fbpx

Download free GDPR compliance checklist!

Tag Archives for " compliance "

The Polish supervisory authority imposed first administrative fine on a public entity

The President of the Personal Data Protection Office (“The President of the Office”) imposed first administrative fine of PLN 40,000 on a public entity for failure to comply with the GDPR.

The reason for imposing the fine was that the mayor of the city did not conclude a personal data processing agreement with the entities to which he transferred data.

Apart from the financial penalty, the President of the Office also ordered the controller to take action to remedy the relevant infringements within 60 days

Source: The Polish supervisory authority imposed first administrative fine on a public entity

Irish Department of Social Protection accused of ‘mass surveillance’

A complaint has been made to the Data Protection Commissioner accusing the Department of Employment Affairs and Social Protection of engaging in “mass surveillance” with regard to the collation of data from the free travel pass variant of the Public Services Card.

The complainant, Martin McMahon, from Dublin, noted when travelling with his own travel pass that his rights were being breached under the General Data Protection Regulation as his movements were being ‘recorded’.

Source: PSC fall-out: Department of Social Protection accused of ‘mass surveillance’

Facebook WhatsApp, Twitter investigations in Ireland reach conclusion

Ireland’s Data Protection Commission has concluded investigations into Facebook’s WhatsApp and Twitter over possible breaches of EU data privacy rules.

The investigations will now move into the decision-making phase. During this next phase, Ireland’s chief data regulator, Helen Dixon, will issue draft decisions, which are expected to come toward the end of the year.

Source: Facebook WhatsApp, Twitter investigations in Ireland reach conclusion

Only 28% Of Firms Are Complying With GDPR

The Capgemini Research Institute reports that only 28% of European firms have achieved full adherence with the law that took effect in May 2018.

U.S. firms are closest — 35% were compliant as of June of this year.

However, compliant firms say they are enjoying improved customer trust, brand image and employee morale. In addition, they have benefitted from improvements in their IT systems and cybersecurity practices.

Source: Only 28% Of Firms Are Complying With GDPR: Study 09/30/2019

Danish DPA Takes New Position on the GDPR Legal Basis for Posting Online Photos

The Danish Data Protection Authority has changed its position regarding the legal basis for posting pictures online under the General Data Protection Regulation (GDPR). Rather than a distinction between “situational” and “portrait” pictures, Datatilsynet now requires a case-by-case analysis.

The Danish DPA will no longer distinguish between situational and portrait images. It now holds that the question of whether a picture can be published on the Internet — without the consent of the person concerned — will depend on a comprehensive assessment of the picture and the purpose of the publication.

Source: Picture Picture on the Wall: Danish DPA Takes New Position on the GDPR Legal Basis for Posting Online Photos

How to manage, monitor and validate third-party data sharing

When companies manage how personal data is shared and transferred to third parties, much of the effort lately has been focused on bringing legal contracts in line with requirements under the EU General Data Protection Regulation and now, increasingly, the California Consumer Privacy Act.

How can organizations effectively ensure they have the requisite data knowledge to validate data flows and the purpose of processing, as well as monitor data transfers to flag when personal data is going where it shouldn’t?

Read full article: How to manage, monitor and validate third-party data sharing

OTA Analysis Finds Most Organizations Not Ready For New Privacy Regulations

The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Internet, announced today the results of its latest report, “Are Organizations Ready for New Privacy Regulations?”.

OTA analyzed 29 variables in 1,200 privacy statements against common themes in three major privacy regulations: the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

Source: OTA Analysis Finds Most Organizations Not Ready For New Privacy Regulations | Internet Society

Terms, Conditions and Considerations Under the GDPR

With the recent major GDPR cases on Facebook and Google, DPOs at smaller companies are getting worried and challenged in ensuring terms and conditions and privacy notices are not mixed up.

With hundreds of policy templates to choose from one of the difficulties is writing a privacy policy that is not so long that no one can read it, nor so short that it doesn’t cover the bases, but striking the right balance between the unreadable and the unworkable is essential.

Full article: Terms, Conditions and Considerations Under the GDPR – CPO Magazine

More than half of UK businesses are not fully GDPR compliant

Research by Egress has revealed that 52% of UK businesses are still not fully compliant with GDPR regulation since its implementation.

The survey of UK GDPR decision-makers found that 37% of respondents had reported an incident to the ICO in the past year, to which 17% having done so more than once.

Source: #privacy: More than half of UK businesses are not fully GDPR compliant

Bavarian DPA investigates Blood Donation Service for website tracking

The Bavarian Data Protection Authority (BayLDA) is currently scrutinising the website of the blood donation service of the Bavarian Red Cross as part of a focused data protection review.

The reason for this was the use of tracking tools on the website of the blood donation service. In particular, the BayLDA will look at whether sensitive data about the users’ health has been used by Facebook.

If tracking tools are used, quite a number of data protection requirements must be observed. This is not as simple as merely informing the user about the tracking tools in simple terms; the website operator must also ensure that they legally integrate the tracking tools, i.e. that a legal basis allows the integration or that the users have given their consent in advance.

Source: Blood Donation Service under high scrutiny

>