GDPR and Personal data - Information Management Today

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Hunton Privacy

JANUARY 5, 2024

Background The case related to the processing of an incapacitated employee’s personal data, including health data, by the medical service provider (“MDK”) of a health insurance fund in Germany. The CJEU also held that the rules and limitations on the processing of sensitive personal data under Article 9.2(h)

GDPR

GDPR Personal data Insurance Access

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. The checklist below covers the core GDPR regulations.

GDPR

GDPR Compliance Personal data Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

GDPR: What’s the difference between personal data and sensitive data?

IT Governance

JULY 29, 2019

Now that the EU GDPR (General Data Protection Regulation) has been in effect for over a year, you’ve likely become acquainted with the term ‘personal data’ But what exactly does personal data mean? What is personal data? What is sensitive personal data?

Personal data

Personal data GDPR Encryption Compliance

Europe: CJEU decision – Right of access to individual recipients of personal data

DLA Piper Privacy Matters

JANUARY 19, 2023

On 12 January 2023, the European Court of Justice (“ CJEU ”) delivered its judgment regarding the right of access to personal data under Article 15 GDPR. The CJEU held that when exercising their right of access under the GDPR, data subjects must be provided with the individual data recipients of their personal data.

Personal data

Personal data Access GDPR Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them. PIPL Compliance CCPA Compliance GDPR Compliance How to Stay Up to Date with Changing Compliance Regulations. Compliance Overview.

GDPR

GDPR Compliance Data Privacy Privacy

Irish Data Protection Commission Publishes Annual Report for 2022

Hunton Privacy

MARCH 7, 2023

The Report contains details on several areas of the DPC’s work, including complaints from data subjects received by the DPC, personal data breach notifications received by the DPC and statutory inquiries conducted by the DPC. The Report also includes a high-level breakdown of the categories of personal data breaches notified.

Personal data

Personal data GDPR Data breaches Compliance

The GDPR: Do you know the difference between personal data and sensitive data?

IT Governance

JULY 18, 2018

Now that the EU GDPR (General Data Protection Regulation) has been in effect for a couple of months, you’ve hopefully become acquainted with its definition of personal data: “any information relating to an identified or identifiable natural person”. What is personal data? Location data.

Personal data

Personal data GDPR Encryption Compliance

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Data Protection Report

JUNE 6, 2023

Whilst a significant part of the MPN is focussed on TikTok’s non compliance with the rules around processing children’s personal data, the MPN also clarifies how the ICO interprets the requirements in Article 13 of the UK GDPR more generally. Where a generic email address (e.g.

Privacy

Privacy GDPR Personal data Compliance

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported.

Personal data

Personal data Data breaches Data collection GDPR

UK: New guidance on processing personal data for scientific research purposes

DLA Piper Privacy Matters

MARCH 1, 2022

Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. The implication was that data controllers did not fully understand, and therefore were not effectively making use of, the research provisions.

Personal data

Personal data GDPR Data collection Archiving

Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context

Hunton Privacy

JANUARY 20, 2023

The DPC’s investigation began after None of Your Business (“NOYB”), a non-governmental organization co-founded by privacy activist Max Schrems, submitted complaints alleging that Facebook and Instagram “forced” users to consent to the processing of personal data for behavioral advertising and other services.

GDPR

GDPR Personal data Compliance Privacy

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The Department for Culture, Media and Sport (DCMS) has finally published the UK government’s long-awaited response to the consultation on the future of the UK data protection regime.

GDPR

GDPR Government Personal data Risk

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

Hunton Privacy

SEPTEMBER 3, 2021

On September 2, 2021, Ireland’s Data Protection Commission (“DPC”) announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd (“WhatsApp”) for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Compliance Personal data Privacy

7 steps to highly effective GDPR compliance

IT Governance

AUGUST 21, 2019

The GDPR (General Data Protection Regulation) hasn’t exactly crept up unnoticed over the past year or so, but it’s still caught many organisations by surprise. Meanwhile, although the specifics of Brexit are still unclear, one thing is certain: whatever happens, UK-based organisations will be subject to the GDPR’s requirements.

GDPR

GDPR Compliance Personal data Access

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

DLA Piper Privacy Matters

JUNE 27, 2022

The Italian privacy authority, the Garante, deemed that the use of Google Analytics results in unlawful transfers of personal data to the United States in violation of the principles outlined in the Schrems II ruling. In Order No. The disputed facts. Code § 1881(b)(4), which subjects the company to the surveillance of U.S.

Personal data

Personal data Analytics GDPR Privacy

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders. What infringements did the Garante identify?

Personal data

Personal data GDPR e-Delivery Communications

List of mandatory documents required by the GDPR

IT Governance

JULY 31, 2019

The documentation of processing activities is a new legal requirement under the EU GDPR (General Data Protection Regulation). Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance with other aspects of the GDPR.

GDPR

GDPR Data breaches Personal data Compliance

Mitigating Third Party Risks Under GDPR

AIIM

MARCH 22, 2019

One of the most vexing problems for organizations is mitigating GDPR compliance risks when dealing with third parties, particularly the nature and extent of obligations between data controllers and processors. These obligations extend beyond the walls of an organization to third parties that process personally identifiable information.

GDPR

GDPR Risk Compliance Personal data

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

Hunton Privacy

MARCH 4, 2020

Article 97 of the GDPR requires the European Commission to submit, by May 25, 2020, and every four years thereafter, a report on the evaluation and review of the GDPR to the European Parliament and to the Council of the EU. Key takeaways and statistics from the Contribution include: International Data Transfer Tools.

GDPR

GDPR Personal data Data breaches Communications

The GDPR: A guide for small businesses

IT Governance

MARCH 27, 2018

Businesses are starting to panic as they try to comply with the General Data Protection Regulation (GDPR) before the May 2018 deadline. Many even believe that the GDPR won’t apply to them because they have fewer than 250 employees. Data protection officers. Does it apply to me? Does it apply to me?

GDPR

GDPR Compliance Personal data Information Security

New Dubai International Financial Centre Data Protection Law Comes into Effect

Hunton Privacy

JULY 9, 2020

The New DP Law will apply to companies incorporated in the DIFC, regardless of where processing takes place, or companies that, whilst incorporated elsewhere, process personal data in the DIFC as part of stable arrangements (other than occasional processing).

Personal data

Personal data GDPR Data breaches Compliance

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. To comply with the data controller’s legal obligations.

GDPR

GDPR Personal data Privacy Access

GDPR: lawful bases for processing, with examples

IT Governance

MARCH 13, 2020

Under the EU GDPR (General Data Protection Regulation) , you need to identify a lawful basis before processing personal data. Do you always need individuals’ consent to process their data? Lawfulness of processing under the GDPR. First published June 2018. Last updated March 2020.

GDPR

GDPR Personal data Compliance Marketing

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

IT Governance

DECEMBER 24, 2019

Doorstep Dispensaree has been fined £275,000 for failing to comply with the GDPR (General Data Protection Regulation) , making it the first organisation in the UK to be penalised for breaching its requirements. Haven’t there already been GDPR fines in the UK? What went wrong?

GDPR

GDPR Personal data Government Access

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

GDPR

GDPR Personal data Risk IT

European Data Protection Board Clarifies Application of GDPR to Payment Service Providers

Data Matters

SEPTEMBER 6, 2018

In its response, the EDPB set out its position on how the requirement to obtain explicit consent from payment service users under PSD2 interacts with the GDPR. The EDPB also provided guidance on the use of personal data relating to a payee by an account information service provider or a payment initiation service provider acting for a payer.

GDPR

GDPR Personal data Privacy IT

How to comply with Article 30 of the GDPR

IT Governance

JUNE 21, 2018

Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. One key part of this record-keeping activity is to document the category of individuals (employees, customers, etc.) What does Article 30 require?

GDPR

GDPR Personal data Risk Cloud

ITALY: First GDPR fine issued!

DLA Piper Privacy Matters

MAY 8, 2019

The first GDPR fine was issued in Italy by the Garante for the lack of implementation of privacy security measures following a data breach on the so-called Rousseau platform operating the websites of the Movimento 5 Stelle party. The first GDPR fine issued in Italy. The fact of the case relating to the Rousseau platform.

GDPR

GDPR Systems administration Privacy Data breaches

Belgian Privacy Commission Issues Guidance on Data Protection Impact Assessments Under the GDPR

Data Matters

APRIL 5, 2018

On 28 February 2018, the Belgian Commission for the Protection of Privacy (the “Privacy Commission”) published a recommendation setting out its approach to Data Protection Impact Assessments (“DPIAs”), and in doing so published a “White List” and a “Black List” of processing operations, pursuant to the General Data Protection Regulation (“GDPR”).

GDPR

GDPR Privacy Personal data Education

Fortnum & Mason customers’ personal data exposed in breach

IT Governance

JULY 20, 2018

Unfortunately, world-famous retailer Fortnum & Mason was recently let down by a weak link – survey company Typeform – that exposed the personal data of 23,000 of its customers. A breach of Typeform affected Fortnum & Mason customers who voted using the Typeform form in the “TV Personality of the Year” category.

Personal data

Personal data Retail Data breaches GDPR

How to write a GDPR-compliant data subject access request procedure – with template

IT Governance

NOVEMBER 8, 2018

This blog was originally published before the GDPR took effect in May 2018. This blog explains how to write a GDPR-compliant DSAR (data subject access request) procedure to ensure you meet your obligations as a data controller. What is a data subject access request? The categories of personal data involved.

GDPR

GDPR Access Personal data Compliance

What Is Data Minimisation? Definition & Examples

IT Governance

APRIL 18, 2023

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur.

GDPR

GDPR Personal data Data breaches Marketing

GDPR automated decision-making and profiling: what are the requirements?

IT Governance

NOVEMBER 9, 2018

In addition to data subjects’ rights to be informed, of access, to rectification, to erasure, to restrict processing, to data portability and to object, the EU’s GDPR (General Data Protection Regulation) sets out requirements relating to automated individual decision-making, including profiling.

GDPR

GDPR Personal data Financial Services Compliance

How the CCPA and GDPR Are Different

KnowBe4

SEPTEMBER 10, 2019

The California Consumer Privacy Act (CCPA) was introduced just a month after the European Union instituted the General Data Protection Regulation (GDPR), earning the CCPA the nickname of “California’s GDPR.”. While the GDPR has been in effect since May of 2018, the CCPA is on track to become effective on January 1, 2020.

GDPR

GDPR Privacy Personal data Passwords

Key Steps to GDPR Compliance – Part 2

IT Governance

DECEMBER 14, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect but some businesses are not even thinking about it yet, or are only just starting to. There are special categories of data that entail stricter processing rules, such as getting explicit consent.

GDPR

GDPR Compliance Personal data Risk

GDPR Training in Belfast – save 10%

IT Governance

DECEMBER 18, 2017

Many organisations are struggling to fill a skills gap created by the EU General Data Protection Regulation (GDPR) and need staff with knowledge of the Regulation. For a short time, we are offering a 10% discount on GDPR courses in Belfast, so book your place before Friday 5 January 2018. Data protection by design.

GDPR

GDPR Personal data Compliance Data breaches

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

Whereas the previous guidance set out general principles for when to impose fines under Article 83 GDPR, the new Guidelines provide a detailed five-step methodology for calculating a starting point for a fine and clarify how to determine the turnover of an undertaking in order to harmonise the approach across Member States.

GDPR

GDPR Compliance Personal data IT

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

These records are typically organized by grouping them by function or department and then described as either an individual record or grouped together into a record category. Introduction to Data Protection Laws. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

Key steps to GDPR compliance – Part 3

IT Governance

DECEMBER 20, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, but some businesses are not even thinking about it yet, or are only just starting to. Data subject access requests, incident reporting and data breach reporting will all need written processes, too.

GDPR

GDPR Compliance Data breaches Information Security

European Commission Publishes Final Version of Updated Standard Contractual Clauses

Hunton Privacy

JUNE 4, 2021

On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation (“GDPR”), as well as the final version of the new standard contractual clauses (the “SCCs”).

Personal data

Personal data GDPR Government Access

GDPR data breach notification: A quick guide

IT Governance

NOVEMBER 28, 2018

The data breach notification requirements of the EU GDPR (General Data Protection Regulation) are complicated, so it’s no surprise that many organisations aren’t sure what they’re supposed to be doing. What is a personal data breach? In other words, any information that is clearly about a particular person.

Data breaches

Data breaches GDPR Personal data Compliance

EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle

DLA Piper Privacy Matters

JANUARY 26, 2022

Data is at the heart of the EU’s digital and green transformation, which are the two priorities of the European Commission. With the General Data Protection Regulation (GDPR), adopted in 2016, the EU has created a solid framework for the protection of personal data in line with the EU Charter of Fundamental Rights.

Personal data

Personal data GDPR Computer and Electronics Artificial Intelligence

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

GDPR compliance checklist

Webinars

Trending Sources

How to implement the General Data Protection Regulation (GDPR)

Webinars

GDPR: What’s the difference between personal data and sensitive data?

Europe: CJEU decision – Right of access to individual recipients of personal data

How to Comply with GDPR, PIPL, and CCPA

Irish Data Protection Commission Publishes Annual Report for 2022

The GDPR: Do you know the difference between personal data and sensitive data?

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

When are schools required to report personal data breaches?

UK: New guidance on processing personal data for scientific research purposes

Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

7 steps to highly effective GDPR compliance

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

List of mandatory documents required by the GDPR

Mitigating Third Party Risks Under GDPR

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

The GDPR: A guide for small businesses

New Dubai International Financial Centre Data Protection Law Comes into Effect

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

CCTV and the GDPR – an overview for small businesses

GDPR: lawful bases for processing, with examples

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

European Data Protection Board Clarifies Application of GDPR to Payment Service Providers

How to comply with Article 30 of the GDPR

ITALY: First GDPR fine issued!

Belgian Privacy Commission Issues Guidance on Data Protection Impact Assessments Under the GDPR

Fortnum & Mason customers’ personal data exposed in breach

How to write a GDPR-compliant data subject access request procedure – with template

What Is Data Minimisation? Definition & Examples

GDPR automated decision-making and profiling: what are the requirements?

How the CCPA and GDPR Are Different

Key Steps to GDPR Compliance – Part 2

GDPR Training in Belfast – save 10%

EDPB publishes guidance on calculating GDPR fines

The Impact of Data Protection Laws on Your Records Retention Schedule

Key steps to GDPR compliance – Part 3

European Commission Publishes Final Version of Updated Standard Contractual Clauses

GDPR data breach notification: A quick guide

EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle

Stay Connected