GDPR and Personal data - Information Management Today

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Hunton Privacy

JANUARY 5, 2024

Background The case related to the processing of an incapacitated employee’s personal data, including health data, by the medical service provider (“MDK”) of a health insurance fund in Germany. The CJEU also held that the rules and limitations on the processing of sensitive personal data under Article 9.2(h)

GDPR

GDPR Personal data Insurance Access

Thailand’s Personal Data Protection Act Enters into Force

Hunton Privacy

JUNE 1, 2022

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA mirrors the EU General Data Protection Regulation (“GDPR”) in many respects. Exemptions are granted for public interest, contractual obligations, vital interest or compliance with the law.

Personal data

Personal data GDPR Compliance Government

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

India Passes Digital Personal Data Protection Act

Hunton Privacy

AUGUST 22, 2023

reports that in early August 2023, the Indian Parliament passed the Digital Personal Data Protection Act (the “Act”), bringing to a close a 5-year process to enact an omnibus data privacy law in India. The Act significantly updates a previous draft, and departs substantially from the GDPR model of privacy laws.

Personal data

Personal data Data breaches GDPR Government

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be underestimated. data subjects, using the GDPR terminology) located within India.

Personal data

Personal data GDPR Data breaches Compliance

Maintaining GDPR and Data Privacy Compliance in 2024

IT Governance

FEBRUARY 16, 2024

For a start, maintaining data privacy and GDPR [General Data Protection Regulation] compliance will become increasingly complex through 2024, particularly for organisations operating across multiple jurisdictions. About that “GDPR-like legislation”, could you please elaborate?

Data Privacy

Data Privacy GDPR Compliance Privacy

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The declining cost of electronic data storage may have caused some company executives to conclude that retaining personal data forever is “cheap.” The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019.

Personal data

Personal data Insurance GDPR Record destruction

GDPR: How the definition of personal data has changed

IT Governance

APRIL 10, 2019

On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. With the Regulation expanding the definition of personal data, many organisations were uncertain as to what the new definition includes. The scope of personal data.

Personal data

Personal data GDPR Education Government

CNIL Published Guidelines on Re-Use of Personal Data by Data Processors

Hunton Privacy

JANUARY 20, 2022

On January 12, 2022, the French Data Protection Authority (the “CNIL”) published guidelines on the re-use of personal data by data processors for their own purposes (such as product improvement or the development of new products and services) under the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”).

Personal data

Personal data GDPR Encryption IT

ECJ’s ruling on the interpretation of “personal data” and “joint controller” in the context of the IAB TCF Framework

Data Protection Report

MARCH 15, 2024

The judgment of the ECJ is unsurprising given previous case law on the definitions of “personal data” and “controller” under the GDPR and the ECJ’s emphasis that the overarching objective of the GDPR is to “[ ensure] a high level of protection of the fundamental rights and freedoms of natural persons ”.

Personal data

Personal data GDPR Access Compliance

CJEU Rules That Fear May Constitute Damage Under the GDPR

Hunton Privacy

DECEMBER 19, 2023

Natsionalna agentsia za prihodite (C‑340/21), in which it clarified, among other things, the concept of non-material damage under Article 82 of the EU General Data Protection Regulation (“GDPR”) and the rules governing burden of proof under the GDPR. Read the judgement.

GDPR

GDPR Personal data Data breaches Risk

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

Italian Garante bans Chat GPT from processing personal data of Italian data subjects

Data Protection Report

APRIL 5, 2023

The alleged GDPR infringements: The Garante apparently took its action after becoming aware of a recent data breach at ChatGPT, where users’ chat titles and payment information was exposed.

Personal data

Personal data GDPR Data breaches Privacy

GDPR: What’s the difference between personal data and sensitive data?

IT Governance

JULY 29, 2019

Now that the EU GDPR (General Data Protection Regulation) has been in effect for over a year, you’ve likely become acquainted with the term ‘personal data’ But what exactly does personal data mean? What is personal data? What is sensitive personal data? A home address.

Personal data

Personal data GDPR Encryption Compliance

Changing Attitudes Towards GDPR Enforcement and Compliance: 2018 – 2023

IT Governance

MAY 25, 2023

billion fine for Meta – by far the biggest fine issued under the GDPR since it took effect five years ago – has been taken by many as a sign that the Regulation is at last beginning to be enforced with sufficient vigour. Monday’s €1.2 Our team will review your suppliers’ privacy notices and other supporting information.

GDPR

GDPR Compliance Personal data Data Privacy

French Ad Tech Firm Fined 40M Euros for GDPR Violations

Data Breach Today

JUNE 22, 2023

French Regulator Fines Criteo for Website Cookie Tracking Tools The top French privacy regulator has imposed a fine of 40 million euros against a Parisian advertising technology company for its use of website tracking cookies and failure to process users' personal data in compliance with privacy laws under the General Data Protection Regulation.

GDPR

GDPR Personal data Privacy Compliance

Italian Garante Fines Deliveroo 2.5M Euros for Unlawful Processing of Personal Data

Hunton Privacy

AUGUST 5, 2021

On August 2, 2021, the Italian Data Protection Authority ( Garante per la protezione dei dati personali , “Garante”) announced that it had levied a €2,500,000 fine on Deliveroo Italy s.r.l.

Personal data

Personal data GDPR IT

Indonesia Ratifies Country’s First Comprehensive Legal Framework for Personal Data Protection

Hunton Privacy

NOVEMBER 8, 2022

SHIFT Counsellors at Law reports from Indonesia that The People’s Representative Council of the Republic of Indonesia has ratified Indonesia’s draft law on personal data protection. The law, which is partly modeled on the EU General Data Protection Regulation, is Indonesia’s first “umbrella regulation” on personal data protection.

Personal data

Personal data GDPR Compliance Information Security

Facebook personal data use and privacy settings ruled illegal by German court

The Guardian Data Protection

FEBRUARY 12, 2018

Firm to appeal decision by Berlin regional court which upholds complaints that users not given informed consent Facebook’s default privacy settings and use of personal data are against German consumer law, according to a judgement handed down by a Berlin regional court. Continue reading.

Personal data

Personal data Privacy GDPR IT

Marriott Mega-Breach: Will GDPR Apply?

Data Breach Today

DECEMBER 3, 2018

Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation?

GDPR

GDPR Personal data Security

How to write a GDPR-compliant personal data breach notification procedure

IT Governance

APRIL 18, 2018

An integral part of your EU General Data Protection Regulation (GDPR) compliance project is producing appropriate documentation, which includes a personal data breach notification procedure. What is a personal data breach? Loss of availability of personal data. Data controller to data subject.

Personal data

Personal data Data breaches GDPR Compliance

Transferring personal data under the GDPR

IT Governance

JANUARY 3, 2018

There’s not much organisations can do to eliminate data loss, so the problem becomes how to reduce the damage once the data is exposed? This is a particularly pressing concern with the EU General Data Protection Regulation (GDPR) taking effect this year. Data transfers. Pseudonymisation and encryption.

Personal data

Personal data GDPR Encryption Data breaches

Argentina Personal Data Protection Bill Sent to Congress

Hunton Privacy

JULY 18, 2023

Palazzi from Allende & Brea in Argentina reports that on June 30, 2023, the Argentine Executive Branch sent the new proposed Personal Data Protection Bill (the “Bill”) to the National Congress for consideration. 25,326 of 2000). It is expected to be discussed during the end of 2023 and next year.

Personal data

Personal data GDPR Privacy Data Privacy

CJEU Determines that a Mere Infringement of the GDPR is not Sufficient to Require Compensation

Hunton Privacy

MAY 8, 2023

In the decision, the CJEU clarified that a mere infringement of the EU General Data Protection Regulation (“GDPR”) is not sufficient to give data subjects the right to receive compensation under Article 82 of the GDPR.

GDPR

GDPR Personal data Compliance Risk

UK: New guidance on processing personal data for scientific research purposes

DLA Piper Privacy Matters

MARCH 1, 2022

Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. The implication was that data controllers did not fully understand, and therefore were not effectively making use of, the research provisions.

Personal data

Personal data GDPR Data collection Archiving

Discord Fined by French CNIL for GDPR Violations

Data Breach Today

NOVEMBER 17, 2022

Video Streamer Pays 800,000 Euros to Settle Probe of Privacy and Security Practices The French data protection authority fined Discord 800,000 euros for privacy and security practices that violate the General Data Protection Regulation.

GDPR

GDPR Personal data Privacy Security

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them. PIPL Compliance CCPA Compliance GDPR Compliance How to Stay Up to Date with Changing Compliance Regulations. GDPR Compliance.

GDPR

GDPR Compliance Data Privacy Privacy

GDPR Article 17: What Is the Right to Erasure?

IT Governance

MARCH 30, 2023

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. It enshrines “the right to erasure” (sometimes referred to as “the right to be forgotten”), which allows people to request that an organisation deletes any personal data related to them.

GDPR

GDPR Personal data Compliance Government

Europe: CJEU decision – Right of access to individual recipients of personal data

DLA Piper Privacy Matters

JANUARY 19, 2023

On 12 January 2023, the European Court of Justice (“ CJEU ”) delivered its judgment regarding the right of access to personal data under Article 15 GDPR. The CJEU held that when exercising their right of access under the GDPR, data subjects must be provided with the individual data recipients of their personal data.

Personal data

Personal data Access GDPR Privacy

The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

Hunton Privacy

NOVEMBER 23, 2021

On November 19, 2021, the European Data Protection Board (“EDPB”) published its draft Guidelines 05/2021 (the “Guidelines”) on the interplay between the application of Article 3 of the EU General Data Protection Regulation (“GDPR”), which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.

GDPR

GDPR Personal data Marketing Government

EU: International data transfer rules for non-personal data

DLA Piper Privacy Matters

JUNE 27, 2023

Global flows of personal data have been a source of geopolitical concern for many years now. To date, these compliance challenges were essentially limited to personal data processing, so some organisations and sectors had to do more than others.

Personal data

Personal data Data Privacy GDPR Compliance

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported.

Personal data

Personal data Data breaches Data collection GDPR

The GDPR: Do you know the difference between personal data and sensitive data?

IT Governance

JULY 18, 2018

Now that the EU GDPR (General Data Protection Regulation) has been in effect for a couple of months, you’ve hopefully become acquainted with its definition of personal data: “any information relating to an identified or identifiable natural person”. What is personal data? Location data.

Personal data

Personal data GDPR Encryption Compliance

CIPL Submits Response to European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to the GDPR

Hunton Privacy

DECEMBER 16, 2020

The European Commission (the “Commission”) issued its draft on November 12, 2020, updating the SCCs to align with the GDPR and taking into account the requirements of the Court of Justice of the European Union Schrems II ruling of July 16, 2020.

Personal data

Personal data GDPR Compliance Government

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements

Thales Cloud Protection & Licensing

AUGUST 29, 2023

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements andrew.gertz@t… Tue, 08/29/2023 - 13:41 Modern-day business transactions heavily rely on international data transfers. However, despite this strong relationship, the UK GDPR’s requirements somewhat hinder current arrangements.

Personal data

Personal data Data Privacy Privacy GDPR

TikTok sued over its use of children’s personal data

IT Governance

APRIL 22, 2021

TikTok is again being accused of illegally processing children’s personal data. She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data and failing to explain what it’s used for. TikTok has continually defended the way it processes children’s personal data.

Personal data

Personal data IT GDPR Privacy

CJEU Rules that GDPR Prohibition on Automated Decision-Making Applies to Credit Scoring

Hunton Privacy

DECEMBER 14, 2023

On December 7, 2023, the Court of Justice of the European Union (“CJEU”) ruled that credit scoring constitutes automated decision-making, which is prohibited under Article 22 of the EU General Data Protection Regulation (“GDPR”) unless certain conditions are met.

GDPR

GDPR Personal data

GDPR: Still Plenty of Lessons to Learn

Data Breach Today

MARCH 7, 2019

RSA Conference Panel: Organizations Worldwide Face Long List of Challenges Nearly 10 months after the beginning of enforcement of the EU's GDPR privacy regulation, organizations around the world are still learning plenty of compliance lessons - including how to locate all personal data so it can be protected, according to regulatory experts on a panel (..)

GDPR

GDPR Personal data Compliance Privacy

Dear BA and Marriott: Your GDPR Fines Are Important to Us

Data Breach Today

JULY 10, 2019

Privacy Regulator's Clear Security Message: Act Now to Avoid 'Disappointment' The data protection gloves have finally come off in Europe after GDPR enforcement began last May - the U.K.'s Consider the tables now turned on firms that fail to properly safeguard personal data.

GDPR

GDPR Personal data Privacy Security

GDPR for small business: the ultimate guide

IT Governance

JULY 2, 2020

What is the GDPR? The Regulation came into effect on 25 May 2018, and was designed to strengthen the rights of EU residents regarding the way organisations process and use their personal data. First, the UK has implemented the UK DPA (Data Protection Act) 2018 , which adopts the GDPR into national law.

GDPR

GDPR Personal data Data breaches Compliance

UK Case Tests the Territorial Application of the GDPR to U.S. Run Website

Hunton Privacy

JANUARY 22, 2021

The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation (“GDPR”) and represents the first UK judgment dealing with the territorial scope of the GDPR. The Data Protection Claim. This was a “service out” case, where the claimant, Walter T.

GDPR

GDPR Personal data IT

Meta Hit with £14 Million Fine for a Dozen GDPR Breaches

IT Governance

MARCH 17, 2022

The tech giant, formerly known as Facebook, violated several GDPR (General Data Protection Regulation) requirements, and more than 30 million people have been affected. The DPC began its inquiry in 2018 – shortly after the GDPR took effect – after it received a dozen breach notifications from Facebook.

GDPR

GDPR Personal data Encryption Compliance

Experian’s data processing practices violate the GDPR

IT Governance

OCTOBER 28, 2020

An ICO (Information Commissioner’s Office) investigation revealed that the credit reference agency has been selling personal data to political parties and organisations that used it to identify those who could afford products and services. Likewise, it must stop processing personal data that has been collected without a lawful basis.

GDPR

GDPR Personal data Marketing Privacy

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR

GDPR Personal data Data collection Access

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Thailand’s Personal Data Protection Act Enters into Force

Webinars

Trending Sources

GDPR compliance checklist

Webinars

India Passes Digital Personal Data Protection Act

India: New Digital Personal Data Protection Act, Start Planning Now.

Maintaining GDPR and Data Privacy Compliance in 2024

Over-Retention of Personal Data

GDPR: How the definition of personal data has changed

CNIL Published Guidelines on Re-Use of Personal Data by Data Processors

ECJ’s ruling on the interpretation of “personal data” and “joint controller” in the context of the IAB TCF Framework

CJEU Rules That Fear May Constitute Damage Under the GDPR

How to implement the General Data Protection Regulation (GDPR)

Italian Garante bans Chat GPT from processing personal data of Italian data subjects

GDPR: What’s the difference between personal data and sensitive data?

Changing Attitudes Towards GDPR Enforcement and Compliance: 2018 – 2023

French Ad Tech Firm Fined 40M Euros for GDPR Violations

Italian Garante Fines Deliveroo 2.5M Euros for Unlawful Processing of Personal Data

Indonesia Ratifies Country’s First Comprehensive Legal Framework for Personal Data Protection

Facebook personal data use and privacy settings ruled illegal by German court

Marriott Mega-Breach: Will GDPR Apply?

How to write a GDPR-compliant personal data breach notification procedure

Transferring personal data under the GDPR

Argentina Personal Data Protection Bill Sent to Congress

CJEU Determines that a Mere Infringement of the GDPR is not Sufficient to Require Compensation

UK: New guidance on processing personal data for scientific research purposes

Discord Fined by French CNIL for GDPR Violations

How to Comply with GDPR, PIPL, and CCPA

GDPR Article 17: What Is the Right to Erasure?

Europe: CJEU decision – Right of access to individual recipients of personal data

The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

EU: International data transfer rules for non-personal data

When are schools required to report personal data breaches?

The GDPR: Do you know the difference between personal data and sensitive data?

CIPL Submits Response to European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to the GDPR

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements

TikTok sued over its use of children’s personal data

CJEU Rules that GDPR Prohibition on Automated Decision-Making Applies to Credit Scoring

GDPR: Still Plenty of Lessons to Learn

Dear BA and Marriott: Your GDPR Fines Are Important to Us

GDPR for small business: the ultimate guide

UK Case Tests the Territorial Application of the GDPR to U.S. Run Website

Meta Hit with £14 Million Fine for a Dozen GDPR Breaches

Experian’s data processing practices violate the GDPR

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

Stay Connected