GDPR, Personal data and Security - Information Management Today

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

Maintaining GDPR and Data Privacy Compliance in 2024

IT Governance

FEBRUARY 16, 2024

Expert tips from Alan Calder Alan is the Group CEO of GRC International Group PLC, the parent company of IT Governance, and is an acknowledged international security guru. In addition, 14 US states now have their own data privacy laws, and GDPR-like legislation has proliferated across the world.

Data Privacy

Data Privacy GDPR Compliance Privacy

Thailand’s Personal Data Protection Act Enters into Force

Hunton Privacy

JUNE 1, 2022

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA mirrors the EU General Data Protection Regulation (“GDPR”) in many respects. Exemptions are granted for public interest, contractual obligations, vital interest or compliance with the law.

Personal data

Personal data GDPR Compliance Government

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

India Passes Digital Personal Data Protection Act

Hunton Privacy

AUGUST 22, 2023

reports that in early August 2023, the Indian Parliament passed the Digital Personal Data Protection Act (the “Act”), bringing to a close a 5-year process to enact an omnibus data privacy law in India. The Act significantly updates a previous draft, and departs substantially from the GDPR model of privacy laws.

Personal data

Personal data Data breaches GDPR Government

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

While there are similarities with EU/UK GDPR – and sufficient harmonisation with data protection laws across APAC to continue a regional data compliance in Asia – the practicalities of implementation and compliance should not be underestimated. data subjects, using the GDPR terminology) located within India.

Personal data

Personal data GDPR Data breaches Compliance

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

GDPR: How the definition of personal data has changed

IT Governance

APRIL 10, 2019

On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. With the Regulation expanding the definition of personal data, many organisations were uncertain as to what the new definition includes. The scope of personal data.

Personal data

Personal data GDPR Education Government

CJEU Rules That Fear May Constitute Damage Under the GDPR

Hunton Privacy

DECEMBER 19, 2023

Natsionalna agentsia za prihodite (C‑340/21), in which it clarified, among other things, the concept of non-material damage under Article 82 of the EU General Data Protection Regulation (“GDPR”) and the rules governing burden of proof under the GDPR. Read the judgement.

GDPR

GDPR Personal data Data breaches Risk

Marriott Mega-Breach: Will GDPR Apply?

Data Breach Today

DECEMBER 3, 2018

Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation?

GDPR

GDPR Personal data Security

Discord Fined by French CNIL for GDPR Violations

Data Breach Today

NOVEMBER 17, 2022

Video Streamer Pays 800,000 Euros to Settle Probe of Privacy and Security Practices The French data protection authority fined Discord 800,000 euros for privacy and security practices that violate the General Data Protection Regulation.

GDPR

GDPR Personal data Privacy Security

GDPR: What’s the difference between personal data and sensitive data?

IT Governance

JULY 29, 2019

Now that the EU GDPR (General Data Protection Regulation) has been in effect for over a year, you’ve likely become acquainted with the term ‘personal data’ But what exactly does personal data mean? What is personal data? What is sensitive personal data? A home address.

Personal data

Personal data GDPR Encryption Compliance

Changing Attitudes Towards GDPR Enforcement and Compliance: 2018 – 2023

IT Governance

MAY 25, 2023

billion fine for Meta – by far the biggest fine issued under the GDPR since it took effect five years ago – has been taken by many as a sign that the Regulation is at last beginning to be enforced with sufficient vigour. Monday’s €1.2 Our team will review your suppliers’ privacy notices and other supporting information.

GDPR

GDPR Compliance Personal data Data Privacy

Transferring personal data under the GDPR

IT Governance

JANUARY 3, 2018

When organisations transfer data, they inevitably compromise its security to some degree. It’s no longer secured behind physical defences, such as in a locked drawer in the organisation’s secure premises, and the means of transfer can be lost, stolen or hacked. Data transfers. Pseudonymisation and encryption.

Personal data

Personal data GDPR Encryption Data breaches

How to write a GDPR-compliant personal data breach notification procedure

IT Governance

APRIL 18, 2018

An integral part of your EU General Data Protection Regulation (GDPR) compliance project is producing appropriate documentation, which includes a personal data breach notification procedure. What is a personal data breach? Loss of availability of personal data. Data controller to data subject.

Personal data

Personal data Data breaches GDPR Compliance

Indonesia Ratifies Country’s First Comprehensive Legal Framework for Personal Data Protection

Hunton Privacy

NOVEMBER 8, 2022

SHIFT Counsellors at Law reports from Indonesia that The People’s Representative Council of the Republic of Indonesia has ratified Indonesia’s draft law on personal data protection. The law, which is partly modeled on the EU General Data Protection Regulation, is Indonesia’s first “umbrella regulation” on personal data protection.

Personal data

Personal data GDPR Compliance Information Security

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

GDPR

GDPR Compliance Data Privacy Privacy

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

DLA Piper Privacy Matters

FEBRUARY 17, 2021

Securities and Exchange Commission (“ SEC ”) confirming that SEC-regulated UK domiciled firms (“ UK Regulated Firms ”) can share personal data with the SEC when seeking to comply with regulatory obligations, in compliance with the UK GDPR. As the GDPR places restrictions on the transfer of personal data to the U.S.,

Personal data

Personal data GDPR Security Compliance

Dear BA and Marriott: Your GDPR Fines Are Important to Us

Data Breach Today

JULY 10, 2019

Privacy Regulator's Clear Security Message: Act Now to Avoid 'Disappointment' The data protection gloves have finally come off in Europe after GDPR enforcement began last May - the U.K.'s Consider the tables now turned on firms that fail to properly safeguard personal data.

GDPR

GDPR Personal data Privacy Security

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported.

Personal data

Personal data Data breaches Data collection GDPR

The GDPR: Do you know the difference between personal data and sensitive data?

IT Governance

JULY 18, 2018

Now that the EU GDPR (General Data Protection Regulation) has been in effect for a couple of months, you’ve hopefully become acquainted with its definition of personal data: “any information relating to an identified or identifiable natural person”. What is personal data? Location data.

Personal data

Personal data GDPR Encryption Compliance

GDPR for small business: the ultimate guide

IT Governance

JULY 2, 2020

What is the GDPR? The Regulation came into effect on 25 May 2018, and was designed to strengthen the rights of EU residents regarding the way organisations process and use their personal data. First, the UK has implemented the UK DPA (Data Protection Act) 2018 , which adopts the GDPR into national law.

GDPR

GDPR Personal data Data breaches Compliance

CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

Hunton Privacy

OCTOBER 31, 2023

October 12, 2023, the French Data Protection Authority (the “CNIL”) announced a €600,000 fine for mass media company Groupe Canal+ for failing to comply with its commercial prospecting obligations applicable under the French Post and Electronic Communications Code and several obligations of the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Marketing Personal data Communications

GDPR Data Security Checklist in the Age of COVID-19 and the Remote Workforce

Security Affairs

MAY 11, 2020

During COVID-19 outbreak data processors have to be extra vigilant to maintain their compliance with data protection authorities like GDPR. It has imposed online learning and earning, which in turn has open new doors of cybersecurity threats and data breaches. COVID-19 Remote Working – GDPR Data Security Checklist.

GDPR

GDPR Security Compliance Encryption

Meta Hit with £14 Million Fine for a Dozen GDPR Breaches

IT Governance

MARCH 17, 2022

The tech giant, formerly known as Facebook, violated several GDPR (General Data Protection Regulation) requirements, and more than 30 million people have been affected. The DPC began its inquiry in 2018 – shortly after the GDPR took effect – after it received a dozen breach notifications from Facebook.

GDPR

GDPR Personal data Encryption Compliance

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR

GDPR Personal data Data collection Access

The ICO urges organisations to start using privacy enhancing technologies to share personal data safely, securely and anonymously

Data Protection Report

JUNE 26, 2023

The Guidance sits alongside the ICO’s recommendation that organisations should, if they haven’t already, start using PETs to share personal data safely, securely and anonymously. The Guidance clarifies that there is no definition of PETs within data protection law and that the concept covers various technologies and techniques.

Personal data

Personal data Privacy Security Compliance

Organisations received £155 million in GDPR fines in 2020

IT Governance

MARCH 28, 2021

In 2020, organisations received €182 million (about £155 million) in fines for violating the GDPR (General Data Protection Regulation) , according to an IT Governance report. Our GDPR Fines Quarterly Report revealed that more than two thirds of that total – €110 million (£94 million) – came in the final quarter of the year.

GDPR

GDPR Personal data Government Compliance

CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

Hunton Privacy

MARCH 30, 2021

The Draft Guidance also applies to all organizations that process children’s data, not just providers of Information Society Services (“ISS”), and has a broader scope than the ICO Age Appropriate Code, covering issues such as how to address security standards, handle data breaches and use biometrics.

Personal data

Personal data GDPR Risk Privacy

The Irish DPC fined WhatsApp €5.5M for violating GDPR

Security Affairs

JANUARY 21, 2023

The Irish Data Protection Commission (DPC) fined Meta’s WhatsApp €5.5 million for violating data protection laws. by the Irish Data Protection Commission (DPC) for violating the General Data Protection Regulation (GDPR). million (for breaches of the GDPR relating to its service).”

GDPR

GDPR Metadata Encryption Communications

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

DLA Piper Privacy Matters

SEPTEMBER 6, 2021

On 2 September 2021, the Data Protection Commission (DPC) announced it has imposed a €225 million administrative fine against WhatsApp Ireland Limited , as well as a reprimand and an order to bring its processing into compliance. This is the highest GDPR fine ever issued by the DPC, and the second highest by any EU regulator to date.

GDPR

GDPR Personal data Communications e-Delivery

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. The Irish Data Protection Commission filed papers in the Circuit Court on Friday to confirm the €75,000 fine against the Agency. Eilis McDonald & John Magee. It is reported the fine will not be challenged by Tusla.

GDPR

GDPR Personal data Government Paper

UK ICO Approves the First UK GDPR Certification Scheme Criteria

Hunton Privacy

AUGUST 27, 2021

On August 19, 2021, the UK Information Commissioner’s Office (“ICO”) approved the criteria for three certification schemes, as required under Article 42(5) of the UK General Data Protection Regulation (“UK GDPR”). Certification schemes are one method for organizations to demonstrate compliance with the UK GDPR.

GDPR

GDPR Compliance Personal data Privacy

Germany: No GDPR damages after data breach

DLA Piper Privacy Matters

OCTOBER 13, 2020

In contrast to personal injury claims where lawyers have (hundreds of) years of case law to call upon to help calculate compensation, there is comparatively little case law considering how compensation will be calculated for distress when personal data are processed in breach of GDPR. There must be some objective harm.

GDPR

GDPR Data breaches Personal data Access

European Data Protection Board Releases Statement on Personal Data and COVID-19

Data Matters

MARCH 25, 2020

On 20 March 2020, the European Data Protection Board (“ EDPB ”) released a statement on the protection of personal data in connection with measures that public authorities and business organizations (including employers) are taking to address the Coronavirus (COVID-19) pandemic. Data protection principles.

Personal data

Personal data GDPR Communications Privacy

Securing Containers for GDPR Compliance

Thales Cloud Protection & Licensing

MARCH 1, 2018

Around the world, enterprises are anxious about May 25, 2018, the day enforcement begins for the European Union’s General Data Protection Regulation (GDPR). And, with potential fines of up to four percent of global revenues or 20 million EUR (whichever is higher), the GDPR has the attention of CEOs and Boards of Directors.

GDPR

GDPR Compliance Security Encryption

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

DLA Piper Privacy Matters

APRIL 27, 2023

In the course of this cyber-attack, personal data – mainly tax and social security information – of approximately 4 million Bulgarian citizens (or approximately 6 million citizens in total, including foreign citizens) had been accessed and published on the Internet. 82 (1) GDPR.

Personal data

Personal data GDPR Access Data breaches

Seven Data Security Challenges You Must Meet to Comply with GDPR

Thales Cloud Protection & Licensing

AUGUST 21, 2018

The enactment of the European Union’s General Data Protection Regulation (GDPR) is a significant milestone for virtually every international business. The following overview touches on some of the most critical elements that are required for GDPR compliance. Data Autonomy and Sovereignty. Fine-Grained Access Control.

GDPR

GDPR Security Encryption Cloud

UK Court Blocks UK ICO Fine and Enforcement Against Clearview AI

Hunton Privacy

OCTOBER 19, 2023

On May 18, 2022, the ICO issued an enforcement notice requiring that Clearview delete the personal data of UK individuals collected through the use of its facial recognition technology and held in its database (the “Notice”), as well as a fine of £7.5 Among other submissions, Clearview, which is based in the U.S.

GDPR

GDPR Personal data Government IT

GDPR supervisory authorities issued £2.6 million in fines in Q2 2020

IT Governance

AUGUST 17, 2020

In the second quarter of 2020, data protection bodies across Europe issued at least 46 administrative fines under the GDPR (General Data Protection Regulation) , with the penalties totalling nearly €2.9 Download GDPR Fines Quarterly Report: Q2 2020. Spain is responsible for by far the most GDPR fines. million (£2.6

GDPR

GDPR Personal data Privacy Government

The European Commission’s GDPR review in short

Privacy and Cybersecurity Law

JULY 22, 2020

Two years after the GDPR entered into force, the European Commission ( EC ) issued its first evaluation of the GDPR. Individuals are increasingly aware of the GDPR and their GDPR rights. However, the right to data portability is still not used to its full potential. The GDPR’s international data transfer toolbox.

GDPR

GDPR Privacy Personal data Compliance

DLA Piper GDPR fines and data breach survey: January 2021

DLA Piper Privacy Matters

JANUARY 19, 2021

The third annual DLA Piper GDPR fines and data breach survey which we launched today reflects how the current circumstances have affected the privacy landscape across the 31 European countries surveyed. The report includes key GDPR metrics compiled from data from the 27 EU Member States plus the UK, Norway, Iceland and Liechtenstein.

Data breaches

Data breaches GDPR Personal data Privacy

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

FEBRUARY 3, 2022

The TCF is a GDPR consent solution developed by IAB Europe that has become a widely used approach to collecting and managing consent for targeted advertising cookies in the EU. The Belgian DPA found that IAB Europe does not have a legal basis for the processing of personal data through the TCF. Background.

GDPR

GDPR Personal data Marketing IT

DSAR and CIAM: A Strategic Guide for Businesses

Thales Cloud Protection & Licensing

MAY 7, 2024

DSAR and CIAM: A Strategic Guide for Businesses madhav Tue, 05/07/2024 - 09:30 Introduction to Data Subject Access Requests and CIAM When the GDPR was enforced in 2018, it set out to give individuals control over their data by granting eight data subject rights.

Compliance

Compliance GDPR Personal data Customer Experience

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

As the world becomes more digital and connected, it is no surprise that data privacy and security is a growing concern for small to medium sized businesses — SMBs. Related: GDPR sets new course for data privacy. It should be no surprise that data security regulations are on the rise.

Data Privacy

Data Privacy Compliance Privacy GDPR

GDPR compliance checklist

Maintaining GDPR and Data Privacy Compliance in 2024

Webinars

Trending Sources

Thailand’s Personal Data Protection Act Enters into Force

Webinars

India Passes Digital Personal Data Protection Act

India: New Digital Personal Data Protection Act, Start Planning Now.

How to implement the General Data Protection Regulation (GDPR)

GDPR: How the definition of personal data has changed

CJEU Rules That Fear May Constitute Damage Under the GDPR

Marriott Mega-Breach: Will GDPR Apply?

Discord Fined by French CNIL for GDPR Violations

GDPR: What’s the difference between personal data and sensitive data?

Changing Attitudes Towards GDPR Enforcement and Compliance: 2018 – 2023

Transferring personal data under the GDPR

How to write a GDPR-compliant personal data breach notification procedure

Indonesia Ratifies Country’s First Comprehensive Legal Framework for Personal Data Protection

How to Comply with GDPR, PIPL, and CCPA

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

Dear BA and Marriott: Your GDPR Fines Are Important to Us

When are schools required to report personal data breaches?

The GDPR: Do you know the difference between personal data and sensitive data?

GDPR for small business: the ultimate guide

CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

GDPR Data Security Checklist in the Age of COVID-19 and the Remote Workforce

Meta Hit with £14 Million Fine for a Dozen GDPR Breaches

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

The ICO urges organisations to start using privacy enhancing technologies to share personal data safely, securely and anonymously

Organisations received £155 million in GDPR fines in 2020

CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

The Irish DPC fined WhatsApp €5.5M for violating GDPR

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

IRELAND: First GDPR fine issued in Ireland

UK ICO Approves the First UK GDPR Certification Scheme Criteria

Germany: No GDPR damages after data breach

European Data Protection Board Releases Statement on Personal Data and COVID-19

Securing Containers for GDPR Compliance

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

Seven Data Security Challenges You Must Meet to Comply with GDPR

UK Court Blocks UK ICO Fine and Enforcement Against Clearview AI

GDPR supervisory authorities issued £2.6 million in fines in Q2 2020

The European Commission’s GDPR review in short

DLA Piper GDPR fines and data breach survey: January 2021

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

DSAR and CIAM: A Strategic Guide for Businesses

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

Stay Connected