Free tools and resources for Data Protection Officers!

Tag Archives for " GDPR "

Brexit and the road to GDPR compliance

Since the GDPR came into effect, many organisations have fallen victim to data protection penalties amid a wider scramble to meet new compliance standards.

It’s the big data handlers – tech giants such as Facebook and Google – that are staring down the barrel of the heaviest regulator action, but smaller companies are under similar scrutiny as the GDPR and other regulation beds in. But Brexit promises to cast a further shadow of uncertainty over an already difficult situation.

Full article: Brexit and the road to GDPR compliance

Geofencing rises privacy concerns

Geofencing is becoming increasingly popular as a means by which to deliver hypertargeted advertising content.

At the same time, today’s data privacy regulatory environment is increasingly aggressive and gaining international momentum. Geofencing raises a number of legal concerns that digital marketers must consider to avoid being caught in regulatory crosshairs.

Full article: Geofencing Could Become A Magnet For Regulatory Scrutiny | AdExchanger

IAB Europe to release updated consent framework

The Interactive Advertising Bureau (IAB) Europe is incorporating feedback from publishers, including Google, as it preps the latest version its Transparency and Consent Framework (TCF) later this year.

Google, which has continued to postpone its official alignment with the General Data Protection Regulation (GDPR) consent tool, said it will officially integrate the framework as a recognized TCF vendor after the release.

Source: Exclusive: IAB Europe to release updated consent framework later this year, Google to sign on – MarTech Today

How to comply with both the GDPR and the CLOUD Act

U.S. CLOUD Act’s compatibility with the EU General Data Protection Regulation is still an open question.

With regard to data transfer to third countries for which such transfer is subject to the GDPR, Articles 44 to 50 of the GDPR apply. In particular, Article 48 of the GDPR comes into play when EU data is being requested by a U.S. law enforcement agency.

Full article: How to comply with both the GDPR and the CLOUD Act

Irish watchdog issues ‘no deal’ Brexit data transfers guidance

Businesses in Ireland have been urged to ensure that their transfer of personal data to the UK in a ‘no deal’ Brexit scenario is compliant with data protection law.

The guidance was issued by the Data Protection Commission (DPC) in Ireland and highlighted the use of standard contract clauses (SCCs) endorsed by the European Commission as a means of ensuring compliance, but a data protection law experts have warned that the use of SCCs alone may not be sufficient for Irish company to demonstrate compliance.

Source: Irish watchdog issues ‘no deal’ Brexit data transfers guidance

Data location vendor worked with GDPR regulator on data consent model, yielding 70% opt-in rates

Last August French privacy regulator CNIL cited two French location-intelligence companies (Fidzup and Teemo) as non-compliant with GDPR consent rules (as well as French privacy law).

Teemo then worked cooperatively with CNIL to develop specific consent language around third-party use of location data. Surprisingly, but the opt-in rates were 70%. Teemo says that transparency gives consumers a sense of control and they respond positively as a result.

Source: Data location vendor worked with GDPR regulator on data consent model, yielding 70% opt-in rates – MarTech Today

USA Big Tech encouraged to adopt GDPR-style rules

The multinational tech conglomerate, Cisco Systems has urged tech companies in the US to embrace more regulation and to follow the example of the EU’s General Data Protection Regulation (GDPR).

The group’s chief legal and compliance officer, Mark Chandler, has said regulation is now due; his calls add volume to the demands being made on US politicians to increase scrutiny and power over tech companies, against a backdrop of increasing global awareness of the importance of data security.

Source: USA Big Tech encouraged to adopt GDPR-style rules

Firms are focusing data encryption efforts in the wrong place

Businesses urgently need to review data storage infrastructures if they are to remain confident that they are meeting compliance regulations. Historically, companies have been concerned that it would be those outside the organisation who would be a threat to data security.

Full article: Firms are focusing data encryption efforts in the wrong place

Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

Data Protection Authority (DPA) of the German state of Bavaria announced it was considering fining a number of companies under the GDPR for their website cookie practices.

None of these companies appear to be in Google-style tech industries. The Bavarian DPA’s action potentially signals that cookies, user tracking, and online advertising are not a ‘tech industry issue,’ but instead a priority issue for companies irrespective of their industry – and one that can carry GDPR fine risk.

Full article: Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

1 2 3 101
>