Compliance, Exercises and Personal data - Information Management Today

Malaysia introduces watershed amendments to Personal Data Protection Act 2010

Data Protection Report

JULY 26, 2024

On 16 July 2024, the Malaysian Dewan Rakyat (House of Representatives of the Malaysian Parliament) passed the Personal Data Protection (Amendment) Bill 2024 (the PDP Bill ). Data processors will also be potentially subject to the direct imposition of penalties for breach of their obligations.

Personal data

Personal data Data breaches Compliance GDPR

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The declining cost of electronic data storage may have caused some company executives to conclude that retaining personal data forever is “cheap.” The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019.

Personal data

Personal data Insurance GDPR Record destruction

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Thailand Personal Data Protection Law

Data Protection Report

FEBRUARY 28, 2020

The Personal Data Protection Act B.E. However, most of the operational provisions, including provisions relating to the rights of a data subject, the obligations of a data controller and the penalties for non-compliance, will become effective on 27 May 2020, 1 year after the PDPA is published. Background.

Personal data

Personal data Compliance Privacy Access

India Poised to Enact Digital Personal Data Protection Bill

Hunton Privacy

AUGUST 10, 2023

On August 9, 2023, India’s upper house ( i.e. , Rajya Sabha) passed the Digital Personal Data Protection Bill (“DPDPB”), two days after India’s lower house ( i.e. , Lok Sabha) passed the legislation. The DPDPB now heads to India President Droupadi Murmu for signature.

Personal data

Personal data Data breaches Government Access

Selling and utilising personal data in an insolvency situation

Data Protection Report

JUNE 1, 2020

For example, in February of this year, the FCA and ICO issued a joint statement warning regulated firms and insolvency practitioners of their responsibilities when dealing with personal data. What are the legal mechanisms to sell or utilise personal data in an insolvency situation? Asset sales.

Personal data

Personal data Sales Marketing GDPR

How FIDO 2 authentication can help achieve regulatory compliance

Thales Cloud Protection & Licensing

JUNE 24, 2021

How FIDO 2 authentication can help achieve regulatory compliance. As such, FIDO2 can become an enabler for regulatory compliance. In the following paragraphs we will examine use cases where FIDO2 simplifies compliance with privacy and security regulations, namely GDPR, CCPA and PSD2. Compliance with GDPR and CCPA.

Authentication

Authentication Compliance Personal data GDPR

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Hunton Privacy

NOVEMBER 5, 2020

On October 27, 2020, the UK Information Commissioner’s Office (“ICO”) published a report following its investigation into data protection compliance in the direct marketing data broking sector, alongside its enforcement action against Experian. Three such hubs were the three CRAs audited as part of this investigation.

Marketing

Marketing Compliance Personal data GDPR

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

GDPR Compliance Starts with Data Discovery. Compliance with GDPR is just a short five months away. While there may be many dimensions to consider from a GDPR readiness perspective there are three steps that are particularly important in order to manage risk and ensure compliance. Step 1: Data Discovery.

GDPR

GDPR Compliance Data collection Privacy

Driving GDPR Compliance

Collibra

FEBRUARY 25, 2021

The General Data Protection Regulation (GDPR) mandates businesses to make provisions for EU citizens to exercise their right to access and control their personal data, including the export of personal data outside the EU. A successful GDPR compliance focuses on three key aspects: .

GDPR

GDPR Compliance Personal data Data Privacy

GDPR Article 17: What Is the Right to Erasure?

IT Governance

MARCH 30, 2023

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. It enshrines “the right to erasure” (sometimes referred to as “the right to be forgotten”), which allows people to request that an organisation deletes any personal data related to them.

GDPR

GDPR Personal data Compliance Government

Hong Kong: Newly published Model Contractual Clauses

DLA Piper Privacy Matters

JUNE 1, 2022

Organisations engaging in cross border transfers of personal data may now rely on the Recommended Model Contractual Clauses (RMCs), recently published by the Privacy Commissioner for Personal Data (PCPD). reporting, audit and inspection rights, data breach notification, compliance with regulatory investigations etc).

Personal data

Personal data Compliance Data breaches Privacy

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Data Matters

DECEMBER 2, 2019

Stakeholders noted some requests were too broad, in turn, making it difficult to identify which data subject right was being exercised (e.g., Stakeholders noted some requests were too broad, in turn, making it difficult to identify which data subject right was being exercised (e.g.,

GDPR

GDPR Compliance Personal data Access

Brazil data protection authority bans Meta from training AI models with data originating in the country

Security Affairs

JULY 4, 2024

Brazil’s data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has imposed a temporary ban on Meta from processing users’ personal data for training its artificial intelligence (AI) models. ANPD also announced a daily fine of R$50,000 for non-compliance.

Artificial Intelligence

Artificial Intelligence Personal data Privacy Compliance

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

DLA Piper Privacy Matters

APRIL 27, 2023

In the course of this cyber-attack, personal data – mainly tax and social security information – of approximately 4 million Bulgarian citizens (or approximately 6 million citizens in total, including foreign citizens) had been accessed and published on the Internet.

Personal data

Personal data GDPR Access Data breaches

CCPA compliance: A sustainable approach

Collibra

DECEMBER 30, 2020

The CCPA provides California residents with the right to know what personal data is being collected about them, whether it is sold or disclosed, and to whom. Under the act, they can access their personal information collected by businesses, request to delete it, and opt-out from selling their personal information. .

Compliance

Compliance Privacy Sales Data Privacy

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

SEPTEMBER 17, 2018

30 of 2018 on the Personal Data Protection Law (PDPL). It will provide individuals with rights in relation to how their personal data can be collected, processed and stored. The PDPL also imposes new obligations upon businesses to ensure that the personal data they collect is kept secure.

Personal data

Personal data GDPR Compliance Risk

EDPB Releases Guidelines on Virtual Voice Assistants

Hunton Privacy

MARCH 13, 2021

These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service.

Personal data

Personal data Compliance GDPR Privacy

Protecting or Posturing: What's Acceptable in New Data Privacy Practices

AIIM

APRIL 13, 2021

Technology and apps that are helping to prevent illness, accidents, and crime also happen to collect a vast amount of personal data. The AIIM community has been engaged in the personal data privacy conversation for a while now. and Jasen Hutchinson, Manager, Corporate Records Compliance, JEA.

Data Privacy

Data Privacy Privacy Artificial Intelligence Personal data

China: Navigating China episode 17: China’s Draft Privacy and Security Laws – second drafts clarify compliance steps for businesses

DLA Piper Privacy Matters

MAY 4, 2021

Second drafts of the new overarching national personal data protection and data security laws have just been published, and give a clearer picture of the impending new national frameworks in China. Draft Personal Information Protection Law. regularly publishing reports on the organisation’s data protection compliance.

Compliance

Compliance Security Personal data Privacy

Lessons on international transfers to the US to organisations caught by the GDPR

Data Protection Report

SEPTEMBER 11, 2024

The Dutch data protection authority, the Autoriteit Persoonsgegevens (AP) announced a fine of €290 million on Uber Technologies Inc. The fine relates to the transfer of drivers’ personal data to the US. Did transfers of personal data to the US take place? However, driver personal data is stored by UTI.

GDPR

GDPR Personal data Compliance Artificial Intelligence

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Compliance Privacy Data Privacy

Is your organisation equipped for long-term GDPR compliance?

IT Governance

MAY 28, 2019

Last week, the GDPR (General Data Protection Regulation) turned one year old. Whether the panic and stress that accompanied the compliance deadline feels like a distant memory or still gives you nightmares, your data protection and privacy posture is something that shouldn’t be in your rear-view mirror.

GDPR

GDPR Compliance Personal data Risk

Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights

Hunton Privacy

JULY 15, 2020

After receiving multiple complaints from data subjects, the Dutch DPA investigated BKR’s management of data subjects’ access requests. In addition, Recital 59 of the GDPR clearly states that controllers should offer the possibility of accessing personal data in an electronic form when data is processed electronically.

Compliance

Compliance GDPR Personal data Paper

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. In this regard we expect it will be welcomed by local, regional and international businesses, in particular those that rely heavily upon personal data and international personal data flows.

Personal data

Personal data Data breaches GDPR Compliance

GDPR compliance for professional services firms: time to get on track

IT Governance

APRIL 3, 2018

The General Data Protection Regulation (GDPR)’s compliance deadline is looming. Every organisation that processes personal data must be in compliance with the new law by 25 May or risk substantial regulatory fines from the Information Commissioner’s Office and legal action from aggrieved data subjects.

GDPR

GDPR Compliance Personal data Risk

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Data Protection Report

JUNE 6, 2023

This MPN and its accompanying annexes set out details of TikTok’s non-compliance with data protection law and the reasons why the ICO considered that a fine was appropriate. Where a generic email address (e.g. privacy@ xyz.com) is used, the fact that this is the contact detail for the DPO must be made clear.

Privacy

Privacy GDPR Personal data Compliance

Colorado AG Publishes Draft Colorado Privacy Act Rules

Hunton Privacy

NOVEMBER 1, 2022

The proposed regulations, if adopted, would add certain significant new compliance obligations on businesses. Right to Request to Exercise Personal Data Rights (Rule 4.02 – Rule 4.07; 6.11). The CPA further provides that businesses should not place an unreasonable burden on consumers to submit data rights requests.

Privacy

Privacy Personal data Data collection Compliance

California Legislature Passes Bill Regulating Data Brokers

Hunton Privacy

SEPTEMBER 21, 2023

362 (“Act”), a bill that would impose new requirements on data brokers and grant residents new rights designed to facilitate control over their personal data. The Act would grant California consumers the right to request that data brokers (1) delete and (2) limit the further sale and sharing of consumers’ personal data.

Insurance

Insurance Personal data Compliance Privacy

New Dubai International Financial Centre Data Protection Law Comes into Effect

Hunton Privacy

JULY 9, 2020

The New DP Law will apply to companies incorporated in the DIFC, regardless of where processing takes place, or companies that, whilst incorporated elsewhere, process personal data in the DIFC as part of stable arrangements (other than occasional processing).

Personal data

Personal data GDPR Data breaches Compliance

Belgian DPA Fines Company for Unlawful Processing and Non-Compliance with Data Subject Rights

Hunton Privacy

JULY 10, 2020

On June 16, 2020, the Litigation Chamber of the Belgian Data Protection Authority (the “Belgian DPA”) imposed a fine on a company (the “defendant”) for unlawful and incorrect processing of personal data and non-compliance with the EU General Data Protection Regulation’s (the “GDPR”) data subject rights provisions.

Compliance

Compliance GDPR Marketing Personal data

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Irish regulators hit Meta with a EUR 1.2

GDPR

GDPR Compliance Personal data Privacy

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales Cloud Protection & Licensing

MARCH 6, 2018

Every year, new regulations and compliance orders come into play that impact businesses across the world. This year, the major regulation that will be implemented, is the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018. appeared first on Data Security Blog | Thales e-Security.

Compliance

Compliance GDPR Encryption Data Privacy

European Commission and ASEAN releases Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses

Data Protection Report

JUNE 26, 2023

The Joint Guide aims to provide practical guidance for businesses operating across these two regions to facilitate compliance with applicable data protection requirements whilst providing for the cross-border transfers of personal data.

Personal data

Personal data Compliance IT Privacy

When And How Cos. Should Address Cyber Legal Compliance

Data Matters

OCTOBER 30, 2017

They can, however, engage in probing internal due diligence of their companies’ cyber governance and compliance posture before it is too late — that is, before a cyber event occurs. Growing Expectations of Director-Level Responsibility for Cyber Legal Compliance. 1] The U.S. 7] The lack of confidence, moreover, may be warranted.

Compliance

Compliance Cybersecurity Risk Government

Japan: Protection of Personal Information (APPI) Act to be Amended: Is your Business Ready?

DLA Piper Privacy Matters

AUGUST 3, 2020

The amended APPI could have a significant impact on companies that handle personal information. Under the current APPI, data subjects have the right to request access, correction, deletion and cessation of the use of their personal data that is or is intended to be retained for six months or more (the “ Rights of Data Subjects “).

Personal data

Personal data Data breaches Compliance Risk

10 key areas to identify gaps in your GDPR compliance

IT Governance

APRIL 12, 2018

Compliance with the EU General Data Protection Regulation (GDPR) should be a priority for all EU organisations, and non-EU organisations that monitor the behaviour or offer goods and services to EU residents. The GDPR is far more extensive in scope and application than the current Data Protection Act.

GDPR

GDPR Compliance Personal data Risk

ICO Publishes Its Accountability Framework

Hunton Privacy

SEPTEMBER 14, 2020

On September 9, 2020, the UK Information Commissioner’s Office (“ICO”) published an Accountability Framework , designed to assist organizations in complying with their accountability obligations under the EU General Data Protection Regulation (“GDPR”). It should empower and enable you to embed accountability throughout your organisation.

IT

IT Compliance GDPR Records Management

European Data Protection Supervisor Issues Schrems II Guidelines

Data Matters

NOVEMBER 9, 2020

Both are key legal mechanisms used to enable transfers of personal data outside the EU. The EDPS Guidance includes both short- and medium-term compliance and enforcement action for transfers carried out by EUIs or on their behalf, in a controller-to-processor and processor-to-subprocessor context. 12333 (the U.S.

Personal data

Personal data Compliance Privacy Communications

Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process

Hunton Privacy

APRIL 25, 2022

Data Protection Assessments (“DPA”) – The Department wants to clarify the form, content and circumstances of data protection assessments required by the CPA, and questions if it should follow any existing model, such as the EU General Data Protection Regulation, and acknowledge interoperability of DPAs conducted for another regime.

Privacy

Privacy Personal data Sales Compliance

Texas enacts comprehensive privacy law

Data Protection Report

JUNE 21, 2023

The new law also gives controllers certain rights to use the data, including to “prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity” as well as to “conduct internal research to develop, improve, or repair products, services, or technology.”

Privacy

Privacy Personal data Sales Retail

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR

GDPR Personal data Data collection Access

COVID-19 and Business Continuity in the EU

Hunton Privacy

APRIL 24, 2020

There also are key data protection considerations for businesses in connection with the COVID-19 pandemic, including compliance with the requirements around the processing of personal data for health monitoring purposes, crisis management issues and steps to be implemented to ensure the continuity of privacy compliance programs.

Personal data

Personal data Compliance Privacy Cybersecurity

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group. The group has diversified its activities into the banking and insurance, travel agency and e-commerce sectors. and carrefour-banque.fr

GDPR

GDPR Personal data Data collection Marketing

Malaysia introduces watershed amendments to Personal Data Protection Act 2010

Over-Retention of Personal Data

Webinars

Trending Sources

GDPR compliance checklist

Webinars

Thailand Personal Data Protection Law

India Poised to Enact Digital Personal Data Protection Bill

Selling and utilising personal data in an insolvency situation

How FIDO 2 authentication can help achieve regulatory compliance

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Guest Post - Three Critical Steps for GDPR Compliance

Driving GDPR Compliance

GDPR Article 17: What Is the Right to Erasure?

Hong Kong: Newly published Model Contractual Clauses

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Brazil data protection authority bans Meta from training AI models with data originating in the country

Europe: Opinion of the Advocate General on presumed fault of the controller in case of unlawful third-party access to personal data

CCPA compliance: A sustainable approach

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

EDPB Releases Guidelines on Virtual Voice Assistants

Protecting or Posturing: What's Acceptable in New Data Privacy Practices

China: Navigating China episode 17: China’s Draft Privacy and Security Laws – second drafts clarify compliance steps for businesses

Lessons on international transfers to the US to organisations caught by the GDPR

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Is your organisation equipped for long-term GDPR compliance?

Dutch DPA Fines Dutch Credit Registration Bureau 830,000 Euros for Non-Compliance with Data Subject Rights

UAE: Federal level data protection law enacted

GDPR compliance for professional services firms: time to get on track

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Colorado AG Publishes Draft Colorado Privacy Act Rules

California Legislature Passes Bill Regulating Data Brokers

New Dubai International Financial Centre Data Protection Law Comes into Effect

Belgian DPA Fines Company for Unlawful Processing and Non-Compliance with Data Subject Rights

How to implement the General Data Protection Regulation (GDPR)

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

European Commission and ASEAN releases Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses

When And How Cos. Should Address Cyber Legal Compliance

Japan: Protection of Personal Information (APPI) Act to be Amended: Is your Business Ready?

10 key areas to identify gaps in your GDPR compliance

ICO Publishes Its Accountability Framework

European Data Protection Supervisor Issues Schrems II Guidelines

Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process

Texas enacts comprehensive privacy law

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

COVID-19 and Business Continuity in the EU

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Stay Connected