So let’s be clear. Consent is one way to comply with the GDPR, but it’s not the only way.
A decision of the Italian privacy authority on the illegal collection of data on criminal convictions of employees raised the issue on a practice that is quite common. We are running a number of privacy audit on companies that need to get compliant with the General Data Protection Regulation and we can verify that the practice of collecting a police clearance report (in Italian the “casellario giudiziale “) of employees is quite common, regardless of the role to be taken by such employees, just because this is a standard practice adopted with anyone hired by the company and in absence of a regulatory obligation.
Ireland’s Data Protection Commissioner published guidance on appropriate qualifications for a Data Protection Officers (DPOs) under General Data Protection Regulation (GDPR).
The latest fine issued by the Information Commissioner’s Office (ICO) against TalkTalk should be seen as a warning to businesses of all sizes to keep their IT systems up to date, an expert has said.
Information Commissioner Elizabeth Denham separates fact from fiction regarding GDPR and financial penalties.
The Data Protection Authorities’ Global Privacy Enforcement Network, GPEN, has increased its information exchange by way of conference calls. The network, which at the end of 2016 consisted of 64 privacy enforcement authorities in 47 jurisdictions around the world, organised ten Atlantic teleconferences and nine Pacific teleconferences during 2016.
French regulator CNIL has issued its first fine for violations of data protection laws, since it was given the power in the Digital Republic law passed last November. Previously it could only issue verbal warnings. Car rental firm Hertz was fined EUR 40,000 for exposing personal data of members of its discount programme on its website.
Businesses cannot send marketing emails to customers that have elected to opt out of receiving such messages as part of moves to update their terms and conditions, the UK’s Information Commissioner’s Office (ICO) has said.
20 July 2017 The Spanish data protection authority announced, on 13 July 2017, that it had instituted a data protection officer certification scheme (‘the Scheme’) in collaboration with the National Accreditation Entity in light of the General Data Protection Regulation (GDPR).
UK’s Information Commissioner’s Office (ICO) published its annual report for 2016/17. The report includes the ICO’s annual operational performance statistics which were published separately earlier this year and which reflected the office’s consistently improving work to regulate information rights in the UK.