GDPR - Information Management Today

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

This is the eighth post in a series on privacy by Andrew Pery. You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. Step 2: Record of Processing Activities.

GDPR

GDPR Compliance Data collection Privacy

Belgian Privacy Commission Issues Guidance on Data Protection Impact Assessments Under the GDPR

Data Matters

APRIL 5, 2018

On 28 February 2018, the Belgian Commission for the Protection of Privacy (the “Privacy Commission”) published a recommendation setting out its approach to Data Protection Impact Assessments (“DPIAs”), and in doing so published a “White List” and a “Black List” of processing operations, pursuant to the General Data Protection Regulation (“GDPR”).

GDPR

GDPR Privacy Personal data Education

How the CCPA and GDPR Are Different

KnowBe4

SEPTEMBER 10, 2019

Sorting out the two biggest privacy regulations to hit privacy professionals in decades. The California Consumer Privacy Act (CCPA) was introduced just a month after the European Union instituted the General Data Protection Regulation (GDPR), earning the CCPA the nickname of “California’s GDPR.”. Who Is Regulated?

GDPR

GDPR Privacy Personal data Passwords

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

DLA Piper Privacy Matters

AUGUST 19, 2021

On 17 December 2019, the ICO issued the first administrative fine under the GDPR (known as a monetary penalty notice in the UK), alongside an Enforcement Notice, against Doorstep Disparensee Limited (“ DDL ”). Some of these contained personal data and special category (health) data.

GDPR

GDPR Personal data Compliance Risk

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. You can find more information about GDPR compliance on our website >> Data processing principles (Article 5).

GDPR

GDPR Personal data Privacy Access

ICO Publishes Draft New Guidance on PETs

Data Matters

OCTOBER 6, 2022

On 7 September 2022, the Information Commissioner’s Office (“ ICO ”) published draft guidance (“ Guidance ”) on privacy-enhancing technologies (“ PETs ”). It is hoped that the Guidance will help organizations have the confidence to utilize PETs to develop innovative applications without compromising on privacy concerns, or trust.

GDPR

GDPR Privacy Encryption Compliance

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). This legislation was enacted on an extraordinarily accelerated timeframe as part of compromise with the sponsor of a comparable privacy ballot initiative, which had qualified to be placed before state voters on Election Day in November 2018.

GDPR

GDPR Privacy Sales Data breaches

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. However, the GDPR is clear that data is also vulnerable to accidental or unlawful destruction, loss or disclosure. The GDPR risk assessment methodology. Get started with vsRisk.

GDPR

GDPR Risk Compliance Personal data

Italy: Privacy law integrating the GDPR adopted, what to do?

DLA Piper Privacy Matters

MAY 14, 2018

The Italian privacy law integrating the GDPR has been finalized by the Board of Ministers, unveiling unexpected surprises a few days before the 25th of May 2018. Below are my top 5 derogations to the GDPR provided by the Italian privacy law: 1. Criminal sanctions for privacy breaches confirmed.

GDPR

GDPR Privacy Systems administration Compliance

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Thales Cloud Protection & Licensing

DECEMBER 11, 2023

ML builds on different types of models for different purposes, for example categorization to determine a document category or Named Entity Recognition (NER) to identify sensitive data across diverse locations. Figure 2 shows the category distribution by business department for all documents in a selected data store.

Unstructured data

Unstructured data Cloud Data Privacy GDPR

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

Data Matters

AUGUST 9, 2021

In recent weeks, Connecticut passed An Act Concerning Data Privacy Breaches (“The Act”), and the Uniform Law Commission approved and recommended the Uniform Personal Data Protection Act (“UPDPA”). Connecticut: An Act Concerning Data Privacy Breaches.

Data breaches

Data breaches Privacy Personal data Data Privacy

ICO Issues Data Protection and Coronavirus Guidance

Data Matters

MARCH 12, 2020

The ICO has also published advice for health care practitioners. The statement also seeks to address certain specific questions: Collection of health data: The ICO is clear that whilst employers have an obligation to protect an employee’s health, this doesn’t provide an unlimited ability to collect excessive volumes of information.

GDPR

GDPR Communications Privacy Government

GDPR Italian Implementing Decree Has Been Published

HL Chronicle of Data Protection

SEPTEMBER 14, 2018

101 of 10 August 2018 (the “Decree”) for the national implementation of General Data Protection Regulation (EU) 2016/679 (the “GDPR”) has been published in the Official Journal. The provisions of the Privacy Code adopted to implement the e-Privacy Directive will of course remain in force.

GDPR

GDPR Personal data Privacy Communications

UK: ICO ISSUES NEW GUIDANCE ON COVID-19 TESTING AND MONITORING IN THE WORKPLACE

DLA Piper Privacy Matters

MAY 13, 2020

The Information Commissioner’s Office (“ ICO ”) has published guidance for employers on complying with data protection law when taking steps to manage Covid-19 health and safety risk in the workplace (“ Guidance ”). Clearly, many physical health and safety measures that employers can adopt will not require the collection of personal data.

GDPR

GDPR Personal data Risk Privacy

Finland: Data Protection Authority sends GDPR anniversary greetings issuing its first fines

DLA Piper Privacy Matters

MAY 25, 2020

Just as the second anniversary of the GDPR was looming close, the Data Protection Ombudsman’s collegial body, responsible for determining administrative fines in Finland, issued administrative fines against three Finnish companies for their infringements of data protection laws. THREE ADMINISTRATIVE FINES ISSUED IN FINLAND.

GDPR

GDPR IT Personal data Privacy

ITALY: Data Protection law integrating the GDPR in place

DLA Piper Privacy Matters

SEPTEMBER 10, 2018

Italian privacy law integrating the GDPR is finally in place, but a number of provisions remain unclear, but need immediate action. The Italian Privacy Code changes after the GDPR. The result is a very confusing text which inevitably cannot be 100% aligned to the GDPR and might contain mistakes.

GDPR

GDPR Privacy Compliance Marketing

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). This legislation was enacted on an extraordinarily accelerated timeframe as part of compromise with the sponsor of a comparable privacy ballot initiative, which had qualified to be placed before state voters on Election Day in November 2018.

GDPR

GDPR Privacy Sales Data breaches

EU: EU Data Protection : COVID-19

DLA Piper Privacy Matters

MARCH 19, 2020

Organisations are looking to adopt measures that support business continuity, whilst appropriately protecting the health and safety of workers, customers etc and complying with wider public health initiatives. Application of the GDPR. sharing information with public health authorities.

GDPR

GDPR Personal data Compliance Privacy

GDPR – the facts and what it means for the retail sector

IT Governance

JUNE 25, 2018

We all know by now that, on 25 May 2018, the General Data Protection Regulation (GDPR) came into effect. The GDPR is not an IT issue. Despite the benefits of good data management, it was widely acknowledged that many organisations would not be GDPR-compliant on 25 May. GDPR c ompliance is not a choice .

Retail

Retail GDPR IT Compliance

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Countries and organizations within the European Union (EU), must comply with the requirements of the General Data Protection Regulation (GDPR) 1. Conclusion.

Personal data

Personal data GDPR Privacy Records Management

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

The results are in, and California voters have approved the California Privacy Rights Act (CPRA) which was listed on the ballot as Proposition 24. Even so, with these and other new requirements, the CPRA does not go as far as some consumer privacy advocates had hoped it would.

Privacy

Privacy B2B Sales Data breaches

UK Information Commissioner’s Office Publishes Final Guidance On Employee Monitoring

Data Protection Report

OCTOBER 12, 2023

Where looking to deploy monitoring of remote workers in their homes, employers should take into account that workers have a greater expectation of privacy at home than in the office. The ICO highlights, by way of example, its view that using systems to monitor the content of emails will require the processing of special category data.

GDPR

GDPR Mining Risk Privacy

The key elements of data flow mapping under the EU GDPR

IT Governance

FEBRUARY 15, 2018

With only a few months until the EU General Data Protection Regulation (GDPR) comes into effect, it is vital that your organisation is compliant. One requirement of the Regulation is that organisations map their data flows to assess their privacy risks. To effectively map data, you need to be able to identify its key elements.

GDPR

GDPR Personal data Paper Cloud

French DPA Publishes Updated Data Protection Impact Assessment Guidance

Data Matters

JANUARY 17, 2019

health data) on a large scale or personal data relating to criminal convictions, or (iii) engage in a systematic monitoring of a publically accessible area on a large scale. The CNIL’s list was been submitted to the European Data Protection Board (EDPB) for approval.

GDPR

GDPR Personal data Risk Privacy

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. The GDPR states that this refers to anything that could lead to physical, material or non-material damage to an individual.

Personal data

Personal data Data breaches Data collection GDPR

ITALY: New GDPR Guidelines from the Italian data protection authority

DLA Piper Privacy Matters

APRIL 9, 2018

Italian companies can now rely on guidelines on how to comply with the European privacy regulation (GDPR) which unvail some interesting positions. . health related data that are now incorporated in the broader “ special ” category of data) and to the processing based on automated decision making, including profiling.

GDPR

GDPR Personal data Privacy Data breaches

How Companies Need to Treat User Data and Manage Their Partners

Security Affairs

MAY 12, 2021

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. Vendor Assessment Process.

GDPR

GDPR Privacy Personal data Data breaches

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The guide is in line with the Article 29 Working Party Guidelines on Data Protection Officers (WP 243 rev 01) , but provides additional insights and practical guidance to organizations that designate a DPO in respect of GDPR and French data protection act requirements. Be the point of contact on GDPR issues.

GDPR

GDPR Compliance Personal data Communications

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. International businesses with global privacy compliance programs should seek to expand those to cover the UAE and achieve some synergies.

Personal data

Personal data Data breaches GDPR Compliance

What IG Professionals Should Know About the Internet of Bodies

ARMA International

FEBRUARY 21, 2020

Workplace safety, health monitoring, and convenience top the list of benefits. The devices can monitor, analyze, and alert to dangers in the workplace and can aid in health awareness and enhancement. In the ingestibles category are Bluetooth electronic pills that monitor the inner workings of the human body.

Computer and Electronics

Computer and Electronics Privacy Artificial Intelligence IoT

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Late last year, Atrium Health disclosed it lost sensitive data for some 2.65 Related: Atrium Health breach highlights third-party risks. Privacy Shield , as well as the new EU privacy rules known as General Data Protection Regulation or GDPR.

Risk

Risk Financial Services Insurance Cybersecurity

The Netherlands: Health sector once again on the radar of DPA

DLA Piper Privacy Matters

DECEMBER 14, 2018

The Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , “ Dutch DPA “) previously stated that it shall focus its enforcement actions on the public and health sector, and seems to act upon its words. The GDPR (Article 24 par.

GDPR

GDPR Personal data Insurance Privacy

ICO Warns of Increased Focus on Adtech

Hunton Privacy

JULY 1, 2019

The report focuses on whether and how organizations in the adtech sector can comply with the EU General Data Protection Regulation (“GDPR”) and the UK’s implementation of the e-Privacy Directive, known as the Privacy and Electronic Communications Regulations (“PECR”).

GDPR

GDPR Personal data Privacy Communications

UK: New guidance on processing personal data for scientific research purposes

DLA Piper Privacy Matters

MARCH 1, 2022

Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. 6(1)(f)) and, in respect of special category data, the scientific research basis (Art. 9(2)(j)).

Personal data

Personal data GDPR Data collection Archiving

EU: Europe’s toolbox for building compliant Corona tracking apps

DLA Piper Privacy Matters

APRIL 27, 2020

mobile phone), and (ii) backend server solution held by the public health authorities. Indeed, taking into account the fact that the infection transmission chains do not stop at national or regional borders, national health authorities should be technically able to exchange information about infected or exposed individuals.

Personal data

Personal data Privacy Cybersecurity Access

Government publishes consultation on post-Brexit data reforms

DLA Piper Privacy Matters

SEPTEMBER 10, 2021

amendments in relation to the processing of special category personal data necessary for the purposes of ensuring bias monitoring, detection and correction in relation to AI systems. The Consultation Paper explains that a “ key driver of unnecessary burdens on organisations is the accountability framework set out in the UK GDPR ”.

Government

Government Paper Personal data GDPR

BELGIUM: Belgian DPA reveals its strategy for the next 5 years.

DLA Piper Privacy Matters

FEBRUARY 11, 2020

It will focus its attention on specific industry sectors as well as on specific GDPR topics and societal themes. The DPA will be especially focussing on enhancing GDPR compliance in the following industry sectors: Telecom and media sector , due to the large amount of data they process. 3 GDPR TOPICS OF PARTICULAR ATTENTION.

IT

IT GDPR Compliance Personal data

Why every organisation needs data protection impact assessments

IT Governance

NOVEMBER 23, 2018

They are a useful accountability tool: the results of a DPIA will help you demonstrate that you have taken the appropriate technical and organisational measures required by the GDPR (General Data Protection Regulation). Data controllers are responsible for conducting DPIAs as required by Article 35 of the GDPR.

GDPR

GDPR Personal data Risk Marketing

Germany: ECJ ruling on employee data protection

DLA Piper Privacy Matters

MARCH 31, 2023

88 of the General Data Protection Regulation (GDPR). 88 GDPR, national legislators have a wide scope for legislation regarding the processing of personal employment data in the context of employees and may create their own legal bases in this respect. 6, 88 (1) and 5 GDPR and not a more specific provision as required by Art.

GDPR

GDPR Personal data IT Privacy

UK ICO Publishes First Two Reports from its Data Protection Sandbox Pilot

Hunton Privacy

JULY 28, 2020

Key takeaways from each report are outlined below: Jisc—Wellbeing Code of Practice: Jisc has developed a Wellbeing Code of Practice (“Code of Practice”) with universities and colleges who want to investigate the use of student activity data to improve the provision of student support services, including those related to mental health wellbeing.

IT

IT GDPR Personal data Compliance

GDPR compliance checklist

How to Comply with GDPR, PIPL, and CCPA

Trending Sources

How to implement the General Data Protection Regulation (GDPR)

Security Compliance & Data Privacy Regulations

Guest Post - Three Critical Steps for GDPR Compliance

Belgian Privacy Commission Issues Guidance on Data Protection Impact Assessments Under the GDPR

How the CCPA and GDPR Are Different

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

CCTV and the GDPR – an overview for small businesses

ICO Publishes Draft New Guidance on PETs

California Enacts Broad Privacy Laws Modeled on GDPR

Why risk assessments are essential for GDPR compliance

Italy: Privacy law integrating the GDPR adopted, what to do?

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

ICO Issues Data Protection and Coronavirus Guidance

GDPR Italian Implementing Decree Has Been Published

UK: ICO ISSUES NEW GUIDANCE ON COVID-19 TESTING AND MONITORING IN THE WORKPLACE

Finland: Data Protection Authority sends GDPR anniversary greetings issuing its first fines

ITALY: Data Protection law integrating the GDPR in place

California Enacts Broad Privacy Protections Modeled on GDPR

EU: EU Data Protection : COVID-19

GDPR – the facts and what it means for the retail sector

The Impact of Data Protection Laws on Your Records Retention Schedule

California Privacy Law Overhaul – Proposition 24 Passes

UK Information Commissioner’s Office Publishes Final Guidance On Employee Monitoring

The key elements of data flow mapping under the EU GDPR

French DPA Publishes Updated Data Protection Impact Assessment Guidance

When are schools required to report personal data breaches?

ITALY: New GDPR Guidelines from the Italian data protection authority

How Companies Need to Treat User Data and Manage Their Partners

France: The CNIL publishes a practical guide on Data Protection Officers

UAE: Federal level data protection law enacted

What IG Professionals Should Know About the Internet of Bodies

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Netherlands: Health sector once again on the radar of DPA

ICO Warns of Increased Focus on Adtech

UK: New guidance on processing personal data for scientific research purposes

EU: Europe’s toolbox for building compliant Corona tracking apps

Government publishes consultation on post-Brexit data reforms

BELGIUM: Belgian DPA reveals its strategy for the next 5 years.

Why every organisation needs data protection impact assessments

Germany: ECJ ruling on employee data protection

UK ICO Publishes First Two Reports from its Data Protection Sandbox Pilot

Stay Connected