Tag Archives for " GDPR "

Global companies lacking GDPR oversight of sub-contractors

The majority of global companies admit that they do not have appropriate oversight of third parties and sub-contractors despite the imminent implementation of new data protection regulations.

A new survey by consulting firm Deloitte revealed that 57% of global organisations admitted they did not have appropriate visibility of subcontractors engaged by their third parties, a further 21% are unsure of oversight practices, and just 2% routinely review the risk subcontractors pose to their organisation.

Source: Global companies lacking GDPR oversight of sub-contractors

Is GDPR recharging cookie notice popups?

Will soon all websites greet users with interrupting and blocking pop-ups requiring to read a consent form and click “I agree” – prior to allowing the actual using of a website? Will we all be expected click in tons ? Let’s look at the worst scenario , and how we may be arriving there.

European regulations mandate that most sites need to inform their users if user data is processed. In most commonly understood and practical terms this means that websites need to seek consent prior to setting browser cookies. This requirement is de facto universal in European Union and allows “doing something” about consent for data processing.

Source: Is GDPR recharging cookie notice popups?

ICO’s Denham: May 25 is not doomsday

As the opening act for the sold-out Data Protection Intensive here in London today, U.K. Information Commissioner Elizabeth Denham set to rest some of the common misconceptions she knows privacy professionals are losing sleep over as the countdown to the General Data Protection Regulation slinks near single-digits.

The approach to data protection, and the enforcement of it, should and will be the same 36 days from now as it ever was: Following the rules is the way to go. But if you fail there, yeah, there are going to be some problems.

Source: ICO’s Denham: May 25 is not doomsday

Think globally, but direct market locally

Article 6 of the GDPR requires data controllers to have a lawful basis for data processing.

Anyone following the IAPP Privacy List knows that one of the hottest debates raging is whether direct marketing communications can rely on a “legitimate interest” basis or must be based on explicit consent.

Source: DPO Confessional: Think globally, but direct market locally

GDPR: Opportunities and challenges

The main challenge of GDPR for corporations will be assessing their current information collection and storage systems against the new regulations and ensuring compliance before the deadline. Accountability is critical, and concepts such as pseudonymisation will become commonplace under the new regulations.

In addition, the cross-border transfer of EU residents’ data outside the region will be become much harder. The EU Commission will assess third countries’ level of protection by carrying out “adequacy” assessments binding to all member states. They will then carry out reviews every four years to ensure continued compliance.

Source: Countdown to GDPR: Part 2 — Opportunities and challenges

What’s new in WP29’s final guidelines on transparency?

The Article 29 Data Protection Working Party has published its “last revised” guidelines on transparency under the General Data Protection Regulation.

When the WP29 released its proposed guidelines last December offering “practical guidance and interpretive assistance” regarding transparency obligations, IAPP analyzed the key issues. In addition to a brief summary of the transparency requirements, IAPP’s analysis of the proposed guidelines focused on the meaning of phrases such as “concise, transparent, intelligible and easily accessible” and “in writing or by other means,” as well as what information should be provided and when and how to provide this information to data subjects.

Source: What’s new in WP29’s final guidelines on transparency?

DPAs to pros: There’s no grace period, folks

While privacy professionals and companies have been working to get their processes in order, so too have the regulators who are tasked with watching over those processes.

What that’s meant for the Irish, French and U.K. data protection authorities has been an increase in staff and budget across the board.

Source: DPAs to pros: There’s no grace period, folks

A flaw-by-flaw guide to Facebook’s new GDPR privacy changes

Facebook is about to start pushing European users to speed through giving consent for its new GDPR privacy law compliance changes. There are a ton of small changes, so we’ll lay out each with our criticisms.

Facebook’s consent flow starts well enough with the screen above offering a solid overview of why it’s making changes for GDPR and what you’ll be reviewing. But with just an “X” up top to back out, it’s already training users to speed through by hitting that big blue button at the bottom.

Source: A flaw-by-flaw guide to Facebook’s new GDPR privacy changes | TechCrunch

How One Location-Based Data Firm Is Preparing for GDPR

Mobile location firms that collect latitude and longitude stats have been particularly scrutinized because the data is considered personal under GDPR, requiring that consumers consent to providing companies with their information—which could potentially creep consumers out if they know their location is being mined for advertising.

Los Angeles location firm Factual is aiming to mitigate GDPR’s risks by scraping all of its data collected on European citizens. It will then get to work rebuilding its database by asking for consumers’ “explicit consent.” The company’s contracts now also require that partners have obtained data explicitly.

Source: How One Location-Based Data Firm Is Preparing for GDPR – Adweek

Facebook enlists conservative help to resist privacy rules

An email seeking U.S. groups’ assistance against EU-style regulations came as Mark Zuckerberg was preparing to testify to Congress.

Facebook asked conservative groups for help last week in heading off The company’s outreach comes as the European Union is preparing to enforce strict new privacy rules that take effect in late May. Among other things, the EU’s rules allow regulators to impose fines as high as 4 percent of a company’s global revenues for serious violations.

Source: Facebook enlists conservative help to resist privacy rules – POLITICO

1 2 3 59
>