Free tools and resources for Data Protection Officers!

Tag Archives for " GDPR "

GDPR vs. CCPA

The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the California Consumer Privacy Act of 2018 (‘CCPA’) both aim to guarantee strong protection for individuals regarding their personal data and apply to businesses that collect, use, or share consumer data, whether the information was obtained online or offline.

As highlighted by the Guide, the two laws bear similarity in relation to their definition of certain terminology; the establishment of additional protections for individuals under 16 years of age; and the inclusion of rights to access personal information.

Full article: FPF and DataGuidance Comparison Guide: GDPR vs. CCPA

GDPR territorial guide has ‘sting in tail’ for US companies

Guidance published by an EU data protection watchdog on the territorial scope of the General Data Protection Regulation (GDPR) is likely to raise concern about the costs to US companies of entering the EU market.

“The sting in this document is in the last line for US corporates,” Ann Henry of Pinsent Masons said. “It is the law-abiding companies that will appoint a representative. Arguably making a representative liable will make it more difficult to find people or bodies willing to take on the role of representative given the extent of potential liability both by means of regulatory enforcement and through private rights of action under the GDPR regime.”

Full article: GDPR territorial guide has ‘sting in tail’ for US companies

DP Impact Assessments: EDPB Differs Slightly from ICO Position

The European Data Protection Board (EDPB) has recently published its Opinion on the (United Kingdom) Information Commissioner’s list of processing activities which would require a Data Protection Impact Assessment under the GDPR.

In its Opinion, the EDPB appears to be moving away from the idea that processing of genetic or loca­tion data, on its own, might be enough to trigger the mandatory DPIA requirements of the GDPR. This news will perhaps come as a relief to organi­sations currently struggling to come to grips with the “new” DPIA process and the resources and time that it demands. But, should we be surprised by the EDPB’s Opinion and will it have a significant impact in practice on the way organisations consider and conduct DPIAs?

Full article: DP Impact Assessments: EDPB Differs Slightly from ICO Position

New EDPB Guidelines on the territorial scope of the GDPR

On 26 November 2018, the WP29’s successor, the European Data Protection Board (EDPB) published, Guidelines on the territorial scope of the GDPR (Art. 3). The proposed Guidelines are open for public consultation until 18 January 2019. The Guidelines provide some clarification around the boundaries of what constitutes an establishment in the EU, the status of tourists and factors that determine whether data subjects in the EU are being targeted.

The EDPB also provides some guidance on the conditions of appointment of an EU representative for non-EU controllers and processors. However, the Guidelines do not address other key interpretive questions arising from Art. 3 and Chapter V (transfer restrictions) and leave many key legal questions open.

Full article: EU: New EDPB Guidelines on the territorial scope of the GDPR

The post GDPR landscape

With the panic over to ‘comply’ with GDPR, it is seen as becoming more of a day to day compliance matter. Of course, this assumes that organisations have the correct processes embedded in their day to day business and their staff are trained on and aware of the implications. However, there are still many questions around what is the correct approach.

Full article: The post GDPR landscape: Our Findings

Having legitimate consent is only half the battle: The top 5 ways to protect your data

A recent survey showed that nearly one in five (17%) of companies admitted they are still unsure as to what the benefits are of being GDPR-compliant . Many businesses have still not gained consent and yet are sending marketing emails.

More so, some do not have the proper opt-out policies in place and many are still struggling to make sense of the point of GDPR at all. These businesses are at risk of receiving a fine equating up to 4% of their annual turnover, a huge problem for the sole trader, man-on-the-street style business. But is this putting them at risk of more than a fine?

Full article: Having legitimate consent is only half the battle: The top 5 ways to protect your data

Instagram GDPR Tool Exposes Subscriber Passwords

A warning has been issued by Instagram that a number of users of the social media platform have had their password details exposed by a security leak.

Ironically, this breach occurred due to a flaw in the ‘Download Your Data’ tool that Instagram added to the platform to allow users to download a copy of their own data. Instagram sent these users their passwords in plain text. This feature was implemented in April in order to ensure compliance with the European Union General Data Protection legislation which became enforceable on May 25 this year. The tool was developed due to privacy concerns in the aftermath of Facebook’s Cambridge Analytica scandal.

Full article: Instagram GDPR Tool Exposes Subscriber Passwords – Compliance Junction

Google accused of GDPR privacy violations by seven countries

Consumer groups across seven European countries have filed GDPR complaints against Google’s location tracking (via Reuters). The European Consumer Organisation (BEUC), of which each of the groups are a member, claims that Google’s “deceptive practices” around location tracking don’t give users a real choice about whether to enable it, and that Google doesn’t properly inform them about what this tracking entails. If upheld, the complaints could mean a hefty fine for the search giant.

Full article: Google accused of GDPR privacy violations by seven countries – The Verge

>