Free tools and resources for Data Protection Officers!

Tag Archives for " data subject rights "

Facebook Promised A Clear History Tool. Where Is It?

Last May, Facebook promised to create a “Clear History” function it said would give users more control over their data. Nine months later it’s nowhere to be found and sources say it’s a key example of the company’s “reactionary” way of dealing with privacy concerns.

Full article: Former Facebook Employees Say The Company’s Prioritization Of Privacy Is About Optics

GDPR investigation begins after a filmmaker’s name is misspelt

The Irish Data Protection Commission (IDPC) is looking into a potential breach of GDPR standards, after a filmmaker filed an official complaint for the misspelling of his name.

The director at the centre of what may be a landmark case, Ciarán Ó Cofaigh, claims the EU’s new data laws provision individuals with the legal right to have their name correctly spelt.

Source: GDPR investigation begins after a filmmaker’s name is misspelt

GDPR makes it easier to get your data, but doesn’t mean you’ll understand it

“Right of Access” says that, when requested, any company should be prepared to provide you with your personal data.

They should provide it in a way that’s easy for you to read, in a timely manner, and with enough background information for you to understand how they got it and how they use it. The problem is that companies can often be really stingy about actually providing this data.

Full article: GDPR makes it easier to get your data, but doesn’t mean you’ll understand it – The Verge

Dutch surgeon wins landmark ‘right to be forgotten’ case

A Dutch surgeon formally disciplined for her medical negligence has won a legal action to remove Google search results about her case in a landmark “right to be forgotten” ruling.

The doctor’s registration on the register of healthcare professionals was initially suspended by a disciplinary panel because of her postoperative care of a patient. After an appeal, this was changed to a conditional suspension under which she was allowed to continue to practise.

Google and the Dutch data privacy watchdog, Autoriteit Persoonsgegevens, initially rejected attempts to have the links removed on the basis that the doctor was still on probation and the information remained relevant.

Source: Dutch surgeon wins landmark ‘right to be forgotten’ case | Technology | The Guardian

UK Court of Appeal reverses High Court decision on data subject access requests

In June 2018, in B v General Medical Council [2018] EWCA Civ 1497, a majority of the Court of Appeal reversed the earlier decision of the English High Court and permitted General Medical Council, as data controller, to disclose an expert medical report to a patient pursuant to a data subject access request.

Full article: UK Court of Appeal reverses High Court decision on data subject access requests

Apple gives U.S. users tool to see what data it has collected

Apple on Wednesday rolled out an online tool to users in the United States and several other countries to download, change or delete all the data that the iPhone maker has collected on them. It also gives users a simpler way to make changes to the data, suspend their Apple account or even permanently delete it. Previously such tool was available to users in the European Union and was built in response to the region’s General Data Protection Regulation, or GDPR.

Source: Apple gives U.S. users tool to see what data it has collected | Reuters

Data privacy complaints skyrocket in France in GDPR era

France’s CNIL data protection agency has revealed a marked increase in the numbers of data privacy complaints being made on the other side of the channel since the EU’s new data laws kicked in at the start of the summer. Organisations have long been preparing for the General Data Protection Regulation (GDPR), the arrival of which made headlines not least for the eye-boggling financial penalties with which the laws can hit businesses, should malpractice come to the attention of the regulator.

Source: Data privacy complaints skyrocket in France in GDPR era

The majority of businesses are failing to comply with GDPR

Some 70% of businesses worldwide failed to address requests made from individuals seeking to obtain a copy of their personal data as required by GDPR (General Data Protection Regulation) within the one-month time limit set out in the regulations, reveals new research from Talend, a global leader in cloud data integration solutions.

Source: The majority of businesses are failing to comply with GDPR

How to comply with the right to erasure

Now that the General Data Protection Regulation has come into force, organizations need to be able to process requests to erase the personal data of individuals. To establish this capability, changes to a variety of policies and procedures across the organization need to be implemented.

For one, the systems, applications and databases need to be calibrated to allow the easy identification and deletion of data related to the requesting individual. Then, policies and procedures need to be in place for the data protection officer and other stakeholders to follow the full lifecycle of the data erasure request. Finally, the DPO should maintain oversight of the effectiveness of every step of the way to the deletion and communicate timely to the data subject.

Full article: How to comply with the right to erasure (if you haven’t already!)

1 2 3 7
>