fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " compliance "

How to achieve digital governance?

Digital governance is corporate oversight of technologies that use personal or sensitive information, make autonomous decisions or exercise human-like responsibilities. The concept addresses disruptive technologies including artificial intelligence (AI), connected devices (IoT, cars, ubiquitous sensors, etc), and machine learning.

To establish digital governance programmes, companies must:

  1. first structure themselves accordingly,
  2. have a full picture of what they are doing,
  3. create an organisational culture that values fair digital practices.

Full article: Data Protection & Cybersecurity 2019 | Global Practice Guides | Chambers and Partners

Zuckerberg says governments need to do more to support data privacy

Mark Zuckerberg has responded to privacy pressures by asking regulators and governments to do more to help control content that gets published online.

Writing in the Washington Post, the Facebook boss acknowledged the “major” role that tech plays in our everyday lives, as well as the “immense responsibilities” that lie on the shoulders of companies such as Facebook.

However, experts have questioned whether the Facebook chief’s message is little more than an acknowledgement of the fact that the social network has to comply with new data privacy laws.

Source: Zuckerberg says governments need to do more to support data privacy

Forget about defining a DPO; define the data protection committee instead

Data protection professionals and organization management officers share a common question: Who should the data protection officer be? Some argue that a legal professional is most suitable for this role; some argue that an operations professional is the natural pick.

Full article: Forget about defining a DPO; define the data protection committee instead

The 4 Ps of leveraging data privacy for enhanced investment

Recent research shows over half (55 percent) of M&A professionals have had deals fall through due to concerns over GDPR and target firms’ data practices, and 66 percent of those M&A professionals believe GDPR will increase acquirers’ scrutiny of data protection policies and processes of target firms.

Just as financial information and cyber risk realities have long required organizations to employ accountants and cybersecurity professionals to conduct frequent audits and implement proactive monitoring, data privacy now requires a unique level of organizational data diligence, in addition to the appointment of personnel such as data protection officers (DPOs) to serve as advocates for the plethora of consumer and employee data companies collect, store and manage.

given today’s ever-evolving data privacy realities, companies should abide by the four “Ps” rule to show suitors that their company is a safe bet:

  • Policy,
  • People,
  • Process,
  • Product.

Full article: The 4 Ps of leveraging data privacy for enhanced investment | TechRadar

How to report a data breach under GDPR

Data breach notification requirements are now mandatory and time-sensitive under GDPR.

While the details of what an organization needs to report in the event of a breach is defined within the legislation, when to report a data breach and which authority you should report the incident to are not as clear.

Read full article: How to report a data breach under GDPR

European Commission urged to investigate Romanian GDPR implementation

Issue The Romanian law implementing the General Data Protection Regulation (GDPR) allows national political parties to process personal data, including sensitive data, in a manner that disregards citizen rights. Law no. 190/2018 excludes the need to acquire consent for processing personal data, including sensitive data.

Source: European Commission urged to investigate Romanian GDPR implementation

First fine imposed by the Polish privacy watchdog

The President of the Personal Data Protection Office (UODO) imposed its first fine for the amount of PLN 943 000 (around €220 000) for the failure to fulfil the information obligation.

The decision of the UODO’s President concerned the proceedings related to the activity of a company which processed the data subjects’ data obtained from publicly available sources, inter alia from the Central Electronic Register and Information on Economic Activity, and processed the data for commercial purposes. The authority verified incompliance with the information obligation in relation to natural persons conducting business activity – entrepreneurs who are currently conducting such activity or have suspended it, as well as entrepreneurs who conducted such activity in the past.

The controller fulfilled the information obligation by providing the information required under Art. 14 (1) – (3) of the GDPR only in relation to the persons whose e-mail addresses it had at its disposal. In case of the remaining persons the controller failed to comply with the information obligation – as it explained in the course of the proceedings – due to high operational costs. Therefore, it presented the information clause only on its website. In the opinion of the President of the Personal Data Protection Office, such action was insufficient.

Source: First fine imposed by the President of the Personal Data Protection Office | European Data Protection Board

Uber faces fresh legal challenge over driver data

Uber drivers in the U.K. are filing a lawsuit against the company over allegations the firm has continuously broken European data protection laws.

Four drivers are taking legal action against the ride-hailing giant, claiming the company is “failing to honour its obligations” under the EU’s General Data Protection Regulation (GDPR) legislation.

Source: Uber faces fresh legal challenge over driver data

>