GDPR and Marketing - Information Management Today

Maintaining GDPR and Data Privacy Compliance in 2024

IT Governance

FEBRUARY 16, 2024

For a start, maintaining data privacy and GDPR [General Data Protection Regulation] compliance will become increasingly complex through 2024, particularly for organisations operating across multiple jurisdictions. In addition, 14 US states now have their own data privacy laws, and GDPR-like legislation has proliferated across the world.

Data Privacy

Data Privacy GDPR Compliance Privacy

CIPL Publishes White Paper on the Interplay Between the Draft EU Digital Markets Act and the GDPR

Hunton Privacy

DECEMBER 16, 2021

On December 6, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published a white paper on “ Bridging the DMA and the GDPR – Comments by the Centre for Information Policy Leadership on the Data Protection Implications of the Draft Digital Markets Act ” (the “White Paper”).

Paper

Paper GDPR Marketing Compliance

CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

Hunton Privacy

OCTOBER 31, 2023

October 12, 2023, the French Data Protection Authority (the “CNIL”) announced a €600,000 fine for mass media company Groupe Canal+ for failing to comply with its commercial prospecting obligations applicable under the French Post and Electronic Communications Code and several obligations of the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Marketing Personal data Communications

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

Lessons on international transfers to the US to organisations caught by the GDPR

Data Protection Report

SEPTEMBER 11, 2024

It also highlights the compliance gap around transfers to recipients in third countries caught by Article 3(2) General Data Protection Regulation (GDPR). This is the case even where the third country targets the EEA market and so is brought into the scope of the GDPR’s extraterritorial application under Article 3(2) (see p.9).

GDPR

GDPR Personal data Compliance Artificial Intelligence

Navigating GDPR Compliance with CIAM: A Quick Guide

Thales Cloud Protection & Licensing

MAY 22, 2024

GDPR: A game-changer for CIAM The introduction of GDPR catalyzed a reevaluation of how businesses collect, store, and manage customer data. Right to Access and Amend : GDPR grants individuals the right to access their personal data held by organizations and amend them if desired. Explicit consent is required for such data.

GDPR

GDPR Compliance Privacy Personal data

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

Marketing and the GDPR

IT Governance

JUNE 25, 2018

The EU General Data Protection Regulation (GDPR) has big implications for marketing departments and how they can advertise products and services. Marketing personnel will be pleased that direct marketing comes under “legitimate interest”, one of the six lawful bases for processing. Marketing based on consent.

GDPR

GDPR Marketing Personal data Privacy

European Union Reached a Political Agreement on the Digital Markets Act

Hunton Privacy

MARCH 29, 2022

On March 24, 2022, the European Union unveiled the final text of the Digital Markets Act (the “DMA”). billion in annual revenue and market capitalization of €65 billion to €7.5 billion in annual revenue and market capitalization of €75 billion. The DMA imposes a set of obligations on “gatekeeper” platforms.

Marketing

Marketing GDPR Compliance Paper

GDPR Article 17: What Is the Right to Erasure?

IT Governance

MARCH 30, 2023

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. Failure to fulfil this requirement is considered a serious breach and could be penalised under the GDPR’s upper tier of fines of €20 million (£17.5 What is the right to erasure?

GDPR

GDPR Personal data Compliance Government

The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

Hunton Privacy

NOVEMBER 23, 2021

On November 19, 2021, the European Data Protection Board (“EDPB”) published its draft Guidelines 05/2021 (the “Guidelines”) on the interplay between the application of Article 3 of the EU General Data Protection Regulation (“GDPR”), which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.

GDPR

GDPR Personal data Marketing Government

A guide to cyber security for marketing agencies

IT Governance

FEBRUARY 9, 2021

If your marketing agency is under the impression that cyber security is strictly an IT issue, you should think again. Effective security is a company-wide commitment, and marketers play one of the most crucial roles. So, what should marketing agencies do to reduce the risk of cyber attacks and protect their reputation?

Marketing

Marketing Security GDPR Privacy

GDPR for small business: the ultimate guide

IT Governance

JULY 2, 2020

What is the GDPR? First, the UK has implemented the UK DPA (Data Protection Act) 2018 , which adopts the GDPR into national law. Second, if you process EU residents’ personal data, the GDPR still applies. Does the GDPR apply to small businesses? What does the GDPR mean for my business? A quick overview.

GDPR

GDPR Personal data Data breaches Compliance

UK ICO Publishes New Direct Marketing Guidance and Checklists

Hunton Privacy

DECEMBER 7, 2022

The UK Information Commissioner’s Office (“ICO”) recently published a package of detailed guidance and checklists for direct marketing activities. PECR applies to direct marketing activities even where personal data is not involved.

Marketing

Marketing Personal data Communications Privacy

The Re-Permissioning Dilemma Under GDPR

AIIM

JUNE 26, 2018

Now that the EU General Data Protection Regulation (GDPR) is in force organizations are ramping up their efforts to re-fresh data subject consent obtained prior to GDPR and under the EU Data Protection Directive 95/46/EC by virtue of which opt-out, or implied consent was permissible. Furthermore, the.

GDPR

GDPR Privacy Marketing Sales

Belgian Data Protection Authority Releases Direct Marketing Recommendation

Hunton Privacy

FEBRUARY 25, 2020

On February 10, 2020, the Belgian Data Protection Authority (the “Belgian DPA”) published its Recommendation 1/2020 on data processing activities for direct marketing purposes (the “Recommendation”). Direct marketing is one of the Belgian DPA’s top priorities for the next few years, as indicated in its 2019-2025 Strategic Plan.

Marketing

Marketing Personal data GDPR Communications

Experian’s data processing practices violate the GDPR

IT Governance

OCTOBER 28, 2020

It has given the organisation nine months to make appropriate changes, with the threat of a GDPR (General Data Protection Regulation) penalty looming. Under the GDPR, organisations must explain to individuals why their personal data is being collected and limit the use of the data to that purpose. Fundamental changes are needed.

GDPR

GDPR Personal data Marketing Privacy

UK Tribunal Rules on Direct Marketing ICO Case Against Experian

Hunton Privacy

FEBRUARY 23, 2023

On February 20, 2023, in the case of Experian Limited v The Information Commissioner , the First-Tier Tribunal in the UK (the “ Tribunal ”) ruled on the ICO’s action to require Experian to make changes to how it processes personal data for direct marketing purposes. Experian appealed the enforcement notice, which was heard by the Tribunal.

Marketing

Marketing Personal data GDPR Privacy

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

FEBRUARY 3, 2022

The TCF is a GDPR consent solution developed by IAB Europe that has become a widely used approach to collecting and managing consent for targeted advertising cookies in the EU. Audit participating organizations to ensure they comply with the GDPR. Background. Key points from the Belgian DPA’s decisions are summarized below: Lawfulness.

GDPR

GDPR Personal data Marketing IT

The European Commission’s GDPR review in short

Privacy and Cybersecurity Law

JULY 22, 2020

Two years after the GDPR entered into force, the European Commission ( EC ) issued its first evaluation of the GDPR. Individuals are increasingly aware of the GDPR and their GDPR rights. The GDPR’s international data transfer toolbox. We have addressed the key points from the EC’s evaluation below.

GDPR

GDPR Privacy Personal data Compliance

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

Hunton Privacy

NOVEMBER 5, 2020

On October 27, 2020, the UK Information Commissioner’s Office (“ICO”) published a report following its investigation into data protection compliance in the direct marketing data broking sector, alongside its enforcement action against Experian. Three such hubs were the three CRAs audited as part of this investigation.

Marketing

Marketing Compliance Personal data GDPR

CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing

Hunton Privacy

MAY 4, 2020

On April 30, 2020, the French Data Protection Authority (the “CNIL”) published guidance on the extraction of web users’ personal data from online public spaces by web scraping tools and re-use of such data for direct marketing (the “Guidance”). The Guidance was issued following inspections carried out by the CNIL in 2019. Background.

Marketing

Marketing GDPR Communications Personal data

GDPR and The Data Governance Imperative

AIIM

SEPTEMBER 12, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Government Information governance Compliance

Most GDPR emails unnecessary and some illegal, say experts

The Guardian Data Protection

MAY 21, 2018

Many companies, acting based on poor legal advice, a fear of fines of up to €20m (£17.5m) and a lack of good examples to follow, have taken what they see as the safest option for hewing to the General Data Protection Regulation (GDPR) : asking customers to renew their consent for marketing communications and data processing.

GDPR

GDPR Data Privacy Privacy Communications

Belgian Data Protection Authority Imposes Fine on Non-Profit Organization for Unlawful Direct Marketing Practices

Hunton Privacy

JUNE 4, 2020

The decision followed a complaint filed by an individual who continued to receive promotional materials from the organization after he had objected to the processing of his contact details for direct marketing purposes and had requested that the organization erase his data from its database. Read the Belgian DPA’s decision (in Dutch).

Marketing

Marketing GDPR Communications Personal data

The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

HL Chronicle of Data Protection

MARCH 5, 2020

On January 17, The Belgian Data Protection Authority (DPA) published Recommendation no 01/2020 providing Guidance on direct marketing. The Recommendation provides a methodology on how to comply with the General Data Protection Regulation (GDPR) when conducting direct marketing. Definition of Direct Marketing.

Marketing

Marketing GDPR Personal data Healthcare

UK ICO Releases Draft Direct Marketing Code of Practice for Public Consultation

Data Matters

FEBRUARY 10, 2020

On 8 January 2020, the UK’s Information Commissioner’s Office ( ICO ) published a draft Direct Marketing Code of Practice ( Draft Code ) for public consultation. The Draft Code is intended to update existing guidance published pre-GDPR and provide clarity on certain important issues.

Marketing

Marketing GDPR Personal data Communications

European Commission Releases Study on GDPR Data Protection Certification Mechanisms

Hunton Privacy

APRIL 11, 2019

The European Commission (the “Commission”) has released a long-awaited study on GDPR data protection certification mechanisms (the “Study”). As we previously reported , the Commission announced its intention to look into GDPR certifications in January of 2018. Certifications continue to be a developing area under the GDPR.

GDPR

GDPR Marketing Privacy IT

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

Data Protection Report

FEBRUARY 11, 2022

Since then, the Belgian Data Protection Authority ( BDPA ) has taken on the lead role of investigating the TCF’s conformity with the GDPR. The BDPA has given the IAB a maximum period of six months to bring the TCF in line with the provisions of the GDPR. Since the inception of v2.0 IAB’s response.

GDPR

GDPR IT Personal data Compliance

GDPR After the Deadline — Part 3 of 3 — How do IIM technologies fit into the GDPR puzzle?

AIIM

AUGUST 8, 2018

The GDPR’s May 25, 2018 deadline set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. We just published a new market research report on GDPR. How do they assess their progress in meeting the core requirements of GDPR?

GDPR

GDPR Compliance Digital preservation Artificial Intelligence

Guest Post - Three Critical Steps for GDPR Compliance

AIIM

JANUARY 17, 2018

GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. GDPR Compliance Starts with Data Discovery. GDPR Compliance Starts with Data Discovery. Compliance with GDPR is just a short five months away. The Privacy and Security Dichotomy.

GDPR

GDPR Compliance Data collection Privacy

Guest Post -- GDPR Compliance starts with Data Discovery

AIIM

NOVEMBER 16, 2017

GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. 50% of organizations not ready for GDPR. What should your organization budget for GDPR? The Privacy and Security Dichotomy. Privacy by Design: The Intersection of Law and Technology.

GDPR

GDPR Compliance Privacy Paper

Questions Persist About Ransomware Attack on Blackbaud

Data Breach Today

JULY 30, 2020

CRM Firm Admits Paying Ransom; Waited Weeks to Notify Victims Despite GDPR Rules Numerous unanswered questions persist concerning a ransomware outbreak at Blackbaud, which provides cloud-based marketing, fundraising and customer relationship management software used by thousands of charities, universities, healthcare organizations and others.

Ransomware

Ransomware GDPR Marketing Cloud

GDPR After the Deadline — Part 2 of 3 — Where are organizations in their GDPR journey and how much did they spend to get there?

AIIM

AUGUST 1, 2018

The GDPR’s May 25, 2018 deadline set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. We just published a new market research report on GDPR. How do they assess their progress in meeting the core requirements of GDPR?

GDPR

GDPR Compliance Privacy Marketing

EDPB Publishes Guidelines on Extraterritorial Application of the GDPR

Hunton Privacy

NOVEMBER 27, 2018

On November 23, 2018, the European Data Protection Board (“EDPB”) published its long-awaited draft guidelines on the extraterritorial application of the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). is subject to the GDPR.

GDPR

GDPR Personal data Marketing Data collection

GDPR After the Deadline — Part 3 of 3 — How do IIM technologies fit into the GDPR puzzle?

AIIM

AUGUST 8, 2018

The GDPR’s May 25, 2018 deadline set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. We just published a new market research report on GDPR. How do they assess their progress in meeting the core requirements of GDPR?

GDPR

GDPR Compliance Digital preservation Artificial Intelligence

European Commission Issues GDPR Infographic

Hunton Privacy

FEBRUARY 1, 2019

On January 25, 2019, the European Commission (the “Commission”) issued an infographic on compliance with and enforcement and awareness of the EU General Data Protection Regulation (“GDPR”) since the GDPR took force on May 25, 2018. Three fines have been issued under the GDPR so far.

GDPR

GDPR Data breaches Personal data Compliance

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The test will be relative and it appears lower than under the EU GDPR, although the precise approach is not set out in the response. However, the precise approach will be set out in the AI white paper.

GDPR

GDPR Government Personal data Risk

GDPR After the Deadline — Part 2 of 3 — Where are organizations in their GDPR journey and how much did they spend to get there?

AIIM

AUGUST 1, 2018

The GDPR’s May 25, 2018 deadline set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. We just published a new market research report on GDPR. How do they assess their progress in meeting the core requirements of GDPR?

GDPR

GDPR Compliance Privacy Marketing

Belgian DPA Releases Report for Second Anniversary of the GDPR

Hunton Privacy

MAY 26, 2020

On the second anniversary of the EU General Data Protection Regulation (the “GDPR”), the Belgian Data Protection Authority (the “Belgian DPA”) published a Statement with some key GDPR-related numbers (the “Statement”). 5,416 data protection officer (“DPO”) notifications. Read the Statement (in French and Dutch ).

GDPR

GDPR Personal data Data breaches Compliance

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

Hunton Privacy

MARCH 4, 2020

Article 97 of the GDPR requires the European Commission to submit, by May 25, 2020, and every four years thereafter, a report on the evaluation and review of the GDPR to the European Parliament and to the Council of the EU. In order to prepare its report, the European Commission may request information from DPAs.

GDPR

GDPR Personal data Data breaches Communications

EDPB Publishes Draft Guidelines on the Concepts of Controller and Processor under the GDPR

Data Matters

SEPTEMBER 18, 2020

On 2 September 2020, the European Data Protection Board ( EDPB ) published draft guidelines on the concepts of controller and processor under the GDPR ( Draft Guidelines ). Controllers may also consider a processor’s adherence to an approved code of conduct or certification mechanism and reputation in the market, where relevant.

GDPR

GDPR Personal data Compliance Access

Belgian DPA Launches Public Consultation on Direct Marketing

Hunton Privacy

JUNE 14, 2019

On June 12, 2019, the Belgian Data Protection Authority (the “Belgian DPA”) launched a public consultation on direct marketing with a view to updating its Recommendation No. 02/2013 of January 30, 2013 on direct marketing (the “Direct Marketing Recommendation” – in French and in Dutch ).

Marketing

Marketing GDPR IT

List of mandatory documents required by the GDPR

IT Governance

JULY 31, 2019

The documentation of processing activities is a new legal requirement under the EU GDPR (General Data Protection Regulation). Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance with other aspects of the GDPR. Personal Data Protection Policy (Article 24).

GDPR

GDPR Data breaches Personal data Compliance

Maintaining GDPR and Data Privacy Compliance in 2024

CIPL Publishes White Paper on the Interplay Between the Draft EU Digital Markets Act and the GDPR

Webinars

Trending Sources

CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

Webinars

GDPR compliance checklist

Lessons on international transfers to the US to organisations caught by the GDPR

Navigating GDPR Compliance with CIAM: A Quick Guide

How to implement the General Data Protection Regulation (GDPR)

Marketing and the GDPR

European Union Reached a Political Agreement on the Digital Markets Act

GDPR Article 17: What Is the Right to Erasure?

The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

A guide to cyber security for marketing agencies

GDPR for small business: the ultimate guide

UK ICO Publishes New Direct Marketing Guidance and Checklists

The Re-Permissioning Dilemma Under GDPR

Belgian Data Protection Authority Releases Direct Marketing Recommendation

Experian’s data processing practices violate the GDPR

UK Tribunal Rules on Direct Marketing ICO Case Against Experian

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

The European Commission’s GDPR review in short

ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector

CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing

GDPR and The Data Governance Imperative

Most GDPR emails unnecessary and some illegal, say experts

Belgian Data Protection Authority Imposes Fine on Non-Profit Organization for Unlawful Direct Marketing Practices

The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

UK ICO Releases Draft Direct Marketing Code of Practice for Public Consultation

European Commission Releases Study on GDPR Data Protection Certification Mechanisms

Belgian DPA fines IAB Europe over its consent framework’s GDPR violations

GDPR After the Deadline — Part 3 of 3 — How do IIM technologies fit into the GDPR puzzle?

Guest Post - Three Critical Steps for GDPR Compliance

Guest Post -- GDPR Compliance starts with Data Discovery

Questions Persist About Ransomware Attack on Blackbaud

GDPR After the Deadline — Part 2 of 3 — Where are organizations in their GDPR journey and how much did they spend to get there?

EDPB Publishes Guidelines on Extraterritorial Application of the GDPR

GDPR After the Deadline — Part 3 of 3 — How do IIM technologies fit into the GDPR puzzle?

European Commission Issues GDPR Infographic

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

GDPR After the Deadline — Part 2 of 3 — Where are organizations in their GDPR journey and how much did they spend to get there?

Belgian DPA Releases Report for Second Anniversary of the GDPR

EDPB Publishes Contribution to the Evaluation and Review of the GDPR

EDPB Publishes Draft Guidelines on the Concepts of Controller and Processor under the GDPR

Belgian DPA Launches Public Consultation on Direct Marketing

List of mandatory documents required by the GDPR

Stay Connected