fbpx

Download free GDPR compliance checklist!

Tag Archives for " GDPR "

On data protection, the UK says it will go it alone. It probably won’t.

The Prime Minister listed data protection as an area that the UK could legislate on following Brexit – but diverging from European Union rules on privacy would only complicate things.

Currently, the UK’s data privacy legislation adheres closely to the General Data Protection Regulation (GDPR), the rules that were rolled out across all European Union member states in May 2018.

Not only would deciding to scrap GDPR go against what people are used to, it would also make it difficult for UK businesses to offer their services to Europe in future.

Source: On data protection, the UK says it will go it alone. It probably won’t. | ZDNet

GDPR enforcement is on fire!

Data protection authorities (DPAs) are rapidly increasing their GDPR enforcement activities and here are some trends coming to surface.

While fines are not always particularly high, in terms of volume, data protection authorities (DPAs) are rapidly increasing their GDPR enforcement activities.

DPAs have levied 190 fines and penalties to date. Spain leads the pack as Europe’s most active regulator, followed by Romania (21) and Germany (18).

Failures of data governance – not security – trigger the most fines and penalties. Breaches are just a starting point. However, compromised data from even a single customer can be expensive.

Read full article: Guess what? GDPR enforcement is on fire! | ZDNet

Human Error Not Cybersecurity is Leading GDPR Data Breach Trend

Human error is the main data breach trend under the new GDPR regime not cybersecurity incidents according the Irish Data Protection Commission (DPC).

The DPC has detailed the data breach trends it has observed during the first year of GDPR and unauthorised disclosure tops the list accounting for 83 percent of all reported breaches.

During the first year of GDPR, beginning on the 25 of May 2018, the Irish Data Protection Commission received 5,818 data breach notifications. The DPC notes that approximately 4 percent of all reported breaches were deemed to have not meet the definition of a ‘personal data breach’ when GDPR is applied.

Source: Human Error Not Cybersecurity is Leading GDPR Data Breach Trend

Tinder’s handling of user data is now under GDPR probe in Europe

Dating app Tinder is the latest tech service to find itself under formal investigation in Europe over how it handles user data.

Ireland’s Data Protection Commission (DPC) has today announced a formal probe of how Tinder processes users’ personal data; the transparency surrounding its ongoing processing; and compliance with obligations with regard to data subject right’s requests.

Source: Tinder’s handling of user data is now under GDPR probe in Europe – TechCrunch

Cyprus DPA banns automated scoring of employee sick leaves

The Commissioner for Personal Data Protection (Cypriot SA) banned the processing and fined LGS Handling Ltd, Louis Travel Ltd and Louis Aviation Ltd (Louis Group of Companies) for a total amount of EUR 82,000.00, concerning the lack of legal basis of “Bradford Factor” tool, which was used to score sick leaves of employees.

The reasoning behind Bradford’s Factor automated system for scoring employees’ sick leave was that short, frequent, and unplanned absences lead to a higher disorganising of the company rather than longer absences.

Source: The Cypriot Supervisory Authority banned the processing of an automated tool, used for scoring sick leaves of employees, known as the “Bradford Factor’’ and subsequently fined the controller | European Data Protection Board

GDPR compliance is the key to a smooth transition through Brexit

Brexit’s effect on data laws demands that data management remains a top business priority for UK organisations.

During the 11 month transition period, EU law will continue to apply to the UK. GDPR compliance will remain mandatory, with failure to comply continuing to result in fines. The UK Data Protection Act 2018 will sit alongside GDPR in the UK.

The UK also plans to seek an adequacy agreement once it leaves the EU, which would allow for the continued free flow of data between the two areas, although it’s unclear how long this negotiation may take, or even if the EU would grant the status.

Source: GDPR compliance is the key to a smooth transition through Brexit | IT PRO

GDPR Subverted by Cookie Consent Tools

New study suggests that many websites are navigating around GDPR by tailoring the design of their cookie consent tools and using dark patterns to provide a misleading veneer of a consent agreement.

According to the researchers, the study illustrates “the extent to which illegal practices prevail, with vendors of CMPs turning a blind eye to — or worse, incentivising — clearly illegal configurations of their systems.”

Source: GDPR Subverted by Cookie Consent Tools, Study Reveals – CPO Magazine

Privacy investments get positive ROI

Cisco’s 2020 data privacy benchmark study provide strong evidence that privacy has become an attractive investment even beyond any compliance requirements. Organizations that get privacy right improve their customer relationships, operational efficiency, and bottom-line results.

The data in this report is derived from the Cisco Annual Cybersecurity Benchmark Study, a double-blind survey of 2800 security professionals in 13 countries. Survey respondents represent all major industries and a mix of company sizes.

Source: From Privacy to Profit: Achieving Positive Returns on Privacy Investments

Like CCPA, But Make it Virginia: States Scramble to Introduce Data Privacy Legislation of Their Own

With companies still scrambling to comply with the newly effective California Consumer Privacy Act (CCPA), other states continue to introduce data privacy legislation of their own.

Virginia added itself to the ever-growing list of states considering such bills when the Virginia Privacy Act (VPA) was introduced to the General Assembly for consideration January 8. The VPA combines the CCPA’s notice requirements with consumer rights similar to those found in the European Union’s General Data Protection Regulation (GDPR).

Source: Like CCPA, But Make it Virginia: States Scramble to Introduce Data Privacy Legislation of Their Own | News & Knowledge | Adams and Reese LLP

CNIL launches a public consultation on its draft recommendation on “cookies and other trackers”

On 4 July 2019, the CNIL published guidelines on the application of Article 82 of the French Data Protection Act. This article governs actions aiming at storing or gaining access to information already stored in the terminal of a user, i.e. in particular the use of cookies or other trackers when a user visits a website.

The CNIL conducted a consultation during the fall of 2019, in order to prepare a draft recommendation proposing operational procedures for obtaining consent. This draft is now subject to public consultation until 25 February, with a view to preparing the final version of the recommendation.

Source: CNIL launches a public consultation on its draft recommendation on “cookies and other trackers”

1 2 3 122
>