Tag Archives for " sanctions "

CNIL goes after smaller firms on GDPR compliance

Google and Facebook may have bullseyes on their backs in Europe, but it’s two mid-sized French startups that received the first warning shots from the General Data Protection Regulation (GDPR) – and that shouldn’t be surprising.

Source: Forget The Duopoly (For Now). It’s The Little Guys Taking Heat On GDPR | AdExchanger

Cataloguing GDPR complaints since May 25

A full month has passed since the European Union’s General Data Protection Regulation went into effect on May 25. Are consumers rushing to deluge their local data protection authorities?

To find out, the IAPP reached out to DPAs of each of the 28 member states to check in and discuss how many complaints they had received since May 25 and we are using today’s one-month anniversary of GDPR Day to publish the first look at the data. The results we received varied greatly.

Read full article: Cataloguing GDPR complaints since May 25

Data-processing agreements from 30,000 feet

Any organization that processes the personal data of data subjects in the European Union should be concerned about having updated data processing agreements in place with vendors and partners with whom they share the data. Having up-to-date data processing agreements in place can also protect an organization from liability in the future, and avoid the potential heavy fines and penalties possible under the GDPR.

Read full article: Data-processing agreements from 30,000 feet

Irish data chief finds Yahoo broke EU law in breach

Irish Data Protection Commission (DPC) issued a statement that Yahoo broke EU law by failing to protect user information in Europe’s largest ever data breach that happened back in 2014. However, DPC issued no penalty against the company.

Source: Irish data chief finds Yahoo broke EU law in breach, issues no penalty – POLITICO

Cyber insurance is booming, but it won’t protect you from GDPR fines

The US is one of the biggest markets for cyber insurance, but you won’t be able to take out a policy protecting you from fines for breaches of the EU General Data Protection Regulation (GDPR).

The law, which strengthens EU residents’ rights relating to their personal data, applies to all organizations that collect or process such information, including many in the US. Insuring against fines would have been a massive boon for organizations, as the GDPR gives supervisory authorities the power to issue penalties of up to €20 million (about $24.4 million) or 4% of an organization’s global annual turnover,

Source: Cyber insurance is booming, but it won’t protect you from GDPR fines – IT Governance USA

GDPR enforcement: what we can expect from Europe’s data protection authorities

The General Data Protection Regulation (GDPR) gives regulators in Europe more teeth with which to enforce data protection law, but businesses can expect their attitudes towards enforcement and areas of focus to differ.

Source: GDPR enforcement: what we can expect from Europe’s data protection authorities

Are GDPR fines insurable?

DLA Piper and Aon have launched a guide ‘The price of data security‘, ahead of the General Data Protection Regulation (GDPR), effective from 25 May 2018. The guide reviews the insurability of GDPR fines across Europe, which can reach up to €20 million or, if higher, up to 4% of a group’s annual global turnover.

Source: EUROPE: Are GDPR fines insurable in the countries where you operate?

Don’t relax just because some EU regulators aren’t ready for GDPR

In May 25th the European Union’s tough privacy law known as the General Data Protection Regulation takes effect, with some experts predicting turmoil because many businesses in and outside the union who collect personal data on EU residents aren’t entirely ready. However, regulators aren’t ready either, suggests latest surveys.

Good news for businesses worried they may get hammered within 24 hours of the law coming into effect? No, says, Canadian privacy expert Ann Cavoukian: “It’s not that Europe isn’t ready for the GDPR, it’s just that they’re under-resourced, as is the case in most jurisdictions.”

Source: Don’t relax just because some EU regulators aren’t ready for GDPR: Cavoukian | IT World Canada News

FTC, privacy, and vendor due diligence—and opt-in consent

On April 30, 2018, the U.S. Federal Trade Commission (FTC) released for public comment an administrative complaint and proposed consent agreement with mobile phone manufacturer BLU Products Inc. and its owner and president.

Although the FTC has entered into many settlements relating to privacy and data security, this proposed settlement is particularly noteworthy for two reasons: (1) the FTC allegation that a company’s failure to implement appropriate security procedures to oversee a vendor’s security practices (including a lack of vendor due diligence) can violate Section 5 of the Federal Trade Commission Act; and (2) the proposed remedy includes a separate notice and affirmative opt-in consent relating to collection, use, and sharing of certain consumer information.

Source: FTC, privacy, and vendor due diligence—and opt-in consent

1 2 3 7
>