR Data breaches Personal data IT

Key steps to GDPR compliance – Part 3

IT Governance

DECEMBER 20, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, but some businesses are not even thinking about it yet, or are only just starting to. The EU GDPR Documentation Toolkit is a complete set of GDPR-compliant templates that are easy to use and customisable.

GDPR

GDPR Compliance Data breaches Information Security

The GDPR: Do you know the difference between personal data and sensitive data?

IT Governance

JULY 18, 2018

Now that the EU GDPR (General Data Protection Regulation) has been in effect for a couple of months, you’ve hopefully become acquainted with its definition of personal data: “any information relating to an identified or identifiable natural person”. GDPR training. Certified EU GDPR Practitioner Training Course.

Personal data

Personal data GDPR Encryption Compliance

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

IT Governance

DECEMBER 24, 2019

Doorstep Dispensaree has been fined £275,000 for failing to comply with the GDPR (General Data Protection Regulation) , making it the first organisation in the UK to be penalised for breaching its requirements. Haven’t there already been GDPR fines in the UK?

GDPR

GDPR Personal data Government Access

Belgian Privacy Commission Issues Guidance on Data Protection Impact Assessments Under the GDPR

Data Matters

APRIL 5, 2018

On 28 February 2018, the Belgian Commission for the Protection of Privacy (the “Privacy Commission”) published a recommendation setting out its approach to Data Protection Impact Assessments (“DPIAs”), and in doing so published a “White List” and a “Black List” of processing operations, pursuant to the General Data Protection Regulation (“GDPR”).

GDPR

GDPR Privacy Personal data Education

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. Today, that isn’t quite the case.

Data Privacy

Data Privacy Compliance Privacy Security

Key Steps to GDPR Compliance – Part 2

IT Governance

DECEMBER 14, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect but some businesses are not even thinking about it yet, or are only just starting to. There are special categories of data that entail stricter processing rules, such as getting explicit consent. 4) Build a data inventory.

GDPR

GDPR Compliance Personal data Risk

Europe: CJEU decision – Right of access to individual recipients of personal data

DLA Piper Privacy Matters

JANUARY 19, 2023

On 12 January 2023, the European Court of Justice (“ CJEU ”) delivered its judgment regarding the right of access to personal data under Article 15 GDPR. The CJEU held that when exercising their right of access under the GDPR, data subjects must be provided with the individual data recipients of their personal data.

Personal data

Personal data Access GDPR Privacy

How to comply with Article 30 of the GDPR

IT Governance

JUNE 21, 2018

Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. One key part of this record-keeping activity is to document the category of individuals (employees, customers, etc.) What does Article 30 require?

GDPR

GDPR Personal data Risk Cloud

How the CCPA and GDPR Are Different

KnowBe4

SEPTEMBER 10, 2019

The California Consumer Privacy Act (CCPA) was introduced just a month after the European Union instituted the General Data Protection Regulation (GDPR), earning the CCPA the nickname of “California’s GDPR.”. While the GDPR has been in effect since May of 2018, the CCPA is on track to become effective on January 1, 2020.

GDPR

GDPR Privacy Personal data Passwords

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. Any recipients or categories of recipients of the personal data. The lawful basis for the processing.

GDPR

GDPR Personal data Privacy Access

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

Background: How to calculate GDPR fines? How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR?

GDPR

GDPR Authentication Compliance Personal data

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Privacy Data Privacy

How to write a GDPR-compliant data subject access request procedure – with template

IT Governance

NOVEMBER 8, 2018

This blog was originally published before the GDPR took effect in May 2018. This blog explains how to write a GDPR-compliant DSAR (data subject access request) procedure to ensure you meet your obligations as a data controller. The categories of personal data involved. Data subject access request procedures under the GDPR.

GDPR

GDPR Access Personal data Compliance

Show-me: Spanish Data Protection laws shaken by the Supreme Court

DLA Piper Privacy Matters

SEPTEMBER 15, 2021

By the end of the 2018, the Spanish Parliament belatedly completed the framework provided by EU’s GDPR approving a new Data Protection Act. Nevertheless, it decided to go a bit farther and to analyze whether the GDPR, the Spanish law developing it and data protection rights in general could be affected.

GDPR

GDPR Privacy Government Personal data

GDPR data breach notification: A quick guide

IT Governance

NOVEMBER 28, 2018

The data breach notification requirements of the EU GDPR (General Data Protection Regulation) are complicated, so it’s no surprise that many organisations aren’t sure what they’re supposed to be doing. Data breaches can happen to any kind of information, but the GDPR is concerned only with personal data. Download the guide now.

Data breaches

Data breaches GDPR Personal data Compliance

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. However, the GDPR is clear that data is also vulnerable to accidental or unlawful destruction, loss or disclosure. The GDPR risk assessment methodology. Get started with vsRisk.

GDPR

GDPR Risk Compliance Personal data

New Dubai International Financial Centre Data Protection Law Comes into Effect

Hunton Privacy

JULY 9, 2020

The New DP Law reflects many aspects of the EU’s General Data Protection Regulation (the “GDPR”), including: Accountability Requirements: Controllers are required to put in place programs demonstrating compliance with the New DP Law, similar to the GDPR’s accountability requirements.

Personal data

Personal data GDPR Data breaches Compliance

GDPR Training in Belfast – save 10%

IT Governance

DECEMBER 18, 2017

Many organisations are struggling to fill a skills gap created by the EU General Data Protection Regulation (GDPR) and need staff with knowledge of the Regulation. For a short time, we are offering a 10% discount on GDPR courses in Belfast, so book your place before Friday 5 January 2018. EU GDPR Foundation Training Course.

GDPR

GDPR Personal data Compliance Data breaches

CNIL Publishes Initial Assessment on Blockchain and GDPR

Hunton Privacy

OCTOBER 2, 2018

Recently, the French Data Protection Authority (“CNIL”) published its initial assessment of the compatibility of blockchain technology with the EU General Data Protection Regulation (GDPR) and proposed concrete solutions for organizations wishing to use blockchain technology when implementing data processing activities.

Blockchain

Blockchain GDPR Personal data Compliance

The GDPR and the right to be forgotten

IT Governance

APRIL 30, 2018

Something that’s drawn a lot of attention in the lead up to the General Data Protection Regulation (GDPR) compliance deadline is “the right to erasure”, also known as the “right to be forgotten”. You’ll receive a complete set of documentation templates that are easy to use, customisable and GDPR-compliant. Other considerations.

GDPR

GDPR Personal data Archiving Compliance

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. Specific categories defined as personal information include.

GDPR

GDPR Privacy Sales Data breaches

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

HMRC forced to delete 5 million voice records after GDPR gaffe

IT Governance

MAY 9, 2019

HMRC (HM Revenue and Customs) has been told to delete more than five million people’s voice records after it was discovered that the way the information was collected breached the GDPR (General Data Protection Regulation). What was HMRC’s mistake? The trouble with consent. Explicit and free.

GDPR

GDPR Personal data Education Passwords

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

GDPR compliance checklist

Trending Sources

How to implement the General Data Protection Regulation (GDPR)

How to Comply with GDPR, PIPL, and CCPA

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Irish Data Protection Commission Publishes Annual Report for 2022

Google fined £44 million in landmark GDPR ruling

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

UK ICO Publishes Guidance on Workplace Monitoring

The GDPR: A guide for small businesses

7 steps to highly effective GDPR compliance

Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context

ITALY: First GDPR fine issued!

GDPR: What’s the difference between personal data and sensitive data?

EDPB publishes guidance on calculating GDPR fines

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

List of mandatory documents required by the GDPR

GDPR automated decision-making and profiling: what are the requirements?

Dutch Data Protection Authority Sets GDPR Fines Structure

Key steps to GDPR compliance – Part 3

The GDPR: Do you know the difference between personal data and sensitive data?

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

Belgian Privacy Commission Issues Guidance on Data Protection Impact Assessments Under the GDPR

Security Compliance & Data Privacy Regulations

Key Steps to GDPR Compliance – Part 2

Europe: CJEU decision – Right of access to individual recipients of personal data

How to comply with Article 30 of the GDPR

How the CCPA and GDPR Are Different

CCTV and the GDPR – an overview for small businesses

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

How to write a GDPR-compliant data subject access request procedure – with template

Show-me: Spanish Data Protection laws shaken by the Supreme Court

GDPR data breach notification: A quick guide

Why risk assessments are essential for GDPR compliance

New Dubai International Financial Centre Data Protection Law Comes into Effect

GDPR Training in Belfast – save 10%

CNIL Publishes Initial Assessment on Blockchain and GDPR

The GDPR and the right to be forgotten

California Enacts Broad Privacy Laws Modeled on GDPR

GDPR – The Year in Review

HMRC forced to delete 5 million voice records after GDPR gaffe

Stay Connected