Exercises and GDPR - Information Management Today

Lessons on international transfers to the US to organisations caught by the GDPR

Data Protection Report

SEPTEMBER 11, 2024

It also highlights the compliance gap around transfers to recipients in third countries caught by Article 3(2) General Data Protection Regulation (GDPR). Did the international transfer provisions under Chapter V GDPR apply for transfers to a recipient bound by Article 3(2) GDPR? Chapter V is not subordinate to Article 3.

GDPR

GDPR Personal data Compliance Artificial Intelligence

GDPR Article 17: What Is the Right to Erasure?

IT Governance

MARCH 30, 2023

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. Failure to fulfil this requirement is considered a serious breach and could be penalised under the GDPR’s upper tier of fines of €20 million (£17.5 What is the right to erasure? Can you charge a fee?

GDPR

GDPR Personal data Compliance Government

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

Webinars

Launching LLM-Based Products: From Concept to Cash in 90 Days

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

Are you ready for a cyberattack?

OpenText Information Management

JUNE 4, 2024

This is where Tabletop Exercises (or incident response simulations), come into play. These exercises are essential for preparing your organization to effectively respond to a cyberattack. Goal 1: Readiness when a cyberattack strikes The primary goal of Tabletop Exercises is to ensure readiness.

Security awareness

Security awareness Cybersecurity Compliance GDPR

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

Under the European Union’s General Data Protection Regulation (GDPR), individuals have the right to access personal data collected about them, and to exercise that right easily and at reasonable intervals. The Dutch Data Protection Authority received complaints about the high standard BKR had set for accessing personal data.

GDPR

GDPR Personal data Data collection Access

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

DLA Piper Privacy Matters

SEPTEMBER 6, 2021

This is the highest GDPR fine ever issued by the DPC, and the second highest by any EU regulator to date. The DPC issued two draft decisions in May 2020, which were subject to challenge and scrutiny by Concerned Supervisory Authorities in the months which followed, resulting in the GDPR dispute resolution procedure being initiated.

GDPR

GDPR Personal data Communications e-Delivery

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. The internal mapping of data flows is a key element of a strong data governance regime, and is an exercise which will highlight any potential gaps or loopholes in the flow of personal data throughout an organisation.

GDPR

GDPR Personal data Government Paper

The European Commission’s GDPR review in short

Privacy and Cybersecurity Law

JULY 22, 2020

Two years after the GDPR entered into force, the European Commission ( EC ) issued its first evaluation of the GDPR. Individuals are increasingly aware of the GDPR and their GDPR rights. The GDPR’s international data transfer toolbox. We have addressed the key points from the EC’s evaluation below.

GDPR

GDPR Privacy Personal data Compliance

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

FEBRUARY 3, 2022

The TCF is a GDPR consent solution developed by IAB Europe that has become a widely used approach to collecting and managing consent for targeted advertising cookies in the EU. Audit participating organizations to ensure they comply with the GDPR. Background. Key points from the Belgian DPA’s decisions are summarized below: Lawfulness.

GDPR

GDPR Personal data Marketing IT

GDPR Data Subject Access Requests: How to Respond

IT Governance

AUGUST 14, 2019

The EU GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. Subject access requests are not new, but the GDPR introduced several changes that make responding to them more challenging. what a DSAR is, and how to manage them in line with the GDPR’s requirements.

GDPR

GDPR Access Personal data Privacy

EU: EU Commission publishes its evaluation of GDPR

DLA Piper Privacy Matters

JUNE 25, 2020

On 24 June, the European Commission published its evaluation report of the GDPR, just over two years after the GDPR become applicable. Commissioner Reynders further commented that the past two years have demonstrated the positive effects of the GDPR and that it is flexible tool, as the COVID-19 crisis has shown.

GDPR

GDPR IT Artificial Intelligence Personal data

European Commission Publishes Results of Surveys on One Year of GDPR Application

Hunton Privacy

JUNE 25, 2019

To mark the GDPR’s one-year anniversary, the European Commission recently published the results of two surveys meant to illuminate the public’s awareness of the GDPR and its practical applications. Special Eurobarometer 487a – GDPR Report. GDPR Multistakeholder Expert Group Report.

GDPR

GDPR Personal data Privacy Risk

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. GDPR Compliance Starts with Data Discovery. GDPR Compliance Starts with Data Discovery. Compliance with GDPR is just a short five months away. The Privacy and Security Dichotomy.

GDPR

GDPR Compliance Data collection Privacy

ICO Issues First Enforcement Action Under the GDPR

Hunton Privacy

SEPTEMBER 25, 2018

The Information Commissioner’s Office (“ICO”) in the UK has issued the first formal enforcement action under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (the “DPA”) on Canadian data analytics firm AggregateIQ Data Services Ltd. (“AIQ”).

GDPR

GDPR Personal data Analytics IT

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

A draft set of EDPB guidelines on the calculation of administrative fines under the GDPR is likely to lead to some further consistency among supervisory authorities on how fines are calculated – however, if adopted, the guidance leaves clear room for the current divergent approaches to continue.

GDPR

GDPR Personal data Risk IT

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

Data Protection Report

FEBRUARY 11, 2022

Since then, the Belgian Data Protection Authority ( BDPA ) has taken on the lead role of investigating the TCF’s conformity with the GDPR. The BDPA has given the IAB a maximum period of six months to bring the TCF in line with the provisions of the GDPR. Since the inception of v2.0 IAB’s response.

GDPR

GDPR IT Personal data Compliance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies. GDPR and Cookie Violations. Background.

GDPR

GDPR Personal data Data collection Marketing

CNIL Publishes Initial Assessment on Blockchain and GDPR

Hunton Privacy

OCTOBER 2, 2018

Recently, the French Data Protection Authority (“CNIL”) published its initial assessment of the compatibility of blockchain technology with the EU General Data Protection Regulation (GDPR) and proposed concrete solutions for organizations wishing to use blockchain technology when implementing data processing activities. What is a Blockchain?

Blockchain

Blockchain GDPR Personal data Compliance

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

Recently, the Association of German Data Protection Authorities (“ Datenschutzkonferenz ” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. The involvement of an entity is triggered when it exercises ‘decisive influence’.

GDPR

GDPR Personal data Privacy Manufacturing

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

Recently, the Association of German Data Protection Authorities (“ Datenschutzkonferenz ” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. The involvement of an entity is triggered when it exercises ‘decisive influence’.

GDPR

GDPR Personal data Privacy Manufacturing

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant. Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant.

GDPR

GDPR Privacy Retail Personal data

EDPB publishes guidance on calculating GDPR fines

Data Protection Report

JUNE 9, 2022

Whereas the previous guidance set out general principles for when to impose fines under Article 83 GDPR, the new Guidelines provide a detailed five-step methodology for calculating a starting point for a fine and clarify how to determine the turnover of an undertaking in order to harmonise the approach across Member States.

GDPR

GDPR Compliance Personal data IT

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

Data Matters

JULY 8, 2019

Today we saw the ICO issue a notice of its intention to fine British Airways £183.39m for infringements of the GDPR – a record fine and the largest seen in the UK and the EU. This action by the ICO demonstrates that they are prepared to enforce the GDPR and levy significant fines.

GDPR

GDPR Privacy Data breaches Risk

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The test will be relative and it appears lower than under the EU GDPR, although the precise approach is not set out in the response. However, the precise approach will be set out in the AI white paper.

GDPR

GDPR Government Personal data Risk

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Data Matters

DECEMBER 2, 2019

On 4 November 2019, the European Data Protection Board (EDPB), the EU-wide data supervisory authority, held a stakeholders’ event on data subject rights under the GDPR. Stakeholders noted some requests were too broad, in turn, making it difficult to identify which data subject right was being exercised (e.g.,

GDPR

GDPR Compliance Personal data Access

Driving GDPR Compliance

Collibra

FEBRUARY 25, 2021

The General Data Protection Regulation (GDPR) mandates businesses to make provisions for EU citizens to exercise their right to access and control their personal data, including the export of personal data outside the EU. But hurriedly planning for the GDPR is not the solution. Six phases of GDPR compliance.

GDPR

GDPR Compliance Personal data Data Privacy

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Privacy Data Privacy

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

Make data protection training fun with our GDPR Challenge game

IT Governance

FEBRUARY 13, 2020

Thanks to our GDPR Challenge E-learning Game , you can now reap the benefits of gamification when training your staff on their data protection obligations. Our GDPR Challenge E-learning Game contains a variety of data protection problems across a range of business scenarios. What you’ll learn by playing.

GDPR

GDPR Personal data Compliance Access

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

Hunton Privacy

MARCH 8, 2019

The Overview provides key statistics relating to the consistency mechanism among national data protection authorities (“DPAs”), the cooperation mechanism of the EDPB, the means and powers of the DPAs and enforcement of the GDPR at the national level. Implementation and Enforcement of the GDPR at National Level.

GDPR

GDPR Data breaches Personal data Marketing

The GDPR and the right to be forgotten

IT Governance

APRIL 30, 2018

Something that’s drawn a lot of attention in the lead up to the General Data Protection Regulation (GDPR) compliance deadline is “the right to erasure”, also known as the “right to be forgotten”. For the establishment, exercise or defence of legal claims. a health professional). Other considerations. Find out more and buy >>

GDPR

GDPR Personal data Archiving Compliance

Top tips for data retention under the GDPR

IT Governance

NOVEMBER 12, 2018

Under the GDPR (General Data Protection Regulation) an organisation must not keep data for longer than it is needed. Article 5(1)(e) of the GDPR states: “1. There are no specific retention periods set under the GDPR, so it is up to your organisation to establish or identify them. Setting data retention periods.

GDPR

GDPR Personal data Paper Archiving

What are the Data Subject Rights under the GDPR?

IT Governance

NOVEMBER 15, 2018

This blog was originally published before the GDPR took effect in May 2018. The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. Organisations must let individuals know how they can exercise these rights, and meet requests promptly. Learn more about the GDPR.

GDPR

GDPR Personal data Access Communications

What are the Data Subject Rights under the GDPR?

IT Governance

JUNE 15, 2018

Even though the EU General Data Protection Regulation (GDPR) is now in effect, many organisations are still working towards compliance. The GDPR gives individuals eight rights relating to their personal data. The GDPR gives individuals eight rights relating to their personal data. Become a GDPR expert.

GDPR

GDPR Personal data Compliance Access

Should I Be Worried About the GDPR? – EDPB’S Guidelines on the GDPR’S Territorial Scope

HL Chronicle of Data Protection

DECEMBER 30, 2019

Does the GDPR really apply to my company? In many cases, the GDPR seems like an issue of the Old Continent, so some assume it should not affect non-EU companies. In others, companies apply the GDPR to all their processing activities just to avoid the possibility of being addressed by EU authorities.

GDPR

GDPR Personal data Analytics IT

CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop

Hunton Privacy

JUNE 15, 2021

The CJEU mainly examined the question of whether a national supervisory authority that is not the lead supervisory authority (“lead SA”) under the EU General Data Protection Regulation’s (“GDPR”) One-Stop-Shop may bring legal proceedings against a company for GDPR violations before a court in its Member State.

GDPR

GDPR Personal data IT

Is your organisation equipped for long-term GDPR compliance?

IT Governance

MAY 28, 2019

Last week, the GDPR (General Data Protection Regulation) turned one year old. GDPR compliance is an ongoing process and should be embedded by design in your data protection practices. The GDPR is as broad as possible when it comes to the security measures that organisations should implement.

GDPR

GDPR Compliance Personal data Risk

Will reforms take the DP out of GDPR?

CILIP

NOVEMBER 16, 2021

Will reforms take the DP out of GDPR? It aims to change the UK GDPR regime from a ?box-ticking? exercise to a risk-management one, and aims to do so without threatening the data security of individuals. s GDPR regime may imperil the UK?s box-ticking? box-ticking? The protection of people?s But they don?t or barrier ?

GDPR

GDPR Personal data Government Risk

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. Because the other firm had decided to focus on some obscure GDPR issues that the original firm didn’t think were particularly relevant. Does this matter?

GDPR

GDPR Privacy Compliance Personal data

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

AUGUST 17, 2020

If the EU’s ‘level data protection playing field’ means continuing to fully implement all aspects of European data protection law, including all aspects of the two-year-old General Data Protection Regulation (GDPR), then what was the point of Brexit? The GDPR has had a profound impact on many organisations.

Privacy

Privacy GDPR Personal data Computer and Electronics

How to write a GDPR-compliant data subject access request procedure

IT Governance

MARCH 20, 2018

In the lead up to May, it is important your organisation prioritises steps to prove that you are making an effort to comply with the EU General Data Protection Regulation (GDPR). D ata subject access request procedures under the GDPR. Two licences for the GDPR Staff Awareness E-learning Course.

GDPR

GDPR Access Personal data Compliance

Why data subject access requests have become more common under the GDPR

IT Governance

JULY 15, 2019

That shouldn’t be a surprise, given that the spike correlates with the GDPR (General Data Protection Regulation) taking effect. But why exactly has the GDPR caused everyone to rush off to find out what information organisations store on them? The GDPR has scrapped the £10 fee that organisations could charge to fulfil a DSAR.

GDPR

GDPR Access Data Privacy Personal data

Six months of the GDPR: it’s not too late to comply

IT Governance

NOVEMBER 23, 2018

It’s been six months since the GDPR (General Data Protection Regulation) took effect, and for many people fatigue has already set in: mention the GDPR and you’re likely to get little more than a weary shrug in response. True, the first GDPR fines are yet to be issued, but this should not be a cause for complacency. they say. “No

GDPR

GDPR Compliance Personal data Data breaches

Lessons on international transfers to the US to organisations caught by the GDPR

GDPR Article 17: What Is the Right to Erasure?

Webinars

Trending Sources

GDPR compliance checklist

Webinars

How to implement the General Data Protection Regulation (GDPR)

Are you ready for a cyberattack?

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

IRELAND: First GDPR fine issued in Ireland

The European Commission’s GDPR review in short

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

GDPR Data Subject Access Requests: How to Respond

EU: EU Commission publishes its evaluation of GDPR

European Commission Publishes Results of Surveys on One Year of GDPR Application

Guest Post - Three Critical Steps for GDPR Compliance

ICO Issues First Enforcement Action Under the GDPR

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

CNIL Publishes Initial Assessment on Blockchain and GDPR

German DSK Issues GDPR Fining Methodology Guidelines

German DSK Issues GDPR Fining Methodology Guidelines

Does your use of CCTV comply with the GDPR?

EDPB publishes guidance on calculating GDPR fines

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

Driving GDPR Compliance

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Make data protection training fun with our GDPR Challenge game

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

The GDPR and the right to be forgotten

Top tips for data retention under the GDPR

What are the Data Subject Rights under the GDPR?

What are the Data Subject Rights under the GDPR?

Should I Be Worried About the GDPR? – EDPB’S Guidelines on the GDPR’S Territorial Scope

CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop

Is your organisation equipped for long-term GDPR compliance?

Will reforms take the DP out of GDPR?

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protection: Where’s the Brexit Privacy Dividend?

How to write a GDPR-compliant data subject access request procedure

Why data subject access requests have become more common under the GDPR

Six months of the GDPR: it’s not too late to comply

Stay Connected