GDPR and Personal data - Information Management Today

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported.

Personal data

Personal data Data breaches Data collection GDPR

GDPR for small business: the ultimate guide

IT Governance

JULY 2, 2020

What is the GDPR? The Regulation came into effect on 25 May 2018, and was designed to strengthen the rights of EU residents regarding the way organisations process and use their personal data. First, the UK has implemented the UK DPA (Data Protection Act) 2018 , which adopts the GDPR into national law.

GDPR

GDPR Personal data Data breaches Compliance

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. The Irish Data Protection Commission filed papers in the Circuit Court on Friday to confirm the €75,000 fine against the Agency. It is reported the fine will not be challenged by Tusla.

GDPR

GDPR Personal data Government Paper

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

DLA Piper Privacy Matters

AUGUST 19, 2021

On 17 December 2019, the ICO issued the first administrative fine under the GDPR (known as a monetary penalty notice in the UK), alongside an Enforcement Notice, against Doorstep Disparensee Limited (“ DDL ”). Some of these contained personal data and special category (health) data.

GDPR

GDPR Personal data Compliance Risk

What Is Data Minimisation? Definition & Examples

IT Governance

APRIL 18, 2023

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur.

GDPR

GDPR Personal data Data breaches Marketing

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Data collection Privacy

ITALY: First GDPR fine issued!

DLA Piper Privacy Matters

MAY 8, 2019

The first GDPR fine was issued in Italy by the Garante for the lack of implementation of privacy security measures following a data breach on the so-called Rousseau platform operating the websites of the Movimento 5 Stelle party. The lack of privacy-related security measures challenged.

GDPR

GDPR Systems administration Privacy Data breaches

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders. What infringements did the Garante identify?

Personal data

Personal data GDPR e-Delivery Communications

FRANCE: Facebook could face a 100 million euros class action suit for violating GDPR

DLA Piper Privacy Matters

NOVEMBER 21, 2018

On 8 November 2018, French NGO Internet Society France sent Facebook a formal notice listing seven areas where it has allegedly infringed GDPR. Failing that, the Internet Society France could launch the first class action suit for compensation since the entry into application of GDPR. The social network has 4 months to respond.

GDPR

GDPR Personal data Communications Data breaches

New Dubai International Financial Centre Data Protection Law Comes into Effect

Hunton Privacy

JULY 9, 2020

The New DP Law will apply to companies incorporated in the DIFC, regardless of where processing takes place, or companies that, whilst incorporated elsewhere, process personal data in the DIFC as part of stable arrangements (other than occasional processing).

Personal data

Personal data GDPR Data breaches Compliance

Fortnum & Mason customers’ personal data exposed in breach

IT Governance

JULY 20, 2018

As the saying goes, you’re only as strong as your weakest link, which is as true for data security as any other situation. Unfortunately, world-famous retailer Fortnum & Mason was recently let down by a weak link – survey company Typeform – that exposed the personal data of 23,000 of its customers.

Personal data

Personal data Retail Data breaches GDPR

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. Kept in a form that allows data subjects to be identified for no longer than is necessary.

GDPR

GDPR Personal data Privacy Access

Mitigating Third Party Risks Under GDPR

AIIM

MARCH 22, 2019

One of the most vexing problems for organizations is mitigating GDPR compliance risks when dealing with third parties, particularly the nature and extent of obligations between data controllers and processors. These obligations extend beyond the walls of an organization to third parties that process personally identifiable information.

GDPR

GDPR Risk Compliance Personal data

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

IT Governance

DECEMBER 24, 2019

Doorstep Dispensaree has been fined £275,000 for failing to comply with the GDPR (General Data Protection Regulation) , making it the first organisation in the UK to be penalised for breaching its requirements. Haven’t there already been GDPR fines in the UK? What went wrong?

GDPR

GDPR Personal data Government Access

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

How to comply with Article 30 of the GDPR

IT Governance

JUNE 21, 2018

Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. One key part of this record-keeping activity is to document the category of individuals (employees, customers, etc.) Where to begin with a data flow map? Formats (e.g.

GDPR

GDPR Personal data Risk Cloud

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

OCTOBER 17, 2022

Among the app categories, shopping, business, and food & drink were found to be sharing the most user data. So it’s best to think twice before downloading an app from one of these categories, especially if it’s free and/or popular. Greediest data harvesters. Social media and business apps collect the most data.

Privacy

Privacy Data Privacy Personal data Data collection

CIPL Submits Comments to European Commission on GDPR Two-Year Evaluation

Hunton Privacy

MAY 5, 2020

On April 28, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted formal comments to the European Commission’s consultation on its roadmap for the two-year evaluation of the EU General Data Protection Regulation (“GDPR”) (the “Response”).

GDPR

GDPR Risk Personal data Compliance

How the CCPA and GDPR Are Different

KnowBe4

SEPTEMBER 10, 2019

The California Consumer Privacy Act (CCPA) was introduced just a month after the European Union instituted the General Data Protection Regulation (GDPR), earning the CCPA the nickname of “California’s GDPR.”. While the GDPR has been in effect since May of 2018, the CCPA is on track to become effective on January 1, 2020.

GDPR

GDPR Privacy Personal data Passwords

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. However, the GDPR is clear that data is also vulnerable to accidental or unlawful destruction, loss or disclosure. The GDPR risk assessment methodology. Get started with vsRisk.

GDPR

GDPR Risk Compliance Personal data

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

Hunton Privacy

OCTOBER 25, 2022

million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the EU General Data Protection Regulation (“GDPR”), during the period of March 2019 to December 2020.

Security

Security Personal data GDPR Insurance

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy.

GDPR

GDPR Compliance Privacy Data Privacy

Key steps to GDPR compliance – Part 3

IT Governance

DECEMBER 20, 2017

There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, but some businesses are not even thinking about it yet, or are only just starting to. Data subject access requests, incident reporting and data breach reporting will all need written processes, too.

GDPR

GDPR Compliance Data breaches Information Security

What UK charities need to know about GDPR compliance

IT Governance

AUGUST 2, 2019

If you think that charities might be shown lenience under the GDPR (General Data Protection Regulation) , you’re wrong. The Regulation treats charities in much the same way as any organisation, because although they’re not using personal data to make a profit, they still run the risk of data breaches and privacy violations.

GDPR

GDPR Compliance Personal data Risk

HMRC forced to delete 5 million voice records after GDPR gaffe

IT Governance

MAY 9, 2019

HMRC (HM Revenue and Customs) has been told to delete more than five million people’s voice records after it was discovered that the way the information was collected breached the GDPR (General Data Protection Regulation). This breaches the GDPR’s requirements that consent be given explicitly and freely.

GDPR

GDPR Personal data Education Passwords

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

Background: How to calculate GDPR fines? How to properly calculate administrative fines for non-compliance with the EU General Data Protection Regulation (‘ GDPR ’) is one of the most important questions when applying the GDPR on practical level, e.g. : What is actually meant by the reference to “undertaking” in Article 83 (4) to (6) GDPR?

GDPR

GDPR Authentication Compliance Personal data

GDPR Training in Belfast – save 10%

IT Governance

DECEMBER 18, 2017

Many organisations are struggling to fill a skills gap created by the EU General Data Protection Regulation (GDPR) and need staff with knowledge of the Regulation. For a short time, we are offering a 10% discount on GDPR courses in Belfast, so book your place before Friday 5 January 2018. EU GDPR Foundation Training Course.

GDPR

GDPR Personal data Compliance Data breaches

China Releases Draft Regulations on Network Data Security Management

Hunton Privacy

JANUARY 26, 2022

On November 14, 2021, the Cyberspace Administration of China (“CAC”) released for public comment its draft Regulations on Network Data Security Management (the “Draft Regulations”). Data Breach. If the data handler is unable to notify affected individuals directly, it may publish public notice of the breach.

Security

Security Data breaches Personal data Cybersecurity

Dutch Data Protection Authority Sets GDPR Fines Structure

HL Chronicle of Data Protection

MARCH 20, 2019

On 14 March 2019, the Dutch data protection authority ( Autoriteit Persoonsgegevens , DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law implementing the GDPR (Implementation Act). To view the proposal, click here.

GDPR

GDPR Data breaches Personal data IT

European Commission Publishes Final Version of Updated Standard Contractual Clauses

Hunton Privacy

JUNE 4, 2021

On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation (“GDPR”), as well as the final version of the new standard contractual clauses (the “SCCs”).

Personal data

Personal data GDPR Government Access

New course dates for GDPR training in Edinburgh and Glasgow

IT Governance

MAY 3, 2018

Although the EU General Data Protection Regulation (GDPR) deadline is only three weeks away, many organisations are still struggling to fill the cyber security skills gap and ensure that they are compliant. Certified EU GDPR Foundation Training Course. Essential GDPR background and terminology. What will you learn?

GDPR

GDPR Personal data Compliance Data breaches

GDPR – the facts and what it means for the retail sector

IT Governance

JUNE 25, 2018

We all know by now that, on 25 May 2018, the General Data Protection Regulation (GDPR) came into effect. With all the noise, however, it’s possible that the key facts haven’t been heard clearly, especially by those in smaller businesses where there isn’t always a defined person to take the lead for IT.

Retail

Retail GDPR IT Compliance

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

Data Matters

AUGUST 9, 2021

In recent weeks, Connecticut passed An Act Concerning Data Privacy Breaches (“The Act”), and the Uniform Law Commission approved and recommended the Uniform Personal Data Protection Act (“UPDPA”). Connecticut: An Act Concerning Data Privacy Breaches. Uniform Personal Data Protection Act.

Data breaches

Data breaches Privacy Personal data Data Privacy

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. What does the PDPL cover and who does it apply to? Definitions. Territoriality.

Personal data

Personal data Data breaches GDPR Compliance

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

Recently, the Association of German Data Protection Authorities (“ Datenschutzkonferenz ” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. 5-Step Process. This daily amount will ultimately serve as the basis of the fine.

GDPR

GDPR Personal data Privacy Manufacturing

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

Recently, the Association of German Data Protection Authorities (“ Datenschutzkonferenz ” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. 5-Step Process. This daily amount will ultimately serve as the basis of the fine.

GDPR

GDPR Personal data Privacy Manufacturing

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

DLA Piper Privacy Matters

JULY 23, 2019

The European Data Protection Board ( “EDPB” ) has published guidelines on the processing of personal data through video devices (the “ Guidelines “) (currently subject to a public consultation process). technical and organisational measures required for such data processing.

Personal data

Personal data GDPR Access Marketing

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

Everything you need to know about DPOs under the GDPR

IT Governance

FEBRUARY 8, 2019

We recently claimed that DPOs (data protection officers) are “ the key to data breach response ”, but you could argue that they are the key to GDPR (General Data Protection Regulation) compliance in general. Article 39 of the GDPR. Processes special categories of data on a large scale.

GDPR

GDPR Personal data Privacy Compliance

European Commission Publishes Draft of New Standard Contractual Clauses

Hunton Privacy

NOVEMBER 13, 2020

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (“GDPR”), along with its draft set of new standard contractual clauses (the “SCCs”).

Personal data

Personal data GDPR Data collection Access

GDPR compliance checklist

How to implement the General Data Protection Regulation (GDPR)

Webinars

Trending Sources

How to Comply with GDPR, PIPL, and CCPA

Webinars

When are schools required to report personal data breaches?

GDPR for small business: the ultimate guide

IRELAND: First GDPR fine issued in Ireland

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

What Is Data Minimisation? Definition & Examples

Guest Post - Three Critical Steps for GDPR Compliance

ITALY: First GDPR fine issued!

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

FRANCE: Facebook could face a 100 million euros class action suit for violating GDPR

New Dubai International Financial Centre Data Protection Law Comes into Effect

Fortnum & Mason customers’ personal data exposed in breach

CCTV and the GDPR – an overview for small businesses

Mitigating Third Party Risks Under GDPR

Doorstep Dispensaree becomes the first UK organisation to receive a GDPR fine

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

How to comply with Article 30 of the GDPR

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

CIPL Submits Comments to European Commission on GDPR Two-Year Evaluation

How the CCPA and GDPR Are Different

Why risk assessments are essential for GDPR compliance

Security Compliance & Data Privacy Regulations

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Key steps to GDPR compliance – Part 3

What UK charities need to know about GDPR compliance

HMRC forced to delete 5 million voice records after GDPR gaffe

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

GDPR Training in Belfast – save 10%

China Releases Draft Regulations on Network Data Security Management

Dutch Data Protection Authority Sets GDPR Fines Structure

European Commission Publishes Final Version of Updated Standard Contractual Clauses

New course dates for GDPR training in Edinburgh and Glasgow

GDPR – the facts and what it means for the retail sector

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

UAE: Federal level data protection law enacted

German DSK Issues GDPR Fining Methodology Guidelines

German DSK Issues GDPR Fining Methodology Guidelines

EU: EDPB ISSUES GUIDELINES ON PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

GDPR – The Year in Review

Everything you need to know about DPOs under the GDPR

European Commission Publishes Draft of New Standard Contractual Clauses

Stay Connected