fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " compliance "

Personal information management systems: A new era for individual privacy?

PIMS, also referred to as personal data stores, personal data spaces, or personal data vaults, are systems that allow people to control their personal data and manage their online identity by enabling individuals to gather, store, update, and share personal data.

Importantly, PIMS also let people allow, deny, or withdraw consent to third-parties for access to their personal data. PIMS can facilitate compliance with existing privacy laws by making it easier for organizations to gain effective consent of users, which can be an administrative burden.

Full article: Personal information management systems: A new era for individual privacy?

Asian firms are better prepared than European peers to comply with privacy regulations

The report, The transparent business barometer: Preparing for the end of easy data, written by The Economist Intelligence Unit (EIU) found that firms in China and South-east Asia are more confident than those in Europe to deal with potentially stricter rules around consumer-data gathering and use; the US leads both regions.

Asian companies may be ahead of the ethics curve: companies in China and South-east Asia are more likely to tie data-privacy practices to good corporate governance than those in the West. Yet firms also generally believe people are willing to trade data privacy for improved services.

Source: Asian firms are better prepared than European peers to comply with data-privacy regulations, according to new EIU study, Business Insider – Business Insider Singapore

EDPB LIBE report on the implementation of GDPR

On February 26, the EDPB Chair and Vice-Chair addressed the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) presenting EDPB’s first report on implementation of EU General Data Protection Regulation (GDPR) and the roles and means of the national supervisory authorities.

You can read the full report here: EDPB LIBE Report

Bavarian Data Protection Authority announces possible fines after website search

At the beginning of February, the Bavarian Data Protection Authority (DPA) participated in the Safer Internet Day (SID) 2019 and searched 40 websites of large companies based in Bavaria.

The DPA reviewed cyber security and user tracking practices with the finding that in the DPA’s view none of the 40 companies provided for GDPR-compliant practices on their websites. As a result, the DPA announced it is considering fines under the GDPR.

Source: Germany: Bavarian Data Protection Authority announces possible fines after sobering result of website search

EU Regulators Increase Focus on Cookie Practices

In the absence of cookies-related guidance and enforcement by regulators against ordinary website publishers and operators, many e-commerce sites, online publishers and other website operators have taken a “wait and see” approach with respect to implementing GDPR-compliant cookies consent procedures.

Full article: EU Regulators Increase Focus on Cookie Practices

GDPR – Improving Data Privacy and Cyber Resilience?

Even though GDPR has only been in effect for nine months, regulators across Europe have seen the number of breach notifications. Since many data protection authorities have a big backlog of data breach reports, it is not yet clear how organizations are being affected by potential GDPR fines.

2019 is likely to be the first year that GDPR’s policy enforcement will be tested on a broad scale. By implementing the core pillars of GDPR, organizations can assure they meet the mandate’s requirements while strengthening their cyber security posture.

Source: GDPR – Improving Data Privacy and Cyber Resilience? | SecurityWeek.Com

UK’s ICO rides two businesses

The UK’s data protection watchdog raided two businesses suspected of making millions of nuisance calls.

The Information Commissioner’s Office has been investigating the companies, based in Brighton and Birmingham, for a year after receiving roughly 600 complaints about them.

The calls – said to involve road traffic accidents, personal injury claims and household insurance – did not identify the firms or allow people to opt out of receiving them.

Source: Raiding party! UK’s ICO drops in unannounced on couple of dodgy-dialling dirtbag outfits • The Register

Most ICO data breach reports late and incomplete prior to GDPR

A Freedom of Information (FOI) request from the Information Commissioner’s Office (ICO) was released today revealing the amount of late and incomplete data breach reports prior to GDPR.

It found that businesses routinely delayed data breach disclosure and failed to provide important details to the ICO in the year prior to the GDPR’s enactment.

On average, businesses waited three weeks after discovery to report a breach to the ICO, while the worst offending organisation waited 142 days. The vast majority (91%) of reports to the ICO failed to include important information such as the impact of the breach, recovery process and dates.

Source: Most ICO data breach reports late and incomplete prior to GDPR, reveals FOI

GDPR compliance boosts business, study shows

Businesses that are embracing the EU’s General Data Protection Regulation (GDPR) enjoy increased efficiency and are more attractive to investors, according to a new study by Cisco.

It was discovered that 59% of companies globally feel they are ready for the GDPR, with a further 29% claiming to be in good shape within 12 months.

Source: GDPR compliance boosts business, study shows

Organisations should be doing more to achieve privacy accountability

The Global Privacy Enforcement Network’s (GPEN) annual intelligence gathering operation looked at how well organisations have implemented the core concepts of accountability into their own internal privacy policies and programmes.

Whilst there were examples of good practice, it was found that a number of organisations had no processes in place to deal with the complaints and queries raised by data subjects, and were not equipped to handle data security incidents appropriately.

Source: Organisations should be doing more to achieve privacy accountability | ICO

>