IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. You can find more information about GDPR compliance on our website >> Data processing principles (Article 5).

GDPR 94

GDPR Personal data Privacy Access 94

IT Governance

OCTOBER 15, 2019

Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. However, the GDPR is clear that data is also vulnerable to accidental or unlawful destruction, loss or disclosure. The GDPR risk assessment methodology. Get started with vsRisk.

GDPR 67

GDPR Risk Compliance Personal data 67

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR Compliance Starts with Data Discovery.

GDPR 83

GDPR Compliance Privacy Data Privacy 83

IT Governance

AUGUST 2, 2019

If you think that charities might be shown lenience under the GDPR (General Data Protection Regulation) , you’re wrong. This is a lesson that the transgender advocacy charity Mermaids learned recently , after it accidentally made internal emails containing confidential client information available online. GDPR exemptions for charities.

GDPR 47

GDPR Compliance Personal data Risk 47

Hunton Privacy

OCTOBER 2, 2018

Recently, the French Data Protection Authority (“CNIL”) published its initial assessment of the compatibility of blockchain technology with the EU General Data Protection Regulation (GDPR) and proposed concrete solutions for organizations wishing to use blockchain technology when implementing data processing activities. What is a Blockchain?

Blockchain 101

Blockchain GDPR Personal data Compliance 101

IT Governance

APRIL 27, 2018

General Data Protection Regulation (GDPR) compliance should be a priority and high on every organisation’s agenda with less than two months until the regulation comes into effect on 25 May 2018. In order to become GDPR-complaint, an organisation will need to conduct a data inventory and data flow audit. The Data Flow Mapping Tool.

GDPR 41

GDPR Compliance Personal data Information Security 41

IT Governance

APRIL 18, 2023

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur. What is data minimisation?

GDPR 132

GDPR Personal data Data breaches Marketing 132

IT Governance

OCTOBER 21, 2021

Cyber security roles are often technical and require knowledge of the threat landscape, detection/monitoring, technical protection, risk management and cyber incident response. Information security is a broader category that protects all information assets, whether in hard copy or digital form.

Security 111

Security Information Security GDPR Data Privacy 111

Hunton Privacy

JULY 9, 2020

The New DP Law reflects many aspects of the EU’s General Data Protection Regulation (the “GDPR”), including: Accountability Requirements: Controllers are required to put in place programs demonstrating compliance with the New DP Law, similar to the GDPR’s accountability requirements.

Personal data 127

Personal data GDPR Data breaches Compliance 127

The Last Watchdog

OCTOBER 19, 2020

For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer. They are responding to a trend of companies moving to meet rising compliance requirements, such as PCI-DSS and GDPR.

Cybersecurity 235

Cybersecurity B2B Sales Compliance 235

IT Governance

JANUARY 1, 2019

The stakes were raised with the enforcement of the EU GDPR (General Data Protection Regulation) in May 2018. It demands adequate security measures and has been widely publicised, as it has the potential to levy large fines against non-compliant organisations. GDPR Data Breach Support Service. DPO as a service (GDPR).

Data breaches 109

Data breaches GDPR Information Security Risk 109

Hunton Privacy

APRIL 4, 2023

On April 4, 2023, the data protection regulator of the UK, the Information Commissioner’s Office (ICO), issued a fine of a £12.7 million to TikTok Information Technologies UK Limited and TikTok Inc (together, “TikTok”) for a number of breaches of UK data protection law, including failing to use children’s personal data lawfully.

Personal data 105

Personal data GDPR IT Information Security 105

Hunton Privacy

SEPTEMBER 25, 2023

These four risks are: The definition of “sensitive information” under the UK Extension does not specify all the categories listed in Article 9 of the UK GDPR but instead specifies “ […] any other information received from a third party that is identified and treated by that party as sensitive.”

GDPR 67

GDPR Personal data Risk Data Privacy 67

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. This will allow them to be one step ahead and better organized to comply with the upcoming GDPR.

GDPR 75

GDPR Personal data Compliance Privacy 75

Hunton Privacy

DECEMBER 15, 2017

Recently, the EU’s Article 29 Working Party (the “Working Party”) adopted guidelines (the “Guidance”) on the meaning of consent under the EU General Data Protection Regulation (“GDPR”). The Guidance provides further detail on what is necessary to ensure that consent satisfies the requirements of the GDPR: Freely given.

GDPR 63

GDPR Personal data Risk Compliance 63

Hunton Privacy

NOVEMBER 19, 2020

CIPL’s key recommendations include: Legitimate Interest : Adding a legitimate interest processing ground within the PIPL; Compatible Processing : Clarifying that organizations can process personal information for compatible purposes in reliance on the original ground for processing; Children’s Data : Enabling a risk-based approach for organizations (..)

GDPR 126

GDPR Privacy Risk Government 126

Hunton Privacy

JULY 7, 2017

The Belgian Privacy Commission (the “Belgian DPA”) recently released a Recommendation (in French and Dutch ) regarding the requirement to maintain internal records of data processing activities (the “Recommendation”) pursuant to Article 30 of the EU General Data Protection Regulation (“GDPR”). Aim of such requirement.

GDPR 58

GDPR Privacy Personal data Data breaches 58

Hunton Privacy

DECEMBER 20, 2017

The Guidelines aim to provide practical guidance and clarification on the transparency obligations introduced by the EU General Data Protection Regulation (“GDPR”). The transparency obligations require controllers to provide certain information to data subjects regarding the processing of their personal data.

GDPR 62

GDPR Personal data Privacy Communications 62

IT Governance

OCTOBER 8, 2018

The stakes were raised with the introduction of the EU GDPR (General Data Protection Regulation) in May 2018. This blog summarises six tools that are essential for helping you comply with the GDPR, focusing specifically on the prevention of and response to security incidents. DPO as a service (GDPR). Penetration testing.

Data breaches 109

Data breaches GDPR Information Security Risk 109

IT Governance

DECEMBER 13, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. Most breaches fit into this category, but not all of them. This will depend on the information that was compromised. Originally published 24 October 2018.

Data breaches 110

Data breaches GDPR Personal data Compliance 110

IT Governance

MAY 15, 2024

Physical access control, physical security monitoring, CCTV, and more When we hear the term ‘information security’ – or, for that matter, ‘ISO 27001’ – our thoughts usually turn straight to cyber security. However, physical security is also an important aspect of information and data security.

Security 52

Security Information Security Access Cloud 52

IT Governance

SEPTEMBER 20, 2018

Small organisations often try to claim exemption from the EU’s GDPR (General Data Protection Regulation) based on their size. Process special categories of data on a large scale. There will be plenty of SMEs (small and medium-sized enterprises) that don’t fit into any of these categories, so they aren’t required to appoint a DPO.

GDPR 72

GDPR Compliance Communications Privacy 72

IT Governance

OCTOBER 24, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. Most breaches fit into this category, but not all of them. This will depend on the information that was compromised. Are you ready for a breach?

Data breaches 110

Data breaches GDPR Compliance Personal data 110

Hunton Privacy

MARCH 26, 2019

The Dutch DPA divided qualifying infringements into three or four categories. It assigned each category a specific penalty bandwidth ( i.e. , a range between a minimum fine and a maximum fine), as well as a basic fine. The Policy provides insight into how the Dutch DPA will use its fining powers.

GDPR 55

GDPR Personal data Authentication Compliance 55

Hunton Privacy

APRIL 19, 2021

If the adequacy decision is adopted, transfers of personal data from the EU to the UK may continue following the end of the post-Brexit transition period without the implementation of a data transfer mechanism under the EU General Data Protection Regulation (“GDPR”), such as Standard Contractual Clauses.

GDPR 81

GDPR Personal data Access Security 81

IT Governance

FEBRUARY 19, 2019

Buckinghamshire-based housing developer Magnacrest has been fined for failing to respond to DSARs (data subject access requests) , giving organisations a fresh reminder of the importance of the public’s legal rights to review the information that’s processed about them. The categories of personal data involved.

Access 83

Access GDPR Personal data Compliance 83

DLA Piper Privacy Matters

OCTOBER 25, 2022

for violations of the GDPR (the violations were pre-Brexit). The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal data (in contravention of Articles 5(1)(f) and 32 GDPR) for a period of ~20 months. The Incident. Digest of points to note in the MPN.

Security 52

Security GDPR Personal data Insurance 52

Hunton Privacy

OCTOBER 25, 2022

On October 24, 2022, the UK Information Commissioner’s Office (“ICO”) issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the EU General Data Protection Regulation (“GDPR”), during the period of March 2019 to December 2020.

Security 97

Security Personal data GDPR Insurance 97

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. Many of our clients ask us when and how they may be called upon to demonstrate compliance with the GDPR.

GDPR 40

GDPR Personal data Compliance Data breaches 40

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The guide is in line with the Article 29 Working Party Guidelines on Data Protection Officers (WP 243 rev 01) , but provides additional insights and practical guidance to organizations that designate a DPO in respect of GDPR and French data protection act requirements. Be the point of contact on GDPR issues.

GDPR 116

GDPR Compliance Personal data Communications 116

IT Governance

SEPTEMBER 25, 2018

This is the window given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents. This will be your DPO (data protection officer) if you have one, or whoever handles information security. The first 72 hours after you identify a data breach are crucial.

Data breaches 97

Data breaches GDPR Information Security Personal data 97

Data Matters

MARCH 12, 2020

If, after taking these measures, an organisation still needs to collect specific health data, the ICO confirms that ongoing data minimisation and information security to protect this sensitive category of data will be paramount.

GDPR 83

GDPR Communications Privacy Government 83

Security Affairs

MAY 12, 2021

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers.

GDPR 82

GDPR Privacy Personal data Data breaches 82

Data Protection Report

JULY 9, 2018

states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections provided by Europe’s newly enacted General Data Protection Regulation (“GDPR”). See our previous blog posts on GDPR here and here. Several U.S. Below are the key takeaways from U.S.

GDPR 40

GDPR Data breaches Personal data Insurance 40

Data Matters

NOVEMBER 4, 2020

Third, it creates a new category of businesses: those that voluntarily agree to be subject to the CCPA. Entities must annually buy sell, or share personal information of 100,000 consumers, not 50,000 as under the CCPA, to qualify as a business under the second prong of the test. New Rights for Sensitive Personal Information.

Privacy 122

Privacy B2B Sales Data breaches 122

IT Governance

FEBRUARY 19, 2019

To avoid the disruption caused by not meeting this deadline, organisations need to be aware of the changes that the DSP Toolkit brings compared to its predecessor, the IG (Information Governance) Toolkit. Ask a healthcare expert >> Data security standards and the GDPR. Unsure if you need to comply? Staff awareness.

GDPR 68

GDPR Compliance Government Information Security 68

Managing Your Information

SEPTEMBER 10, 2022

Candidates will need a basic understanding of UK GDPR and the Data Protection Act 2018 and some previous experience of working within the realm of data protection. . IT Security and IT managers, Chief Information Security Officers . Solicitors advising on information law . Who is the course for? .

GDPR 36

GDPR Information governance Compliance Paper 36