A confluence of comprehensive data protection regulations, massive data breaches, and corresponding consumer awareness of digital privacy issues means privacy is no longer a niche issue, bent on mere compliance. Obligations to design privacy into products and services from the beginning to stave off curious regulators, an outraged media, and untrusting consumers, means that companies are putting more stock in data protection.
This white paper by Enterprivacy Consulting Group’s Jason Cronk attempts to contrast two approaches to privacy by design, the all-too-common PIA- based privacy by design approach and the proactive — or strategic —privacy by design approach.
IAPP has released the newest update to our 2017 Privacy Tech Vendor Report , v1.4, a resource designed to help you assess the many privacy technology vendors – both new and old, big and small – that are emerging in the marketplace.
In order to be legally compliant with data protection law, an employer must have a “lawful basis” or justifiable reason to process an employee’s personal data.
The concept of joint controllers in EU law, in contrast to a distinction between controllers and processors, has not been seen thus far as particularly controversial nor widely discussed. However, it is now explicitly provisioned by the GDPR that joint controllers are two or more controllers that jointly determine the purposes and means of processing.
The General Data Protection Regulation provides individuals with a variety of rights to enforce against organizations that are processing their personal data. These rights allow individuals to have control over, and place limits on, the collection, use and disclosure of their data.
Anyone who’s been paying attention to the privacy and data protection landscape knows this if they know anything at all: The General Data Protection Regulation is looming and firms are scrambling to prepare, staffing up the privacy office and appointing a data protection officer, depending on their stage of preparedness.
Google and Facebook will be unable to use the personal data they hold for advertising purposes without user permission. This is an acute challenge because, contrary to what some commentators have assumed, they cannot use a “service-wide” opt-in for everything. Nor can they deny access to their services to users who refuse to opt-in to tracking. Some parts of their businesses are likely to be disrupted more than others.
I’ve been thinking about the EU General Data Protection Regulation. At our design studio, Projects by IF, we’ve talked to a few clients about what it’ll mean when, next May, new digital rights for citizens across the EU are made real. We think ultimately it could spur innovation, but for now, a lot of companies are focusing on compliance. Big organizations are already feeling the pinch, but a lot of smaller companies are hoping they can ignore it.
Enterprises should not be fooled into thinking General Data Protection Regulation (GDPR) compliance can be bought through investments in information management technologies, third-party consultancy or new hires.