Free tools and resources for Data Protection Officers!

Tag Archives for " compliance "

Tech stocks may suffer as investors weigh the data privacy  risks

The market is correct to be concerned about “trust issues”, i.e. the recent unexpected management disclosures from tech leaders Apple, Google and Facebook.

The investing public is no longer in the mood to give technology producers the benefit of the doubt, expect increased scrutiny of technology risks across all sectors. To avoid future losses, investors should consider incorporating a broader set of investment tools to help identify potential risks from technology, in line with recent moves from ratings agencies.

Full article: Tech stocks may suffer as investors weigh the data privacy  risks

ICO issues the first fines to organisations that have not paid the data protection fee

Organisations across the business services, construction and finance sectors are among the first to be fined by the ICO for not paying the data protection fee.

All organisations, companies and sole traders that process personal data must pay an annual fee to the ICO unless they are exempt. Fines for not paying can be up to a maximum of £4,350.

Source: ICO issues the first fines to organisations that have not paid the data protection fee. | ICO

Germany’s first fine under the GDPR offers enforcement insights

On Nov. 21 , the State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg (LfDI) imposed the first fine under the GDPR in Germany – on a social media company for a violation of its data security obligations.

This is not the first GDPR-related fine in Europe which has become publicly known: the Austrian DPA imposed a €4,800 fine for illegal video surveillance activities, and a €400,000 fine was imposed in Portugal on a hospital after staff members illicitly accessed patient data. However, the current example from Germany provides further insights into how DPAs intend to use their new, heightened fining powers under GDPR.

Full article: Germany’s first fine under the GDPR offers enforcement insights

Addressing the compliance challenge

The regulatory landscape is complex; a recent survey of more than 360 enterprises revealed that 86% are dealing with the complexity of multiple types of data and/or data-related processes subject to privacy and security compliance requirements.

Achieving compliance is an ever-present goal that influences operations, decision-making and success. But as new technologies emerge, businesses transform, and markets evolve, compliance efforts may become undone. Only a continuous approach can prevent this from happening.

Full article: Addressing the compliance challenge

DP Impact Assessments: EDPB Differs Slightly from ICO Position

The European Data Protection Board (EDPB) has recently published its Opinion on the (United Kingdom) Information Commissioner’s list of processing activities which would require a Data Protection Impact Assessment under the GDPR.

In its Opinion, the EDPB appears to be moving away from the idea that processing of genetic or loca­tion data, on its own, might be enough to trigger the mandatory DPIA requirements of the GDPR. This news will perhaps come as a relief to organi­sations currently struggling to come to grips with the “new” DPIA process and the resources and time that it demands. But, should we be surprised by the EDPB’s Opinion and will it have a significant impact in practice on the way organisations consider and conduct DPIAs?

Full article: DP Impact Assessments: EDPB Differs Slightly from ICO Position

New EDPB Guidelines on the territorial scope of the GDPR

On 26 November 2018, the WP29’s successor, the European Data Protection Board (EDPB) published, Guidelines on the territorial scope of the GDPR (Art. 3). The proposed Guidelines are open for public consultation until 18 January 2019. The Guidelines provide some clarification around the boundaries of what constitutes an establishment in the EU, the status of tourists and factors that determine whether data subjects in the EU are being targeted.

The EDPB also provides some guidance on the conditions of appointment of an EU representative for non-EU controllers and processors. However, the Guidelines do not address other key interpretive questions arising from Art. 3 and Chapter V (transfer restrictions) and leave many key legal questions open.

Full article: EU: New EDPB Guidelines on the territorial scope of the GDPR

The post GDPR landscape

With the panic over to ‘comply’ with GDPR, it is seen as becoming more of a day to day compliance matter. Of course, this assumes that organisations have the correct processes embedded in their day to day business and their staff are trained on and aware of the implications. However, there are still many questions around what is the correct approach.

Full article: The post GDPR landscape: Our Findings

Having legitimate consent is only half the battle: The top 5 ways to protect your data

A recent survey showed that nearly one in five (17%) of companies admitted they are still unsure as to what the benefits are of being GDPR-compliant . Many businesses have still not gained consent and yet are sending marketing emails.

More so, some do not have the proper opt-out policies in place and many are still struggling to make sense of the point of GDPR at all. These businesses are at risk of receiving a fine equating up to 4% of their annual turnover, a huge problem for the sole trader, man-on-the-street style business. But is this putting them at risk of more than a fine?

Full article: Having legitimate consent is only half the battle: The top 5 ways to protect your data

Google accused of GDPR privacy violations by seven countries

Consumer groups across seven European countries have filed GDPR complaints against Google’s location tracking (via Reuters). The European Consumer Organisation (BEUC), of which each of the groups are a member, claims that Google’s “deceptive practices” around location tracking don’t give users a real choice about whether to enable it, and that Google doesn’t properly inform them about what this tracking entails. If upheld, the complaints could mean a hefty fine for the search giant.

Full article: Google accused of GDPR privacy violations by seven countries – The Verge

1 2 3 35
>