Tag Archives for " sanctions "

Data-processing agreements from 30,000 feet

Any organization that processes the personal data of data subjects in the European Union should be concerned about having updated data processing agreements in place with vendors and partners with whom they share the data. Having up-to-date data processing agreements in place can also protect an organization from liability in the future, and avoid the potential heavy fines and penalties possible under the GDPR.

Read full article: Data-processing agreements from 30,000 feet

Irish data chief finds Yahoo broke EU law in breach

Irish Data Protection Commission (DPC) issued a statement that Yahoo broke EU law by failing to protect user information in Europe’s largest ever data breach that happened back in 2014. However, DPC issued no penalty against the company.

Source: Irish data chief finds Yahoo broke EU law in breach, issues no penalty – POLITICO

Cyber insurance is booming, but it won’t protect you from GDPR fines

The US is one of the biggest markets for cyber insurance, but you won’t be able to take out a policy protecting you from fines for breaches of the EU General Data Protection Regulation (GDPR).

The law, which strengthens EU residents’ rights relating to their personal data, applies to all organizations that collect or process such information, including many in the US. Insuring against fines would have been a massive boon for organizations, as the GDPR gives supervisory authorities the power to issue penalties of up to €20 million (about $24.4 million) or 4% of an organization’s global annual turnover,

Source: Cyber insurance is booming, but it won’t protect you from GDPR fines – IT Governance USA

GDPR enforcement: what we can expect from Europe’s data protection authorities

The General Data Protection Regulation (GDPR) gives regulators in Europe more teeth with which to enforce data protection law, but businesses can expect their attitudes towards enforcement and areas of focus to differ.

Source: GDPR enforcement: what we can expect from Europe’s data protection authorities

Are GDPR fines insurable?

DLA Piper and Aon have launched a guide ‘The price of data security‘, ahead of the General Data Protection Regulation (GDPR), effective from 25 May 2018. The guide reviews the insurability of GDPR fines across Europe, which can reach up to €20 million or, if higher, up to 4% of a group’s annual global turnover.

Source: EUROPE: Are GDPR fines insurable in the countries where you operate?

Don’t relax just because some EU regulators aren’t ready for GDPR

In May 25th the European Union’s tough privacy law known as the General Data Protection Regulation takes effect, with some experts predicting turmoil because many businesses in and outside the union who collect personal data on EU residents aren’t entirely ready. However, regulators aren’t ready either, suggests latest surveys.

Good news for businesses worried they may get hammered within 24 hours of the law coming into effect? No, says, Canadian privacy expert Ann Cavoukian: “It’s not that Europe isn’t ready for the GDPR, it’s just that they’re under-resourced, as is the case in most jurisdictions.”

Source: Don’t relax just because some EU regulators aren’t ready for GDPR: Cavoukian | IT World Canada News

FTC, privacy, and vendor due diligence—and opt-in consent

On April 30, 2018, the U.S. Federal Trade Commission (FTC) released for public comment an administrative complaint and proposed consent agreement with mobile phone manufacturer BLU Products Inc. and its owner and president.

Although the FTC has entered into many settlements relating to privacy and data security, this proposed settlement is particularly noteworthy for two reasons: (1) the FTC allegation that a company’s failure to implement appropriate security procedures to oversee a vendor’s security practices (including a lack of vendor due diligence) can violate Section 5 of the Federal Trade Commission Act; and (2) the proposed remedy includes a separate notice and affirmative opt-in consent relating to collection, use, and sharing of certain consumer information.

Source: FTC, privacy, and vendor due diligence—and opt-in consent

1 2 3 7
>