IT Governance

OCTOBER 3, 2019

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant. Transparency is a core principle of the GDPR. Make sure people know they’re being recorded.

GDPR 110

GDPR Privacy Retail Personal data 110

IT Governance

NOVEMBER 14, 2018

Data controllers and data processors are an integral part of the GDPR. The terms ‘data controller’ and ‘data processor’ have been around for years, but it’s only since the EU GDPR (General Data Protection Regulation) took effect that they’ve been scrutinised. Responsibilities of the data processor.

GDPR 107

GDPR Retail Data collection Personal data 107

IT Governance

MARCH 26, 2019

Although DPIAs (data protection impact assessments) are not a new concept, the GDPR (General Data Protection Regulation) now mandates them under certain circumstances. It’s relevant for everyone, including retail and hospitality. Common activities for retail and hospitality requiring DPIAs.

Retail 78

Retail Risk GDPR Government 78

Privacy and Cybersecurity Law

JULY 26, 2021

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders. What infringements did the Garante identify?

Personal data 52

Personal data GDPR e-Delivery Communications 52

DLA Piper Privacy Matters

AUGUST 12, 2020

On 28 July 2020, the French Supervisory Authority (the “CNIL”) sanctioned the online shoes retail company, SPARTOO SAS, by a €250,000 fine and an injunction to comply with GDPR within 3 months under penalty for various non-compliances with the GDPR of the personal data processing related to clients, prospects and employees [1].

GDPR 93

GDPR Personal data Compliance Passwords 93

Hunton Privacy

DECEMBER 1, 2020

On November 26, 2020, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies.

GDPR 91

GDPR Personal data Data collection Marketing 91

IT Governance

APRIL 23, 2019

Stop us if you’ve heard this one before: organisations that fail to meet the requirements of the GDPR (General Data Protection Regulation) face fines of up to €20 million (about £17.3 That’s somewhat understandable, given that no UK organisation has yet been disciplined under the GDPR. GDPR fines expected in June.

GDPR 89

GDPR Personal data Compliance Retail 89

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. To comply with the data controller’s legal obligations.

GDPR 102

GDPR Personal data Privacy Access 102

IT Governance

MAY 23, 2019

A year ago this week, the GDPR (General Data Protection Regulation) took effect, promising to revolutionise information security. To mark the anniversary, we gathered a panel of data protection experts to discuss the effect of the Regulation and the future of data protection. Compliance fatigue’.

GDPR 72

GDPR Data breaches Compliance Retail 72

IT Governance

FEBRUARY 23, 2018

There is an alarming lack of awareness across all industries about the EU General Data Protection Regulation (GDPR) , according to a government survey. As you would expect, larger organisations were more likely to be aware of the GDPR. Preparing for the GDPR. The survey split respondents into businesses and charities.

GDPR 63

GDPR Compliance Insurance Personal data 63

IBM Big Data Hub

APRIL 24, 2024

An online retailer always gets users’ explicit consent before sharing customer data with its partners. A navigation app anonymizes activity data before analyzing it for travel trends. One cannot overstate the importance of data privacy for businesses today.

Data Privacy 87

Data Privacy Privacy GDPR Personal data 87

Thales Cloud Protection & Licensing

NOVEMBER 16, 2017

Today, putting the letters ‘GDPR’ into Google will generate over 420,000 news articles, some detailing the expected impact of the regulation, and others casting doubt on businesses and their readiness. and Germany to get to grips with what they know about GDPR, and more importantly, what they don’t. A lack of trust.

GDPR 63

GDPR Retail Data breaches Financial Services 63

IT Governance

AUGUST 19, 2020

The concept of data controllers and data processors has been around for years, but the roles come with clearly defined responsibilities under the GDPR (General Data Protection Regulation). In this blog, we take a close look at what a data controller and processor does and how they fit into your organisation.

GDPR 95

GDPR Personal data Compliance Privacy 95

IT Governance

NOVEMBER 12, 2018

The impact of the GDPR (General Data Protection Regulation) in Scotland is greater than most realise. Not only does it affect the way organisations process personal data, but also extends data subjects rights in terms of how their data is processed. What is a data subject access request (DSAR)?

Access 91

Access GDPR Personal data Retail 91

Hunton Privacy

JANUARY 12, 2018

On January 8, 2017, the UK Information Commissioner (“ICO”) issued an unprecedented monetary penalty of £400,000 against British mobile phone retailer, The Car Phone Warehouse Limited. This decision sets the tone for companies at the dawn of the entry into force of the GDPR.

Retail 40

Retail Personal data Security GDPR 40

Reltio

AUGUST 16, 2018

On May 25, 2018 GDPR (General Data Protection Regulation) went into effect. The primary objectives of the GDPR are to give control back to their EU citizens and residents over their personal data, to simplify the regulatory environment for international business, and to unify regulations within the European Union.

GDPR 70

GDPR MDM Compliance Personal data 70

IT Governance

MAY 7, 2024

Data breached: 6,009,014 accounts. A further 381,000 New York City public school students affected by 2022 data breach In January 2022 , personal data from around 820,000 New York City public school students, both current and former, was breached. Under the EU GDPR, the Czech supervisory authority issued a €13.9

Data breaches 59

Data breaches Education Manufacturing Retail 59

Thales Cloud Protection & Licensing

JUNE 24, 2021

The retail sector, especially, is a lucrative target for credential stuffing attacks , resulting in billions lost every year. In the following paragraphs we will examine use cases where FIDO2 simplifies compliance with privacy and security regulations, namely GDPR, CCPA and PSD2. Compliance with GDPR and CCPA.

Authentication 71

Authentication Compliance GDPR Personal data 71

IT Governance

JUNE 13, 2018

Dixons Carphone has suffered a major data breach involving 5.9 million personal data records. At this point, the major consumer electronics retailer said there was no evidence of any fraud. In a second breach, personal customer data in the form of names, addresses and email addresses was accessed.

Retail 65

Retail Data breaches GDPR Compliance 65

Collibra

APRIL 11, 2023

Retail is a dynamic and competitive market. In addition to the traditional brick-and mortar-stores, the retail business today includes online and mobile stores. Every process at every stage of these stores relies on data. The right kind of data can drive great innovations in retail. What if they do not match?

Retail 73

Retail Sales Compliance Marketing 73

Data Protection Report

OCTOBER 5, 2020

On 1 October 2020, the State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit) of Hamburg (the DPA) imposed a fine of EUR 35.3 million under the GDPR against the German subsidiary of the fashion retailer H&M.

Privacy 96

Privacy Retail Data collection GDPR 96

IT Governance

JANUARY 25, 2019

Home improvement retailer B&Q has suffered a data breach affecting 70,000 of its… well, not customers, exactly. As the data contains alleged criminal records, it could be considered sensitive information under the GDPR (General Data Protection Regulation).

Data breaches 111

Data breaches GDPR Passwords Retail 111

DLA Piper Privacy Matters

JANUARY 28, 2022

Looking back on 2021, the privacy and data protection landscape continues to evolve at pace. In Europe we saw the UK finally conclude Brexit and establishment of a separate data protection regime in the UK which will be governed by the UK GDPR. Data transfers to other countries remain a challenge. billion (USD1.2 / GBP0.9

GDPR 98

GDPR Privacy Data breaches Personal data 98

DLA Piper Privacy Matters

JANUARY 15, 2021

Data Subject Access Requests – no unqualified right to documents. Due to the dates on which the DSARs had been made, the relevant legislation was in fact the Data Protection Act 1998 ( “DPA 98” ). Comparable provisions are mirrored in the new regime under the DPA 2018 and GDPR. In each case, the answer had been adequate.

Access 122

Access GDPR Personal data Retail 122

IT Governance

NOVEMBER 14, 2018

Black Friday and Cyber Monday are almost upon us, kickstarting what retailers hope will be a successful trading period. However, the flurry of purchases and the data that represents means cyber criminals will also be looking to cash in. According to McKinsey , 92% of UK shoppers are aware of Black Friday.

Retail 94

Retail Personal data GDPR Risk 94

IT Governance

OCTOBER 19, 2018

If these could have been used to identify individuals, this would have constituted a personal data breach under the EU GDPR (General Data Protection Regulation). It has also contacted the Information Commissioner’s Office, which “confirmed that this was not a data breach and no personal data was compromised”.

Retail 65

Retail Data breaches Personal data GDPR 65

IT Governance

JUNE 19, 2019

The GDPR (General Data Protection Regulation) requires organisations to conduct a DPIA (data protection impact assessment) whenever processing is ‘likely to result in a high risk’ to the rights and freedoms of individuals. Damage : the effects on the individual if a data breach or privacy violation occurs. Data matching.

GDPR 73

GDPR Personal data Risk Data breaches 73

IT Governance

JUNE 11, 2019

“Upon discovery of the breach, the security of our retail platform was immediately restored and appropriate measures were taken to ensure the security of all other online assets,” the statement read. A GDPR penalty? There are many ways to mitigate the risks of a data breach. It’s time to take the GDPR seriously.

GDPR 66

GDPR Personal data Data breaches Retail 66

DLA Piper Privacy Matters

FEBRUARY 1, 2019

On 31 January 2019, the French Data Protection Supervisory Authority (CNIL) and the French General Directorate for Competition Policy, Consumer Affairs and Fraud Control (DGCCRF, authority in charge of consumer protection) signed a new protocol of cooperation to improve protection of personal data of consumers.

GDPR 40

GDPR Personal data B2C Retail 40

IT Governance

JULY 1, 2020

Cyber attack on Mid-Michigan College endangers personal data of staff and students (16,000). Australian activewear retailer In Sport infected with ransomware (unknown). Just Eat customers’ details dumped in Cleveleys alley as data watchdog warns of GDPR breach (unknown).

Data breaches 140

Data breaches Ransomware Retail Personal data 140

Data Protection Report

NOVEMBER 2, 2023

In 2017, Equifax Inc, suffered a cybersecurity breach, with hackers able to access the personal data of around 13.8 The breach included data held by Equifax Inc in connection with two of Equifax’s products.

GDPR 78

GDPR Risk Cybersecurity Compliance 78

IT Governance

DECEMBER 30, 2019

The second half of the year began with major data privacy news: the UK’s data protection authority, the ICO (Information Commissioner’s Office), announced its intention to fine British Airways and Marriott International a combined £282.6 million for breaching the GDPR (General Data Protection Regulation). million (£4.2

Data breaches 78

Data breaches Personal data GDPR Ransomware 78

Thales Cloud Protection & Licensing

NOVEMBER 26, 2018

Six months on from the legal implementation of the General Data Protection Regulation (GDPR), a third of consumers have admitted they still aren’t confident that the companies they interact with comply with the regulation. A quarter (25%) of people in both regions revealed that they could not explain the GDPR in any way.

GDPR 82

GDPR Data breaches Retail Manufacturing 82

Data Matters

FEBRUARY 10, 2020

The Draft Code is intended to update existing guidance published pre-GDPR and provide clarity on certain important issues. a message informing a user they are approaching their monthly data limit). Lawful basis for direct marketing: The two lawful bases for direct marketing under the GDPR are consent and legitimate interests.

Marketing 68

Marketing GDPR Personal data Communications 68

Thales Cloud Protection & Licensing

JUNE 21, 2018

Just look back at the amount of marketing we have seen around the launch of the GDPR this year, all of it relentlessly focused on the size of the financial penalties and, largely, adopting scare tactics designed to catch the eye and provoke pangs of guilt. I believe that world may be just around the corner.

Security 54

Security Personal data Retail Marketing 54

HL Chronicle of Data Protection

MARCH 24, 2020

Across the world, large retail stores and small businesses alike are shutting their doors. Privacy and data protection laws everywhere regulate the ability of organisations to communicate with individuals for both service-related and promotional purposes.

Communications 45

Communications Retail Marketing Privacy 45

HL Chronicle of Data Protection

APRIL 16, 2019

The European Data Protection Board (EDPB) has adopted the narrowest possible interpretation of ‘contractual necessity’ as a ground for processing of personal data.

Personal data 40

Personal data Retail GDPR IT 40