Tag Archives for " data subject rights "

UK Court of Appeal reverses High Court decision on data subject access requests

In June 2018, in B v General Medical Council [2018] EWCA Civ 1497, a majority of the Court of Appeal reversed the earlier decision of the English High Court and permitted General Medical Council, as data controller, to disclose an expert medical report to a patient pursuant to a data subject access request.

Full article: UK Court of Appeal reverses High Court decision on data subject access requests

Apple gives U.S. users tool to see what data it has collected

Apple on Wednesday rolled out an online tool to users in the United States and several other countries to download, change or delete all the data that the iPhone maker has collected on them. It also gives users a simpler way to make changes to the data, suspend their Apple account or even permanently delete it. Previously such tool was available to users in the European Union and was built in response to the region’s General Data Protection Regulation, or GDPR.

Source: Apple gives U.S. users tool to see what data it has collected | Reuters

Data privacy complaints skyrocket in France in GDPR era

France’s CNIL data protection agency has revealed a marked increase in the numbers of data privacy complaints being made on the other side of the channel since the EU’s new data laws kicked in at the start of the summer. Organisations have long been preparing for the General Data Protection Regulation (GDPR), the arrival of which made headlines not least for the eye-boggling financial penalties with which the laws can hit businesses, should malpractice come to the attention of the regulator.

Source: Data privacy complaints skyrocket in France in GDPR era

The majority of businesses are failing to comply with GDPR

Some 70% of businesses worldwide failed to address requests made from individuals seeking to obtain a copy of their personal data as required by GDPR (General Data Protection Regulation) within the one-month time limit set out in the regulations, reveals new research from Talend, a global leader in cloud data integration solutions.

Source: The majority of businesses are failing to comply with GDPR

How to comply with the right to erasure

Now that the General Data Protection Regulation has come into force, organizations need to be able to process requests to erase the personal data of individuals. To establish this capability, changes to a variety of policies and procedures across the organization need to be implemented.

For one, the systems, applications and databases need to be calibrated to allow the easy identification and deletion of data related to the requesting individual. Then, policies and procedures need to be in place for the data protection officer and other stakeholders to follow the full lifecycle of the data erasure request. Finally, the DPO should maintain oversight of the effectiveness of every step of the way to the deletion and communicate timely to the data subject.

Full article: How to comply with the right to erasure (if you haven’t already!)

What We Mean When We Say “Data Portability”

“Data portability” is a feature that lets a user take their data from a service and transfer or “port” it elsewhere. This often comes up in discussions about leaving a particular social media platform and taking your data with you to a rival service. But bringing data to a competing service is just one use for data portability; other, just-as-important goals include analyzing your data to better understand your relationship with a service, building something new out of your data, self-publishing what you learn, and generally achieving greater transparency.

Full article: What We Mean When We Say “Data Portability” | Electronic Frontier Foundation

Data portability: the hidden GDPR risk your business needs to cover

The right to data portability is one of the most fundamental, but also most contentious rights within the GDPR. Whilst we saw parallels between the Data Protection Act and GDPR, data portability was a brand new requirement for businesses.

Read article: Data portability: the hidden GDPR risk your business needs to cover

‘Right to be forgotten’ could threaten global free speech

The “right to be forgotten” online is in danger of being transformed into a tool of global censorship through a test case at the European court of justice (CJEU) this week, free speech organisations are warning.

An application by the French data regulator for greater powers to remove out of date or embarrassing content from internet domains around the world will enable authoritarian regimes to exert control over publicly available information, according to a British-led alliance of NGOs.

Source: ‘Right to be forgotten’ could threaten global free speech, say NGOs | Technology | The Guardian

Irish DPA investigates Facebook’s refusal of Subject Access Request

When Facebook refuses Subject Access Request from one of its users, the alarm bells start to ring. Particularly when this is a legal obligation under GDPR. Following a complaint made by a UK academic, the Irish Data Protection Commissioner is to investigate Facebook’s failure to comply.

Source: Facebook refuses Subject Access Request | The GDPR Guys

ICO publishes new guide for students to demand more information about their exam results

The United Kingdom’s Information Commissioner’s Office has published a new guide for students on demanding more information about their exam results. The new rights from GDPR enables students to ask what information is being held on them including exam marks, examiner’s comments and the minutes of any examination appeals panel.

Source: ICO publishes new guide for students to demand more information about their exam results

1 2 3 6
>