Category Archives for "Other"

MEPs to continue investigation of Facebook and Cambridge Analytica

MEPs will continue to assess the impact of the Facebook-Cambridge Analytica scandal on personal data protection at hearings on 25 June and 2 July with Facebook representatives.

The second and third hearings will focus on the consequences of the Facebook-Cambridge Analytica scandal, and possible solutions. The first hearing took place on 4 June and aimed to better map the case.

The hearings follow up on the 22 May meeting between the founder and CEO of Facebook, Mark Zuckerberg and EP President Antonio Tajani, political group leaders and the Chair and Rapporteur of the Civil Liberties, Justice and Home Affairs Committee.

Source: Facebook/Cambridge Analytica: MEPs continue the personal data breaches probe | News | European Parliament

DPO liability and potential insurance coverage

Could data protection officers (DPOs) conceivably be exposed to staggering personal liability for data protection violations by their employers or clients? What are the risks of liability for both internal and external DPOs and what options might be available to them to mitigate or insure against that risk?

Read article: DPO liability and potential insurance coverage

How not to write your GDPR-‘compliant’ data protection notice

GDPR requires companies to have a robust data processing notices. However, “obfuscating their data collection and processing activities on the personal data while using the keywords from the GDPR, some controllers are publishing revised DP policies that under-inform or misinform their customers.”

Read full article: How not to write your GDPR-‘compliant’ data protection notice

UK Privacy Regulator Open to Self-Certification under GDPR

Organizations in Europe may eventually be able to self-certify that they are compliant with the EU’s General Data Protection Regulation, an official at the U.K.’s independent privacy watchdog said. But at the moment there is no such thing as GDPR certification; there is only compliance that you can work toward.

Source: GDPR: UK Privacy Regulator Open to Self-Certification

LIBE votes for Privacy Shield’s suspension: What does it mean?

On June 11 EU Parliament’s Civil Liberties Committee (LIBE) voted on the current international data-transfer agreement between the EU and U.S. passed its resolution, 29 to 25, to ask the European Commission to suspend Privacy Shield until the U.S. authorities comply with its terms in full.

Parliament is likely to vote on resolution in July and the question is whether it will agree with LIBE’s position.

Source: LIBE votes for Privacy Shield’s suspension: What does it mean?

How to approach DPIAs under the GDPR

A DPIA consists of a procedure aimed at describing the treatment, assessing its necessity and proportionality, and facilitating the management of risks for the rights and freedoms of individuals deriving from the processing of their personal data (through the assessment of these risks and the definition of appropriate measures to address them).

It is important that the risks to the interested parties are identified (not just the data breach impacts, but also considering the intrinsic risks of the processing which, even if safe and with a low exposure to risks of violations, could violate the privacy of the data subject). Therefore it is convenient to extend the analysis to compliance risk and risks related to the organization, since the privacy risks towards the interested party usually have associated risks of compliance and towards the organization.

Read full article: How to approach DPIAs under the GDPR

Data-processing agreements from 30,000 feet

Any organization that processes the personal data of data subjects in the European Union should be concerned about having updated data processing agreements in place with vendors and partners with whom they share the data. Having up-to-date data processing agreements in place can also protect an organization from liability in the future, and avoid the potential heavy fines and penalties possible under the GDPR.

Read full article: Data-processing agreements from 30,000 feet

What role can internal auditors play in GDPR compliance?

As a function that has a holistic view of the organization, internal audit plays a role in evaluating the organization’s GDPR compliance. By taking up the role of a strategic partner of the data protection officer, internal auditors can help to guide the company strategy, raise awareness, assess the potential risks, identify gaps, and test the remediated procedures.

Read more: What role can internal auditors play in GDPR compliance?

1 2 3 39
>