2019, Exercises and Personal data - Information Management Today

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The declining cost of electronic data storage may have caused some company executives to conclude that retaining personal data forever is “cheap.” The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019.

Personal data

Personal data Insurance GDPR Record destruction

Thailand Personal Data Protection Law

Data Protection Report

FEBRUARY 28, 2020

The Personal Data Protection Act B.E. 2562 (2019) ( PDPA ) was published on 27 May 2019 in Thailand’s Government Gazette and became effective the following day. Definition of Personal Data. Person ” means a natural person. When monitoring of data subjects’ behavior is taken place in Thailand.

Personal data

Personal data Compliance Privacy Access

India Releases Revised Non-Personal Data Framework

Hunton Privacy

JANUARY 15, 2021

On December 16, 2020, the Committee of Experts within India’s Ministry of Electronics and Information Technology (MeitY) (the “Committee”) issued a revised report on the Non-Personal Data Governance Framework (the “NPDF”) for India (the “Revised Committee Report”).

Personal data

Personal data Government Privacy IT

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Selling and utilising personal data in an insolvency situation

Data Protection Report

JUNE 1, 2020

For example, in February of this year, the FCA and ICO issued a joint statement warning regulated firms and insolvency practitioners of their responsibilities when dealing with personal data. What are the legal mechanisms to sell or utilise personal data in an insolvency situation? Asset sales.

Personal data

Personal data Sales Marketing GDPR

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

30 of 2018 on the Personal Data Protection Law (PDPL). The PDPL will enter into force on 1 August 2019, giving businesses just under one year from the date of this article to prepare for the new regime. It will provide individuals with rights in relation to how their personal data can be collected, processed and stored.

Personal data

Personal data GDPR Compliance Risk

Romania: Key aspects in the Romanian Data Protection Authority’s annual activity report (2019)

DLA Piper Privacy Matters

OCTOBER 22, 2020

On 28 September 2020, the Romanian National Supervisory Authority for the Processing of Personal Data (ANSPDCP) published on its website the annual activity report for 2019. Qualification of the parties involved in personal data processing activities. Sanctions applied by ANSPDCP in 2019. Points of view.

Personal data

Personal data GDPR Communications Compliance

EU-JAPAN: Let the data flow! Free flow of personal data between EU countries and Japan confirmed

DLA Piper Privacy Matters

JANUARY 24, 2019

On 23 January 2019, the European Commission adopted its decision finding that the level of data protection in the EU and Japan are equivalent. Both decisions are applicable as of 23 January 2019. The Supplementary Rules bridge several differences between the two data protection systems and provide with additional safeguards.

Personal data

Personal data GDPR Paper Access

Data Protection: Whither the EU’s SCCs …

Data Protector

AUGUST 17, 2020

It is also possible that, in the near future, the EU will publish revised sets of Standard Contractual Clauses to replace the existing SCCs in a bold effort to ensure that flows of personal data outside the European Union remain suitably protected. To expect them to commission a similar exercise so soon is cruel (and costly).

GDPR

GDPR Personal data Government Privacy

Schrems II judgement due in July – what this might mean for your outsourcing deal

Data Protection Report

JUNE 17, 2020

This judgement concerns the legality of the European Commission approved Standard Contractual Clauses ( SCCs ) which many organisations rely on to transfer personal data outside of the UK and the European Economic Area ( EEA ), particularly in relation to outsourcing services.

Personal data

Personal data Communications Access GDPR

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

In its 2019 Annual Report, the DPC reported three separate statutory inquiries into Tusla in respect of a number of breaches which had been reported to it since May 2018. In 2017, the DPC’s Special Investigation Unit (SIU) investigated the governance of Tusla, examining the processing of personal data in child protection cases.

GDPR

GDPR Personal data Government Paper

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group. Loyalty program members’ data had been retained for a period of four years from their last activity.

GDPR

GDPR Personal data Data collection Marketing

European Commission Publishes Results of Surveys on One Year of GDPR Application

Hunton Privacy

JUNE 25, 2019

The European Commission also published the Contribution from the Multistakeholder Expert to the Stock-Taking Exercise of June 2019 on One Year of GDPR Application (the “Report”). use of privacy settings and reasons for not changing the default settings. Access the full report with the results of the Eurobarometer.

GDPR

GDPR Personal data Privacy Risk

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

DLA Piper Privacy Matters

JANUARY 15, 2021

In late 2019, the Claimant issued proceedings and sought various relief, including in connection with an allegation that the Defendant had failed to provide data, contrary to the Data Protection Act 2018 ( “DPA 18” ) and the General Data Protection Regulation (EU) 2016/679 ( “GDPR” ).

Access

Access GDPR Personal data Retail

UK Supreme Court Grants Google Permission to Appeal Class Action Claim in Lloyd vs Google LLC

Data Matters

JULY 16, 2020

The Supreme Court has recently granted Google permission to appeal the Court of Appeal’s decision in the case of Lloyd v Google LLC ([2019]) EWCA Civ 1599). relates to the alleged tracking of personal data by Google of 4.4 2) allows the court, exercising its discretion, to direct that a person may not act as a representative.

Personal data

Personal data GDPR Privacy Data Privacy

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Data Matters

DECEMBER 2, 2019

On 4 November 2019, the European Data Protection Board (EDPB), the EU-wide data supervisory authority, held a stakeholders’ event on data subject rights under the GDPR. Stakeholders noted some requests were too broad, in turn, making it difficult to identify which data subject right was being exercised (e.g.,

GDPR

GDPR Compliance Personal data Access

Belgian Data Protection Authority Releases Direct Marketing Recommendation

Hunton Privacy

FEBRUARY 25, 2020

With this Recommendation, the Belgian DPA aims to clarify the complex rules relating to the processing of personal data for direct marketing purposes, including by providing practical examples and guidelines to the different stakeholders involved in direct marketing activities. Purchase , Rental and Enrichment of Personal Data.

Marketing

Marketing Personal data GDPR Communications

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

Data Protection Report

FEBRUARY 11, 2022

was announced on 21 August 2019. of the TCF in 2019, however, various EU data protection authorities have received numerous complaints from organisations across the EU in respect of the use of personal data in the RTB component of programmatic advertising. Since the inception of v2.0

GDPR

GDPR IT Personal data Compliance

CNIL Publishes Standard on HR Data Processing

Hunton Privacy

APRIL 20, 2020

On April 15, 2020, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes. That Referential was adopted following a public consultation launched by the CNIL on April 11, 2019.

Personal data

Personal data GDPR Compliance Archiving

EDPB Publishes Guidelines on the Right to Be Forgotten in Search Engine Cases

Hunton Privacy

DECEMBER 13, 2019

On December 11, 2019, the European Data Protection Board (“EDPB”) published its draft guidelines 5/2019 (the “Guidelines”) on the criteria of the right to be forgotten in search engine cases under the EU General Data Protection Regulation (“GDPR”).

Personal data

Personal data GDPR Privacy IT

How to Ensure Your Digital Security During the Rugby World Cup

Thales Cloud Protection & Licensing

SEPTEMBER 12, 2019

Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup. Japan, the host country of both the 2019 Rugby World Cup and the 2020 Summer Olympic Games, is well-aware of these previous incidents. We urge you to take precautions to protect your personal information when you are on the Internet.

Security

Security IoT Personal data Military

Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights

Hunton Privacy

JULY 15, 2020

After receiving multiple complaints from data subjects, the Dutch DPA investigated BKR’s management of data subjects’ access requests. In addition, Recital 59 of the GDPR clearly states that controllers should offer the possibility of accessing personal data in an electronic form when data is processed electronically.

Compliance

Compliance GDPR Personal data Paper

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

FEBRUARY 3, 2022

The Belgian DPA started an investigation into IAB Europe after receiving several complaints since 2019 regarding the TCF. The Belgian DPA rejected this argument and found that IAB Europe acts as a data controller with respect to the TCF and therefore can be held responsible for violations of the GDPR. Background.

GDPR

GDPR Personal data Marketing IT

RuNet – Russia successfully concluded tests on its Internet infrastructure

Security Affairs

DECEMBER 24, 2019

The exercises aimed at testing and ensuring the integrity and the security of Russia’s Internet infrastructure, so-called RuNet. “According to Sokolov, several scenarios were worked out during the exercises. One of them is checking the integrity and security of the Internet as a result of external negative influences.”

IT

IT Communications Government Personal data

CHINA: crackdown on infringing China apps

DLA Piper Privacy Matters

NOVEMBER 17, 2019

The crackdown is taking place during November and December 2019, so businesses operating apps in China must take urgent action or else face sanctions. Supervised examinations by the authorities (MIIT) and third party assessors against frequently downloaded apps: from 11 to 30 November 2019.

Personal data

Personal data Compliance Data collection Privacy

EU: European Court confirms journalism exception for citizen-journalists, but not in France?

DLA Piper Privacy Matters

FEBRUARY 15, 2019

Under European data protection law, journalists enjoy some regulatory exemptions when processing personal data for journalistic purposes, balancing the right to the protection of personal data with the principle of freedom of expression. In its judgment of 14 February 2019 in the Sergejs Buivids v.

GDPR

GDPR Personal data Privacy Compliance

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

Hunton Privacy

MARCH 8, 2019

On February 26, 2019, the European Data Protection Board (the “EDPB”) presented its first overview of the GDPR’s implementation and the roles and means of the national supervisory authorities to the European Parliament (the “Overview”). 23 DPAs reported an increase in their regulatory budgets for 2018-2019.

GDPR

GDPR Data breaches Personal data Marketing

Bodybuilding.com forces password reset after a security breach

Security Affairs

APRIL 23, 2019

The website offers any kind of fitness articles, exercises, workouts, and supplements. The company confirmed it has no evidence that personal customer information was accessed or misused, as a precautionary measure the company is notifying all current and former users and customers. Review your accounts for suspicious activity.

Passwords

Passwords Security Retail Personal data

EDPB Releases Opinion on Interplay Between the ePrivacy Directive and the GDPR and a Statement on the ePrivacy Regulation

Hunton Privacy

MARCH 19, 2019

On March 12, 2019, the European Data Protection Board (“EDPB”) adopted an opinion on the interplay between the EU Directive on Privacy and Electronic Communications (“the ePrivacy Directive”) and the General Data Protection Regulation (“GDPR”) (the “Opinion”). Competence, tasks and powers of EU DPAs.

GDPR

GDPR Personal data Communications Government

BELGIUM: Belgian DPA reveals its strategy for the next 5 years.

DLA Piper Privacy Matters

FEBRUARY 11, 2020

The DPA lists three topics of high social significance and wishes to ensure compliance by data controllers and processors. health data, biometric data,…) and, if so, make sure it is processed lawfully. health data, biometric data,…) and, if so, make sure it is processed lawfully. 3 SOCIETAL THEMES IN THE PICTURE.

IT

IT GDPR Compliance Personal data

BCS Data Protection Courses Available for 2019

Managing Your Information

JANUARY 8, 2019

Tkm Consulting is delighted to announce new data protection courses are available for 2019. Tkm Consulting is an accredited training partner for the BCS (The Chartered Institute for IT) and we have added their data protection professional certifications to our training portfolio. What courses are available? VM – Dec 18.

Compliance

Compliance GDPR Information governance Risk

BCS Data Protection Courses Available for 2019!

Managing Your Information

JANUARY 8, 2019

Tkm is delighted to announce new data protection courses are available for 2019! Tkm is now an accredited training partner for the BCS and has added their data protection professional certifications to our training portfolio. The post BCS Data Protection Courses Available for 2019! What courses are available?

Compliance

Compliance GDPR Information governance Risk

Ireland / Europe: DPC’s Record Fine Raises Expectations on Standards Applicable for Processing Children’s Data

DLA Piper Privacy Matters

OCTOBER 17, 2022

A recent decision by the Irish Data Protection Commission (“ DPC “) imposing a record €405 million fine provides clarification on the lawfulness of processing children’s personal data in accordance with the legal bases of ‘performance of contract’ and ‘legitimate interest’. Background. Analysis of Article 6(1).

GDPR

GDPR Personal data Risk Compliance

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents.

Personal data

Personal data GDPR Data Privacy Privacy

EDPB Adopts Guidelines on Data Processing Through Video Devices

Hunton Privacy

JULY 26, 2019

The European Data Protection Board (the “EDPB”) recently adopted its Guidelines 3/2019 on processing of personal data through video devices (the “Guidelines”). Although the Guidelines provide examples of data processing for video surveillance, these examples are not exhaustive.

GDPR

GDPR Personal data Privacy Compliance

European Commission Adopts Japan Adequacy Decision

Hunton Privacy

JANUARY 23, 2019

On January 23, 2019, the European Commission announced that it has adopted its adequacy decision on Japan (the “Adequacy Decision”). According to the announcement, Japan has adopted an equivalent decision and the adequacy arrangement is applicable with immediate effect.

Personal data

Personal data Access Privacy Security

GERMANY: Right of consumer protection associations and competitors to initiate civil actions under GDPR will be case for CJEU

DLA Piper Privacy Matters

MAY 29, 2020

80 GDPR is in conflict with member state law which allows consumer protection associations and competitors to take action against infringements of the GDPR irrespective of the violation of subjective rights of individuals and without a mandate from the data subject. Background. 8(3)(3) in conjunction with sec. Decision of the BGH.

GDPR

GDPR Personal data Marketing IT

French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

Data Protection Report

APRIL 12, 2019

UFC asked the judges to declare Google’s policies unlawful and abusive, on the grounds that they did not respect consumers’ privacy and personal data. Accordingly, the judges ruled that such personal data constituted goods from which Google derived an economic benefit in return for the service provided to users.

Privacy

Privacy Personal data IT Data Privacy

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

DLA Piper Privacy Matters

JANUARY 21, 2019

On 12 December 2018, the French Government issued an ordinance [1] finalizing, at the legislative level [2] , the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation [3] (“GDPR”) and the Directive 2016/680 [4]. Following-up the adoption of the GDPR, the French Law No.

GDPR

GDPR Personal data Communications Government

ICO Guidance on Artificial Intelligence

Privacy and Cybersecurity Law

AUGUST 5, 2020

A DPIA must be meaningful and not a box-ticking exercise. “NumPy” Python vulnerability discovered in 2019). Nevertheless, the principle still needs to be complied with in: Development phase: in the training phase, your organisation needs to consider whether all the data used is necessary (e.g.

Artificial Intelligence

Artificial Intelligence GDPR Personal data Compliance

CNIL Fines French Construction Company for Infringements When Placing Marketing Voice-to-Voice Calls

Hunton Privacy

DECEMBER 2, 2019

On November 26, 2019, the French Data Protection Authority (the “CNIL”) announced that it had levied a fine of €500,000 on Futura Internationale, a French SME specializing in thermal insulation of private buildings, for various infringements of the EU General Data Protection Regulation (“GDPR”). The CNIL’s Decision.

Marketing

Marketing GDPR Personal data Compliance

French Highest Administrative Court Upholds 50 Million Euro Fine against Google for Alleged GDPR Violations

Hunton Privacy

JUNE 23, 2020

In particular, the CNIL found that essential information about the data processing (such as the purposes, the data retention periods or the types of personal data processed for ad personalization) was spread across several pages, and that users sometimes needed to complete up to six actions to obtain that information.

GDPR

GDPR Personal data Access IT

CJEU Considers the Use of CCTV and Legitimate Interests

Data Matters

FEBRUARY 26, 2020

ia de Proprietari bloc M5A-ScaraA EU:C:2019:1064 ( TK ), the CJEU considered whether the processing carried out by CCTV cameras was necessary and proportionate for the purposes of legitimate interests pursued by the controller. In its recent decision of TK v Asocia?ia

Personal data

Personal data Compliance Access Privacy

UK: A recent prosecution for a criminal offence under the Freedom of Information Act 2000 illustrates how forgiving our Data Protection Act 2018 is

DLA Piper Privacy Matters

APRIL 24, 2020

Of course, the FOIA offence is only available in respect of information held by public authorities, while the offence under the DPA18 relates to personal data and is applicable to all data controllers and those employed by them. report laid before Parliament on 28 January 2019.

FOIA

FOIA Personal data GDPR Access

What is the Data Protection Act 2018?

IT Governance

MARCH 11, 2019

Technically, this is the law that replaces the DPA 1998, and both it and the GDPR currently apply to all organisations in the UK that process personal data. Part 2: General data processing. It should be read alongside the GDPR by every UK organisation that processes personal data. Wait… what?

GDPR

GDPR Personal data Compliance Government

Over-Retention of Personal Data

Thailand Personal Data Protection Law

Webinars

Trending Sources

India Releases Revised Non-Personal Data Framework

Webinars

Selling and utilising personal data in an insolvency situation

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

Romania: Key aspects in the Romanian Data Protection Authority’s annual activity report (2019)

EU-JAPAN: Let the data flow! Free flow of personal data between EU countries and Japan confirmed

Data Protection: Whither the EU’s SCCs …

Schrems II judgement due in July – what this might mean for your outsourcing deal

IRELAND: First GDPR fine issued in Ireland

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

European Commission Publishes Results of Surveys on One Year of GDPR Application

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

UK Supreme Court Grants Google Permission to Appeal Class Action Claim in Lloyd vs Google LLC

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Belgian Data Protection Authority Releases Direct Marketing Recommendation

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

CNIL Publishes Standard on HR Data Processing

EDPB Publishes Guidelines on the Right to Be Forgotten in Search Engine Cases

How to Ensure Your Digital Security During the Rugby World Cup

Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

RuNet – Russia successfully concluded tests on its Internet infrastructure

CHINA: crackdown on infringing China apps

EU: European Court confirms journalism exception for citizen-journalists, but not in France?

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

Bodybuilding.com forces password reset after a security breach

EDPB Releases Opinion on Interplay Between the ePrivacy Directive and the GDPR and a Statement on the ePrivacy Regulation

BELGIUM: Belgian DPA reveals its strategy for the next 5 years.

BCS Data Protection Courses Available for 2019

BCS Data Protection Courses Available for 2019!

Ireland / Europe: DPC’s Record Fine Raises Expectations on Standards Applicable for Processing Children’s Data

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

EDPB Adopts Guidelines on Data Processing Through Video Devices

European Commission Adopts Japan Adequacy Decision

GERMANY: Right of consumer protection associations and competitors to initiate civil actions under GDPR will be case for CJEU

French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

ICO Guidance on Artificial Intelligence

CNIL Fines French Construction Company for Infringements When Placing Marketing Voice-to-Voice Calls

French Highest Administrative Court Upholds 50 Million Euro Fine against Google for Alleged GDPR Violations

CJEU Considers the Use of CCTV and Legitimate Interests

UK: A recent prosecution for a criminal offence under the Freedom of Information Act 2000 illustrates how forgiving our Data Protection Act 2018 is

What is the Data Protection Act 2018?

Stay Connected