Tag Archives for " GDPR "

Is your company part of the GDPR ‘mobile loophole’?

Europe is leading the way in privacy protection with General Data Protection Regulations (GDPR). But most companies are not focused on what it means for their mobile workers. Personal mobile devices, which often contain corporate data from being connected/synced to back office systems, and including data about individuals, are subject to the same regulations and restrictions of GDPR as larger systems (e.g., PCs and servers).

Source: Is your company part of the GDPR ‘mobile loophole’? | Computerworld

How GDPR changes use of Browser Fingerprinting and Web Trackers

Browser fingerprinting is on a collision course with privacy regulations. Compared to more well-known tracking “cookies,” browser fingerprinting is trickier for users and browser extensions to combat: websites can do it without detection, and it’s very difficult to modify browsers so that they are less vulnerable to it. As cookies have become more visible and easier to block, companies have been increasingly tempted to turn to sneakier fingerprinting techniques.

But companies also have to obey the law. And for residents of the European Union, the General Data Protection Regulation (GDPR), which entered into force on May 25th, is intended to cover exactly this kind of covert data collection. The EU has also begun the process of updating its ePrivacy Directive, best known for its mandate that websites must warn you about any cookies they are using.

Read article: The GDPR and Browser Fingerprinting: How It Changes the Game for the Sneakiest Web Trackers

DPO liability and potential insurance coverage

Could data protection officers (DPOs) conceivably be exposed to staggering personal liability for data protection violations by their employers or clients? What are the risks of liability for both internal and external DPOs and what options might be available to them to mitigate or insure against that risk?

Read article: DPO liability and potential insurance coverage

EU court could settle ICANN data gathering dispute

The internet’s global domain name organisation, the Internet Corporation for Assigned Names and Numbers (ICANN), has appealed a recent ruling by a court in Germany on the amount of data that domain name registrars can be forced to gather on people operating websites.

“If the Higher Regional Court does not agree with ICANN or is not clear about the scope of the European Union’s General Data Protection Regulation (GDPR), ICANN is also asking the Higher Regional Court to refer the issues in ICANN’s appeal to the [CJEU],” ICANN said in a statement.

Source: EU court could settle ICANN data gathering dispute

Implementing appropriate security under the GDPR

Security of processing is a foundational principle of the GDPR. Under Article 5(1)(f), personal data shall be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”

Read full article: Implementing appropriate security under the GDPR

Looking to Canada for input on the GDPR’s data retention requirements

One of the core principles of data processing set forth in Article 5(e) of the EU General Data Protection Regulation is that personal data shall be retained in a form that “permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.” Although this language is not complex, it raises critical questions not answered within the text, namely: What comprises a purpose and how does one determine whether the purpose is resolved?

Read full article: Looking to Canada for input on the GDPR’s data retention requirements

GDPR implementation bills: The election problem

It is by now no secret that a lot of EU countries won’t have implementing acts ready in time for the introduction of the General Data Protection Regulation this week. While this is unlikely to be the end of the world for most companies — the GDPR doesn’t need to be transposed into member states’ national laws to apply — it does create a level of confusion where the new regulation clashes with still-active national implementations of the old EU Data Protection Directive.

Read full article: GDPR implementation bills: The election problem

How not to write your GDPR-‘compliant’ data protection notice

GDPR requires companies to have a robust data processing notices. However, “obfuscating their data collection and processing activities on the personal data while using the keywords from the GDPR, some controllers are publishing revised DP policies that under-inform or misinform their customers.”

Read full article: How not to write your GDPR-‘compliant’ data protection notice

New French data protection law declared constitutional and ready for promulgation

The French Constitutional Council has issued its ruling on June 12 regarding the new data protection law implementing the EU General Data Protection Regulation (GDPR). It’s a PASS! Almost a month after Senators referred the newly adopted data protection law to the Constitutional Council, thus blocking its promulgation on time for the GDPR’s entry into application last May 25, the suspense comes finally to an end.

Source: FRANCE: New data protection law declared constitutional and ready for promulgation

1 2 3 72
>