Free tools and resources for Data Protection Officers!

Tag Archives for " compliance "

How to comply with both the GDPR and the Cloud Act

On March 23, 2018, U.S. Congress enacted the Clarifying Lawful Overseas Use of Data Act, which had the immediate effect of mooting the ongoing U.S. v. Microsoft litigation.

A central issue of the case was whether a web based or cloud based telecommunications or data service provider, subject to U.S. jurisdiction, could avoid being required to provide stored electronic communications for which a search and seizure warrant had been served, when such stored electronic communications were stored on servers outside of the U.S.

The U.S. CLOUD Act amended the Stored Communications Act (SCA) of 1986, which was enacted to create Fourth Amendment-like privacy protection for email and other digital communication stored or held by internet service providers.

Full article: How to comply with both the GDPR and the Cloud Act

Facebook Faces 7 Data Probes from Irish Watchdog

Facebook Inc. faces seven separate data-protection probes in Ireland as the country’s privacy regulator looks to take advantage of new rules that allow it to impose hefty fines.

The investigations are among 16 cases targeting big technology companies including Twitter Inc., Apple Inc., LinkedIn Corp., and also Facebook’s WhatsApp and Instagram.

Source: Facebook Faces 7 Data Probes as Irish Watchdog Gets Tough – Bloomberg

Russia accuses social media giants of flouting data breach laws

The Russian communication watchdog, Roskomnadzor, has begun legal proceedings against Facebook and Twitter for an apparent breach of data laws.

A civil case has been levelled at the popular social media platforms for, Russia maintains, failing to give more details on how they can achieve compliance with the eastern country’s data laws.

Source: Russia accuses social media giants of flouting data breach laws

Learning from Google’s record-setting GDPR fine

With the French Data Protection Authority (CNIL) disclosing on January 21 st a 50 million euro fine against Google LLC, we now have a precedent against which to evaluate the impact and reach of GDPR enforcement.

This is significant as, with this precedent, we can determine some of the factors a Data Protection Authority (DPA) will use in assessing the extent of a given violation.

Full article: Learning from Google’s record-setting GDPR fine

EU Data Protection Board not happy with EU-US Privacy Shield second review

On December 19, the EU Commission released its report on the second review of the EU-US Privacy Shield arrangement, the mechanism that allows for the transfer of data between the EU and the US. Overall, the Commission fins that the US authorities has taken steps to improve the functioning of the framework.

On January 24, the EU Data Protection Board gathering all EU data protection authorities announced that due to substantial shortcomings, the EU-US Privacy Shield risk could be struck down by the European Court of Justice later this year.

Source: EU-US Privacy Shield second review: “it’s mostly fine” says the Commission, “not really” replies the EU Data Protection Board

GDPR Compliance Lowers Data Breach Frequency and Impact Says Report

Companies that follow the requirements of the General Data Protection Regulation (GDPR) experience extra benefits such as lower frequency and effect of data breaches, as well as fewer records being impacted in the attacks, shorter downtimes and lower overall costs.

Full article: GDPR Compliance Lowers Data Breach Frequency and Impact Says Report

>