2018, GDPR and Personal data - Information Management Today

GUEST ESSAY: How stricter data privacy laws have redefined the ‘filing’ of our personal data

The Last Watchdog

NOVEMBER 4, 2021

Related: GDPR and the new privacy paradigm. Europe’s General Data Protection Regulations (GDPR) changed the game. Legacy filing systems were not built to keep track of the personal data of specific individuals primarily to be in compliance with the many data protection regulations popping up around the world.

Personal data

Personal data Unstructured data Privacy Data Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them. PIPL Compliance CCPA Compliance GDPR Compliance How to Stay Up to Date with Changing Compliance Regulations. GDPR Compliance.

GDPR

GDPR Compliance Data Privacy Privacy

GDPR Training in Belfast – save 10%

IT Governance

DECEMBER 18, 2017

Many organisations are struggling to fill a skills gap created by the EU General Data Protection Regulation (GDPR) and need staff with knowledge of the Regulation. For a short time, we are offering a 10% discount on GDPR courses in Belfast, so book your place before Friday 5 January 2018. Securing personal data.

GDPR

GDPR Personal data Compliance Data breaches

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The Department for Culture, Media and Sport (DCMS) has finally published the UK government’s long-awaited response to the consultation on the future of the UK data protection regime.

GDPR

GDPR Government Personal data Risk

GDPR: lawful bases for processing, with examples

IT Governance

MARCH 13, 2020

First published June 2018. Under the EU GDPR (General Data Protection Regulation) , you need to identify a lawful basis before processing personal data. Do you always need individuals’ consent to process their data? Lawfulness of processing under the GDPR. Last updated March 2020.

GDPR

GDPR Personal data Compliance Marketing

Ireland: Non-material damages under GDPR – Irish law developments and the international approach

DLA Piper Privacy Matters

SEPTEMBER 7, 2023

Authors: Eilis McDonald; Marcus Walsh; John Magee; Gavin Woods; David Cook; Andreas Rüdiger The Irish Circuit Court has recently delivered an important judgment on non-material damages for infringement of the GDPR. The factors that he set out are: “Mere breach” of the GDPR is not sufficient to warrant an award of compensation.

GDPR

GDPR Data breaches Risk Personal data

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. We expect each of these trends to continue in 2018. Data breach litigation risks.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

Mitigating Third Party Risks Under GDPR

AIIM

MARCH 22, 2019

One of the most vexing problems for organizations is mitigating GDPR compliance risks when dealing with third parties, particularly the nature and extent of obligations between data controllers and processors. These obligations extend beyond the walls of an organization to third parties that process personally identifiable information.

GDPR

GDPR Risk Compliance Personal data

UK Announces Data Reform Bill

Hunton Privacy

MAY 13, 2022

On May 10, 2022, as part of the Queen’s Speech , the UK government announced its intention to introduce a Data Reform Bill (the “Bill”).

Personal data

Personal data GDPR Government Risk

One Year After GDPR: Significant Rise on Data Breach Reporting from European Businesses

Thales Cloud Protection & Licensing

MAY 24, 2019

It’s been one year since the European Union (EU) enforced the General Data Protection Regulation (GDPR) 1 , a legislation designed to protect the personal data of EU citizens and lay specific rules and guidelines on how their data is collected, stored, processed and deleted by various entities.

Data breaches

Data breaches GDPR Personal data Compliance

EU & Ireland: Meta’s legal basis for targeted ads found to breach GDPR

DLA Piper Privacy Matters

JANUARY 10, 2023

Ireland’s Data Protection Commission ( DPC ) announced on January 4, 2023, that it has fined Meta a total of €390 million after finding that the company’s Facebook and Instagram platforms lacked proper legal grounds for processing millions of Europeans’ personal data for targeted advertising.

GDPR

GDPR Personal data IT Compliance

Essential guidance on achieving and prioritising GDPR compliance

IT Governance

MARCH 7, 2018

As the 25 May 2018 deadline for EU General Data Protection Regulation (GDPR) compliance draws near, it is becoming clear that the vast majority of UK businesses will not be ready. Of those aware of the Regulation, just over 25% of businesses and charities have made a start on their GDPR compliance project.

GDPR

GDPR Compliance Personal data Information Security

Germany: First court decision on GDPR

DLA Piper Privacy Matters

JUNE 6, 2018

Only five days after the GDPR became applicable, the first German court, the Regional Court ( Landgericht ) Bonn (in a decision dated 29 May 2018, case number 10 O 171/18 – in German only), issued a ruling on the practical application of the GDPR. 5 (1) lit. Click here for more details on processing of WHOIS information.

GDPR

GDPR Compliance Personal data Security

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

DLA Piper Privacy Matters

AUGUST 19, 2021

On 17 December 2019, the ICO issued the first administrative fine under the GDPR (known as a monetary penalty notice in the UK), alongside an Enforcement Notice, against Doorstep Disparensee Limited (“ DDL ”). Some of these contained personal data and special category (health) data.

GDPR

GDPR Personal data Compliance Risk

The GDPR: A guide for small businesses

IT Governance

MARCH 27, 2018

Businesses are starting to panic as they try to comply with the General Data Protection Regulation (GDPR) before the May 2018 deadline. Many even believe that the GDPR won’t apply to them because they have fewer than 250 employees. Data protection officers. Does it apply to me?

GDPR

GDPR Compliance Personal data Information Security

Dutch DPA Publishes Post-GDPR Complaints Report

Hunton Privacy

DECEMBER 18, 2018

On December 13, 2018, the Dutch Data Protection Authority (“ Autoriteit Persoonsgegevens ”) (the “Dutch DPA”) published a report on the complaints it has received since the EU General Data Protection Regulation (“GDPR”) became applicable on May 25, 2018 (the “Report”). Facts and Figures. Most Affected Sectors.

GDPR

GDPR Personal data Data collection Business Services

The GDPR: What do I need to do?

IT Governance

DECEMBER 3, 2018

Although the EU General Data Protection Regulation (GDPR) has come into effect, a large number of organisations are not yet compliant. A Ponemon Institute survey found that almost half of companies would not meet the 25 May 2018 deadline. Establish an accountability and governance framework. Staff awareness.

GDPR

GDPR Compliance Risk Data breaches

Counting down, Getting Ready: GDPR in a Multi-Cloud World

Thales Cloud Protection & Licensing

JANUARY 5, 2018

( Originally posted to CenturyLink’s blog on November 10 ). To help save time and money, a growing number of enterprises are storing sensitive customer data in the public cloud. Recently, executives from CenturyLink, Thales eSecurity and Park Legal LLC participated in a webinar about “preparing for GDPR in a multi-cloud world”.

GDPR

GDPR Cloud Encryption Personal data

UK ICO fines hotel chain giant Marriott over data breach

Security Affairs

NOVEMBER 2, 2020

The UK Information Commissioner’s Office fined US hotels group Marriott over the 2018 data breach that affected millions of customers worldwide. million) for multiple data breaches suffered by the company since 2018 that exposed the personal information of its customers. million ($23.5 According to the U.K.’s

Data breaches

Data breaches Personal data GDPR Encryption

GDPR: lawful bases for processing, with examples

IT Governance

JUNE 15, 2018

What is a lawful basis for processing under the GDPR? Do you always need individuals’ consent to process their data? Like the Data Protection Act 1998 (DPA 1998) that it superseded, the General Data Protection Regulation (GDPR) sets out six lawful bases for processing personal data.

GDPR

GDPR Personal data Compliance Privacy

Weekly podcast: the GDPR is here

IT Governance

MAY 25, 2018

The General Data Protection Regulation is now in force. Hello and welcome to the IT Governance podcast for Friday, 25 May 2018, the day the EU’s General Data Protection Regulation (the GDPR) – the first major update to European data protection law in more than 20 years – applies across Europe and around the world.

GDPR

GDPR Compliance Personal data Government

Guest Post -- GDPR Compliance starts with Data Discovery

AIIM

NOVEMBER 16, 2017

GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. 50% of organizations not ready for GDPR. Compliance starts with data discovery. The Privacy and Security Dichotomy. Privacy by Design: The Intersection of Law and Technology.

GDPR

GDPR Compliance Privacy Paper

Government survey reveals GDPR awareness is falling short

IT Governance

FEBRUARY 8, 2018

The Cyber Security Breaches Survey 2018 from the Department for Digital, Culture, Media and Sport (DCMS) has revealed that only 38% of businesses and 44% of charities have heard of the General Data Protection Regulation (GDPR). Are your staff aware of the GDPR? Key findings. Don’t let your staff be your downfall.

GDPR

GDPR Government Education Compliance

Spanish Senate signs-off new GDPR-compliant Data Protection Act

DLA Piper Privacy Matters

NOVEMBER 21, 2018

After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018.

GDPR

GDPR Personal data Access Education

Key steps to GDPR compliance – Part 3

IT Governance

DECEMBER 20, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, but some businesses are not even thinking about it yet, or are only just starting to. Data subject access requests, incident reporting and data breach reporting will all need written processes, too.

GDPR

GDPR Compliance Data breaches Information Security

Key Steps to GDPR Compliance – Part 2

IT Governance

DECEMBER 14, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect but some businesses are not even thinking about it yet, or are only just starting to. There are special categories of data that entail stricter processing rules, such as getting explicit consent.

GDPR

GDPR Compliance Personal data Risk

CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report

Hunton Privacy

APRIL 30, 2019

The French Data Protection Authority (the “CNIL”) recently published its Annual Activity Report for 2018 (the “Report”) and released its annual inspection program for 2019. The Report provides an overview of the CNIL’s enforcement activities in 2018. The CNIL received 1,170 data breach notifications in 2018.

GDPR

GDPR Personal data Data breaches Marketing

CNIL Publishes Statistical Review of Data Breaches Since Entry into Application of GDPR

Hunton Privacy

OCTOBER 29, 2018

Recently, the French Data Protection Authority (the “CNIL”) published a statistical review of personal data breaches during the first four months of the EU General Data Protection Regulation’s (“GDPR”) entry into application. Assessing the necessity to notify affected data subjects. Types of breaches.

Data breaches

Data breaches GDPR Personal data Risk

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer

Hunton Privacy

AUGUST 11, 2020

On August 5, 2020, the French Data Protection Authority (the “CNIL”) announced that it has levied a fine of €250,000 on French online shoe retailer, Spartoo, for various infringements of the EU General Data Protection Regulation (“GDPR”). Background. Spartoo is a French-based company specializing in online shoe sales.

Retail

Retail GDPR IT Personal data

First Fine Imposed by the Polish DPA Under the GDPR

HL Chronicle of Data Protection

APRIL 2, 2019

The President of the Personal Data Protection Office in Poland (Polish DPA) imposed a fine amounting to PLN 943,470 (approximately EUR 220,000) for failing to fulfil the company’s transparency obligations towards over six million data subjects under Article 14 of Europe’s General Data Protection Regulation (GDPR).

GDPR

GDPR Personal data Marketing IT

DCMS Consults on National Data Strategy

Hunton Privacy

SEPTEMBER 15, 2021

On September 10, 2021, the UK Government Department for Digital, Culture, Media & Sport (“DCMS”) launched a consultation on its proposed reforms to the UK data protection regime. Organizations are encouraged to provide input on a range of data protection proposals, some of which are outlined below.

GDPR

GDPR Personal data Risk Communications

Genetic information – global privacy considerations – an Australian and UK perspective

DLA Piper Privacy Matters

SEPTEMBER 20, 2022

The UK GDPR identifies both ‘genetic data’ and ‘health data’ as ‘special category data’ that merit additional protection in comparison with normal personal data. The privacy regime for genetic data in the United Kingdom. The UK GDPR requires a lawful basis to process personal data.

Privacy

Privacy GDPR Personal data Risk

GDPR Italian Implementing Decree Has Been Published

HL Chronicle of Data Protection

SEPTEMBER 14, 2018

101 of 10 August 2018 (the “Decree”) for the national implementation of General Data Protection Regulation (EU) 2016/679 (the “GDPR”) has been published in the Official Journal. The Decree will enter into force on 19 September 2018. On 4 September, the Legislative Decree no.

GDPR

GDPR Personal data Privacy Communications

Weekly podcast: 2018 end-of-year roundup

IT Governance

DECEMBER 13, 2018

Hello and welcome to the final IT Governance podcast of 2018. And then there was the Cambridge Analytica scandal , which broke when the former employee and whistle-blower Christopher Wylie revealed to the Guardian that the political consulting firm had harvested 50 million Facebook users’ personal data and used it for political purposes.

Data breaches

Data breaches Personal data Access GDPR

European Commission Publishes Draft UK Adequacy Decisions

Data Matters

FEBRUARY 19, 2021

What transfers are restricted under the GDPR? The EU GDPR prohibits the transfer of personal data to a country outside the European Economic Area ( EEA ) (otherwise known as a third country ) that is not considered to provide an ‘adequate level’ of data protection by the EC unless ‘appropriate safeguards’ are implemented (e.g.,

GDPR

GDPR Personal data Privacy Access

The UK’s ICO issues a monetary penalty notice to professional services firm after ransomware attack

Data Protection Report

MARCH 22, 2022

On 10 March 2022, the Information Commissioner’s Office ( ICO ) issued a monetary penalty notice to a professional services firm (the Firm ) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection Regulation ( GDPR ). c) Failure to encrypt personal data.

Ransomware

Ransomware Personal data Encryption GDPR

CNIL Publishes Standard on HR Data Processing

Hunton Privacy

APRIL 20, 2020

On April 15, 2020, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes. Main Changes in the Referential on HR Data Processing. Background.

Personal data

Personal data GDPR Compliance Archiving

UK’s Draft GDPR Implementation Law: The Starting Point

HL Chronicle of Data Protection

SEPTEMBER 27, 2017

Ensuring that the GDPR, as implemented by the bill, will continue to apply to the U.K. Data Protection Act 1998, the bill replicates much of the content of the 1998 Act, particularly in relation to derogations and exemptions from the GDPR. First and foremost, the bill applies the GDPR to U.K. Sensitive personal data.

GDPR

GDPR Personal data Government Privacy

Hogan Lovells Updates Practical GDPR Guide

HL Chronicle of Data Protection

JUNE 26, 2018

With the coming into effect of the GDPR on 25 May 2018, the modernisation of European privacy laws has reached a critical milestone. At stake are not only the consequences of non-compliance, but also the ability to take advantage of new technologies, data analytics and the immense value of personal information.

GDPR

GDPR Privacy Analytics Compliance

List of data breaches and cyber attacks in May 2018 – 17,273,571 records leaked

IT Governance

MAY 29, 2018

Remember when I said last month that “with the GDPR less than a month away I imagine future lists will be even longer thanks to the introduction of mandatory data breach notifications”? Well, May’s list of incidents is very long, and the GDPR only came into effect at the end of the month. Data breach. I’m not, though.

Data breaches

Data breaches GDPR Ransomware Passwords

Data Protection Authority of Baden-Württemberg Issues First German Fine Under the GDPR

HL Chronicle of Data Protection

NOVEMBER 23, 2018

In the first fine issued by a German data protection authority under the European General Data Protection Regulation (“GDPR”), on 21 November 2018 the authority of the German state of Baden-Württemberg (“LfDI”) imposed a fine of Euro 20,000 on a social media provider for a violation of its data security obligations under Art.

GDPR

GDPR Data breaches Passwords Personal data

UK: Prize promotions – winner announcement requirement will not be enforced by ASA pending outcome of its GDPR consultation

DLA Piper Privacy Matters

SEPTEMBER 19, 2018

The UK’s Advertising Standards Authority (ASA) has announced it will not enforce the CAP Code rule requiring promoters to publish or make available the name and county of major prize winners, pending the completion of work arising out of its GDPR Consultation (expected to be completed in the autumn). Background. Rule 8.28.5 Consultation.

GDPR

GDPR IT Marketing Personal data

Preparing for GDPR: Less than 80 working days to go

CGI

FEBRUARY 28, 2018

Preparing for GDPR: Less than 80 working days to go. Wed, 02/28/2018 - 10:04. We have worked to the Data Protection Act 1998 for nearly two decades, so we already take pretty good care of personal and sensitive personal data, right? p.butler@cgi.com.

GDPR

GDPR Data breaches Personal data Risk

GUEST ESSAY: How stricter data privacy laws have redefined the ‘filing’ of our personal data

How to Comply with GDPR, PIPL, and CCPA

Webinars

Trending Sources

GDPR Training in Belfast – save 10%

Webinars

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

GDPR: lawful bases for processing, with examples

Ireland: Non-material damages under GDPR – Irish law developments and the international approach

Privacy and Cybersecurity Top 10 for 2018

Mitigating Third Party Risks Under GDPR

UK Announces Data Reform Bill

One Year After GDPR: Significant Rise on Data Breach Reporting from European Businesses

EU & Ireland: Meta’s legal basis for targeted ads found to breach GDPR

Essential guidance on achieving and prioritising GDPR compliance

Germany: First court decision on GDPR

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

The GDPR: A guide for small businesses

Dutch DPA Publishes Post-GDPR Complaints Report

The GDPR: What do I need to do?

Counting down, Getting Ready: GDPR in a Multi-Cloud World

UK ICO fines hotel chain giant Marriott over data breach

GDPR: lawful bases for processing, with examples

Weekly podcast: the GDPR is here

Guest Post -- GDPR Compliance starts with Data Discovery

Government survey reveals GDPR awareness is falling short

Spanish Senate signs-off new GDPR-compliant Data Protection Act

Key steps to GDPR compliance – Part 3

Key Steps to GDPR Compliance – Part 2

CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report

CNIL Publishes Statistical Review of Data Breaches Since Entry into Application of GDPR

The Impact of Data Protection Laws on Your Records Retention Schedule

CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer

First Fine Imposed by the Polish DPA Under the GDPR

DCMS Consults on National Data Strategy

Genetic information – global privacy considerations – an Australian and UK perspective

GDPR Italian Implementing Decree Has Been Published

Weekly podcast: 2018 end-of-year roundup

European Commission Publishes Draft UK Adequacy Decisions

The UK’s ICO issues a monetary penalty notice to professional services firm after ransomware attack

CNIL Publishes Standard on HR Data Processing

UK’s Draft GDPR Implementation Law: The Starting Point

Hogan Lovells Updates Practical GDPR Guide

List of data breaches and cyber attacks in May 2018 – 17,273,571 records leaked

Data Protection Authority of Baden-Württemberg Issues First German Fine Under the GDPR

UK: Prize promotions – winner announcement requirement will not be enforced by ASA pending outcome of its GDPR consultation

Preparing for GDPR: Less than 80 working days to go

Stay Connected