Data Protector

AUGUST 17, 2020

Some UK organisations will inevitably have to follow all the EU’s data protection rules because they will continue to process the personal data of individuals in the EU. Organisations have also spent many hours working out what legal basis each business process should rely on when personal data is processed.

Privacy 156

Privacy GDPR Personal data Computer and Electronics 156

DLA Piper Privacy Matters

AUGUST 3, 2020

This is expected to result in a strengthening of rights for data subjects while making data breach notifications mandatory and increasing penalties for noncompliance. On 5 June 2020, the Japanese Diet approved a bill to partially amend the Act on the Protection of Personal Information (the “ APPI” ).

Personal data 122

Personal data Data breaches Compliance Risk 122

Data Protection Report

JUNE 17, 2020

Just when we thought our summers might have been looking a bit dull, it was announced that the Court of Justice of the European Union ( CJEU ) will be making its final ruling in Case C-311/18, Data Protection Commissioner v Facebook Ireland & Schrems on 16 July 2020.

Personal data 119

Personal data Communications Access GDPR 119

Data Matters

NOVEMBER 9, 2020

Both are key legal mechanisms used to enable transfers of personal data outside the EU. Below is a summary of the key takeaways of the EDPS Guidance: Focus on personal data transfers to the U.S.: The EDPS confirms that its priority focus will be on data transfers “towards the United States”. 12333 (the U.S.

Personal data 81

Personal data Compliance Privacy Communications 81

Hunton Privacy

OCTOBER 24, 2022

Under the EU General Data Protection (the “GDPR”), biometric data qualifies as sensitive personal data and the processing thereof requires additional protection.

Data collection 72

Data collection Personal data GDPR Marketing 72

DLA Piper Privacy Matters

JANUARY 15, 2021

Due to the dates on which the DSARs had been made, the relevant legislation was in fact the Data Protection Act 1998 ( “DPA 98” ). Section 7(1) of the DPA 98 confers an entitlement on an individual to be provided with copies of personal data held by a Data Controller, such as the Defendant.

Access 122

Access GDPR Personal data Retail 122

Hunton Privacy

DECEMBER 1, 2020

On November 26, 2020, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €2.25 Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group. Background.

GDPR 91

GDPR Personal data Data collection Marketing 91

Hunton Privacy

SEPTEMBER 2, 2020

On August 24, 2020, the Data Protection Authority (“DPA”) of the German federal state of Baden-Württemberg issued guidance on international data transfers following the judgment of the Court of Justice of the European Union (“CJEU”) in the Schrems II case (decision C-311/18 of July 16, 2020).

Personal data 143

Personal data GDPR Risk Encryption 143

IT Governance

APRIL 20, 2020

This one-day course is designed and run by real-world practitioners, who help you gain an understanding of risks through practical exercises, group discussions and case studies. Although it’s no longer making as many headlines, the GDPR (General Data Protection Regulation) remains an essential part of organisations’ security practices.

Security 59

Security GDPR Phishing Data breaches 59

Hunton Privacy

FEBRUARY 25, 2020

On February 10, 2020, the Belgian Data Protection Authority (the “Belgian DPA”) published its Recommendation 1/2020 on data processing activities for direct marketing purposes (the “Recommendation”). Purchase , Rental and Enrichment of Personal Data. Data Minimization and Storage Limitation.

Marketing 109

Marketing Personal data GDPR Communications 109

Hunton Privacy

SEPTEMBER 14, 2020

On September 9, 2020, the UK Information Commissioner’s Office (“ICO”) published an Accountability Framework , designed to assist organizations in complying with their accountability obligations under the EU General Data Protection Regulation (“GDPR”). Feedback may be submitted on the Framework before November 2, 2020.

IT 114

IT Compliance GDPR Records Management 114

Hunton Privacy

MARCH 25, 2020

The Report first notes that the EU General Data Protection Regulation (“GDPR”) contains necessary safeguards and rules with respect to personal data processing in a general health emergency. The Report then turns to legal bases for processing personal data in the COVID-19 context.

Personal data 75

Personal data GDPR Risk Insurance 75

Hunton Privacy

FEBRUARY 23, 2023

On February 20, 2023, in the case of Experian Limited v The Information Commissioner , the First-Tier Tribunal in the UK (the “ Tribunal ”) ruled on the ICO’s action to require Experian to make changes to how it processes personal data for direct marketing purposes.

Marketing 64

Marketing Personal data GDPR Privacy 64

Hunton Privacy

MAY 4, 2021

While the framework of this version of the Draft PIPL is the same as the prior version issued on October 21, 2020, below we summarize the material changes in the second version of the Draft PIPL. Legal Basis for Processing Personal Information. Article 13 adds one legal basis for processing personal information.

Personal data 94

Personal data IT Information Security Privacy 94

Data Matters

DECEMBER 2, 2020

On November 20, 2020, the Singapore Personal Data Protection Commission (PDPC) published a set of draft advisory guidelines (the Advisory Guidelines) to provide clarification on recent amendments to the Personal Data Protection Act (the PDPA Amendments). via email or hyperlink) may justify a shorter opt-out period.

Data Privacy 72

Data Privacy Privacy Data breaches Personal data 72

Data Matters

NOVEMBER 16, 2020

On November 2, 2020, Singapore’s legislature finally approved amendments to the Personal Data Protection Act (PDPA). The changes become law once a government gazette is passed (possibly before the end of 2020). NEW mandatory data breach notification requirement. Expanded scope of “deemed consent”.

Data Privacy 66

Data Privacy Privacy Data breaches Personal data 66

Data Matters

JULY 16, 2020

relates to the alleged tracking of personal data by Google of 4.4 million iPhone users and subsequent selling of the users’ data to advertisers, without the users’ knowledge and consent. Whether the High Court judge was correct to exercise his discretion in ruling that the claim should not be permitted to proceed under CPR 19.6

Personal data 90

Personal data GDPR Privacy Data Privacy 90

DLA Piper Privacy Matters

SEPTEMBER 6, 2021

The investigation began in December 2018, when the DPC commenced an own-volition inquiry under Section 110 of the Data Protection Act 2018. Non-User Data. In its Article 65 decision, the EDPB agreed that this non-user data constituted personal data.

GDPR 105

GDPR Personal data Communications e-Delivery 105

Data Protection Report

JUNE 7, 2021

On Friday 4 June, the European Commission published the finalised version of the new Standard Contractual Clauses for transferring personal data from the EU to third countries (the New SCCs). Companies now have 18 months to update their supplier contracts and other data export arrangements. Article 4 of Implementing Decision ).

Personal data 119

Personal data GDPR Data breaches Access 119

Hunton Privacy

APRIL 20, 2020

On April 15, 2020, the French Data Protection Authority (the “CNIL”) published the final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes. Main Changes in the Referential on HR Data Processing. telephone call listening/recording.

Personal data 71

Personal data GDPR Compliance Archiving 71

Data Matters

NOVEMBER 11, 2020

Privacy Shield program (“Privacy Shield”) and potentially required supplementary protections to be implemented when Standard Contractual Clauses (“SCCs”) are used to ensure an ‘essentially equivalent’ level of data protection. Data exporters should be able to rely in large part on their Art.

Personal data 123

Personal data GDPR Privacy Compliance 123

Data Matters

NOVEMBER 12, 2019

Similar to what is already required with respect to data security incidents under federal financial and health privacy law, and more broadly under all 50 U.S. It can also eliminate the ability of data subject to exercise choices. Household information. This dedication to “proportionality” seems both important and correct.

Privacy 66

Privacy Data breaches Compliance Personal data 66

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data 100

Personal data GDPR Privacy Records Management 100

Hunton Privacy

NOVEMBER 5, 2020

On October 27, 2020, the UK Information Commissioner’s Office (“ICO”) published a report following its investigation into data protection compliance in the direct marketing data broking sector, alongside its enforcement action against Experian. Three such hubs were the three CRAs audited as part of this investigation.

Marketing 102

Marketing Compliance Personal data GDPR 102

DLA Piper Privacy Matters

MAY 23, 2023

For Meta, the decision has resulted in a record administrative fine of €1.2bn, an order to suspend further transfers of EEA personal data to the US within five months, and an order to cease all unlawful processing of EEA personal data transferred to the US in violation of GDPR, within six months.

Personal data 59

Personal data GDPR Risk Privacy 59

Hunton Privacy

DECEMBER 13, 2019

The Guidelines aim to provide guidance on: (1) the grounds on which individuals can rely for submitting a request for the right to be forgotten in relation to links to web pages containing their personal data; and (2) the exceptions to the right to be forgotten that search engine operators could use to reject such a request.

Personal data 61

Personal data GDPR Privacy IT 61

DLA Piper Privacy Matters

APRIL 25, 2023

15(3) GDPR must be interpreted as requiring a data controller to provide the data subject with a copy of his or her personal data, even where the data subject requests the copy for purposes unrelated to data protection. The Local Court granted the patient’s claim in its judgement of 30 March 2020.

Access 52

Access GDPR Personal data IT 52

DLA Piper Privacy Matters

MAY 4, 2021

Second drafts of the new overarching national personal data protection and data security laws have just been published, and give a clearer picture of the impending new national frameworks in China. Draft Personal Information Protection Law. Draft Data Security Law. extra-territorial effect) – must comply.

Compliance 77

Compliance Security Personal data Privacy 77

Hunton Privacy

JULY 15, 2020

The Dutch DPA found that BKR had infringed the GDPR on the following grounds: Free of charge access requests: The Dutch DPA found that BKR had infringed Article 12(5) of the GDPR by charging a fee to data subjects wishing to access personal data in a digital format.

Compliance 65

Compliance GDPR Personal data Paper 65

HL Chronicle of Data Protection

MARCH 5, 2020

On January 17, The Belgian Data Protection Authority (DPA) published Recommendation no 01/2020 providing Guidance on direct marketing. The Recommendation provides a methodology on how to comply with the General Data Protection Regulation (GDPR) when conducting direct marketing. Context and Scope of Application. Right to Object.

Marketing 59

Marketing GDPR Personal data Healthcare 59

Hunton Privacy

JULY 10, 2020

On June 16, 2020, the Litigation Chamber of the Belgian Data Protection Authority (the “Belgian DPA”) imposed a fine on a company (the “defendant”) for unlawful and incorrect processing of personal data and non-compliance with the EU General Data Protection Regulation’s (the “GDPR”) data subject rights provisions.

Compliance 49

Compliance GDPR Marketing Personal data 49

Hunton Privacy

NOVEMBER 5, 2020

On October 22, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the UK Department for Digital, Culture, Media and Sport (“DCMS”) call for views and evidence on its review of representative actions under Section 189 of the Data Protection Act 2018 (“DPA”).

Compliance 107

Compliance Data breaches Personal data Marketing 107

Hunton Privacy

APRIL 22, 2020

On April 21, 2020, the European Data Protection Board (“EDPB”) adopted Guidelines on the processing of health data for scientific purposes in the context of the COVID-19 pandemic.

GDPR 96

GDPR Personal data IT Privacy 96

Hunton Privacy

JUNE 4, 2020

On May 29, 2020, the Litigation Chamber of the Belgian Data Protection Authority (the “Belgian DPA”) imposed a fine of €1,000 on a non-profit organization. According to the Litigation Chamber, merely referring to the right to object in the privacy policy is not sufficient. The decision can still be appealed at the Market Court.

Marketing 69

Marketing GDPR Communications Personal data 69

DLA Piper Privacy Matters

OCTOBER 22, 2020

On 28 September 2020, the Romanian National Supervisory Authority for the Processing of Personal Data (ANSPDCP) published on its website the annual activity report for 2019. Qualification of the parties involved in personal data processing activities. Irina Macovei, Roxana Rosu and Andrei Stoica. Points of view.

Personal data 59

Personal data GDPR Communications Compliance 59

Data Matters

JUNE 25, 2021

The European Data Protection Board (“ EDPB ”), adopted on 18 June 2021 its final recommendations describing how controllers and processors transferring personal data outside the European Economic Area (“ EEA ”) may comply with the Schrems II ruling (“ Final Schrems II Recommendations ”). STEP 1 – Mapping Exercise.

Personal data 77

Personal data Access Communications Cloud 77

Hunton Privacy

JUNE 9, 2020

On June 5, 2020, the Belgian Data Protection Authority (the “Belgian DPA”) published guidance on its website (the “Guidance”) regarding temperature checks during the COVID-19 crisis. According to the Belgian DPA, even where consent is considered valid, it cannot be used to legitimize excessive processing of personal data.

GDPR 87

GDPR Personal data Access IT 87