fbpx

Download free GDPR compliance checklist!

Tag Archives for " GDPR "

Only 25% of companies disclose data breaches despite GDPR

A high number of businesses in Europe are choosing to not disclose cyber-security breaches to the public, despite the risk of heavy GDPR fines, a new study reports.

Researchers discovered that 75% of cyber-attacks are not published, with many companies indicating that they turn a blind eye to their legal obligations.

According to the research, less than a fifth (19%) of corporations gave official notification of hacks they suffered over the last five years, despite 66% of firms surveyed saying they were aware of their legal obligations under new EU data laws in terms of reporting to their local Data Protection Authority.

Source: #Privacy: 25% of companies disclose data breaches despite in GDPR era

Spanish DPA fines company for the cookie policy with 30,000 euros

The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros because users who access the company’s website do not have the ability to configure the cookies that are installed on their computers.

When accessing online the cookie policy of the website, users are informed about what cookies are and what cookies they use (first and third-party). What the company does not provide is a management system or cookie configuration panel that allows the user to delete them in a granular way.

Source: The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros | European Data Protection Board

Irish Department of Social Protection accused of ‘mass surveillance’

A complaint has been made to the Data Protection Commissioner accusing the Department of Employment Affairs and Social Protection of engaging in “mass surveillance” with regard to the collation of data from the free travel pass variant of the Public Services Card.

The complainant, Martin McMahon, from Dublin, noted when travelling with his own travel pass that his rights were being breached under the General Data Protection Regulation as his movements were being ‘recorded’.

Source: PSC fall-out: Department of Social Protection accused of ‘mass surveillance’

Only 28% Of Firms Are Complying With GDPR

The Capgemini Research Institute reports that only 28% of European firms have achieved full adherence with the law that took effect in May 2018.

U.S. firms are closest — 35% were compliant as of June of this year.

However, compliant firms say they are enjoying improved customer trust, brand image and employee morale. In addition, they have benefitted from improvements in their IT systems and cybersecurity practices.

Source: Only 28% Of Firms Are Complying With GDPR: Study 09/30/2019

Pre-Checked Cookie Consent Invalid, EU Court Rules

The Court of Justice of the European Union (CJEU) this morning ruled that storing cookies requires internet users’ active consent.

It’s not good enough, says the CJEU, to present users with a pre-checked box and require them to click it to opt out. That consent must be specific, and that users should be informed how long cookies will be stored for and used, and whether or not third parties will have access to them.

That decision is unaffected by whether or not the information stored or accessed on the user’s equipment is personal data.

Source: Pre-Checked Cookie Consent Invalid, EU Court Rules

Danish DPA Takes New Position on the GDPR Legal Basis for Posting Online Photos

The Danish Data Protection Authority has changed its position regarding the legal basis for posting pictures online under the General Data Protection Regulation (GDPR). Rather than a distinction between “situational” and “portrait” pictures, Datatilsynet now requires a case-by-case analysis.

The Danish DPA will no longer distinguish between situational and portrait images. It now holds that the question of whether a picture can be published on the Internet — without the consent of the person concerned — will depend on a comprehensive assessment of the picture and the purpose of the publication.

Source: Picture Picture on the Wall: Danish DPA Takes New Position on the GDPR Legal Basis for Posting Online Photos

Ecuador Is Latest Country to Consider GDPR-like Privacy Law

Ecuador is considering a GDPR – like privacy law. A massive data breach in Ecuador has sparked a new push to pass data protection legislation that would mirror the European Union’s privacy regime.

The National Assembly is debating a bill that allows citizens to access, correct, eliminate and oppose the use of their personal data and sets up a new data protection authority to enforce the law and sanction bad actors.  President Lenin Moreno sent the bill for debate shortly after the personal data of 20 million Ecuadorians was discovered on a server in Miami earlier this month.

Source: Ecuador Is Latest Country to Consider GDPR-like Privacy Law

Germany approves “numerous adaptations to German data protection regulations”

The Federal Council (‘Bundesrat’) announced, on 20 September 2019, that it had approved several amendments to the draft law on the adaptation of data protection legislation in relation to the General Data Protection Regulation (GDPR) and the Data Protection Directive with Respect to Law Enforcement (‘the Law Enforcement Directive’).

The Amendments outline, among other things, that the obligation to appoint a data protection officer (DPO) will apply to companies with at least 20 employees, and that employees’ consent to data processing will have to be provided in writing or electronically. The Draft Law will now pass to the President of the Federal Government for signing, and will come into force the day after its promulgation.

Source: Germany: Bundesrat approves “numerous adaptations to German data protection regulations”

How to manage, monitor and validate third-party data sharing

When companies manage how personal data is shared and transferred to third parties, much of the effort lately has been focused on bringing legal contracts in line with requirements under the EU General Data Protection Regulation and now, increasingly, the California Consumer Privacy Act.

How can organizations effectively ensure they have the requisite data knowledge to validate data flows and the purpose of processing, as well as monitor data transfers to flag when personal data is going where it shouldn’t?

Read full article: How to manage, monitor and validate third-party data sharing

Italian Supervisory Authority approves Code of Conduct under the GDPR

On September 12, 2019, the Italian Supervisory Authority (Garante) approved a code of conduct for consumer credit agencies, pursuant to Art. 40 GDPR (see here in Italian).

The Code already existed prior to the GDPR, but it had to be amended to meet the requirements of the GDPR and be approved by the Garante in accordance with the GDPR procedures.

The Code regulates the processing of personal data of individuals located in Italy. It can be adhered to by entities located in Italy that professionally manage credit information systems (e.g., banks, financial intermediaries and other entities offering credit services).

Source: Italian Supervisory Authority approves Code of Conduct under the GDPR

>