Exercises and GDPR - Information Management Today

Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

Security Affairs

DECEMBER 23, 2024

A communication campaign will inform users and non-users on how to oppose the use of their personal data for AI training, ensuring they can exercise their GDPR rights. OpenAI claims the fine is disproportionate and announced it will appeal.

Artificial Intelligence

Artificial Intelligence Personal data Data collection Privacy

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

AIIM

JANUARY 10, 2019

While a blockchain provides a trusted framework for the integrity and auditability of transactions it stands in stark contrast to the ambition of the GDPR Regulation, the foundation of which is to enable data subjects to exercise greater degree of control over the processing of personally identifiable information.

Blockchain

Blockchain GDPR Privacy Personal data

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

Security Affairs

JANUARY 17, 2025

noyb filed GDPR complaints against the above companies for unlawfully transferring EU users’ data to China. noyb pointed out that foreign users face challenges exercising rights under Chinese data laws due to the lack of an independent authority, unclear laws, and limited recourse options.

Privacy

Privacy GDPR Compliance Personal data

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. GDPR Compliance Starts with Data Discovery. GDPR Compliance Starts with Data Discovery. Compliance with GDPR is just a short five months away. The Privacy and Security Dichotomy.

GDPR

GDPR Compliance Data collection Privacy

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. The internal mapping of data flows is a key element of a strong data governance regime, and is an exercise which will highlight any potential gaps or loopholes in the flow of personal data throughout an organisation.

GDPR

GDPR Personal data Government Paper

GDPR Article 17: What Is the Right to Erasure?

IT Governance

MARCH 30, 2023

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. Failure to fulfil this requirement is considered a serious breach and could be penalised under the GDPR’s upper tier of fines of €20 million (£17.5 What is the right to erasure? Can you charge a fee?

GDPR

GDPR Personal data Compliance Government

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

Under the European Union’s General Data Protection Regulation (GDPR), individuals have the right to access personal data collected about them, and to exercise that right easily and at reasonable intervals. The Dutch Data Protection Authority received complaints about the high standard BKR had set for accessing personal data.

GDPR

GDPR Personal data Data collection Access

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Privacy Data Privacy

EU hits Meta with $1.3 billion fine for transferring European user data to the US

Security Affairs

MAY 22, 2023

This is the biggest fine since the adoption of the General Data Protection Regulation (GDPR) by the European Union (EU) on May 25, 2018. The European Union condemned Meta with a record $1.3 billion fine for transferring European user data to the US. The European Union fined Meta $1.3 billion for transferring user data to the US.

GDPR

GDPR Personal data Privacy Data Privacy

EDPB Publishes Guidelines on the Calculation of Administrative Fines Under the GDPR

Hunton Privacy

JUNE 10, 2022

On May 12, 2022, the European Data Protection Board (“EDPB”) adopted Guidelines 04/2022 on the calculation of administrative fines under the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). The amount of a fine is at the discretion of the SA, subject to the calculation rules laid out in the GDPR.

GDPR

GDPR Compliance Sales IT

GDPR Data Subject Access Requests: How to Respond

IT Governance

AUGUST 14, 2019

The EU GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. Subject access requests are not new, but the GDPR introduced several changes that make responding to them more challenging. what a DSAR is, and how to manage them in line with the GDPR’s requirements.

GDPR

GDPR Access Personal data Privacy

The European Commission’s GDPR review in short

Privacy and Cybersecurity Law

JULY 22, 2020

Two years after the GDPR entered into force, the European Commission ( EC ) issued its first evaluation of the GDPR. Individuals are increasingly aware of the GDPR and their GDPR rights. The GDPR’s international data transfer toolbox. We have addressed the key points from the EC’s evaluation below.

GDPR

GDPR Privacy Personal data Compliance

List of free GDPR resources and templates

IT Governance

NOVEMBER 14, 2018

This blog was originally published before the GDPR took effect in May 2018. The EU’s GDPR (General Data Protection Regulation) requires all organisations that process EU residents’ personal data to abide by its strict terms. Webinar titles include: Risk assessments and applying organisational controls for GDPR compliance.

GDPR

GDPR Data breaches Compliance Paper

ICO Issues First Enforcement Action Under the GDPR

Hunton Privacy

SEPTEMBER 25, 2018

The Information Commissioner’s Office (“ICO”) in the UK has issued the first formal enforcement action under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (the “DPA”) on Canadian data analytics firm AggregateIQ Data Services Ltd. (“AIQ”).

GDPR

GDPR Personal data Analytics IT

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. Because the other firm had decided to focus on some obscure GDPR issues that the original firm didn’t think were particularly relevant. Does this matter?

GDPR

GDPR Privacy Compliance Personal data

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

DLA Piper Privacy Matters

SEPTEMBER 6, 2021

This is the highest GDPR fine ever issued by the DPC, and the second highest by any EU regulator to date. The DPC issued two draft decisions in May 2020, which were subject to challenge and scrutiny by Concerned Supervisory Authorities in the months which followed, resulting in the GDPR dispute resolution procedure being initiated.

GDPR

GDPR Personal data Communications e-Delivery

CNIL Publishes Initial Assessment on Blockchain and GDPR

Hunton Privacy

OCTOBER 2, 2018

Recently, the French Data Protection Authority (“CNIL”) published its initial assessment of the compatibility of blockchain technology with the EU General Data Protection Regulation (GDPR) and proposed concrete solutions for organizations wishing to use blockchain technology when implementing data processing activities. What is a Blockchain?

Blockchain

Blockchain GDPR Personal data Compliance

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant. Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant.

GDPR

GDPR Privacy Personal data Retail

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

Hunton Privacy

SEPTEMBER 3, 2021

On September 2, 2021, Ireland’s Data Protection Commission (“DPC”) announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd (“WhatsApp”) for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation (“GDPR”). Eight other EU regulators objected to the DPC’s draft decision.

GDPR

GDPR Compliance Personal data IT

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

FEBRUARY 3, 2022

The TCF is a GDPR consent solution developed by IAB Europe that has become a widely used approach to collecting and managing consent for targeted advertising cookies in the EU. Audit participating organizations to ensure they comply with the GDPR. Background. Key points from the Belgian DPA’s decisions are summarized below: Lawfulness.

GDPR

GDPR Personal data Marketing IT

EU: EU Commission publishes its evaluation of GDPR

DLA Piper Privacy Matters

JUNE 25, 2020

On 24 June, the European Commission published its evaluation report of the GDPR, just over two years after the GDPR become applicable. Commissioner Reynders further commented that the past two years have demonstrated the positive effects of the GDPR and that it is flexible tool, as the COVID-19 crisis has shown.

GDPR

GDPR IT Artificial Intelligence Personal data

GDPR: lawful bases for processing, with examples

IT Governance

MARCH 13, 2020

Under the EU GDPR (General Data Protection Regulation) , you need to identify a lawful basis before processing personal data. Lawfulness of processing under the GDPR. First published June 2018. Last updated March 2020. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data?

GDPR

GDPR Personal data Compliance Marketing

Top tips for data retention under the GDPR

IT Governance

NOVEMBER 12, 2018

Under the GDPR (General Data Protection Regulation) an organisation must not keep data for longer than it is needed. Article 5(1)(e) of the GDPR states: “1. There are no specific retention periods set under the GDPR, so it is up to your organisation to establish or identify them. Setting data retention periods.

GDPR

GDPR Personal data Paper Archiving

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The test will be relative and it appears lower than under the EU GDPR, although the precise approach is not set out in the response. However, the precise approach will be set out in the AI white paper.

GDPR

GDPR Government Personal data Risk

European Commission Publishes Results of Surveys on One Year of GDPR Application

Hunton Privacy

JUNE 25, 2019

To mark the GDPR’s one-year anniversary, the European Commission recently published the results of two surveys meant to illuminate the public’s awareness of the GDPR and its practical applications. Special Eurobarometer 487a – GDPR Report. GDPR Multistakeholder Expert Group Report.

GDPR

GDPR Personal data Privacy Risk

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

Post-GDPR Developments on Data Protection and Privacy Regulations Around the World

Thales Cloud Protection & Licensing

NOVEMBER 14, 2019

For many international agreements, modern data protection and privacy regulations share some common principles, like the need of a data processor to have a legitimate reason for exercising any processing activity. A milestone in data protection – the GDPR. how data involving children is handled).

GDPR

GDPR Privacy Personal data Compliance

Are you ready for a cyberattack?

OpenText Information Management

JUNE 4, 2024

This is where Tabletop Exercises (or incident response simulations), come into play. These exercises are essential for preparing your organization to effectively respond to a cyberattack. Goal 1: Readiness when a cyberattack strikes The primary goal of Tabletop Exercises is to ensure readiness.

Security awareness

Security awareness Cybersecurity Compliance GDPR

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

Hunton Privacy

MARCH 8, 2019

The Overview provides key statistics relating to the consistency mechanism among national data protection authorities (“DPAs”), the cooperation mechanism of the EDPB, the means and powers of the DPAs and enforcement of the GDPR at the national level. Implementation and Enforcement of the GDPR at National Level.

GDPR

GDPR Data breaches Personal data Marketing

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

AUGUST 17, 2020

If the EU’s ‘level data protection playing field’ means continuing to fully implement all aspects of European data protection law, including all aspects of the two-year-old General Data Protection Regulation (GDPR), then what was the point of Brexit? The GDPR has had a profound impact on many organisations.

Privacy

Privacy GDPR Personal data Computer and Electronics

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. You can find more information about GDPR compliance on our website >> Data processing principles (Article 5).

GDPR

GDPR Personal data Privacy Access

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

AUGUST 23, 2021

In that case, you must abide by the General Data Protection Regulation (GDPR), which imposes fines on some activities that are perfectly legal in the U.S. For instance, if you have employees in China and the EU, you’ll have to obtain Chinese government approval to provide data from China to EU authorities enforcing the GDPR.

Communications

Communications Cybersecurity GDPR Risk

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies. GDPR and Cookie Violations. Background.

GDPR

GDPR Personal data Data collection Marketing

Lessons on international transfers to the US to organisations caught by the GDPR

Data Protection Report

SEPTEMBER 11, 2024

It also highlights the compliance gap around transfers to recipients in third countries caught by Article 3(2) General Data Protection Regulation (GDPR). Did the international transfer provisions under Chapter V GDPR apply for transfers to a recipient bound by Article 3(2) GDPR? Chapter V is not subordinate to Article 3.

GDPR

GDPR Personal data Compliance Artificial Intelligence

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

GDPR

GDPR Personal data Risk IT

Make data protection training fun with our GDPR Challenge game

IT Governance

FEBRUARY 13, 2020

Thanks to our GDPR Challenge E-learning Game , you can now reap the benefits of gamification when training your staff on their data protection obligations. Our GDPR Challenge E-learning Game contains a variety of data protection problems across a range of business scenarios. What you’ll learn by playing.

GDPR

GDPR Personal data Compliance Access

Facebook's Download-Your-Data Tool Is Incomplete

Schneier on Security

MARCH 2, 2020

As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook. Information provided about the advertisers is also very limited (just a name and no contact details), preventing users from effectively exercising their rights.

Personal data

Personal data GDPR Data collection Privacy

How to write a GDPR-compliant data subject access request procedure

IT Governance

MARCH 20, 2018

In the lead up to May, it is important your organisation prioritises steps to prove that you are making an effort to comply with the EU General Data Protection Regulation (GDPR). D ata subject access request procedures under the GDPR. Two licences for the GDPR Staff Awareness E-learning Course.

GDPR

GDPR Access Personal data Compliance

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

Data Protection Report

FEBRUARY 11, 2022

Since then, the Belgian Data Protection Authority ( BDPA ) has taken on the lead role of investigating the TCF’s conformity with the GDPR. The BDPA has given the IAB a maximum period of six months to bring the TCF in line with the provisions of the GDPR. Since the inception of v2.0 IAB’s response.

GDPR

GDPR IT Personal data Compliance

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

Data Matters

JULY 8, 2019

Today we saw the ICO issue a notice of its intention to fine British Airways £183.39m for infringements of the GDPR – a record fine and the largest seen in the UK and the EU. This action by the ICO demonstrates that they are prepared to enforce the GDPR and levy significant fines.

GDPR

GDPR Privacy Data breaches Risk

GDPR: One Year On

Data Matters

MAY 31, 2019

The 25th of May, 2019 marked a year since the EU General Data Protection Regulation (“ GDPR ”) came into force. Perhaps of most interest has been how the data protection authorities (“ DPAs ”) would exercise their expanded enforcement powers under the GDPR. Data Breaches and Enforcement Action. Privacy Awareness and Litigation.

GDPR

GDPR Data breaches Privacy Compliance

Protecting or Posturing: What's Acceptable in New Data Privacy Practices

AIIM

APRIL 13, 2021

He refers to the current attention on privacy matters as “privacy theater,” believing that apps are grabbing more of our data than they need to get the job done, and any assertion that these brands care about our personal data is largely a public relations exercise.

Data Privacy

Data Privacy Privacy Personal data Artificial Intelligence

Polish DPA issues the first fine for a violation of the GDPR – and it’s harsh

DLA Piper Privacy Matters

APRIL 2, 2019

On 25 March 2019, the Polish data protection authority (DPA) (referred to in Polish as “PUODO”) announced the imposition of the first GDPR-related fine in Poland. EUR 230,415 ) for a failure to comply with the information obligation set forth in Article 14 of the GDPR. 14 5(b) of the GDPR. 2 of the GDPR.

GDPR

GDPR Personal data IT Paper

Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

Webinars

Trending Sources

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

Webinars

Guest Post - Three Critical Steps for GDPR Compliance

IRELAND: First GDPR fine issued in Ireland

GDPR Article 17: What Is the Right to Erasure?

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

EU hits Meta with $1.3 billion fine for transferring European user data to the US

EDPB Publishes Guidelines on the Calculation of Administrative Fines Under the GDPR

GDPR Data Subject Access Requests: How to Respond

The European Commission’s GDPR review in short

List of free GDPR resources and templates

ICO Issues First Enforcement Action Under the GDPR

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

CNIL Publishes Initial Assessment on Blockchain and GDPR

Does your use of CCTV comply with the GDPR?

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

EU: EU Commission publishes its evaluation of GDPR

GDPR: lawful bases for processing, with examples

Top tips for data retention under the GDPR

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

European Commission Publishes Results of Surveys on One Year of GDPR Application

GDPR compliance checklist

Post-GDPR Developments on Data Protection and Privacy Regulations Around the World

Are you ready for a cyberattack?

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

Data Protection: Where’s the Brexit Privacy Dividend?

CCTV and the GDPR – an overview for small businesses

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Lessons on international transfers to the US to organisations caught by the GDPR

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

Make data protection training fun with our GDPR Challenge game

Facebook's Download-Your-Data Tool Is Incomplete

How to write a GDPR-compliant data subject access request procedure

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

GDPR: One Year On

Protecting or Posturing: What's Acceptable in New Data Privacy Practices

Polish DPA issues the first fine for a violation of the GDPR – and it’s harsh

Stay Connected