GDPR, Personal data and Privacy - Information Management Today

Maintaining GDPR and Data Privacy Compliance in 2024

IT Governance

FEBRUARY 16, 2024

He’s also an award-winning author, and has been involved in developing a wide range of information security and data privacy training courses, has consulted for clients across the globe, and is a regular media commentator and speaker. About that “GDPR-like legislation”, could you please elaborate?

Data Privacy

Data Privacy GDPR Compliance Privacy

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights. Rising data privacy regulations underscores the need for such a capability, Boyle told me.

Privacy

Privacy Data Privacy GDPR Personal data

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

India Passes Digital Personal Data Protection Act

Hunton Privacy

AUGUST 22, 2023

reports that in early August 2023, the Indian Parliament passed the Digital Personal Data Protection Act (the “Act”), bringing to a close a 5-year process to enact an omnibus data privacy law in India. The Act significantly updates a previous draft, and departs substantially from the GDPR model of privacy laws.

Personal data

Personal data Data breaches GDPR Government

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Hunton Privacy

JANUARY 5, 2024

Background The case related to the processing of an incapacitated employee’s personal data, including health data, by the medical service provider (“MDK”) of a health insurance fund in Germany. The CJEU also held that the rules and limitations on the processing of sensitive personal data under Article 9.2(h)

GDPR

GDPR Personal data Insurance Access

Facebook personal data use and privacy settings ruled illegal by German court

The Guardian Data Protection

FEBRUARY 12, 2018

Firm to appeal decision by Berlin regional court which upholds complaints that users not given informed consent Facebook’s default privacy settings and use of personal data are against German consumer law, according to a judgement handed down by a Berlin regional court. Continue reading.

Personal data

Personal data Privacy GDPR IT

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be underestimated. data subjects, using the GDPR terminology) located within India.

Personal data

Personal data GDPR Data breaches Compliance

Thailand’s Personal Data Protection Act Enters into Force

Hunton Privacy

JUNE 1, 2022

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA mirrors the EU General Data Protection Regulation (“GDPR”) in many respects. Exemptions are granted for public interest, contractual obligations, vital interest or compliance with the law.

Personal data

Personal data GDPR Compliance Government

New Zealand's Refreshed Privacy Act Takes Effect

Data Breach Today

DECEMBER 1, 2020

Includes New Breach Notification Requirements, Fines and Greater Regulatory Powers New Zealand's refreshed Privacy Act, which came into effect Tuesday, introduces breach notification requirements and civil penalties. It also holds data handlers to higher responsibilities to counter new threats to personal data.

Privacy

Privacy GDPR Personal data IT

French Ad Tech Firm Fined 40M Euros for GDPR Violations

Data Breach Today

JUNE 22, 2023

French Regulator Fines Criteo for Website Cookie Tracking Tools The top French privacy regulator has imposed a fine of 40 million euros against a Parisian advertising technology company for its use of website tracking cookies and failure to process users' personal data in compliance with privacy laws under the General Data Protection Regulation.

GDPR

GDPR Personal data Privacy Compliance

Dan Solove on Privacy Regulation

Schneier on Security

APRIL 24, 2024

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” ” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious.

Privacy

Privacy Personal data GDPR Data collection

META hit with privacy complaints by EU consumer groups

Security Affairs

MARCH 4, 2024

This is my interview with TRT International on the Meta dispute with EU consumer groups, which are calling on the bloc to sanction the company EU consumer groups are calling on the bloc to sanction the company Meta – which owns Facebook, Instagram and WhatsApp – for allegedly breaching privacy rules.

Privacy

Privacy GDPR Personal data Data collection

Data privacy examples

IBM Big Data Hub

APRIL 24, 2024

These are just some examples of how organizations support data privacy , the principle that people should have control of their personal data, including who can see it, who can collect it, and how it can be used. One cannot overstate the importance of data privacy for businesses today.

Data Privacy

Data Privacy Privacy GDPR Personal data

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The declining cost of electronic data storage may have caused some company executives to conclude that retaining personal data forever is “cheap.” The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019.

Personal data

Personal data Insurance GDPR Record destruction

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

Discord Fined by French CNIL for GDPR Violations

Data Breach Today

NOVEMBER 17, 2022

Video Streamer Pays 800,000 Euros to Settle Probe of Privacy and Security Practices The French data protection authority fined Discord 800,000 euros for privacy and security practices that violate the General Data Protection Regulation.

GDPR

GDPR Personal data Privacy Security

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

As the world becomes more digital and connected, it is no surprise that data privacy and security is a growing concern for small to medium sized businesses — SMBs. Related: GDPR sets new course for data privacy. Let’s look at some of the challenges faced by SMBs in today’s data privacy landscape.

Data Privacy

Data Privacy Compliance Privacy GDPR

Italian data protection authority said that ChatGPT violated EU privacy laws

Security Affairs

JANUARY 30, 2024

Italian data protection authority regulator authority Garante said that ChatGPT violated European Union data privacy regulations. In early April 2023, the Italian Data Protection Authority temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors.

Privacy

Privacy GDPR Personal data Data Privacy

Changing Attitudes Towards GDPR Enforcement and Compliance: 2018 – 2023

IT Governance

MAY 25, 2023

billion fine for Meta – by far the biggest fine issued under the GDPR since it took effect five years ago – has been taken by many as a sign that the Regulation is at last beginning to be enforced with sufficient vigour. Our EU–US Data Transfer Assessment and Action Plan will help you ensure you stay on the right side of the law.

GDPR

GDPR Compliance Personal data Data Privacy

CNIL Published Guidelines on Re-Use of Personal Data by Data Processors

Hunton Privacy

JANUARY 20, 2022

On January 12, 2022, the French Data Protection Authority (the “CNIL”) published guidelines on the re-use of personal data by data processors for their own purposes (such as product improvement or the development of new products and services) under the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”).

Personal data

Personal data GDPR Encryption IT

Italian Garante bans Chat GPT from processing personal data of Italian data subjects

Data Protection Report

APRIL 5, 2023

The alleged GDPR infringements: The Garante apparently took its action after becoming aware of a recent data breach at ChatGPT, where users’ chat titles and payment information was exposed.

Personal data

Personal data GDPR Data breaches Privacy

Argentina Personal Data Protection Bill Sent to Congress

Hunton Privacy

JULY 18, 2023

Palazzi from Allende & Brea in Argentina reports that on June 30, 2023, the Argentine Executive Branch sent the new proposed Personal Data Protection Bill (the “Bill”) to the National Congress for consideration. 25,326 of 2000). The DPA will update the value of the unit annually.

Personal data

Personal data GDPR Privacy Data Privacy

Dear BA and Marriott: Your GDPR Fines Are Important to Us

Data Breach Today

JULY 10, 2019

Privacy Regulator's Clear Security Message: Act Now to Avoid 'Disappointment' The data protection gloves have finally come off in Europe after GDPR enforcement began last May - the U.K.'s s privacy watchdog has proposed large post-breach sanctions against British Airways and Marriott.

GDPR

GDPR Personal data Privacy Security

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

CJEU Rules That Fear May Constitute Damage Under the GDPR

Hunton Privacy

DECEMBER 19, 2023

Natsionalna agentsia za prihodite (C‑340/21), in which it clarified, among other things, the concept of non-material damage under Article 82 of the EU General Data Protection Regulation (“GDPR”) and the rules governing burden of proof under the GDPR. Read the judgement.

GDPR

GDPR Personal data Data breaches Risk

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

AUGUST 17, 2020

If the EU’s ‘level data protection playing field’ means continuing to fully implement all aspects of European data protection law, including all aspects of the two-year-old General Data Protection Regulation (GDPR), then what was the point of Brexit? The GDPR has had a profound impact on many organisations.

Privacy

Privacy GDPR Personal data Computer and Electronics

GDPR: Still Plenty of Lessons to Learn

Data Breach Today

MARCH 7, 2019

RSA Conference Panel: Organizations Worldwide Face Long List of Challenges Nearly 10 months after the beginning of enforcement of the EU's GDPR privacy regulation, organizations around the world are still learning plenty of compliance lessons - including how to locate all personal data so it can be protected, according to regulatory experts on a panel (..)

GDPR

GDPR Personal data Compliance Privacy

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements

Thales Cloud Protection & Licensing

AUGUST 29, 2023

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements andrew.gertz@t… Tue, 08/29/2023 - 13:41 Modern-day business transactions heavily rely on international data transfers. However, despite this strong relationship, the UK GDPR’s requirements somewhat hinder current arrangements.

Personal data

Personal data Data Privacy Privacy GDPR

TikTok sued over its use of children’s personal data

IT Governance

APRIL 22, 2021

TikTok is again being accused of illegally processing children’s personal data. She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data and failing to explain what it’s used for. TikTok has continually defended the way it processes children’s personal data.

Personal data

Personal data IT GDPR Privacy

EU: International data transfer rules for non-personal data

DLA Piper Privacy Matters

JUNE 27, 2023

Global flows of personal data have been a source of geopolitical concern for many years now. To date, these compliance challenges were essentially limited to personal data processing, so some organisations and sectors had to do more than others.

Personal data

Personal data Data Privacy GDPR Compliance

Transferring personal data under the GDPR

IT Governance

JANUARY 3, 2018

There’s not much organisations can do to eliminate data loss, so the problem becomes how to reduce the damage once the data is exposed? This is a particularly pressing concern with the EU General Data Protection Regulation (GDPR) taking effect this year. Data transfers. Pseudonymisation and encryption.

Personal data

Personal data GDPR Encryption Data breaches

UK: New guidance on processing personal data for scientific research purposes

DLA Piper Privacy Matters

MARCH 1, 2022

Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. The implication was that data controllers did not fully understand, and therefore were not effectively making use of, the research provisions.

Personal data

Personal data GDPR Data collection Archiving

Indonesia Ratifies Country’s First Comprehensive Legal Framework for Personal Data Protection

Hunton Privacy

NOVEMBER 8, 2022

SHIFT Counsellors at Law reports from Indonesia that The People’s Representative Council of the Republic of Indonesia has ratified Indonesia’s draft law on personal data protection. The law, which is partly modeled on the EU General Data Protection Regulation, is Indonesia’s first “umbrella regulation” on personal data protection.

Personal data

Personal data GDPR Compliance Information Security

The ICO urges organisations to start using privacy enhancing technologies to share personal data safely, securely and anonymously

Data Protection Report

JUNE 26, 2023

On 19 June 2023, the UK Information Commissioner’s Office (the ICO ) published guidance on privacy enhancing technologies (or PETs) (the Guidance ). The Guidance sits alongside the ICO’s recommendation that organisations should, if they haven’t already, start using PETs to share personal data safely, securely and anonymously.

Personal data

Personal data Privacy Security Compliance

Europe: CJEU decision – Right of access to individual recipients of personal data

DLA Piper Privacy Matters

JANUARY 19, 2023

On 12 January 2023, the European Court of Justice (“ CJEU ”) delivered its judgment regarding the right of access to personal data under Article 15 GDPR. The CJEU held that when exercising their right of access under the GDPR, data subjects must be provided with the individual data recipients of their personal data.

Personal data

Personal data Access GDPR Privacy

Italian Garante Fines Deliveroo 2.5M Euros for Unlawful Processing of Personal Data

Hunton Privacy

AUGUST 5, 2021

On August 2, 2021, the Italian Data Protection Authority ( Garante per la protezione dei dati personali , “Garante”) announced that it had levied a €2,500,000 fine on Deliveroo Italy s.r.l.

Personal data

Personal data GDPR IT

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Data Protection Report

JUNE 6, 2023

This MPN and its accompanying annexes set out details of TikTok’s non-compliance with data protection law and the reasons why the ICO considered that a fine was appropriate. However, where a DPO is appointed, it must be clear how the DPO specifically (as opposed to the privacy team or data controller generally) is to be contacted.

Privacy

Privacy GDPR Personal data Compliance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Protecting or Posturing: What's Acceptable in New Data Privacy Practices

AIIM

APRIL 13, 2021

Technology and apps that are helping to prevent illness, accidents, and crime also happen to collect a vast amount of personal data. Prompted by new concerns about digital privacy and ethics, The State of Virginia recently became the second state, behind California, to adopt a comprehensive consumer data privacy law.

Data Privacy

Data Privacy Privacy Artificial Intelligence Personal data

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported.

Personal data

Personal data Data breaches Data collection GDPR

UK ICO Approves the First UK GDPR Certification Scheme Criteria

Hunton Privacy

AUGUST 27, 2021

On August 19, 2021, the UK Information Commissioner’s Office (“ICO”) approved the criteria for three certification schemes, as required under Article 42(5) of the UK General Data Protection Regulation (“UK GDPR”). Certification schemes are one method for organizations to demonstrate compliance with the UK GDPR.

GDPR

GDPR Compliance Personal data Privacy

CJEU Determines that a Mere Infringement of the GDPR is not Sufficient to Require Compensation

Hunton Privacy

MAY 8, 2023

In the decision, the CJEU clarified that a mere infringement of the EU General Data Protection Regulation (“GDPR”) is not sufficient to give data subjects the right to receive compensation under Article 82 of the GDPR.

GDPR

GDPR Personal data Compliance Risk

Get Prepared for Data Privacy Compliance Under China PIPL

Data Matters

SEPTEMBER 23, 2021

On August 20, 2021, China’s National People’s Congress passed the Personal Information Protection Law (PIPL), which will become effective starting November 1, 2021. As an overarching law in China with respect to data privacy, PIPL shares many similarities with the EU General Data Protection Regulation (GDPR).

Data Privacy

Data Privacy Compliance Privacy Personal data

CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

Hunton Privacy

OCTOBER 31, 2023

October 12, 2023, the French Data Protection Authority (the “CNIL”) announced a €600,000 fine for mass media company Groupe Canal+ for failing to comply with its commercial prospecting obligations applicable under the French Post and Electronic Communications Code and several obligations of the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Marketing Personal data Communications

Maintaining GDPR and Data Privacy Compliance in 2024

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

Webinars

Trending Sources

GDPR compliance checklist

Webinars

India Passes Digital Personal Data Protection Act

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Facebook personal data use and privacy settings ruled illegal by German court

India: New Digital Personal Data Protection Act, Start Planning Now.

Thailand’s Personal Data Protection Act Enters into Force

New Zealand's Refreshed Privacy Act Takes Effect

French Ad Tech Firm Fined 40M Euros for GDPR Violations

Dan Solove on Privacy Regulation

META hit with privacy complaints by EU consumer groups

Data privacy examples

Over-Retention of Personal Data

How to implement the General Data Protection Regulation (GDPR)

Discord Fined by French CNIL for GDPR Violations

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

Italian data protection authority said that ChatGPT violated EU privacy laws

Changing Attitudes Towards GDPR Enforcement and Compliance: 2018 – 2023

CNIL Published Guidelines on Re-Use of Personal Data by Data Processors

Italian Garante bans Chat GPT from processing personal data of Italian data subjects

Argentina Personal Data Protection Bill Sent to Congress

Dear BA and Marriott: Your GDPR Fines Are Important to Us

How to Comply with GDPR, PIPL, and CCPA

CJEU Rules That Fear May Constitute Damage Under the GDPR

Data Protection: Where’s the Brexit Privacy Dividend?

GDPR: Still Plenty of Lessons to Learn

The UK and the US Build a ‘Data Bridge’ to Facilitate Personal Data Movements

TikTok sued over its use of children’s personal data

EU: International data transfer rules for non-personal data

Transferring personal data under the GDPR

UK: New guidance on processing personal data for scientific research purposes

Indonesia Ratifies Country’s First Comprehensive Legal Framework for Personal Data Protection

The ICO urges organisations to start using privacy enhancing technologies to share personal data safely, securely and anonymously

Europe: CJEU decision – Right of access to individual recipients of personal data

Italian Garante Fines Deliveroo 2.5M Euros for Unlawful Processing of Personal Data

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Security Compliance & Data Privacy Regulations

Protecting or Posturing: What's Acceptable in New Data Privacy Practices

When are schools required to report personal data breaches?

UK ICO Approves the First UK GDPR Certification Scheme Criteria

CJEU Determines that a Mere Infringement of the GDPR is not Sufficient to Require Compensation

Get Prepared for Data Privacy Compliance Under China PIPL

CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

Stay Connected