Tag Archives for " DPA "

ICO’s Denham: May 25 is not doomsday

As the opening act for the sold-out Data Protection Intensive here in London today, U.K. Information Commissioner Elizabeth Denham set to rest some of the common misconceptions she knows privacy professionals are losing sleep over as the countdown to the General Data Protection Regulation slinks near single-digits.

The approach to data protection, and the enforcement of it, should and will be the same 36 days from now as it ever was: Following the rules is the way to go. But if you fail there, yeah, there are going to be some problems.

Source: ICO’s Denham: May 25 is not doomsday

DPAs to pros: There’s no grace period, folks

While privacy professionals and companies have been working to get their processes in order, so too have the regulators who are tasked with watching over those processes.

What that’s meant for the Irish, French and U.K. data protection authorities has been an increase in staff and budget across the board.

Source: DPAs to pros: There’s no grace period, folks

Belgian Privacy Commission Issues Recommendation on Data Protection Impact Assessment

The Belgian Privacy Commission (recently released a Recommendation (in French and Dutch) on Data Protection Impact Assessment (“DPIA”) and the prior consultation requirements under Articles 35 and 36 of the EU General Data Protection Regulation (“GDPR”).

The Recommendation aims to provide guidance on the core elements and requirements of a DPIA, the different actors involved and specific provisions.

Source: Belgian Privacy Commission Issues Recommendation on Data Protection Impact Assessment

UK’s DPA releases data protection self assessment tool

The ICO’s data protection self assessment toolkit helps you assess your organisation’s compliance with data protection law and helps you find out what you need to do to make sure you are keeping people’s personal data secure.

The toolkit is made up of a number of checklists which cover data protection assurance, how to get ready for the General Data Protection Regulation, information and cyber security, direct marketing in line with the Privacy and Electronic Communications Regulation (PECR), records management, data sharing and subject access, and CCTV.The data protection toolkit is suitable for all businesses and will be particularly helpful to small to medium enterprises.

Source: Data protection self assessment | ICO

Why ISO 27001 is integral to data protection compliance

With the EU General Data Protection Regulation (GDPR)’s compliance deadline looming, any organisation that processes EU residents’ data will likely be investigating implementation options to help tackle its compliance project, if it hasn’t already done so.

Supervisory authorities such as the ICO have highlighted ISO 27001, the international standard that describes best practice for an information security management system (ISMS), as a way to provide assurance that the necessary technical and organisational requirements to prevent a data breach are in place.

Source: Why ISO 27001 is integral to data protection compliance – IT Governance Blog

GDPR no excuse for not meeting AML duties

Gambling operators will be able to meet their licensing obligations on problem gambling and anti-money laundering (AML) without breaching the General Data Protection Regulation (GDPR), the Gambling Commission has said.

In a new note issued to businesses in the British gambling market, the regulator acknowledged that some operators have concerns that the new data protection rules, which will apply from 25 May, will hamper their ability to meet their licensing duties. However, it said it would “not accept licensees simply stating that GDPR means that they are unable to comply with an aspect of gambling regulation”.

Source: GDPR no excuse for not meeting gambling licensing duties, says regulator

GDPR: UK watchdog promises ‘proportionate and pragmatic’ enforcement

The UK’s information commissioner has promised to use new powers to issue “hefty fines” for breaches of data protection law sparingly.

From 25 May, Elizabeth Denham will have the power to issue fines of up to 4% of a business’ annual global turnover, or €20 million, whichever is highest, where they are responsible for certain breaches of the new General Data Protection Regulation (GDPR). Other types of breaches could attract fines of up to 2% of annual global turnover, or €10m.

Source: GDPR: UK watchdog promises ‘proportionate and pragmatic’ enforcement

Grindr hit with privacy complaint in Europe over sharing user data

The Norwegian Consumer Council has filed a privacy complaint about Grindr, arguing it’s in breach of national and European data protection laws after it emerged the dating app has been sharing personal information about its users with third parties.

As we reported earlier, Norwegian research outfit SINTEF analyzed the app’s traffic and found that — if set — a user’s HIV status is included in packets sent to two app optimization firms, Apptimize and Localytics. This data was sent via an encrypted transmission. But users were not informed their HIV status was being shared.

Source: Grindr hit with privacy complaint in Europe over sharing user data | TechCrunch

New GDPR Guidelines from the Italian data protection authority

Italian companies can now rely on guidelines on how to comply with the European privacy regulation (GDPR) which unvail some interesting positions.

After the French and the Dutch data protection authorities, the Italian privacy regulator, Garante per la protezione dei dati personali, (the “Italian DPA“) issued its 6 step methodology on the GDPR which aims at also increasing awareness on the most relevant changes introduced.

Source: ITALY: New GDPR Guidelines from the Italian data protection authority

The Polish DPA’s draft list of triggers for mandatory DPIAs

In line with the Article 35(4) of the GDPR, the Polish Data Protection Authority prepared and published a draft list of the kind of processing operations subject to mandatory data protection impact assessment.

According to the authority statements, the list is based on more than twenty years of experience of the authority and reflects the requirements toward DPIAs highlighted by the Article 29 Working Party in Guidelines on Data Protection Impact Assessment and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, wp248rev.01.

Source: The Polish DPA’s draft list of triggers for mandatory DPIAs

1 2 3 17
>