Exercises, GDPR and Security - Information Management Today

Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

Security Affairs

DECEMBER 23, 2024

A communication campaign will inform users and non-users on how to oppose the use of their personal data for AI training, ensuring they can exercise their GDPR rights. OpenAI claims the fine is disproportionate and announced it will appeal.

Artificial Intelligence

Artificial Intelligence Personal data Data collection Privacy

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

AIIM

JANUARY 10, 2019

While a blockchain provides a trusted framework for the integrity and auditability of transactions it stands in stark contrast to the ambition of the GDPR Regulation, the foundation of which is to enable data subjects to exercise greater degree of control over the processing of personally identifiable information.

Blockchain

Blockchain GDPR Privacy Personal data

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Compliance Data collection Privacy

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

Security Affairs

JANUARY 17, 2025

noyb filed GDPR complaints against the above companies for unlawfully transferring EU users’ data to China. noyb pointed out that foreign users face challenges exercising rights under Chinese data laws due to the lack of an independent authority, unclear laws, and limited recourse options.

Privacy

Privacy GDPR Compliance Personal data

EU hits Meta with $1.3 billion fine for transferring European user data to the US

Security Affairs

MAY 22, 2023

This is the biggest fine since the adoption of the General Data Protection Regulation (GDPR) by the European Union (EU) on May 25, 2018. billion fine for transferring European user data to the US appeared first on Security Affairs. billion fine for transferring European user data to the US appeared first on Security Affairs.

GDPR

GDPR Personal data Privacy Data Privacy

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. Organisations must ensure they have robust access controls and security measures in place to prevent against unauthorised disclosure. Eilis McDonald & John Magee.

GDPR

GDPR Personal data Government Paper

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Compliance Privacy Data Privacy

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

Under the European Union’s General Data Protection Regulation (GDPR), individuals have the right to access personal data collected about them, and to exercise that right easily and at reasonable intervals. The Dutch Data Protection Authority received complaints about the high standard BKR had set for accessing personal data.

GDPR

GDPR Personal data Data collection Access

The European Commission’s GDPR review in short

Privacy and Cybersecurity Law

JULY 22, 2020

Two years after the GDPR entered into force, the European Commission ( EC ) issued its first evaluation of the GDPR. Individuals are increasingly aware of the GDPR and their GDPR rights. The GDPR’s international data transfer toolbox. We have addressed the key points from the EC’s evaluation below.

GDPR

GDPR Privacy Personal data Compliance

List of free GDPR resources and templates

IT Governance

NOVEMBER 14, 2018

This blog was originally published before the GDPR took effect in May 2018. The EU’s GDPR (General Data Protection Regulation) requires all organisations that process EU residents’ personal data to abide by its strict terms. Webinar titles include: Risk assessments and applying organisational controls for GDPR compliance.

GDPR

GDPR Data breaches Compliance Paper

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant. Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant.

GDPR

GDPR Privacy Personal data Retail

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. Because the other firm had decided to focus on some obscure GDPR issues that the original firm didn’t think were particularly relevant. Does this matter? I’m not aware of many cases.

GDPR

GDPR Privacy Compliance Personal data

CNIL Publishes Initial Assessment on Blockchain and GDPR

Hunton Privacy

OCTOBER 2, 2018

Recently, the French Data Protection Authority (“CNIL”) published its initial assessment of the compatibility of blockchain technology with the EU General Data Protection Regulation (GDPR) and proposed concrete solutions for organizations wishing to use blockchain technology when implementing data processing activities. What is a Blockchain?

Blockchain

Blockchain GDPR Personal data Compliance

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

DLA Piper Privacy Matters

SEPTEMBER 6, 2021

This is the highest GDPR fine ever issued by the DPC, and the second highest by any EU regulator to date. The DPC issued two draft decisions in May 2020, which were subject to challenge and scrutiny by Concerned Supervisory Authorities in the months which followed, resulting in the GDPR dispute resolution procedure being initiated.

GDPR

GDPR Personal data Communications e-Delivery

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

AUGUST 23, 2021

With many employees now working remotely, securing company data isn’t as straightforward as it used to be. International workforces can be an excellent way to find top talent, but they can introduce unique security risks. Countries have different data security laws, and these can get in the way of one another.

Communications

Communications Cybersecurity GDPR Risk

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

Hunton Privacy

SEPTEMBER 3, 2021

On September 2, 2021, Ireland’s Data Protection Commission (“DPC”) announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd (“WhatsApp”) for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation (“GDPR”). Eight other EU regulators objected to the DPC’s draft decision.

GDPR

GDPR Compliance Personal data IT

Are you ready for a cyberattack?

OpenText Information Management

JUNE 4, 2024

This is where Tabletop Exercises (or incident response simulations), come into play. These exercises are essential for preparing your organization to effectively respond to a cyberattack. Even the most advanced security systems can be rendered ineffective without a well-prepared team with clear processes.

Security awareness

Security awareness Cybersecurity Compliance GDPR

Post-GDPR Developments on Data Protection and Privacy Regulations Around the World

Thales Cloud Protection & Licensing

NOVEMBER 14, 2019

Reviewing the negative effects of high-profile breaches and security incidents on organizations globally, it is apparent that for a digital economy to function properly, data protection and privacy is directly related to the level of commerce quality. A milestone in data protection – the GDPR.

GDPR

GDPR Privacy Personal data Compliance

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

FEBRUARY 3, 2022

The TCF is a GDPR consent solution developed by IAB Europe that has become a widely used approach to collecting and managing consent for targeted advertising cookies in the EU. Accountability, Security, and Data Protection by Design and By Default. Audit participating organizations to ensure they comply with the GDPR.

GDPR

GDPR Personal data Marketing IT

GDPR: lawful bases for processing, with examples

IT Governance

MARCH 13, 2020

Under the EU GDPR (General Data Protection Regulation) , you need to identify a lawful basis before processing personal data. Lawfulness of processing under the GDPR. First published June 2018. Last updated March 2020. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data?

GDPR

GDPR Personal data Compliance Marketing

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

A guide to cyber security for marketing agencies

IT Governance

FEBRUARY 9, 2021

If your marketing agency is under the impression that cyber security is strictly an IT issue, you should think again. Effective security is a company-wide commitment, and marketers play one of the most crucial roles. The system helps organisations manage, monitor and improve their security practices in one place.

Marketing

Marketing Security GDPR Personal data

CCTV and the GDPR – an overview for small businesses

IT Governance

JULY 25, 2018

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. You can find more information about GDPR compliance on our website >> Data processing principles (Article 5).

GDPR

GDPR Personal data Privacy Access

Ways to Develop a Cybersecurity Training Program for Employees

Security Affairs

APRIL 15, 2022

Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company’s security initiatives. Now is the moment to train your personnel on security best practices, if you haven’t already. Customize Your Security Training.

Cybersecurity

Cybersecurity Data Privacy Data breaches Privacy

Taking Control Online: Ensuring Awareness of Data Usage and Consent

Security Affairs

SEPTEMBER 17, 2024

However, trust is not a once-off exercise; it’s a continuous process in which each interaction helps build and nurture loyalty over time. A recent Thales report on digital trust explores the complex dynamics of trust, focusing on user experience, security, and data privacy. Ensuring transparency on their usage and consent.

Data collection

Data collection Privacy Personal data B2B

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

AUGUST 17, 2020

If the EU’s ‘level data protection playing field’ means continuing to fully implement all aspects of European data protection law, including all aspects of the two-year-old General Data Protection Regulation (GDPR), then what was the point of Brexit? The GDPR has had a profound impact on many organisations.

Privacy

Privacy GDPR Personal data Computer and Electronics

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

Hunton Privacy

SEPTEMBER 10, 2020

On September 7, 2020, the European Data Protection Board (“EDPB”) released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). However, the GDPR has introduced new obligations on those actors.

GDPR

GDPR Personal data Data breaches Compliance

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

Hunton Privacy

MARCH 8, 2019

The Overview provides key statistics relating to the consistency mechanism among national data protection authorities (“DPAs”), the cooperation mechanism of the EDPB, the means and powers of the DPAs and enforcement of the GDPR at the national level. Implementation and Enforcement of the GDPR at National Level.

GDPR

GDPR Data breaches Personal data Marketing

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies. GDPR and Cookie Violations. Background.

GDPR

GDPR Personal data Data collection Marketing

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

Data Matters

JULY 8, 2019

Today we saw the ICO issue a notice of its intention to fine British Airways £183.39m for infringements of the GDPR – a record fine and the largest seen in the UK and the EU. This action by the ICO demonstrates that they are prepared to enforce the GDPR and levy significant fines.

GDPR

GDPR Privacy Data breaches Risk

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. This will allow them to be one step ahead and better organized to comply with the upcoming GDPR.

GDPR

GDPR Personal data Compliance Privacy

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

The Last Watchdog

MARCH 21, 2022

Evolving privacy regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) mean ongoing headaches for cybersecurity, compliance and risk management teams. It’s time to rethink your security stack and priorities. You almost certainly need a chief information security officer (CISO).

Encryption

Encryption Cloud Privacy GDPR

How to write a GDPR-compliant data subject access request procedure

IT Governance

MARCH 20, 2018

In the lead up to May, it is important your organisation prioritises steps to prove that you are making an effort to comply with the EU General Data Protection Regulation (GDPR). D ata subject access request procedures under the GDPR. Two licences for the GDPR Staff Awareness E-learning Course.

GDPR

GDPR Access Personal data Compliance

Facebook's Download-Your-Data Tool Is Incomplete

Schneier on Security

MARCH 2, 2020

As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook. Information provided about the advertisers is also very limited (just a name and no contact details), preventing users from effectively exercising their rights.

Personal data

Personal data GDPR Data collection Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

GDPR: One Year On

Data Matters

MAY 31, 2019

The 25th of May, 2019 marked a year since the EU General Data Protection Regulation (“ GDPR ”) came into force. Perhaps of most interest has been how the data protection authorities (“ DPAs ”) would exercise their expanded enforcement powers under the GDPR. Data Breaches and Enforcement Action. Privacy Awareness and Litigation.

GDPR

GDPR Data breaches Privacy Compliance

GDPR: lawful bases for processing, with examples

IT Governance

JUNE 15, 2018

What is a lawful basis for processing under the GDPR? Like the Data Protection Act 1998 (DPA 1998) that it superseded, the General Data Protection Regulation (GDPR) sets out six lawful bases for processing personal data. For tasks carried out in the public interest or exercise of authority vested in the data controller.

GDPR

GDPR Personal data Compliance Privacy

New Dubai International Financial Centre Data Protection Law Comes into Effect

Hunton Privacy

JULY 9, 2020

The New DP Law reflects many aspects of the EU’s General Data Protection Regulation (the “GDPR”), including: Accountability Requirements: Controllers are required to put in place programs demonstrating compliance with the New DP Law, similar to the GDPR’s accountability requirements.

Personal data

Personal data GDPR Data breaches Compliance

GDPR compliance for professional services firms: time to get on track

IT Governance

APRIL 3, 2018

The General Data Protection Regulation (GDPR)’s compliance deadline is looming. Below is a checklist of ten essential areas of the GDPR that you will need to review as part of your firm’s project. IT Governance is at the forefront of helping organisations globally to address the challenges of GDPR compliance.

GDPR

GDPR Compliance Personal data Risk

Six months of the GDPR: it’s not too late to comply

IT Governance

NOVEMBER 23, 2018

It’s been six months since the GDPR (General Data Protection Regulation) took effect, and for many people fatigue has already set in: mention the GDPR and you’re likely to get little more than a weary shrug in response. True, the first GDPR fines are yet to be issued, but this should not be a cause for complacency. they say. “No

GDPR

GDPR Compliance Personal data Data breaches

Is your organisation equipped for long-term GDPR compliance?

IT Governance

MAY 28, 2019

Last week, the GDPR (General Data Protection Regulation) turned one year old. GDPR compliance is an ongoing process and should be embedded by design in your data protection practices. The GDPR is as broad as possible when it comes to the security measures that organisations should implement.

GDPR

GDPR Compliance Personal data Risk

The GDPR: Preparing your organisation for DSARs

IT Governance

JULY 11, 2019

The GDPR (General Data Protection Regulation) has strengthened individuals’ rights to see what information organisations store on them. Their first task will be to decide whether they can comply with the request within the one-month window permitted by the GDPR. This will be the case for data that’s walled off for security purposes.

GDPR

GDPR Personal data Access Data breaches

How to write a GDPR-compliant data subject access request procedure – with template

IT Governance

NOVEMBER 8, 2018

This blog was originally published before the GDPR took effect in May 2018. This blog explains how to write a GDPR-compliant DSAR (data subject access request) procedure to ensure you meet your obligations as a data controller. Data subject access request procedures under the GDPR. Updated X November 2018.

GDPR

GDPR Access Personal data Compliance

EDPB Releases Final Recommendations on Supplementary Measures for International Transfers

Hunton Privacy

JUNE 21, 2021

The mapping exercise should include onward transfers made by processors to whom data is disclosed. Organizations should identify the data transfer mechanism relied on under Chapter V of the GDPR, if necessary. Identify Data Transfer Mechanisms. Consider Supplementary Measures.

GDPR

GDPR Personal data Access Encryption

Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

Webinars

Trending Sources

Guest Post - Three Critical Steps for GDPR Compliance

Webinars

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

EU hits Meta with $1.3 billion fine for transferring European user data to the US

IRELAND: First GDPR fine issued in Ireland

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

The European Commission’s GDPR review in short

List of free GDPR resources and templates

Does your use of CCTV comply with the GDPR?

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

CNIL Publishes Initial Assessment on Blockchain and GDPR

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

Are you ready for a cyberattack?

Post-GDPR Developments on Data Protection and Privacy Regulations Around the World

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

GDPR: lawful bases for processing, with examples

GDPR compliance checklist

A guide to cyber security for marketing agencies

CCTV and the GDPR – an overview for small businesses

Ways to Develop a Cybersecurity Training Program for Employees

Taking Control Online: Ensuring Awareness of Data Usage and Consent

Data Protection: Where’s the Brexit Privacy Dividend?

EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

How to write a GDPR-compliant data subject access request procedure

Facebook's Download-Your-Data Tool Is Incomplete

How to implement the General Data Protection Regulation (GDPR)

GDPR: One Year On

GDPR: lawful bases for processing, with examples

New Dubai International Financial Centre Data Protection Law Comes into Effect

GDPR compliance for professional services firms: time to get on track

Six months of the GDPR: it’s not too late to comply

Is your organisation equipped for long-term GDPR compliance?

The GDPR: Preparing your organisation for DSARs

How to write a GDPR-compliant data subject access request procedure – with template

EDPB Releases Final Recommendations on Supplementary Measures for International Transfers

Stay Connected