Exercises and GDPR - Information Management Today

GDPR Article 17: What Is the Right to Erasure?

IT Governance

MARCH 30, 2023

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. Failure to fulfil this requirement is considered a serious breach and could be penalised under the GDPR’s upper tier of fines of €20 million (£17.5 What is the right to erasure? Can you charge a fee?

GDPR

GDPR Personal data Compliance Government

How Organisations Are Failing to Process Personal Data Lawfully Under the GDPR

IT Governance

NOVEMBER 4, 2024

Problems with consent, purpose limitation, retention periods, and more At the heart of the GDPR (General Data Protection Regulation) lie the Article 5 data protection principles. How are organisations failing to process personal data lawfully under the GDPR, and how can they address this while improving their day-to-day business operations?

Personal data

Personal data GDPR Marketing Archiving

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Lessons on international transfers to the US to organisations caught by the GDPR

Data Protection Report

SEPTEMBER 11, 2024

It also highlights the compliance gap around transfers to recipients in third countries caught by Article 3(2) General Data Protection Regulation (GDPR). Did the international transfer provisions under Chapter V GDPR apply for transfers to a recipient bound by Article 3(2) GDPR? Chapter V is not subordinate to Article 3.

GDPR

GDPR Personal data Compliance Artificial Intelligence

Streamlining GDPR Compliance With ROPAs, Data Flow Maps and DPIAs

IT Governance

AUGUST 8, 2024

A GDPR one-stop shop Few people like spreadsheets. Similarly, few people enjoy complex compliance, with documentation scattered in many places, giving you a headache when anything GDPR (General Data Protection Regulation) crops up. This blog also covers how to automate GDPR compliance. Fewer still like multiple spreadsheets.

GDPR

GDPR Compliance Personal data Risk

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

Are you ready for a cyberattack?

OpenText Information Management

JUNE 4, 2024

This is where Tabletop Exercises (or incident response simulations), come into play. These exercises are essential for preparing your organization to effectively respond to a cyberattack. Goal 1: Readiness when a cyberattack strikes The primary goal of Tabletop Exercises is to ensure readiness.

Security awareness

Security awareness Cybersecurity Compliance GDPR

EDPB Publishes Guidelines on the Calculation of Administrative Fines Under the GDPR

Hunton Privacy

JUNE 10, 2022

On May 12, 2022, the European Data Protection Board (“EDPB”) adopted Guidelines 04/2022 on the calculation of administrative fines under the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). The amount of a fine is at the discretion of the SA, subject to the calculation rules laid out in the GDPR.

GDPR

GDPR Compliance Sales IT

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

Under the European Union’s General Data Protection Regulation (GDPR), individuals have the right to access personal data collected about them, and to exercise that right easily and at reasonable intervals. The Dutch Data Protection Authority received complaints about the high standard BKR had set for accessing personal data.

GDPR

GDPR Personal data Data collection Access

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

DLA Piper Privacy Matters

SEPTEMBER 6, 2021

This is the highest GDPR fine ever issued by the DPC, and the second highest by any EU regulator to date. The DPC issued two draft decisions in May 2020, which were subject to challenge and scrutiny by Concerned Supervisory Authorities in the months which followed, resulting in the GDPR dispute resolution procedure being initiated.

GDPR

GDPR Personal data Communications e-Delivery

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. The internal mapping of data flows is a key element of a strong data governance regime, and is an exercise which will highlight any potential gaps or loopholes in the flow of personal data throughout an organisation.

GDPR

GDPR Personal data Government Paper

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

Hunton Privacy

SEPTEMBER 3, 2021

On September 2, 2021, Ireland’s Data Protection Commission (“DPC”) announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd (“WhatsApp”) for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation (“GDPR”). Eight other EU regulators objected to the DPC’s draft decision.

GDPR

GDPR Compliance Personal data IT

The European Commission’s GDPR review in short

Privacy and Cybersecurity Law

JULY 22, 2020

Two years after the GDPR entered into force, the European Commission ( EC ) issued its first evaluation of the GDPR. Individuals are increasingly aware of the GDPR and their GDPR rights. The GDPR’s international data transfer toolbox. We have addressed the key points from the EC’s evaluation below.

GDPR

GDPR Privacy Personal data Compliance

GDPR Data Subject Access Requests: How to Respond

IT Governance

AUGUST 14, 2019

The EU GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. Subject access requests are not new, but the GDPR introduced several changes that make responding to them more challenging. what a DSAR is, and how to manage them in line with the GDPR’s requirements.

GDPR

GDPR Access Personal data Privacy

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

FEBRUARY 3, 2022

The TCF is a GDPR consent solution developed by IAB Europe that has become a widely used approach to collecting and managing consent for targeted advertising cookies in the EU. Audit participating organizations to ensure they comply with the GDPR. Background. Key points from the Belgian DPA’s decisions are summarized below: Lawfulness.

GDPR

GDPR Personal data Marketing IT

EU: EU Commission publishes its evaluation of GDPR

DLA Piper Privacy Matters

JUNE 25, 2020

On 24 June, the European Commission published its evaluation report of the GDPR, just over two years after the GDPR become applicable. Commissioner Reynders further commented that the past two years have demonstrated the positive effects of the GDPR and that it is flexible tool, as the COVID-19 crisis has shown.

GDPR

GDPR IT Artificial Intelligence Personal data

List of free GDPR resources and templates

IT Governance

NOVEMBER 14, 2018

This blog was originally published before the GDPR took effect in May 2018. The EU’s GDPR (General Data Protection Regulation) requires all organisations that process EU residents’ personal data to abide by its strict terms. Webinar titles include: Risk assessments and applying organisational controls for GDPR compliance.

GDPR

GDPR Data breaches Compliance Paper

European Commission Publishes Results of Surveys on One Year of GDPR Application

Hunton Privacy

JUNE 25, 2019

To mark the GDPR’s one-year anniversary, the European Commission recently published the results of two surveys meant to illuminate the public’s awareness of the GDPR and its practical applications. Special Eurobarometer 487a – GDPR Report. GDPR Multistakeholder Expert Group Report.

GDPR

GDPR Personal data Privacy Risk

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. GDPR Compliance Starts with Data Discovery. GDPR Compliance Starts with Data Discovery. Compliance with GDPR is just a short five months away. The Privacy and Security Dichotomy.

GDPR

GDPR Compliance Data collection Privacy

ICO Issues First Enforcement Action Under the GDPR

Hunton Privacy

SEPTEMBER 25, 2018

The Information Commissioner’s Office (“ICO”) in the UK has issued the first formal enforcement action under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (the “DPA”) on Canadian data analytics firm AggregateIQ Data Services Ltd. (“AIQ”).

GDPR

GDPR Personal data Analytics IT

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

GDPR

GDPR Personal data Risk IT

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

Data Protection Report

FEBRUARY 11, 2022

Since then, the Belgian Data Protection Authority ( BDPA ) has taken on the lead role of investigating the TCF’s conformity with the GDPR. The BDPA has given the IAB a maximum period of six months to bring the TCF in line with the provisions of the GDPR. Since the inception of v2.0 IAB’s response.

GDPR

GDPR IT Personal data Compliance

GDPR: One Year On

Data Matters

MAY 31, 2019

The 25th of May, 2019 marked a year since the EU General Data Protection Regulation (“ GDPR ”) came into force. Perhaps of most interest has been how the data protection authorities (“ DPAs ”) would exercise their expanded enforcement powers under the GDPR. Data Breaches and Enforcement Action. Privacy Awareness and Litigation.

GDPR

GDPR Data breaches Privacy Compliance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies. GDPR and Cookie Violations. Background.

GDPR

GDPR Personal data Data collection Marketing

CNIL Publishes Initial Assessment on Blockchain and GDPR

Hunton Privacy

OCTOBER 2, 2018

Recently, the French Data Protection Authority (“CNIL”) published its initial assessment of the compatibility of blockchain technology with the EU General Data Protection Regulation (GDPR) and proposed concrete solutions for organizations wishing to use blockchain technology when implementing data processing activities. What is a Blockchain?

Blockchain

Blockchain GDPR Personal data Compliance

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant. Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant.

GDPR

GDPR Privacy Retail Personal data

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

Recently, the Association of German Data Protection Authorities (“ Datenschutzkonferenz ” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. The involvement of an entity is triggered when it exercises ‘decisive influence’.

GDPR

GDPR Personal data Privacy Manufacturing

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

Recently, the Association of German Data Protection Authorities (“ Datenschutzkonferenz ” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. The involvement of an entity is triggered when it exercises ‘decisive influence’.

GDPR

GDPR Personal data Privacy Manufacturing

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

Whereas the previous guidance set out general principles for when to impose fines under Article 83 GDPR, the new Guidelines provide a detailed five-step methodology for calculating a starting point for a fine and clarify how to determine the turnover of an undertaking in order to harmonise the approach across Member States.

GDPR

GDPR Compliance Personal data IT

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The test will be relative and it appears lower than under the EU GDPR, although the precise approach is not set out in the response. However, the precise approach will be set out in the AI white paper.

GDPR

GDPR Government Personal data Risk

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

Data Matters

JULY 8, 2019

Today we saw the ICO issue a notice of its intention to fine British Airways £183.39m for infringements of the GDPR – a record fine and the largest seen in the UK and the EU. This action by the ICO demonstrates that they are prepared to enforce the GDPR and levy significant fines.

GDPR

GDPR Privacy Data breaches Risk

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Data Matters

DECEMBER 2, 2019

On 4 November 2019, the European Data Protection Board (EDPB), the EU-wide data supervisory authority, held a stakeholders’ event on data subject rights under the GDPR. Stakeholders noted some requests were too broad, in turn, making it difficult to identify which data subject right was being exercised (e.g.,

GDPR

GDPR Compliance Personal data Access

Driving GDPR Compliance

Collibra

FEBRUARY 25, 2021

The General Data Protection Regulation (GDPR) mandates businesses to make provisions for EU citizens to exercise their right to access and control their personal data, including the export of personal data outside the EU. But hurriedly planning for the GDPR is not the solution. Six phases of GDPR compliance.

GDPR

GDPR Compliance Personal data Data Privacy

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Privacy Data Privacy

Make data protection training fun with our GDPR Challenge game

IT Governance

FEBRUARY 13, 2020

Thanks to our GDPR Challenge E-learning Game , you can now reap the benefits of gamification when training your staff on their data protection obligations. Our GDPR Challenge E-learning Game contains a variety of data protection problems across a range of business scenarios. What you’ll learn by playing.

GDPR

GDPR Personal data Compliance Access

The GDPR and the right to be forgotten

IT Governance

APRIL 30, 2018

Something that’s drawn a lot of attention in the lead up to the General Data Protection Regulation (GDPR) compliance deadline is “the right to erasure”, also known as the “right to be forgotten”. For the establishment, exercise or defence of legal claims. a health professional). Other considerations. Find out more and buy >>

GDPR

GDPR Personal data Archiving Compliance

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

Hunton Privacy

MARCH 8, 2019

The Overview provides key statistics relating to the consistency mechanism among national data protection authorities (“DPAs”), the cooperation mechanism of the EDPB, the means and powers of the DPAs and enforcement of the GDPR at the national level. Implementation and Enforcement of the GDPR at National Level.

GDPR

GDPR Data breaches Personal data Marketing

INTERIM EDPB GUIDANCE ON THE APPLICATION OF GDPR TO HEALTH RESEARCH

DLA Piper Privacy Matters

FEBRUARY 24, 2021

In response to a set of questions from the European Commission, the European Data Protection Board (“ EDPB ”) has published some high level guidance on the application of the GDPR to health research (“ Guidance ”). This article summarises the key takeaway points from that guidance. . 6(1)(f)) or compliance with a legal obligation (e.g.

GDPR

GDPR Personal data Data collection Paper

Top tips for data retention under the GDPR

IT Governance

NOVEMBER 12, 2018

Under the GDPR (General Data Protection Regulation) an organisation must not keep data for longer than it is needed. Article 5(1)(e) of the GDPR states: “1. There are no specific retention periods set under the GDPR, so it is up to your organisation to establish or identify them. Setting data retention periods.

GDPR

GDPR Personal data Paper Archiving

What are the Data Subject Rights under the GDPR?

IT Governance

NOVEMBER 15, 2018

This blog was originally published before the GDPR took effect in May 2018. The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. Organisations must let individuals know how they can exercise these rights, and meet requests promptly. Learn more about the GDPR.

GDPR

GDPR Personal data Access Communications

Post-GDPR Developments on Data Protection and Privacy Regulations Around the World

Thales Cloud Protection & Licensing

NOVEMBER 14, 2019

For many international agreements, modern data protection and privacy regulations share some common principles, like the need of a data processor to have a legitimate reason for exercising any processing activity. A milestone in data protection – the GDPR. how data involving children is handled).

GDPR

GDPR Privacy Compliance Personal data

European Commission Releases First Report on Evaluation of GDPR

Hunton Privacy

JUNE 24, 2020

On June 24, 2020, the European Commission (“the Commission”) submitted its first report on the evaluation and review of the EU General Data Protection Regulation (“GDPR”) to the European Parliament and Council. The report is required under Article 97 of the GDPR and will be produced at four year intervals going forward. Enforcement.

GDPR

GDPR Artificial Intelligence Blockchain Personal data

What are the Data Subject Rights under the GDPR?

IT Governance

JUNE 15, 2018

Even though the EU General Data Protection Regulation (GDPR) is now in effect, many organisations are still working towards compliance. The GDPR gives individuals eight rights relating to their personal data. The GDPR gives individuals eight rights relating to their personal data. Become a GDPR expert.

GDPR

GDPR Personal data Compliance Access

GDPR Article 17: What Is the Right to Erasure?

How Organisations Are Failing to Process Personal Data Lawfully Under the GDPR

Webinars

Trending Sources

GDPR compliance checklist

Webinars

Lessons on international transfers to the US to organisations caught by the GDPR

Streamlining GDPR Compliance With ROPAs, Data Flow Maps and DPIAs

How to implement the General Data Protection Regulation (GDPR)

Are you ready for a cyberattack?

EDPB Publishes Guidelines on the Calculation of Administrative Fines Under the GDPR

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

IRELAND: First GDPR fine issued in Ireland

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

The European Commission’s GDPR review in short

GDPR Data Subject Access Requests: How to Respond

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

EU: EU Commission publishes its evaluation of GDPR

List of free GDPR resources and templates

European Commission Publishes Results of Surveys on One Year of GDPR Application

Guest Post - Three Critical Steps for GDPR Compliance

ICO Issues First Enforcement Action Under the GDPR

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

GDPR: One Year On

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

CNIL Publishes Initial Assessment on Blockchain and GDPR

Does your use of CCTV comply with the GDPR?

German DSK Issues GDPR Fining Methodology Guidelines

German DSK Issues GDPR Fining Methodology Guidelines

EDPB publishes guidance on calculating GDPR fines

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Driving GDPR Compliance

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Make data protection training fun with our GDPR Challenge game

The GDPR and the right to be forgotten

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

INTERIM EDPB GUIDANCE ON THE APPLICATION OF GDPR TO HEALTH RESEARCH

Top tips for data retention under the GDPR

What are the Data Subject Rights under the GDPR?

Post-GDPR Developments on Data Protection and Privacy Regulations Around the World

European Commission Releases First Report on Evaluation of GDPR

What are the Data Subject Rights under the GDPR?

Stay Connected