fbpx

Download free GDPR compliance checklist!

Tag Archives for " compliance "

How to drive effective privacy operations with functional requirements

In the run-up to May 25, 2018, many businesses that thought they were well-prepared to meet their new General Data Protection Regulation obligations discovered that operationalizing many components of a GDPR-compliant privacy program requires more than simply drafting a new or updated set of policies and procedures.

With GDPR now in full effect, these businesses are quickly realizing that truly effective GDPR compliance is a highly complex undertaking requiring active, cross-functional collaboration between privacy and information technology. In instances where businesses struggle to operationalize key compliance components (e.g., response to data subject rights requests, revocation of consent), they should consider developing “functional requirements” that provide specific, detailed guidance to the privacy and IT teams to fully meet their GDPR obligations.

Source: How to drive effective privacy operations with functional requirements

Shareholders file a Class Action against company about its compliance policies

The Complaint alleges that between February 8, 2018 and July 25, 2018, Nielsen Holdings plc. made materially false and misleading statements regarding the company’s business, operational and compliance policies and recklessly disregarded its readiness for and the true risks of privacy-related regulations and policies, including the European General Data Protection Regulation (“GDPR”).

Source: Pomerantz Law Firm Announces the Filing of a Class Action against Nielsen Holdings plc and Certain Officers – NLSN – MarketWatch

Apps collect more data than disclosed in their privacy policies

Nearly 60 per cent of apps collected more information than declared in their privacy policies according to a recent study that compared the stated practices of hundreds of apps with how they actually behaved.

To generate revenue, app developers often embed software code, known as ad libraries, allowing them to display ads within their app. Because they want to make the ads relevant to individual users, ad libraries often want specific information about those users.

Source: Who has your data? Researchers scrutinize apps for undisclosed ties to advertisers, analytics companies | CBC News

Organisations must improve transparency and accountability as citizens still don’t trust them with their data

The UK’s Information Commissioner is reminding organisations to be transparent with people’s personal information, after a survey revealed trust and confidence in how organisations handle personal data is still low, despite an improvement across sectors.

Source: Organisations must continue to improve transparency and accountability as ICO survey shows most UK citizens still don’t trust organisations with their data

Three frequently asked questions about data breach reporting

One of the key reasons that organisations are anxious about the General Data Protection Regulation (GDPR) is its strict data breach notification requirement, specified in Articles 33-34, stating that organisations have only 72 hours to report a breach to supervisory authorities, which is easier said than done.

Three most asked questions about data breach reporting are:

  1. What processes need to be in place in order to respond to a personal data breach?
  2. How do you report a breach to the supervisory authority?
  3. How should I inform individuals about the breach?

Read article: Three frequently asked questions about data breach reporting

How on-chip AI helps GDPR compliance

Given the repercussions of getting GDPR compliance wrong, businesses could be forgiven for not wanting to collect any data about individuals at all. But a flow of data between businesses and consumers is essential and, whilst it can be minimised to just what is necessary to provide service, it cannot be avoided.

Read article: How on-chip AI helps GDPR compliance

Should vendors be able to pass along costs of GDPR compliance?

What wasn’t obvious when EU General General Data Protection Regulation came into force, was that vendors would swiftly pass along their own GDPR-related compliance costs to existing customers. But it seems to be a trend privacy pros are increasingly seeing.

Read article: Should vendors be able to pass along costs of GDPR compliance?

Two French location data companies receive GDPR consent warnings

The French privacy regulator CNIL recently issued official notices to two French data companies: Fidzup and Teemo. CNIL said that both companies were non-compliant with consumer consent rules under the General Data Protection Regulation (GDPR) and French privacy law.

Both are location intelligence vendors that work with retailers and brands on online-to-offline advertising and measurement. Both companies have SDKs that help them collect persistent location data from partner apps. App publishers are paid for their location data (and other data) by companies such as Fidzup and Teemo. This is a common model in the US market and outside the US, as in this case.

Source: Two French location data companies receive GDPR consent warnings – MarTech Today

Do I need a Data Protection Impact Assessment to avoid GDPR fines?

Essentially, Data Protection Impact Assessment (DPIA) is a tool that is proposed under the General Data Protection Regulation (GDPR) for doing a risk analysis of the threats that a processing activity in a business entails. If your business has sensitive or large scale data, then, DPIA becomes relevant to you ensure compliance with data protection principles and to avoid GDPR fines.

Read more: Do I need a Data Protection Impact Assessment to avoid GDPR fines? | ECOMPLY.io

What’s a GDPR complaint? No one really knows

In June, The Privacy Advisor asked global data protection authorities to reveal how many GDPR complaints had been filed thus far. The numbers they provided varied widely, from 756 in Poland and 1,124 in the U.K., to just two in Sweden, and only three in Belgium. o what is at the heart of such a discrepancy? The best answer seems to be that different DPAs define complaints differently.

Read article: What’s a GDPR complaint? No one really knows

1 34 35 36 37 38 63
>