fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Other"

Forget about defining a DPO; define the data protection committee instead

Data protection professionals and organization management officers share a common question: Who should the data protection officer be? Some argue that a legal professional is most suitable for this role; some argue that an operations professional is the natural pick.

Full article: Forget about defining a DPO; define the data protection committee instead

Denmark Recommends First Fine Under New EU Privacy Law

Denmark’s Data Protection Authority (DPA) has recommended fining a taxi company 1.2 million kroner ($180,000) for not deleting customers’ telephone numbers, the first Danish penalty imposed under Europe’s strict 2018 privacy rules.

The fine demonstrates that it’s not enough for companies doing business in Denmark to delete people’s names and addresses to satisfy the requirements of the European Union’s General Data Protection Regulation. They must delete all information, including telephone numbers, to avoid potentially high fines.

Source: Denmark Recommends First Fine Under New EU Privacy Law

The 4 Ps of leveraging data privacy for enhanced investment

Recent research shows over half (55 percent) of M&A professionals have had deals fall through due to concerns over GDPR and target firms’ data practices, and 66 percent of those M&A professionals believe GDPR will increase acquirers’ scrutiny of data protection policies and processes of target firms.

Just as financial information and cyber risk realities have long required organizations to employ accountants and cybersecurity professionals to conduct frequent audits and implement proactive monitoring, data privacy now requires a unique level of organizational data diligence, in addition to the appointment of personnel such as data protection officers (DPOs) to serve as advocates for the plethora of consumer and employee data companies collect, store and manage.

given today’s ever-evolving data privacy realities, companies should abide by the four “Ps” rule to show suitors that their company is a safe bet:

  • Policy,
  • People,
  • Process,
  • Product.

Full article: The 4 Ps of leveraging data privacy for enhanced investment | TechRadar

Global recall: How the GDPR impacts product recalls

Not all potential consequences of the GDPR (and similarly situated laws) are clearly evident quite yet, but companies nonetheless will encounter challenges in their dealings with consumers in the global marketplace, pursuant to the GDPR and other such regulations.

One of the hidden consequences this new proliferation of consumer data privacy measures throughout the world will affect product liability matters, specifically concerning product recalls.

Full article: Global recall: How the GDPR impacts product recalls

First fine imposed by the Polish privacy watchdog

The President of the Personal Data Protection Office (UODO) imposed its first fine for the amount of PLN 943 000 (around €220 000) for the failure to fulfil the information obligation.

The decision of the UODO’s President concerned the proceedings related to the activity of a company which processed the data subjects’ data obtained from publicly available sources, inter alia from the Central Electronic Register and Information on Economic Activity, and processed the data for commercial purposes. The authority verified incompliance with the information obligation in relation to natural persons conducting business activity – entrepreneurs who are currently conducting such activity or have suspended it, as well as entrepreneurs who conducted such activity in the past.

The controller fulfilled the information obligation by providing the information required under Art. 14 (1) – (3) of the GDPR only in relation to the persons whose e-mail addresses it had at its disposal. In case of the remaining persons the controller failed to comply with the information obligation – as it explained in the course of the proceedings – due to high operational costs. Therefore, it presented the information clause only on its website. In the opinion of the President of the Personal Data Protection Office, such action was insufficient.

Source: First fine imposed by the President of the Personal Data Protection Office | European Data Protection Board

Jourová on first lessons 10 months after the application of the GDPR

European Commission Věra Jourová at the 9th Annual European Data Protection and Privacy Conference delivered a speech “What next for European and global data privacy?”

It her speech First Jourová discusses lessons 10 months after the application of the GDPR, Facebook / Cambridge Analytica scandal and globalised discussion about challenges to privacy.

Read full speech: Speech by European Commission Věra Jourová at the 9th Annual European Data Protection and Privacy Conference: What next for European and global data privacy?

EU Commissioner says GDPR is an opportunity to build trust

European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, delivered a speech on 20 March 2019 at the 9th annual European Data Protection Conference which stressed that the General Data Protection Regulation (GDPR) is an opportunity for businesses and individuals to build trust.

Full article: EU Commissioner says GDPR is an opportunity to build trust

German Authorities Issue 41 GDPR Fines

A survey by Handelsblatt shows that 41 fines have been issued by German privacy authorities through mid-January of this year, according to an analysis by Mondaq.

The highest fine has been €80,000 — for an entity that allowed health-related data to be publicly seen, the report continues. In addition, a €20,000 penalty was imposed on the chat portal Knuddels.de by the State Data Protection and Freedom of Information Officer for Baden-Württemberg.

Source: German Authorities Issue 41 GDPR Fines: Report 02/25/2019

EDPB LIBE report on the implementation of GDPR

On February 26, the EDPB Chair and Vice-Chair addressed the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) presenting EDPB’s first report on implementation of EU General Data Protection Regulation (GDPR) and the roles and means of the national supervisory authorities.

You can read the full report here: EDPB LIBE Report

>