Tag Archives for " compliance "

Is your company part of the GDPR ‘mobile loophole’?

Europe is leading the way in privacy protection with General Data Protection Regulations (GDPR). But most companies are not focused on what it means for their mobile workers. Personal mobile devices, which often contain corporate data from being connected/synced to back office systems, and including data about individuals, are subject to the same regulations and restrictions of GDPR as larger systems (e.g., PCs and servers).

Source: Is your company part of the GDPR ‘mobile loophole’? | Computerworld

Looking to Canada for input on the GDPR’s data retention requirements

One of the core principles of data processing set forth in Article 5(e) of the EU General Data Protection Regulation is that personal data shall be retained in a form that “permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.” Although this language is not complex, it raises critical questions not answered within the text, namely: What comprises a purpose and how does one determine whether the purpose is resolved?

Read full article: Looking to Canada for input on the GDPR’s data retention requirements

How to approach DPIAs under the GDPR

A DPIA consists of a procedure aimed at describing the treatment, assessing its necessity and proportionality, and facilitating the management of risks for the rights and freedoms of individuals deriving from the processing of their personal data (through the assessment of these risks and the definition of appropriate measures to address them).

It is important that the risks to the interested parties are identified (not just the data breach impacts, but also considering the intrinsic risks of the processing which, even if safe and with a low exposure to risks of violations, could violate the privacy of the data subject). Therefore it is convenient to extend the analysis to compliance risk and risks related to the organization, since the privacy risks towards the interested party usually have associated risks of compliance and towards the organization.

Read full article: How to approach DPIAs under the GDPR

Data-processing agreements from 30,000 feet

Any organization that processes the personal data of data subjects in the European Union should be concerned about having updated data processing agreements in place with vendors and partners with whom they share the data. Having up-to-date data processing agreements in place can also protect an organization from liability in the future, and avoid the potential heavy fines and penalties possible under the GDPR.

Read full article: Data-processing agreements from 30,000 feet

What role can internal auditors play in GDPR compliance?

As a function that has a holistic view of the organization, internal audit plays a role in evaluating the organization’s GDPR compliance. By taking up the role of a strategic partner of the data protection officer, internal auditors can help to guide the company strategy, raise awareness, assess the potential risks, identify gaps, and test the remediated procedures.

Read more: What role can internal auditors play in GDPR compliance?

GDPR certifications come into focus with EDPB guidance

Last week, on GDPR Day, as the law finally came into force, the newly minted European Data Protection Board shed some light on these questions and more with newly released guidance on certifying and identifying certification criteria in accordance with Articles 42 and 43 (there are also “codes of conduct” mentioned in the GDPR alongside certifications, but they aren’t addressed in this guidance).

Source: GDPR certifications come into focus with EDPB guidance

Irish DPA recived 1,300 GDPR queries

More than 1,300 “concerns or complaints” have been made to the Data Protection Commission since the General Data Protection (GDPR) became law last month, while firms have logged 60 breaches of people’s personal data with the watchdog.

Source: Data watchdog deals with 1,300 GDPR queries | Irish Examiner

Cyber insurance is booming, but it won’t protect you from GDPR fines

The US is one of the biggest markets for cyber insurance, but you won’t be able to take out a policy protecting you from fines for breaches of the EU General Data Protection Regulation (GDPR).

The law, which strengthens EU residents’ rights relating to their personal data, applies to all organizations that collect or process such information, including many in the US. Insuring against fines would have been a massive boon for organizations, as the GDPR gives supervisory authorities the power to issue penalties of up to €20 million (about $24.4 million) or 4% of an organization’s global annual turnover,

Source: Cyber insurance is booming, but it won’t protect you from GDPR fines – IT Governance USA

1 2 3 24
>