GDPR and Personal data - Information Management Today

Is it still necessary for data protection laws to have particular processing rules for specific types pf personal data?

Data Protector

OCTOBER 16, 2020

European laws have special rules for the processing of “sensitive data” or “special category data” regardless of the context within which the data will be processed. This has been the case in the UK since the coming into force of the first (1984) Data Protection Act. Some countries include financial information.

Personal data

Personal data GDPR IT Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. Financial loss.

Personal data

Personal data Data breaches Data collection GDPR

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

UK: New guidance on processing personal data for scientific research purposes

DLA Piper Privacy Matters

MARCH 1, 2022

Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. The implication was that data controllers did not fully understand, and therefore were not effectively making use of, the research provisions.

Personal data

Personal data GDPR Data collection Archiving

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The Department for Culture, Media and Sport (DCMS) has finally published the UK government’s long-awaited response to the consultation on the future of the UK data protection regime. Reform of Article 22.

GDPR

GDPR Government Personal data Risk

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

DLA Piper Privacy Matters

FEBRUARY 17, 2021

Securities and Exchange Commission (“ SEC ”) confirming that SEC-regulated UK domiciled firms (“ UK Regulated Firms ”) can share personal data with the SEC when seeking to comply with regulatory obligations, in compliance with the UK GDPR. As the GDPR places restrictions on the transfer of personal data to the U.S.,

Personal data

Personal data GDPR Security Compliance

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

Hunton Privacy

SEPTEMBER 3, 2021

On September 2, 2021, Ireland’s Data Protection Commission (“DPC”) announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd (“WhatsApp”) for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Compliance Personal data Privacy

New Dubai International Financial Centre Data Protection Law Comes into Effect

Hunton Privacy

JULY 9, 2020

On July 1, 2020, the Dubai International Financial Centre (“DIFC”) Data Protection Law No. Data Protection Principles: The New DP Law sets out requirements for processing that are largely identical to the data protection principles under the GDPR. 5 of 2020 came into effect (“New DP Law”).

Personal data

Personal data GDPR Data breaches Compliance

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

This is the eighth post in a series on privacy by Andrew Pery. You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law.

GDPR

GDPR Compliance Data collection Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

DLA Piper Privacy Matters

AUGUST 19, 2021

On 17 December 2019, the ICO issued the first administrative fine under the GDPR (known as a monetary penalty notice in the UK), alongside an Enforcement Notice, against Doorstep Disparensee Limited (“ DDL ”). Some of these contained personal data and special category (health) data.

GDPR

GDPR Personal data Compliance Risk

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

Hunton Privacy

MARCH 4, 2020

Article 97 of the GDPR requires the European Commission to submit, by May 25, 2020, and every four years thereafter, a report on the evaluation and review of the GDPR to the European Parliament and to the Council of the EU. Key takeaways and statistics from the Contribution include: International Data Transfer Tools.

GDPR

GDPR Personal data Data breaches Communications

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Introduction to Data Protection Laws. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

Data Protection Report

MAY 21, 2020

On 14 May 2020, the Singapore Ministry of Communications and Information ( MCI ) and the Personal Data Protection Commission of Singapore ( PDPC ) announced a public consultation (the Public Consultation ) on the draft Personal Data Protection (Amendment) Bill (the Draft Bill ) and related amendments to the Spam Control Act ( SCA ).

Personal data

Personal data Data breaches Compliance Cybersecurity

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Thales Cloud Protection & Licensing

DECEMBER 11, 2023

This means finding data wherever it is within an organization’s IT systems and layering in context for classification to enhance the efficiency and accuracy of results. 1) Pattern Matching : The foundational classification method for data, this technique matches known patterns to information that lives in your data.

Unstructured data

Unstructured data Cloud Data Privacy GDPR

US: Virginia passes comprehensive consumer data protection law

DLA Piper Privacy Matters

MARCH 18, 2021

Virginia’s Governor signed the Virginia Consumer Data Protection Act (“VCDPA”) into law on March 2, 2021. The VCDPA takes effect January 1, 2023 and is a broad, multi-rights privacy law that, in some ways, resembles the CCPA, GDPR, and other recently proposed state privacy legislation.

Personal data

Personal data Sales GDPR Privacy

Article 29 Working Party Published Guidelines on Transparency under the GDPR

Hunton Privacy

DECEMBER 20, 2017

The Guidelines aim to provide practical guidance and clarification on the transparency obligations introduced by the EU General Data Protection Regulation (“GDPR”). The transparency obligations require controllers to provide certain information to data subjects regarding the processing of their personal data.

GDPR

GDPR Personal data Privacy Communications

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. What does the PDPL cover and who does it apply to? Definitions. Territoriality.

Personal data

Personal data Data breaches GDPR Compliance

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. Step 1: Appointing a Data Protection Officer (“DPO”) or “Pilot”.

GDPR

GDPR Personal data Compliance Privacy

How Companies Need to Treat User Data and Manage Their Partners

Security Affairs

MAY 12, 2021

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. Data Protection.

GDPR

GDPR Privacy Personal data Data breaches

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). It is intended to give consumers more transparency regarding and control over their data and establishes highly detailed requirements for what companies that collect personal data about California residents must disclose. .

GDPR

GDPR Privacy Sales Data breaches

A guide to data subject rights for data professionals

Collibra

JULY 15, 2020

In the world of data privacy, data subject rights are the hot topic for Chief Data Officers, Data Protection Officers, and all people who work with data right now. However, now businesses fear the potential flood of data subject requests from consumers. . What are data subject rights?

Data Privacy

Data Privacy GDPR Privacy Personal data

EU Data Governance Act – Edging Closer to a European Single Market for Data

Data Matters

APRIL 27, 2022

On 6 April 2022, the European Parliament formally approved the Data Governance Act (“DGA”), which establishes a legal framework to promote the availability of data and increase trust in data sharing across sectors in the EU. The DGA is part of the European Commission’s broader digital and data strategy. Data altruism.

Marketing

Marketing Government Personal data Artificial Intelligence

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

The results are in, and California voters have approved the California Privacy Rights Act (CPRA) which was listed on the ballot as Proposition 24. Consumers will also have opt-out rights relating to the use of their personal information in automated decision-making, including consumer profiling.

Privacy

Privacy B2B Sales Data breaches

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). It is intended to give consumers more transparency regarding and control over their data and establishes highly detailed requirements for what companies that collect personal data about California residents must disclose. .

GDPR

GDPR Privacy Sales Data breaches

How long do you have to report a data breach?

IT Governance

DECEMBER 13, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. This generally refers to the possibility of affected individuals facing economic or social damage, such as discrimination, reputational damage or financial losses.

Data breaches

Data breaches GDPR Personal data Compliance

Examples of data processing activities that require a DPIA

IT Governance

JUNE 19, 2019

The GDPR (General Data Protection Regulation) requires organisations to conduct a DPIA (data protection impact assessment) whenever processing is ‘likely to result in a high risk’ to the rights and freedoms of individuals. Damage : the effects on the individual if a data breach or privacy violation occurs.

GDPR

GDPR Personal data Risk Data breaches

Government publishes consultation on post-Brexit data reforms

DLA Piper Privacy Matters

SEPTEMBER 10, 2021

where processing is for research purposes, disapplying the current requirement for controllers who collected personal data directly from the data subject to provide further information to the data subject prior to any further processing, where it would require a disproportionate effort to do so.

Government

Government Paper Personal data GDPR

A guide to data subject rights for data professionals

Collibra

JULY 15, 2020

In the world of data privacy, data subject rights are the hot topic for Chief Data Officers, Data Protection Officers, and all people who work with data right now. However, now businesses fear the potential flood of data subject requests from consumers. . What are data subject rights?

Data Privacy

Data Privacy GDPR Privacy Personal data

How long do you have to report a data breach?

IT Governance

OCTOBER 24, 2018

This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. This generally refers to the possibility of affected individuals facing economic or social damage, such as discrimination, reputational damage or financial losses.

Data breaches

Data breaches GDPR Compliance Personal data

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

MARCH 4, 2021

For over two and a half years, California has enjoyed the spotlight of having the most comprehensive data privacy law in the United States. Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA). On March 2, 2021, Virginia forced California to share the honors, when Democratic Gov. Exemptions.

Personal data

Personal data GDPR Sales Privacy

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. Many of our clients ask us when and how they may be called upon to demonstrate compliance with the GDPR.

GDPR

GDPR Personal data Compliance Data breaches

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

UK ICO Releases Draft Direct Marketing Code of Practice for Public Consultation

Data Matters

FEBRUARY 10, 2020

The Draft Code is intended to update existing guidance published pre-GDPR and provide clarity on certain important issues. a message informing a user they are approaching their monthly data limit). Lawful basis for direct marketing: The two lawful bases for direct marketing under the GDPR are consent and legitimate interests.

Marketing

Marketing GDPR Personal data Communications

DUBAI – DIFC Data Protection Law 2020

DLA Piper Privacy Matters

JUNE 4, 2020

Dubai’s International Financial Centre, the world class financial hub and free zone established in 2004, has an updated data protection law ( “Updated Law” ). The Updated Law is a much anticipated step in the evolution of the data protection landscape in the Gulf Co-operation Council ( “GCC” ) landscape.

Personal data

Personal data GDPR Compliance Privacy

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

DLA Piper Privacy Matters

FEBRUARY 7, 2019

Given the potential financial exposure under GDPR, it is no surprise that a great deal of time is being spent working out how to allocate the risk and liability when negotiating commercial contracts. Before we look at limiting liability, we need to first consider how liability can arise in the first place in the context of GDPR.

GDPR

GDPR Risk Data breaches Personal data

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

The consultation is structured around 5 objectives: reducing barriers to innovation; reducing burdens on business and delivering better outcomes for people; boosting trade and reducing barriers to data flows; delivering better public services; and reform of the ICO. Core elements of the GDPR: legal bases / conditions.

Government

Government FOIA GDPR Compliance

FRANCE: A new phase in European privacy law enforcement – CNIL fined Google LLC 50 million euros!

DLA Piper Privacy Matters

JANUARY 24, 2019

On 21 January 2019, the restricted committee of the French Data Protection Supervisory Authority (CNIL) fined Google LLC 50 million euros for breaching GDPR for lack of transparency, inadequate information and lack of valid consent regarding personalized advertising. . Was the CNIL the competent SA?

Privacy

Privacy GDPR Personal data Compliance

How to Achieve Compliance with India’s Personal Data Protection Bill

Thales Cloud Protection & Licensing

JANUARY 16, 2020

Objectives of the Personal Data Protection Bill. Many privacy professionals consider the European Union’s General Data Protection Regulation (GDPR), which took effect in May 2018, as the cornerstone of privacy regulation. GDPR is harmonizing data protection and privacy requirements across the EU.

Personal data

Personal data Compliance Data breaches GDPR

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

The Last Watchdog

JULY 27, 2020

Likewise, the COVID-19 contact tracing app developed by Apple and Google continues to evoke concerns that it will end up leveraging AI to normalize privacy invasion. AI tools are designed to put people into categories, Shashanka says. Categorizing people incorrectly, on the other hand, is a minefield of potential bad outcomes.”

IT

IT Government Artificial Intelligence Personal data

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

In good news for organisations handling personal information, China’s Personal Information Protection Law (“ PIPL ”) was finalised on 20 August 2021, and will come into force on 1 November 2021. To be clear, this is not China’s own GDPR.

Data Privacy

Data Privacy Privacy Compliance Analytics

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

DLA Piper Privacy Matters

OCTOBER 10, 2022

For example, the ML system could be used to determine likely trends of categories of persons to default on loan agreements through the processing of financial default information. During the development and training of their algorithms, ML systems begin to adapt and recognise patterns within its data.

Personal data

Personal data GDPR Privacy Marketing

7 key stages of the data protection impact assessment (DPIA)

IT Governance

SEPTEMBER 4, 2019

Under the GDPR, DPIAs (data protection impact assessments) are mandatory for data processing that is “likely to result in a high risk to the rights and freedoms of data subjects” Effectively a type of risk assessment, DPIAs assess how these high-risk processing activities could impact data subjects.

Personal data

Personal data GDPR Risk Access

Is it still necessary for data protection laws to have particular processing rules for specific types pf personal data?

How to Comply with GDPR, PIPL, and CCPA

Webinars

Trending Sources

When are schools required to report personal data breaches?

Webinars

UK: New guidance on processing personal data for scientific research purposes

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

New Dubai International Financial Centre Data Protection Law Comes into Effect

Guest Post - Three Critical Steps for GDPR Compliance

Security Compliance & Data Privacy Regulations

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

The Impact of Data Protection Laws on Your Records Retention Schedule

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

US: Virginia passes comprehensive consumer data protection law

Article 29 Working Party Published Guidelines on Transparency under the GDPR

GDPR – The Year in Review

UAE: Federal level data protection law enacted

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

How Companies Need to Treat User Data and Manage Their Partners

California Enacts Broad Privacy Laws Modeled on GDPR

A guide to data subject rights for data professionals

EU Data Governance Act – Edging Closer to a European Single Market for Data

California Privacy Law Overhaul – Proposition 24 Passes

California Enacts Broad Privacy Protections Modeled on GDPR

How long do you have to report a data breach?

Examples of data processing activities that require a DPIA

Government publishes consultation on post-Brexit data reforms

A guide to data subject rights for data professionals

How long do you have to report a data breach?

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

GDPR is upon us: are you ready for what comes next?

The Privacy Officers’ New Year’s Resolutions

UK ICO Releases Draft Direct Marketing Code of Practice for Public Consultation

DUBAI – DIFC Data Protection Law 2020

UK: Liability Limits for GDPR in commercial contracts – the law and recent trends

UK Government sets out proposals to shake up UK data protection laws

FRANCE: A new phase in European privacy law enforcement – CNIL fined Google LLC 50 million euros!

How to Achieve Compliance with India’s Personal Data Protection Bill

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

EUROPE: Data protection regulators publish myth-busting guidance on machine learning

7 key stages of the data protection impact assessment (DPIA)

Stay Connected