Download free GDPR compliance checklist!

Tag Archives for " compliance "

GDPR compliance is the key to a smooth transition through Brexit

Brexit’s effect on data laws demands that data management remains a top business priority for UK organisations.

During the 11 month transition period, EU law will continue to apply to the UK. GDPR compliance will remain mandatory, with failure to comply continuing to result in fines. The UK Data Protection Act 2018 will sit alongside GDPR in the UK.

The UK also plans to seek an adequacy agreement once it leaves the EU, which would allow for the continued free flow of data between the two areas, although it’s unclear how long this negotiation may take, or even if the EU would grant the status.

Source: GDPR compliance is the key to a smooth transition through Brexit | IT PRO

German court sides with consumer groups against Facebook data collection

Facebook has suffered a blow against its data collection practices in Europe, with a German court ruling some of the social media giant’s user terms.

Last week a Berlin Court ruled in favour of the Federation of German Consumer Organisations, known locally as VZBV, in its case against Facebook. VZBZ alleged the tech giant is violating GDPR’s “informed consent” requirements with its privacy settings and some of its terms and conditions.

Source: German court sides with consumer groups against Facebook data collection – Which-50

GDPR Subverted by Cookie Consent Tools

New study suggests that many websites are navigating around GDPR by tailoring the design of their cookie consent tools and using dark patterns to provide a misleading veneer of a consent agreement.

According to the researchers, the study illustrates “the extent to which illegal practices prevail, with vendors of CMPs turning a blind eye to — or worse, incentivising — clearly illegal configurations of their systems.”

Source: GDPR Subverted by Cookie Consent Tools, Study Reveals – CPO Magazine

Privacy investments get positive ROI

Cisco’s 2020 data privacy benchmark study provide strong evidence that privacy has become an attractive investment even beyond any compliance requirements. Organizations that get privacy right improve their customer relationships, operational efficiency, and bottom-line results.

The data in this report is derived from the Cisco Annual Cybersecurity Benchmark Study, a double-blind survey of 2800 security professionals in 13 countries. Survey respondents represent all major industries and a mix of company sizes.

Source: From Privacy to Profit: Achieving Positive Returns on Privacy Investments

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

Italy fines gas company EUR 11.5 million for unsolicited telemarketing

The Italian Supervisory Authority imposed two fines on Eni Gas and Luce (Egl), totalling EUR 11,5 million, concerning respectively illicit processing of personal data in the context of promotional activities and the activation of unsolicited contracts.

The first fine of EUR 8,5 million relates to unlawful processing in connection with telemarketing and teleselling activities – advertising calls made without the consent of the contacted person or despite that person’s refusal to receive promotional calls, or without triggering the specific procedures for verifying the public opt-out register; the absence of technical and organisational measures to take account of the indications provided by users; longer than permitted data retention periods; and the acquisition of the data on prospective customers from entities (list providers) that had not obtained any consent for the disclosure of such data.

The second fine of EUR 3 million concerns breaches due to the conclusion of unsolicited contracts for the supply of electricity and gas under ‘free market’ conditions – many individuals learned about the conclusion of a new contract only on receiving the letter of termination of the contract with the previous supplier or else the first Egl bills.

Source: THE ITALIAN SUPERVISORY AUTHORITY FINES ENI GAS E LUCE EUR 11.5 MILLION – On account of unsolicited telemarketing and contracts

‘Prepare for ICO to utilise its wider powers’: UK regulator issues warning to adtech

The UK’s data regulator, the Information Commissioner’s Office (ICO), has issued a warning to any adtech companies which have failed to “use the window of opportunity to engage and transform” their practices – it’s coming for them.

The ICO’s update on its investigation into the adtech sector reveals it focused on specific issues such as the treatment of “special category data” – like race, sexuality and health – as well as how secure data is as it’s passed through the supply chain and the thorny issue of Legitimate Interest.

Source: ‘Prepare for ICO to utilise its wider powers’: UK regulator issues warning to adtech | The Drum

Facebook is ordered to hand over data about thousands of apps that may have violated user privacy

A Massachusetts judge rejected the tech giant’s earlier attempt to withhold the evidence from state officials investigating its privacy practices.

Massachusetts revealed it was probing Facebook over its data-collection practices in September, an investigation that stemmed from the company’s entanglement with Cambridge Analytica.

Source: Massachusetts court orders Facebook to hand over data on apps that may have violated users’ privacy – The Washington Post

Carrefour’s fingerprint payments to be investigated by Belgian privacy agency

The Belgian Data Protection Authority has stated that there is “a good chance” it will investigate Carrefour’s fingerprint payment system.

The supermarket chain announced on Tuesday that it will organise a pilot project allowing clients to pay for their groceries with their fingerprints in a store in the centre of Brussels. The clients will be able to pay by scanning their finger at the cash register, after which the money will disappear from their bank account.

Source: Carrefour’s fingerprint payments to be investigated by Belgian privacy agency

2019 registers over €400m in data protection fines in Europe

Last year, the data protection authorities in the EEA imposed 190 fines with a total cost of over €410,000,000, according to a new report by Federprivacy.

The study analyzed official sources of information in the 30 countries that are part of the European Economic Area (EEA).

The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20. The strictest has been the UK (ICO) with €312,000,000 of sanctions (76% of the total).

Source: #Privacy: 2019 registers over €400m in data protection fines in Europe