Free tools and resources for Data Protection Officers!

Tag Archives for " compliance "

Private Blockchains Could Be Compatible with EU Privacy Rules

A joint study between Queen Mary University of London and the University of Cambridge concluded that, whilst challenging, it is theoretically possible for organizations to design blockchain applications that fully comply with recently implemented EU ‘General Data Protection Regulation’.

Due to innate aspects of blockchain technology, like the immutability and inability to retrospectively remove customer data recorded as such, the problems become obvious when it comes to creating a solution compatible with this European regulation.

Full article: Private Blockchains Could Be Compatible with EU Privacy Rules, Research Shows

Facebook Failed to Police How Its Partners Handled User Data

Facebook failed to closely monitor device makers after granting them access to the personal data of hundreds of millions of people, according to a previously unreported disclosure to Congress last month.

Facebook’s loose oversight of the partnerships was detected by the company’s government-approved privacy monitor in 2013. But it was never revealed to Facebook users, most of whom had not explicitly given the company permission to share their information.

Full article: Facebook Failed to Police How Its Partners Handled User Data – The New York Times

Facebook Facing GDPR Investigation over Audience Targeting Methods

Facebook is facing the wrath of the European Union’s General Data Protection Regulation (GDPR) once again following a complaint made by the UK Information Commissioner Office (ICO) to the Irish Data Protection Commission (DPC) in relations to the social media giant’s user targeting tactics.

Facebook has come in for heavy criticism in recent weeks after a number of news reporters portrayed how easy it was to post fake advertisements that appear to be sponsored/funded by real politicians. Other reports included targeting individuals with extremely conservative views and opinions.

Full article: Facebook Facing GDPR Investigation over Audience Targeting Methods – Compliance Junction

Marketers Push Agencies to Shoulder More Liability for Data Breaches

New data privacy rules are pushing marketers to unload millions of dollars in liability on the agencies that help them buy their media, forcing the shops to take on new levels of financial risks.

The focus on data privacy has heated up following the arrival of the European Union’s General Data Protection Regulation, which in many cases requires publishers and advertisers to obtain consumers’ explicit consent before using their information to tailor advertisements.

Full article: Marketers Push Agencies to Shoulder More Liability for Data Breaches – WSJ

Data dealers accused of GDPR failings

Data law regulators in Europe have been called upon to look into a potential data breach case, with brokers, credit ratings agencies and adtech firms falling under suspicion of not playing by new rules. Complaints were filed to regulators last week by a campaign group named Privacy International, regarding possible transgressions committed by the data broker Acxiom, credit rating agencies, Experian and Equifax, and software multinational, Oracle, the Financial Times online reports.

Full article: Data dealers accused of GDPR failings

IAPP-EY Annual Governance Report 2018

IAPP and Ernst & Young has published yearly report on privacy landscape. Like last year GDPR is dominating the privacy narrative.  Organizations have bulked up their privacy teams, tackled the hard work of implementing GDPR programs, spent a lot of money to get there (an average of $1.3 million, with an additional $1.8 million expected), and learned many lessons along the way. Still, fewer than 50 percent of survey respondents report they are “fully compliant” with the GDPR.

Source: IAPP-EY Annual Governance Report 2018

Are you ready to report on GDPR compliance?

Organisations had two years to prepare for GDPR compliance in the run-up to May 25, 2018. Now that the GDPR is in force, what will Regulators want to see? The question is no longer theoretical. The Dutch DPA recently announced an investigation into 30 large organisations regarding their GDPR compliance and at the outset will ask to see their records of processing activities.

Full article: Are you ready to report on GDPR compliance? Enterprise level reporting

ICO hits Leave.EU and Arron Banks insurance company with £135,000 in fines

An investigation conducted by the Information Commissioner’s Office (ICO) into a data breach suffered by Leave.EU has left the pro-Brexit campaign group with a huge financial penalty. Fines totalling £135,000 have been imposed upon Leave.EU as well as an insurance company owned by the organisation’s founder Arron Banks, due to the illegal use of personal data through political campaigning, the BBC news website reports.

Source: ICO hits Leave.EU and Arron Banks insurance company with £135,000 in fines

What does the newly signed ‘Convention 108+’ mean for UK adequacy?

The Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) has been given an overhaul to bring it into line with the General Data Protection Regulation. While Convention 108 is not an EU document, the European Commission sees the protocol as a way of encouraging “third countries” to adopt the basic tenets of the GDPR. This could be particularly interesting for the U.K., which will become a third country after Brexit.

Full article: What does the newly signed ‘Convention 108+’ mean for UK adequacy?

>