2019, GDPR and Personal data - Information Management Today

Organisations received £155 million in GDPR fines in 2020

IT Governance

MARCH 28, 2021

In 2020, organisations received €182 million (about £155 million) in fines for violating the GDPR (General Data Protection Regulation) , according to an IT Governance report. Our GDPR Fines Quarterly Report revealed that more than two thirds of that total – €110 million (£94 million) – came in the final quarter of the year.

GDPR

GDPR Personal data Government Compliance

German Court cuts multimillion GDPR fine by 90%

Data Protection Report

NOVEMBER 17, 2020

In December 2019, the German Federal Commissioner for Data Protection and Freedom of Information (“ Federal DPA ”) levied a € 9.55m fine against 1&1 Telecom (“ 1&1 ”), a German telecom company. a serious GDPR violation by an entity with a low turnover would lead to a disproportionately low fine.

GDPR

GDPR Authentication Personal data IT

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

Hunton Privacy

MARCH 8, 2019

On February 26, 2019, the European Data Protection Board (the “EDPB”) presented its first overview of the GDPR’s implementation and the roles and means of the national supervisory authorities to the European Parliament (the “Overview”). 23 DPAs reported an increase in their regulatory budgets for 2018-2019.

GDPR

GDPR Data breaches Personal data Marketing

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

2019 end-of-year review part 2: July to December

IT Governance

DECEMBER 30, 2019

Welcome to the second part of our round-up of 2019’s information security stories. The second half of the year began with major data privacy news: the UK’s data protection authority, the ICO (Information Commissioner’s Office), announced its intention to fine British Airways and Marriott International a combined £282.6

Data breaches

Data breaches Personal data GDPR Ransomware

Belgian DPA Approves IAB Europe’s Action Plan For Consent Framework

Hunton Privacy

JANUARY 11, 2023

On January 11, 2023, the Belgian Data Protection Authority (“Belgian DPA”) announced that it has approved the Interactive Advertising Bureau Europe’s (“IAB Europe”) action plan with respect to its Transparency and Consent Framework (“TCF”). Background.

GDPR

GDPR Personal data Marketing IT

List of data breaches and cyber attacks in June 2019 – 39.7 million records leaked

IT Governance

JUNE 27, 2019

After a rampant start to the year for data breaches and cyber attacks, it’s about time we went one month without at least one massive security incident. June 2019’s total of 39,713,046 breached records is the lowest since May last year – the month that the GDPR (General Data Protection Regulation) came into effect.

Data breaches

Data breaches Personal data Ransomware GDPR

GERMANY: Right of consumer protection associations and competitors to initiate civil actions under GDPR will be case for CJEU

DLA Piper Privacy Matters

MAY 29, 2020

The Federal Court of Justice (“ BGH ”) has submitted to the Court of Justice of the European Union (“ CJEU ”) the question whether consumer protection associations or competitors are authorised to initiate a civil action in case of infringements of the General Data Protection Regulation (GDPR) (BGH, decision of 28 May 2020, Ref.

GDPR

GDPR Personal data Marketing IT

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

Background: How to calculate GDPR fines? How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR?

GDPR

GDPR Authentication Compliance Personal data

Irish data protection commission fines Meta over 2021 data-scraping leak

Security Affairs

NOVEMBER 28, 2022

On April 3rd, 2021, a user leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. The availability of the data was first reported by Alon Gal, CTO of cyber intelligence firm Hudson Rock. ” reported the WSJ. ” continues the press release.

GDPR

GDPR Personal data Compliance Privacy

Irish DPA Issues €450,000 Fine Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

Hunton Privacy

DECEMBER 17, 2020

On December 15, 2020, the Irish Data Protection Commission (“DPC”) announced its fine of €450,000 against Twitter International Company (“Twitter”), following its investigation into a breach resulting from a bug in Twitter’s design. Investigation and GDPR Dispute Resolution Procedure. based organization.

GDPR

GDPR Data breaches Personal data Compliance

CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report

Hunton Privacy

APRIL 30, 2019

The French Data Protection Authority (the “CNIL”) recently published its Annual Activity Report for 2018 (the “Report”) and released its annual inspection program for 2019. Of the 11,077 complaints received by the CNIL in 2018, approximately 20 percent are the subject of cooperation between EU data protection authorities.

GDPR

GDPR Personal data Data breaches Marketing

2019 end-of-year review part 1: January to June

IT Governance

DECEMBER 27, 2019

A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. IT Governance is closing out the year by rounding up 2019’s biggest information security stories. Mumsnet disclosed a data breach affecting 4,000 people. million (£4.2

Data breaches

Data breaches GDPR Passwords Personal data

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

Google LLC loses appeal against French Data Protection Authority decision before France highest administrative Court

DLA Piper Privacy Matters

JUNE 23, 2020

The CNIL assessment that Google did not collect a valid consent for ads personalization and does not comply with the transparency and information requirements set forth in Article 12 and 13 of the GDPR are not legally grounded (2). of the GDPR. This decision is one of the highest sanctions in Europe to date.

GDPR

GDPR Personal data Access IT

CNIL Publishes Standard on HR Data Processing

Hunton Privacy

APRIL 20, 2020

On April 15, 2020, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes. That Referential was adopted following a public consultation launched by the CNIL on April 11, 2019.

Personal data

Personal data GDPR Compliance Archiving

GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019

Data Protection Report

FEBRUARY 27, 2019

EU and US regulators continue to increase the stakes for data privacy enforcement. On January 21, 2019, in one of the largest privacy fines announced globally, the French National Data Protection Commission (CNIL) imposed a €50 million penalty against a tech giant for violation of the General Data Protection Regulation (GDPR).

Data Privacy

Data Privacy GDPR Privacy Risk

CJEU’s Judgment on Validity of EU Standard Contractual Clauses Due July 16, 2020

Hunton Privacy

JULY 13, 2020

The AG also raised concerns regarding the Privacy Shield, an alternative mechanism for transferring personal data from the EU to the U.S. The AG also raised concerns regarding the Privacy Shield, an alternative mechanism for transferring personal data from the EU to the U.S. and to numerous other jurisdictions.

Personal data

Personal data Privacy GDPR Risk

EU Council Presidency Releases Revised Draft of ePrivacy Regulation

Hunton Privacy

OCTOBER 21, 2019

On October 4, 2019, the Presidency of the European Council published its revised text (the “Revised Draft”) of the Proposal for a Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications (the “Draft ePrivacy Regulation”).

GDPR

GDPR Personal data Data collection Sales

CNIL Launches Public Consultation on Draft Standards on HR Data Processing and Whistleblowing Hotlines

Hunton Privacy

APRIL 15, 2019

On April 11, 2019, the French Data Protection Authority (the “CNIL”) launched an online public consultation regarding two new CNIL draft standards (“Referentials”) concerning the processing of personal data for (1) core HR management purposes and (2) the operation of a whistleblowing hotline. Background.

Personal data

Personal data GDPR Big data Risk

EDPB Publishes Guidelines on the Right to Be Forgotten in Search Engine Cases

Hunton Privacy

DECEMBER 13, 2019

On December 11, 2019, the European Data Protection Board (“EDPB”) published its draft guidelines 5/2019 (the “Guidelines”) on the criteria of the right to be forgotten in search engine cases under the EU General Data Protection Regulation (“GDPR”).

Personal data

Personal data GDPR Privacy IT

CNIL Launches Public Consultation on Draft Standards on Data Processing for Managing Business Activities and Unpaid Invoices

Hunton Privacy

DECEMBER 3, 2018

On November 29, 2018, the French Data Protection Authority (the “CNIL”) launched an online public consultation regarding two new CNIL draft standards (“Referentials”) concerning the processing of personal data to manage (1) business activities and (2) unpaid invoices. . Background.

GDPR

GDPR Personal data Insurance Education

EDPB Publishes Guidelines on Data Protection by Design and by Default

Hunton Privacy

NOVEMBER 22, 2019

On November 13, 2019, the European Data Protection Board (“EDPB”) published its draft guidelines 4/2019 (the “Guidelines”) on the obligation of Data Protection by Design and by Default (“DPbDD”) set out under Article 25 of the EU General Data Protection Regulation (“GDPR”). on how to handle personal data.

Personal data

Personal data GDPR Compliance Risk

BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid

Hunton Privacy

JULY 16, 2020

In its judgment, the CJEU concluded that the Standard Contractual Clauses (the “SCCs”) issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid. A key concern was that EU personal data might be at risk of being accessed and processed by the U.S.

Privacy

Privacy Personal data GDPR Access

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

DLA Piper Privacy Matters

JANUARY 21, 2019

On 12 December 2018, the French Government issued an ordinance [1] finalizing, at the legislative level [2] , the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation [3] (“GDPR”) and the Directive 2016/680 [4].

GDPR

GDPR Personal data Communications Government

CNIL Publishes Standard on Whistleblowing Hotlines

Hunton Privacy

DECEMBER 16, 2019

On December 10, 2019, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data in the context of whistleblowing hotlines. Main Changes in the Referential on Whistleblowing Hotlines.

Personal data

Personal data GDPR Compliance Privacy

Weekly podcast: German data breach, poor passwords, Marriott, NHS Digital and Patch Tuesday

IT Governance

JANUARY 10, 2019

This week, we discuss a high-profile German data breach, the top worst passwords of 2018, the resignation of NHS Digital’s CISO, and Microsoft’s latest patches. Hello and welcome to the first IT Governance podcast of 2019 – for Friday, 11 January. So, without further ado, let’s crack on with what’s happened so far in 2019.

Data breaches

Data breaches Passwords GDPR Personal data

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

In its second full year overseeing and regulating the GDPR in Ireland, the Data Protection Commission ( DPC ) has published its 2020 Annual Report , highlighting key observations, emerging guidance, and large scale inquiries and decisions of 2020. Around 60% of the data breaches notified occurred in the private sector.

GDPR

GDPR Compliance Data breaches Marketing

FRANCE: The CNIL publishes new standards on HR management and whistleblowing schemes

DLA Piper Privacy Matters

APRIL 12, 2019

On 11 April 2019, the French Data Protection Supervisory Authority (CNIL) published two draft standards intending to provide practical guidance in relation to the processing of personal data for HR management and whistleblowing systems. By Denise Lebeau-Marianna and Caroline Chancé.

Personal data

Personal data Compliance GDPR IT

Age Appropriate Design: ICO Issues Draft Code of Practice for Online Services Used by Children

Hunton Privacy

APRIL 26, 2019

On April 15, 2019, the UK Information Commissioner’s Office (the “ICO”) issued for public consultation a draft code of practice , “Age Appropriate Design,” that will regulate the provision of online services likely to be accessed by children in the UK. The deadline for responding to the public consultation is May 31, 2019.

Personal data

Personal data Privacy GDPR Access

Webinar Invitation — Operationalizing the California Consumer Privacy Act

HL Chronicle of Data Protection

JUNE 14, 2019

As the first broad-based state law on consumers’ personal data in the U.S., Date: Wednesday, June 19, 2019. The California Consumer Privacy Act of 2018 (CCPA) has been described as groundbreaking, watershed, and unprecedented since its passage on June 28, 2018. Time: 2:00 p.m. EST. 1:00 p.m.

Privacy

Privacy GDPR Compliance Financial Services

Analysing Data Breaches Caused by Human Error

IT Governance

DECEMBER 21, 2023

Note that this data set only accounts for personal data breaches reported to the ICO, so it only reflects breaches affecting UK residents that were not just discovered, but also reported. At the time of writing, the data set starts in Q2 2019 and goes up to Q2 2023. This isn’t too surprising.

Data breaches

Data breaches Personal data Government GDPR

U.S. states pass data protection laws on the heels of the GDPR

Data Protection Report

JULY 9, 2018

states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections provided by Europe’s newly enacted General Data Protection Regulation (“GDPR”). See our previous blog posts on GDPR here and here. Under the law, “covered entities,” defined as “a person [.]

GDPR

GDPR Data breaches Personal data Insurance

Dutch DPA Updates Policy on Administrative Fines

Hunton Privacy

MARCH 26, 2019

On March 14, 2019, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , the “Dutch DPA”) published a press release announcing its policy (in Dutch ) for calculating administrative fines (the “Policy”). The Policy provides insight into how the Dutch DPA will use its fining powers.

GDPR

GDPR Personal data Authentication Compliance

ICO’s McDougall Warns Adtech Sector that Change Is Needed

Hunton Privacy

JULY 11, 2019

His comments follow an ICO report on adtech released in June 2019, that warned of increased focus on this sector by the regulator, particularly with regards to the real-time bidding component of digital advertising. McDougall stated: “The need for explicit consent for processing special category data in real-time bidding is unambiguous.

GDPR

GDPR Marketing Personal data Compliance

Transfers on Trial: Privacy Shield and Standard Contractual Clauses go before the European Courts

HL Chronicle of Data Protection

JUNE 13, 2019

A week later, on 9 July, the CJEU will hear arguments in Schrems II , in which the Irish High Court has referred 11 questions relating to whether the European Commission’s Standard Contractual Clauses (SCCs) provide an adequate level of protection for personal data which is transferred to the US.

Privacy

Privacy Personal data GDPR Government

UK: A recent prosecution for a criminal offence under the Freedom of Information Act 2000 illustrates how forgiving our Data Protection Act 2018 is

DLA Piper Privacy Matters

APRIL 24, 2020

On 11 March 2020, the ICO brought its first successful conviction under the Freedom of Information Act 2000 (“ FOIA ”). A similar offence did not exist under the old regime (the 1998 version of the DPA) and was part of a general drive to bolster data subject rights as also established under the terms of the GDPR.

FOIA

FOIA Personal data GDPR Access

FRANCE: NEW GUIDELINES FOR COOKIES AND AN ACTION PLAN FOR ONLINE TARGETED ADVERTISING

DLA Piper Privacy Matters

JULY 24, 2019

The French Data Protection Supervisory Authority (CNIL) has finally decided to replace its recommendations of 2013 which were no more compliant with the GDPR, by new guidelines. The guidelines clarify the fact that Article 82 of the Data Protection Act apply regardless of the fact that the data involved are personal data or not.

GDPR

GDPR Computer and Electronics Marketing Communications

Organizations Struggle with Cloud Security in the Post Digital Transformation Era – Highlights from our 2020 Data Threat Report-Global Edition

Thales Cloud Protection & Licensing

FEBRUARY 24, 2020

Today, half (50%) of all corporate data is stored in the cloud and nearly half (48%) of that data is considered sensitive (everything from intellectual property to employee, financial or personal data). Whatever the nature of the data stored in the cloud, it needs to be secured.

Digital transformation

Digital transformation Cloud Encryption Security

Persistent privacy powers professional businesses

CGI

AUGUST 7, 2018

Tue, 08/07/2018 - 11:16. While for some GDPR was BAU, others a huge effort, and a bit of a panic for a minority, one of the most significant outcomes is the perception that cyber security is no longer just ‘an IT thing’. Those who have embraced GDPR have probably established privacy by design as an inherent part of their business.

Privacy

Privacy GDPR Unstructured data Marketing

China’s First Data Protection Measures Lifting Its Veils

HL Chronicle of Data Protection

JUNE 13, 2019

On May 28, 2019, the Cyberspace Administration of China (“ CAC “) released the draft Measures on the Administration of Data Security (“ Data Security Measures ” see our in-house English translation here ) for public consultation. Requirements for personal data collection statements.

Personal data

Personal data IT Data collection Compliance

Will the UK Meet the EU Adequacy Test?

HL Chronicle of Data Protection

SEPTEMBER 18, 2018

Unless there is a political earthquake (some would say a miracle) Brexit will happen on 29 March 2019. This is a serious concern because transfers of personal data from the EU to third countries are severely restricted. Many fear a hard Brexit. Some are hoping for a hard Brexit. A majority appear to want a soft Brexit.

GDPR

GDPR Personal data Privacy Government

The debate on the Data Protection Bill in the House of Lords

Data Protector

OCTOBER 11, 2017

We want businesses to ensure that their customers and future customers have consented to having their personal data processed, but we also need to ensure that the enormous potential for new data rights and freedoms does not open us up to new threats. This is “Hamlet” without the prince.

GDPR

GDPR Personal data Government IT

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

IT Governance

JANUARY 30, 2024

Data breached: 2 PB. Mobile network database breach exposes 750 million Indians’ personal data The Indian security company CloudSEK claims to have found the personal data of 750 million Indians for sale on an “underground forum”. Data breached: 750 million victims’ personal data.

Data Privacy

Data Privacy Retail Privacy Manufacturing

Italian National Cybersecurity Perimeter: With great power comes great responsibility!

Privacy and Cybersecurity Law

JUNE 23, 2021

On June 11, 2021, the Regulation on notifications of incidents affecting networks, information systems and IT services (“ Regulation ”) – adopted by means of the Decree of the President of the Council of Ministers (DPCM) of 14 April 2021, no. The newly adopted Regulation on notification of security incidents. 105 (establishing the NCSP).

Cybersecurity

Cybersecurity Communications Data breaches Security

Organisations received £155 million in GDPR fines in 2020

German Court cuts multimillion GDPR fine by 90%

Webinars

Trending Sources

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

Webinars

2019 end-of-year review part 2: July to December

Belgian DPA Approves IAB Europe’s Action Plan For Consent Framework

List of data breaches and cyber attacks in June 2019 ­– 39.7 million records leaked

GERMANY: Right of consumer protection associations and competitors to initiate civil actions under GDPR will be case for CJEU

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

Irish data protection commission fines Meta over 2021 data-scraping leak

Irish DPA Issues €450,000 Fine Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report

2019 end-of-year review part 1: January to June

GDPR – The Year in Review

Google LLC loses appeal against French Data Protection Authority decision before France highest administrative Court

CNIL Publishes Standard on HR Data Processing

GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019

CJEU’s Judgment on Validity of EU Standard Contractual Clauses Due July 16, 2020

EU Council Presidency Releases Revised Draft of ePrivacy Regulation

CNIL Launches Public Consultation on Draft Standards on HR Data Processing and Whistleblowing Hotlines

EDPB Publishes Guidelines on the Right to Be Forgotten in Search Engine Cases

CNIL Launches Public Consultation on Draft Standards on Data Processing for Managing Business Activities and Unpaid Invoices

EDPB Publishes Guidelines on Data Protection by Design and by Default

BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

CNIL Publishes Standard on Whistleblowing Hotlines

Weekly podcast: German data breach, poor passwords, Marriott, NHS Digital and Patch Tuesday

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

FRANCE: The CNIL publishes new standards on HR management and whistleblowing schemes

Age Appropriate Design: ICO Issues Draft Code of Practice for Online Services Used by Children

Webinar Invitation — Operationalizing the California Consumer Privacy Act

Analysing Data Breaches Caused by Human Error

U.S. states pass data protection laws on the heels of the GDPR

Dutch DPA Updates Policy on Administrative Fines

ICO’s McDougall Warns Adtech Sector that Change Is Needed

Transfers on Trial: Privacy Shield and Standard Contractual Clauses go before the European Courts

UK: A recent prosecution for a criminal offence under the Freedom of Information Act 2000 illustrates how forgiving our Data Protection Act 2018 is

FRANCE: NEW GUIDELINES FOR COOKIES AND AN ACTION PLAN FOR ONLINE TARGETED ADVERTISING

Organizations Struggle with Cloud Security in the Post Digital Transformation Era – Highlights from our 2020 Data Threat Report-Global Edition

Persistent privacy powers professional businesses

China’s First Data Protection Measures Lifting Its Veils

Will the UK Meet the EU Adequacy Test?

The debate on the Data Protection Bill in the House of Lords

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

Italian National Cybersecurity Perimeter: With great power comes great responsibility!

Stay Connected

List of data breaches and cyber attacks in June 2019 – 39.7 million records leaked