Free tools and resources for Data Protection Officers!

Tag Archives for " compliance "

Brexit and the road to GDPR compliance

Since the GDPR came into effect, many organisations have fallen victim to data protection penalties amid a wider scramble to meet new compliance standards.

It’s the big data handlers – tech giants such as Facebook and Google – that are staring down the barrel of the heaviest regulator action, but smaller companies are under similar scrutiny as the GDPR and other regulation beds in. But Brexit promises to cast a further shadow of uncertainty over an already difficult situation.

Full article: Brexit and the road to GDPR compliance

Unsolicited marketing: the right approach for e-billing in light of GDPR

In a recent study by consumer body Which?, several major retailers were potentially at risk for violations of data protection regulations by sending marketing content to customers via e-receipts – the same customers who specifically requested not to be contacted for promotional offerings.

It comes as no surprise that retailers are determined to deploy such a high engagement tactic, but it does not take a GDPR expert to work out that turning transactional communications into a marketing opportunity requires thorough understanding of the rules about what can and cannot be done.

Full article: Unsolicited marketing: the right approach for e-billing in light of GDPR – GDPR.Report

IAB Europe to release updated consent framework

The Interactive Advertising Bureau (IAB) Europe is incorporating feedback from publishers, including Google, as it preps the latest version its Transparency and Consent Framework (TCF) later this year.

Google, which has continued to postpone its official alignment with the General Data Protection Regulation (GDPR) consent tool, said it will officially integrate the framework as a recognized TCF vendor after the release.

Source: Exclusive: IAB Europe to release updated consent framework later this year, Google to sign on – MarTech Today

How to comply with both the GDPR and the CLOUD Act

U.S. CLOUD Act’s compatibility with the EU General Data Protection Regulation is still an open question.

With regard to data transfer to third countries for which such transfer is subject to the GDPR, Articles 44 to 50 of the GDPR apply. In particular, Article 48 of the GDPR comes into play when EU data is being requested by a U.S. law enforcement agency.

Full article: How to comply with both the GDPR and the CLOUD Act

Company closure and 4-year ban for director after marketing regulation breach

A director of a lead generating service has been banned for four years after failing to ensure his company complied with text message regulations.

Lad Media Limited sent over 393,000 SMS messages were sent to members of the public, including to individuals whom had withdrawn their consent regarding the receipt of marketing texts or calls.

Irrespective of Lad Media’s claim that the illegal marketing had not been their fault, but was instead due to the actions of third parties, the ICO imposed a fine of £20,000.

Source: Company closure and 4-year ban for director after marketing regulation breach

Irish watchdog issues ‘no deal’ Brexit data transfers guidance

Businesses in Ireland have been urged to ensure that their transfer of personal data to the UK in a ‘no deal’ Brexit scenario is compliant with data protection law.

The guidance was issued by the Data Protection Commission (DPC) in Ireland and highlighted the use of standard contract clauses (SCCs) endorsed by the European Commission as a means of ensuring compliance, but a data protection law experts have warned that the use of SCCs alone may not be sufficient for Irish company to demonstrate compliance.

Source: Irish watchdog issues ‘no deal’ Brexit data transfers guidance

Facebook to appeal German data decision

Facebook has said it will appeal a decision by Germany’s main competition authority that serves to restrict its collection and aggregation of personal data.

Facebook said the German regulator had confused the company’s “popularity” with the concept of being ‘dominant’ in the market for the purposes of competition law.

Source: Facebook to appeal German data decision

How to avoid consent fatigue

Consent requests combined with the obligation of transparency aims to give back control to individuals over the use of their personal data.

However, the frequency of interactions with organizations that collect personal data makes it tedious, if not practically impossible, for individuals to process the information contained within a consent format, in particular, where organizations unduly use bundled consents to a broader range of operations.

Source: How to avoid consent fatigue

Firms are focusing data encryption efforts in the wrong place

Businesses urgently need to review data storage infrastructures if they are to remain confident that they are meeting compliance regulations. Historically, companies have been concerned that it would be those outside the organisation who would be a threat to data security.

Full article: Firms are focusing data encryption efforts in the wrong place

Oracle faces tough decisions regarding its data practices

Oracle has spent five years and billions of dollars getting really good at following people around the internet. However, its data business started to look a lot riskier.

Facing tough questions about its practices over the past year, Oracle’s advertising software division, known as Data Cloud, has implemented previously unreported dismissals.

Full article: Oracle Didn’t See the Data Reckoning Coming – Bloomberg

1 2 3 41
>