TikTok Slapped with €345 Million Fine for Child Privacy Violations
The Data Protection Commission (DPC) in Ireland has fined TikTok €345 million ($368 million) for multiple violations of the General Data Protection Regulation (GDPR) related to the processing of children’s personal information and other child privacy issues. The DPC initiated an investigation of TikTok to determine if the company was fulfilling its obligations under the GDPR to protect the privacy of child users of the platform. The...
Spotify Slapped with €5 Million GDPR Penalty
The music streaming service Spotify has been fined €5 million by the Swedish Data Protection Authority (IMY) for a lack of transparency about how it uses the personal data it collects. IMY launched an investigation into Spotify after receiving a complaint about potential violations of the General Data Protection Regulation (GDPR) from the privacy activist group, NOYB. In 2019, NOYB filed a complaint in Austria that alleged Spotify...
Meta Platforms Gets $1.2 Billion GDPR Fine for Transatlantic Data Transfers
Almost 5 years to the day after the General Data Protection Regulation *(GDPR) was signed into law, Meta Platforms has been fined €1.2 billion by the Irish Data Protection Commission (DPC) for violating Article 46(1) of the GDPR by transferring the personal data of Facebook users from the EU to servers in the United States. The fine does not apply to data transfers from other Meta companies, such as WhatsApp and Instagram. Article...
Meta Hit with €265 Financial Penalty for GDPR Violations
The Irish Data Protection Commission (DPC) has fined Meta €265m ($275m) for violating two articles of the EU’s General Data Protection Regulation (GDPR). The DPC launched an investigation on 14 April 2021 following media reports that a large dataset containing the personal data of Facebook users had been released on the public Internet. The data breach, which included mobile phone numbers and email addresses, occurred in 2019 and...
UK Government Reveals Details of the Data Reform Bill That Will Replace the GDPR
The UK government has revealed more details about the new data privacy law – The Data Reform Bill – which is due to replace the General Data Protection Regulation (GDPR). When the UK voted to leave the European Union, the process of replacing EU laws began. One of the laws expected to see significant changes was the GDPR. After a period of consultation with the public and businesses, the government developed the Data Reform Bill,...
4 Years of the GDPR and Privacy Rights are Still Being Routinely Violated
This month saw the 4-year anniversary of the introduction of the EU’s General Data Protection Regulation (GDPR), one of the most comprehensive privacy regulations to be introduced anywhere in the world. The GDPR gave EU citizens new rights over their personal data, required companies to implement safeguards to keep personal data private and confidential, and placed restrictions on the collection and processing of personal data. When...
Ireland’s Data Protection Commission Fines Bank of Ireland €463,000 for GDPR Violations
The Data Protection Commission (DPC) in Ireland, which enforces compliance with the EU’s General Data Protection Regulation (GDPR), has fined Bank of Ireland €463,000 ($503,000) over a series of data breaches that occurred between November 2018 and June 2019 that resulted in impermissible disclosures of the personal data of its customers. More than 50,000 customers were affected, and the DPC also found Bank of Ireland had failed to...
Agreement In Principle Reached Between EU and US on Replacement for EU-US Privacy Shield
The EU and US have an agreement in principle on a framework to replace the EU-US Privacy Shield, which was invalidated by the Schrems II judgment as it was determined to violate the principles of the EU General Data Protection Regulation (GDPR). The EU-US Privacy Shield is a legal framework regulating exchanges of data for commercial purposes between the European Union and the United States. Companies relied on this framework when...
Meta Slapped with €17 Million Penalty for GDPR Violations
Meta has been slapped with a €17 million ($18.6 million) financial penalty that resolves violations of the General Data Protection Regulation (GDPR) related to a series of Facebook data breaches reported to Ireland’s Data Protection Commission (DPC) in 2018. The DPC was the lead investigator as the headquarters of Meta/Facebook is in Dublin, although since Meta and Facebook engage in cross-border data processing, all other EU...
IAB Europe Slapped with Fine Over GDPR Consent System used on 80% of the European Internet
The Belgian Data Protection Authority (APD) has issued its final decision in the long-running case against Interactive Advertising Bureau Europe (IAB Europe), a trade organization for the digital marketing and advertising ecosystem, over its GDPR consent system – the Transparency and Consent Framework (TCF). The IAB Europe GDPR penalty has far-reaching implications for digital advertising in Europe The TCF was developed by IAB Europe...
GDPR Fines Increased by 600% to €1.1 Billion in 2021
Record levels of fines were issued in 2021 to resolve violations of the EU’s General Data Protection Regulation, according to a new report from DLA Piper. There was a 600% increase in the total fine amount, which rose from €159 million ($181 million) in 2020 to a staggering €1.1 billion ($1.2 billion) in the 12 months from January 28, 2021. The huge increase in the total fine amount was due to two large financial penalties imposed on...
Dutch Tax Administration Hit with $3.1 Million GDPR Penalty
The Dutch Tax Administration has been hit with a €2.75 million ($3.1 million) financial penalty for violating the General Data Protection Regulation (GDPR) by unlawfully processing the data of dual nationality Dutch citizens over many years. The fine was announced by the Dutch Data Protection Authority (DPA), Autoriteit Persoonsgegevens, on December 8, 2021, following an investigation that revealed dual nationality data were being...
ICO Struggling to Recover GDPR Fines
Over the past couple of years, the number of financial penalties issued for violations of the EU General Data Protection Regulation (GDPR) has increased sharply, with 2021 seeing a sizeable increase in fines for companies that have fallen afoul of the GDPR Rules. While enforcement of compliance has increased and many fines have been imposed, recovery of the financial penalties has proven problematic, especially for the UK’s GDPR...
Q3 Sees Massive Increase in GDPR Fines
A new report released by Finbold shows there was a massive increase in GDPR fines in Q3, 2021. Data protection authorities across EU member states imposed penalties of €984.47 million ($1.14 billion) in Q3 to resolve violations of the General Data Protection Regulation, which is three times the total fine amount of 2020 and nearly 20 times the fine total in Q1 and Q2, 2021 combined. A substantial proportion of the €984.47 million...
Irish DPC Announces Record GDPR Fine of €225 Million for WhatsApp
WhatsApp has been hit with a €225 million ($265 million) financial penalty for failing to comply with the transparency requirements of the EU’s General Data Protection Regulation (EU). The Irish Data Protection Commission (DPC) launched an enquiry into WhatsApp about data processing transparency in December 2018. It has taken more than 2 and a half years for a final decision to be made, but it could take even longer for any financial...
Hamburg Data Protection Agency Deems Zoom in Breach of GDPR
Referring to the European Court of Justice Schrems II decision of July 2020, the acting Hamburg Commissioner for Data Protection and Freedom of Information informed those working with the city’s Senate Chancellery that the on-demand version of Zoom’s video conferencing software should not be used as it may be in breach of the European Union’s General Data Protection Regulation (GDPR) The Commissioner, Ulrich Kühn,...
Potential GDPR Fine of $425M for Amazon
Online retail giant, Amazon is facing a fine for breaching the European Union’s General Data Protection Regulation (GDPR) to the tune of €425m, the highest amount ever sanctioned against company. Amazon was investigated in relation to the way that it gathers the personal data of its account holders and then uses that information in its marketing campaigns. GDPR requires companies to seek people’s consent before using their...
Disqus Hit with €2.5m Preliminary GDPR Fine for Use of Web-Tracking IDs
Earlier this month, the Norwegian data protection authority, Datatilsynet, revealed that it intends to fine Disqus 25m Norwegian Krone (€2.5m) in relation to how it tracks website visitors. It was discovered that Disqus, an online platform that allows comment and moderation, was collecting data via cookies added to the devices of website visitors. This data was then transferred to third-party advertising partners and its parent...
GDPR Penalties of €30m Sanctioned in Q1 2021
European Union data protection agencies have sanctioned a total of €33.61 million in General Data Protection Regulation fines (GDPR) during the first quarter of 2021 according to a report produced by Finbold. During the period from January 1 to March 31, January recorded the highest number of fines at €17.5m. There was a 90.28% fall off during February to €1.7 million, with a rise to €14.29m in March. The report outlined the...
UK Reveals Firms that were Hit with GDPR Fines During Lockdown
A Freedom of Information (FOI) request in the United Kingdom has uncovered the companies which were penalized for breaching the European Union’s General Data Protection Regulation (GDPR) during the time period from March 2020 to January 2021 in that jurisdiction. The Information Commissioner’s Office (ICO) went into further detail in the response to the FOI request submitted by data management company Go Shred, revealing a total of...
United States Data Protection and Privacy Laws
Although not the first state law to address data protection and consumer privacy, the passage of the California Consumer Privacy Act (CCPA) made the headlines in 2018 due to being closely modeled on the EU´s General Data Protection Regulation (GDPR). The CCPA requires organizations with revenues of more than $50 million, organizations that buy, receive, or share the personal data of more than 100,000 Californian residents or...
UK & Italy Lead the Way for 2020 GDPR Penalties
Finbold, the online financial news and analysis portal, has released a report detailing the level of fines sanctioned during 2020 for violations of the European Union’s General Data Protection Regulation. It reveals that some €171.3m in financial penalties have been sanctioned by the various data protection agencies in EU Member States during the time period from January 1 2020 to December 31 2020. 299 is the total number of 299 GDPR...
Twitter Slapped with €450,000 GDPR Fine for Late Breach Notification
The Data Protection Commission (DPC) in Ireland has issued its first cross-border GDPR fine to the microblogging and social media network Twitter over a data breach that first came to light in December 2018. Twitter has been fined €450,000 ($544,000) for a failure to report the breach promptly and inadequate documentation of the breach. The EU’s General Data Protection Regulation (GDPR) requires companies to report breaches to the...
Breach of GDPR Advertising Cookies Laws Leads to Fine of €35m for Amazon
Yesterday, the French Data Protection Authority CNIL, confirmed Amazon had been fined €35m for installing advertising tracking cookies on the devices of web users without having prior permission. This news comes in the wake of the CNIL revealing that Google will also be hit with a GDPR fine of €100m for the same misdemeanor. The official ruling can be read here. In the official investigation, CNIL identified Amazon’s French websites...
ICO Imposes £18.4 Million GDPR on Marriot for its 339 Million-Record Data Breach
The UK’s Information Commissioner’s Office (ICO) has fined Marriott International £18.4 million for failing to secure the personal data of up to 339 million customers, 7 million of whom reside in the United Kingdom. Marriott announced it has suffered a massive data breach in 2018; however, the initial breach occurred 4 years previously in 2014. Unknown individuals had gained access to the systems of Starwood Hotels and Resorts...
GDPR Breach Impacting Over 400,000 Customers Results in €22m Penalty for BA
A £20 million (€22m) General Data Protection Regulation (GDPR) fine has been sanctioned against British Airways in the United Kingdom following a breach that affected the private data of more than 400,000 customers. Following an investigation by the Information Commissioner’s Office (ICO) when the breach was first reported, a financial penalty of £184 million (€204 million) was imposed on BA. British Airways appealed the penalty. The...
Ireland Facebook Ordered to Stop Data Transfers to US by Irish DPO
A preliminary order has been handed down by Ireland’s Data Protection Commission (DPC) ordering Facebook to stop sending personal data transfers from Ireland to the United States. This order is a result of the European Union Court ruling in July, referred to as Schrem II, that stated it is illegal for any personal data being transferred from the EU to the US if it can be monitored by US government agencies or federal authorities. What...
TikTok Data Management Being Investigated by CNIL in France
It has been revealed that the data protection authority in France, the CNIL, is about to review the data operations of TikTok. TikTok has been trying to appoint the Data Protection Commission (DPC) in Ireland as its lead authority in Europe. It has done so by establishing a base in Ireland to manage private data for EU-based users. Due to this the group believes that the investigation in France may be deemed invalid. The DPC is...
Record Fine Follows Breach of GDPR Data Subject Rights by Dutch Credit Registration Bureau
The Credit Registration Bureau (BKR) in the Netherlands has been order to pay a €830,000 ($937,000) General Data Protection Regulation (GDPR) fine after being found guilty of infringing data subjects’ rights. BKR was found to be charging fees and making it difficult for data subjects to access their personal data, a right which is given to data subjects in GDPR legislation. Official complaints had been filed in relation to the...
GDPR Class Action Lawsuit Takes Aim for EasyJet
A legal action has been filed in the United Kingdom High Court under Article 82 of the General Data Protection Regulation (GDPR) on behalf of nine million EasyJet customers whose private data was accessible during a data privacy breach earlier this year. It was made public on 19 May 2020, that the airline company had been targeted successfully by cybercriminals and the personal data of approximately 9M customers globally had been...
600,000 Account Holders Impacted by Email.it GDPR Breach
The private personal information of more 600,000 Email.it users has been stolen and offered for sale on the dark web. The breach was first discovered on Sunday, April 5, after a tweet was shared by the groups responsible stating the types of data that were stolen and made available for purchase. The hackers are stating that they now have 46 databases that include plain text passwords, email content, and email attachments of users who...
COVID19 Pandemic Leads to Massive Increase in WHO Cyberattacks
It has been revealed that the World Health Organization has suffered a surge in the number of hacking attempts on its databases in the last month as a result of the COVID-19 Pandemic. Chief Information Security Officer for the WHO, Flavio Aggio, issued a statement that said a large number of fraudulent WHO web pages have been discovered that have been created to trick people into handing over personal information. The purpose of the...
Brexit Transition Period & GDPR Lead to ICO Warning
The Information Commissioner’s Office (ICO) in the United Kingdom has issued a warning to companies to remind them that they must adhere to existing data protection legislation as the State completes its transition from being a European Union Member State to a fully independent country. It is envisaged that the period of transition will come to a close by the final day of December 2020 and it is expected that the European...
London Pharmacy Hit with First Ever UK GDPR Penalty of €325k
A London-based pharmacy has been hit with the first ever General Data Protection Regulation (GDPR) fine in the United Kingdom by the Information Commissioner’s Office (ICO) ICO has sanctioned a €325,000 (£275,000) GDPR penalty against Doorstep Dispensaree in connection with its ‘cavalier attitude to data protection’. This step was taken after it was found that Burnt Oak Broadway, Edgware-located pharmacy stored 500,000 medical files...
German Telecoms Firm Hit with €9.55 Million GDPR Penalty
Germany’s GDPR watchdog has imposed one of the largest ever GDPR fines on a German Telecoms and hosting company. The €9.55 million ($11 million) penalty was issued to 1&1 Telecommunications, a subsidiary of United Internet Group, for having insufficient authentication measures in place in its call centers. The GDPR failures placed customer data at risk. The financial penalty was announced by the Federal Commissioner for Data...
GDPR Breach Results in €9.55m Penalty for German Telecoms Provider
A GDPR penalty of €9.55m has been sanctioned against telecommunications provider 1&1 by the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) in relation to a General Data Protection Regulation (GDPR) violation. The breach took place when 1&1 did not adequately secure its customer service line and permitted third parties to obtain customers’ personal data by providing only a name and date...
German Property Firm Hit with €14.5m GDPR Fine
A General Data Protection Regulation penalty of €14.5 million has been sanctioned against Deutsche Wohnen SE, a major real estate company, by the Berlin DPA. The real estate company was subjected to a review, via onsite inspections, between June 2017 and March 2019. During this time period the Berlin DPA discovered that the company was keeping personal data of tenants for an unlimited period, without reviewing if keeping this...
Lack of GDPR Compliant Security Measures at Morele.net Led to €645,000 Fine
Poland’s Personal Data Protection Office (UODO) this week announce that it would be fining an online retailer PLN 2.8 million, or €645,000 for “insufficient organizational and technical safeguards”. It has been reported that Morele.net discovered a breach of its databases in November 2018 that affected 2.2 million customers across the company’s nine websites. Customers reported being sent SMS messages asking for extra payments to...
Potential €5.45bn Penalty for Google for ‘Bypassing’ GDPR
The Irish Internet browser Brave has presented new proof to the Data Protection Commission (DPC) in Ireland which, they claim, shows that Google has been try to bypass General Data Protection Regulation (GDPR) legislation in order to share the data of billions of browser users with advertising and marketing companies globally. Johnny Ryan, chief policy and industry relations officer at anti-ad-tracking browser Brave, says that he has...
500,000 UK Digital Bank Accounts Under Threat in Possible Monzo GDPR Breach
After a possible General Data Protection Regulation (GDPR) breach, digital banking group Monzo has alerted 500,000 of its customers to advise them to amend their personal identification number (PIN). Monzo discovered a data breach on Friday, August 2. It was noticed that 25% of their UK customers’ PINs were saved in encrypted log files inside the organization. For six months those log files could be viewed by Monzo engineers. By...
Guidance for GDPR Breach Notifications
The Irish Data Protection Commission (DPC) has recently released new guidance on GDPR breach notifications. The purpose of the guidance is to help data controllers understand their obligations under GDPR with respect to sending notifications to the data protection authority and subjects whose personal data has been compromised or exposed. While the guidance has been issued for businesses operating in Ireland or otherwise collecting or...
ObserveIT Report Reveals Only 16% of US Employees are Aware of GDPR
ObserveIT’s survey of 1,000 full-time employees, recently conducted in the US and the UK, has unearthed some serious issues regarding workers’ knowledge of data privacy legislation. The I.T. firm commissioned the poll with the aim of measuring workers’ understanding of existing privacy regulations that are relevant for their employer. ObserveIT CEO Mike McKee, referring to the outcome of the survey said: “Privacy regulations...
British Airways Fined £183 Million Over GDPR Breach
British Airways has been slapped with a record-breaking GDPR fine for its 2018 data breach that impacted around half a million customers. The breach in question occurred over the summer of 2018. Hackers succeeded in gaining access to the BA website and inserted code that allowed them to skim credit and debit card numbers as they were entered by customers. The attack is believed to be the work of a hacking group called Magecart which...
GDPR Fine of €200 Million Likely for British Airways
The UK Information Commissioner’s Office (ICO) has revealed it is preparing to sanction a GDPR penalty against British Airways for a recent data privacy breach. The security infringement took place when British Airways customers were sent from the official BA website to a spoofed site where user data was harvested. Introduced in May 2018, GDPR was developed to give greater protection and control to people when it comes to how their...
ICO Follows Up BA Fine with £99 Million GDPR Fine for Marriott
The UK GDPR supervisory authority, the Information Commissioner’s Office (ICO), has issued a notice of intent to fine Marriott £99,200,396 over the massive 4-year data breach that was reported in 2018. This is the second major GDPR fine to be announced by ICO in the past few days. Earlier this week, ICO announced its intent to fine British Airways £183 million for the lack of security protections that contributed to its 500-million...
Six Recommendations for GDPR Privacy Policies Released by Dutch DPA
The Dutch Data Protection Authority (DPA) has released six recommendations in relation to privacy policies for companies in the Netherlands. Autoriteit Persoonsgegevens (the Dutch DPA) advises companies who are drafting and using privacy policies to: Review their data processing procedures and determine if they are legally obligated to implement a privacy policy. Speak with privacy specialists, including the company’s data protection...
GDPR-like Legislation Needs to be Applied Worldwide -Microsoft CEO
Satya Nadella, Chief Executive Office of computing giant Microsoft, during an on-stage interview at the recent World Economic Forum in Davos Switzerland, called for the implementation of legislation that enshrines data privacy as a human right globally. Nadella is an advocate of the European Union General Data Protection Legislation (GDPR) that became active on May 25 2018. He stated: “My own point of view on GDPR is it’s...
Facebook Data Gathering Reined in by German Facebook Ruling
Recently he German antitrust body, Bundeskartellamt, released a decision dictating that the way Facebook obtains, links, authors and uses data in user accounts is an unfair advantage it leverages due to its dominant market position. This ruling comes after a three-year long investigation into Facebook’s business methods by the Bundeskartellamt. Facebook account holders must, under the terms of service, give their consent to have...
GDPR Penalty of €50bn for Google Following French Data Protection Agency Ruling
Google has been struck with a €50m fine for breaching its obligations laid down by the European Union’s General Data Protection Regulation (GDPR) by CNIL, the French data protection regulator. The CNIL stated that the financial penalty was due to Google being unable to give their users supply users with information on its data consent policies. It was claimed that Google did not allow give users the power to see how their...
Increased GDPR Enforcement in 2019 Predicted by Mozilla Senior Policy Manager
Raegan MacDonald, Senior Policy Manager and European Union Principal for Mozilla, a company renowned for its stance on privacy and championing of an open internet, has said that she believes that 2019 will see enhanced resources dedicated to the enforcement of the European Union’s General Data Protection Regulation (GDPR). Speaking about the fact that there has, as of yet been no fines sanctioned under GDPR, Ms MacDonald said that she...
GDPR Consent for Existing Customers
The General Data Protection Regulation (GDPR) requires consent to be obtained before the data of EU citizens is collected or processed, but what are the requirements for GDPR consent for existing customers? Do they need to be contacted to provide their consent again? From May 25, 2018, GDPR becomes effective. Prior to that date, data controllers and data processors must obtain consent from EU citizens before their personal data is...
Breach Notification Act Passed by Alabama State Senate
The Alabama Data Breach Notification Act (Senate Bill 318) has been sent for consideration to the House of Representatives after the Alabama Senate last week unanimously passed it. Alabama is one of the two remaining states still yet to introduce legislation that requires companies to send notifications to people whose personal information is accessed in data breaches. South Dakota, the other state yet to introduce legislation, is...
GDPR Preparation Warning Issued by British Govt
The results of a recent survey carried out by the UK Government suggest that the country’s business sector is not ready for the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018. The most worrying aspect of the results is that just 38% of business and groups questioned were actually aware of the introduction of GDPR and the consequences. Although, the number massively surged, to 80%, for larger...
GDPR Deadline Decisions to Make
If you reside in the European Union it is likely that you will have heard about the General Data Protection Regulation (GDPR). However, are you aware how it affects you? If the business or company that you own, or are employed by, processes the data of EU citizens then it needs to adhere with GDPR legislation. GDPR will be enforceable, by law, is 25 May 2018. Individual EU states will be expected to have incorporated the facets of...
MediaPro Eye on Privacy Report Reveals Most US Companies Unaware of GDPR
The EU’s General Data Protection Regulation (GDPR) compliance date is fast approaching. Companies only have until May 25, 2018 to bring their policies, processes, and technology up to the standard demanded by GDPR. Any company that fails to comply with GDPR requirements faces a substantial financial penalty – The maximum penalty is €20 million or 4% of the previous year’s global annual turnover. GDPR was adopted by the European...
GDPR Compensation Claims
One of the chief focuses of the General Data Protection Regulation (GDPR), which becomes enforceable on May 25 2018, is to guarantee that the rights and freedoms of people living in EU states are protected, in relation to the gathering of personal data. With this aim in mind, Article 82 of the GDPR addresses circumstances where the regulations have not been complied with. This can lead to the data subject being able to sue for...
GDPR Data Responsibilities Guidance Issued by ICSA
Guidance has now been published by ICSA – The Governance Institute, which is meant to be used internally by firms, as the May 2018 implementation date of the General Data Processing Regulation (GDPR) draws closer. This sort of guidance is important for any business or organisation that is faced with having to take on the new responsibilities and processes that will be required under GDPR. The guidance is relates to all areas of a...
How is Personal Data Defined under GDPR?
There has been a lack of clarity as to what is defined as personal data under the soon to be introduced General Data Protection Regulation (GDPR). This is because there is no available list of what can be considered as personal data. The definition is dependent on the specific circumstances of each case and the types of personal information are obtained. There is some assistance to hand, in that GDPR referes to personal data as data...
GDPR Customer Consent Rules Explained
The rules for obtaining consent are going to be more stringent than they are at present following the introduction of the General Data Protection Regulation (GDPR) on May 25. Company owners and data protection professionals need to be conscious of the alterations that are about to be made. If this is not the case the companies could become subject to sanctions and other penalties. How can Consent be Defined? From May 25 is that...
GDPR Data Protection Officer Training Requirements Released
As the May 25 2018 go live date of the General Data Protection Regulation (GDPR) draws closer the need for suitably experienced data protection officers (DPO) is further highlighted. Although there is no obligation for DPOs to gain a formal qualification, it is vital that they have a major amount of relevant experience in managing data protection issues. This will help them tackle the complexities of GDPR, and advise businesses...
What Role Does Legitimate Interest Play in GDPR?
While you may read a lot regard consent in relation to the General Data Protection Regulation (GDPR). However, this is not the sole reason organizations can process personal data. There is also legitimate interest to be considered. This will all have to be reviewed and accounted for before the May 25 2018 date when GDPR becomes enforceable. Detailed guidance regarding legitimate interest is not yet published. However, there are some...
Recording Calls and GDPR Rules
Call recording is a procedure that is used by a large amount of businesses aroudn the world. It is a tool that will continue to be used well into the future. There are many regulations in relation to this that businesses need to be conscious of, when it comes to GDPR and the recording of calls. Business or organizations that record calls will have to take into account that the General Data Protection Regulation (GDPR) will be...
What does GDPR mean for Gambling Companies?
Companies that provide gambling services online must complete collecting and processing personal data so they can provide people with a tailored gaming experience. By doing this they can take personal preference into account when deciding which offers and bonuses to make available for their players. In addition to this they also need to gather and use financial data, in order to allow customers to deposit and withdraw cash from their...
GDPR and Consent Management Changes
Under the existing European Data Protection Directive, consent is a legally acceptable reason to store and process personal data and information. This will persist being the case when the General Personal Data Regulation (GDPR) becomes enforceable on May 25 2018. GDPR will amend the meaning of consent to add to the definition and businesses and organisations will have to comply with this definition, and the obligations within it, in...
International Organizations and GDPR Consideration
There is a common misconception that the General Data Protection Regulation (GDPR), which becomes enforceable on May 25 2018, only is only of concern to companies which are located within the European Union. This is not correct. GDPR applies to all people who live in the EU. The consequences of this for any business which has customers within the EU is that it must comply with GDPR, no matter where the business is located. This is an...
GDPR Training Obligations
Any company with more than 250 staff which processes personal data must have a Data Protection Officer (DPO) in order to comply with the General Data Protection Regulation (GDPR) which becomes enforceable by law on May 25 2018. The issue for companies that need to fulfill this requirement is that there is a shortage of suitably qualified data protection specialists. In a perfect world, businesses should employ people who have...
GDPR and the Right to be Forgotten
The General Data Protection Regulation (GDPR) becomes applicable on May 25 2018, meaning that from that date it applies to any person who resides within the EU at this time. From this date all business that record or store personal data relating to these people must adhere with GDPR. GDPR places particular emphasis on the right to be forgotten. This right applies to occasions where there is no acceptable justification for continuing...
GDPR: The Difference between ‘High’ and ‘Very High Risk’
The 25 May 2018 introduction date for General Data Processing Regulation (GDPR) will see the European Union legally enforcing the manner that all EU Member States manage data protection issues. It is hoped that this will lead to a new level of uniformity. It is vital to remember that this does not just apply to companies and organisations with their bases located within the EU, but also companies that process the personal data of EU...
Employees and How GDPR Affects Their Work
Will GDPR apply to employees and the way that they work? The quick answer is that yes, it does. Companies cannot only think about adhering with the General Data Protection Regulation (GDPR) with regard to clients, it applies just as much to the people who are employed by the business. It is vital that companies ensure that they are complying with all of the legislation when it comes to protecting the personal data of staff – and...
Companies not Ready for GDPR According to Hytrust Safety
A recent survey carried out by IT security specialists HyTrust has revealed some troubling news coming from the US is that almost 80% of the companies that participated are not ready for the introduction of the General Data Protection Regulation (GDPR) on May 25 2018. The 323 companies questioned were all talking about their Cloud Infrastructure, a critical service when it comes to the security of personal data. Potentially, the most...
Website Design and GDPR Compliance
Though you may be aware of General Data Protection Regulation (GDPR), you may not be aware exactly how it is going to impact your business, and what it means for your company website. The majority of businesses will discover that there are areas of their website which need to be reviewed, and possibly amended, before GDPR becomes enforceable on May 25 2018. GDPR Considerations to Make There are several aspects of your company...
Netherlands GDPR Law Sent to Parliament
Yesterday the Dutch Government put the GDPR Implementation Bill before Parliament. The aim of the bill is to supplement the General Data Protection Regulation (GDPR) which will be enforced from 25 May 2018. The GDPR Implementation Bill in the Netherlands refers to the personal data of people living in The Netherlands. It applies to all businesses or organisations that are based within the Netherlands, as well as those that provide...
GDPR Guidelines for US Operating in the EU
It is a common mistake to think that the soon to be introduced General Data Protection Regulation (GDPR) only applies to businesses and groups that are based within the European Union. However, this is not necessarily true. GDPR is applicable to any company which stores the personal data of anyone living within the EU, or hiring individuals people within the EU. This means that a company doing business in the EU needs to adhere to...
Password Requirements Under GDPR
General Data Protection Regulation (GDPR) becomes enforceable on May 25. This new legislation, while all encompassing, does not forbid the use of a simple username and static password system for obtaining personal data, but it does require that access processes need be safeguarded and rigid. If procedures are not safeguarded, businesses and companies may be violating GDPR, leading to major consequences. These consequences for...
GDPR vs EU Data Privacy Directive: What are the Differences?
First adopted in 1995, the Data Privacy Directive was devised as a way of regulating the way personal data was managed in EU member states. Once the EU Data Privacy Directive was passed a lot changed in relation to the availability of data. These changes originated from the proliferation of the Internet, which has meant that a individual’s data can now be stored and accessed, in a many of different places. They brought about the...
How Companies Should Prepare for GDPR
The outcomes of recent surveys by Exchange Wire, Calligo and McAfee, among others, indicate that many data professionals, and their groups, are not ready for the General Data Protection Regulation (GDPR). Any group or company that is slow in preparing need to act quickly, in order achieve compliance by by May 25 2018. Many organisations may not have much to do, if they adhere with existing legislation. However, GDPR is stricter, so it...
Calligo Survey Reveals Lack of Preparation for GDPR
There is relatively little time remaining until the European Union General Data Protection Regulation (GDPR) is introduced on 25 May 2018. However, if recent surveys are to be believed, many data protection specialists and the companies they work for, are not ready for the new rules. The outcomes of a survey carried out by Cloud technology provider Calligo show that 69% of the 500 IT decision makers do not believe that their...
What are the Costs of GDPR Compliance?
FTSE 100 and Fortune 500 firms could end up forking out up to £800 million in order to review contracts and to ensure compliance with the General Data Protection Regulation (GDPR) according to a report published by legal tech firm Axiom. Many companies are currently planning for this. However, getting ready for the GDPR May 25 2018 introduction date, will not cost every firm a large amount of money. Costs of compliance very much...
GDPR Penalties Outlined
Should you be worried that your company is not be completely ready for the introduction of the General Data Protection Regulation (GDPR), now is the time to take steps. The target date, for the introduction of GDPR, is 25 May 2018, and should your business not be ready for compliance by then it could face serious financial sanctions. The classification of penalties has still not been is still to be revealed, but what is certain is...
GDPR Notification Breach Requirements Summarized
The data breach notification requirements under GDPR will be completely different to the existing ones. The regulation tends to move away from the current general alerts and introduces a new method that embraces policies and procedures. Under this new legislation, companies must report any data breach that if left unaddressed may have a detrimental effect on a person such as inflicting financial loss, reputation damage, loss of...
Recruitment Industry to be Impacted by GDPR
It is has been almost 20 years since the Data Protection Acts (DPAs) were passed. As technology continues to evolve, business operations and human activities keep advancing. The laws in relation to these activities must keep up with the rate of change. The European Union seems to have paid attention to this advice and, on May 25 2018, will introduce General Data Protection Regulation (GDPR) legislation which enhances the previous DPAs...
Construction Sector Unprepared for GDPR: Collyer Bristow Survey
UK companies that have not yet begun preparations for GDPR compliance will soon find that they have little time to implement compliant measures before the legislation becomes active. Most completed studies show that the majority of the United Kingdom’s companies are at risk of being hit with substantial financial losses in financial penalties. There is still time to rectify this of course. Roughly eight months remain for companies to...
Consumers Welcome GDPR According to SAS Survey
The coming introduction of EU General Data Protection Regulation has seen many surveys that attempt to ascertain the legislation’s possible affect on companies. The majority of these surveys focus and report on the negative affects on companies. The most commonly discussed aspect has been the strict penalties the new law applies to entities that are not adhering with the legislation. However a few of the surveys have looked deeper...
Emailing Existing Customers and GDPR Requirements
The European Union’s strategy for online privacy sets new standard requirements for compliance i communications between email marketing firms and their subscribers. The new General Data Protection Regulation (GDPR) laws, to become active on May 25 2018, brings wide-reaching changes that will make entities accountable for their actions while empowering and safeguarding the users. This law also looks set to control the menace of data...
Off-Site Workers and GDPR Requirements
When the General Data Protection Regulation (GDPR) legislation is becomes live on May 25 2018, companies that have established a safe information management process that involves offsite workers be able to demonstrate that they have met all the requirements to mitigate risks to their information. This will help in securing IP and customer information. Offsite workers use their communication tools such as laptops and smartphones for...
Only Only 5% of European Companies Ready for GDPR: Alert Logic Survey
When GDPR becomes active on May 25 2018 it will be in the backdrop of time when the world needs to improve consumer privacy rights and bolster data management. Given the significance of this law, several reports have been commissioned to review the organizations’ level of readiness for adhering with GDPR requirements. The latest survey completed by Alert Logic showed that only 5% of companies are compliant currently with EU GDPR. It...
How Email Marketing will be Affected by GDPR
The EU’s General Data Protection Regulation (GDPR) legislation is aiming to collate different email laws from across its member states. The new GDPR law is set to bring improved consistency to how businesses use and store information. GDPR amends various fundamental aspects of email marketing including how the marketers request, collect and record users’ authorization. The unified regulations will allow organizations to optimize the...
GDPR-Compliant Law Passed by Austrian Government
The Austrian Parliament seized the chance, made available by the GDPR’s opening clauses that give European Union member states the possibility to enact their local laws, to introduce the new Data Privacy Act that fine-tunes data privacy legal structures to comply with the General Data Protection Regulation (GDPR) which will become active on May 25, 2018. This move strengthens the process of adapting the domestic legal framework to...
Less then Half of Companies Have a GDPR Compliance Plan
The recent results findings of a survey conducted by SAS, a multination statistical software company, showed that only 45% of companies and groups have a structured plan ready the introduction of General Data Protection Regulation (GDPR). Just, 58% of the business managers believe that they are unaware of the legal ramification for noncompliance with the new EU legislation. Failure to know the noncompliance repercussions, as the...
GDPR Consultation Launched by British Fundraising Regulator” is locked GDPR Consultation Launched by British Fundraising Regulator
General Data Protection Regulation (GDPR) legisation, being introduced by the European Union in May 2018, is formulate to allow individuals more control of their own private personal data. Due to the need to achieve compliance with GDPR regulations, business are expected to find profitable the opportunities of the digital sector. The we get to the May 25 2018 compliance deadline, different institutions are starting to recognize the...
Competitive Advantage to be Gained from being ready fro GDPR
The EU GPDR regulations are due to come into law on May 25 2018 and all indicators point to the fact that there is a competitive business advantage to be gained for companies who are prepared to comply with the new regulations. Rather than being seen as a burden to businesses, the new law should be seen as a champion for accountability for personal data handling and enhancing individuals’ rights. Organizations and companies that can...
IT Governance, Cyber Security Policies and Defenses Highlighted in ISACA Research
According to the findings of recent research carried out by Information Systems Audit and Control Association (ISACA), cyber security and defenses pose the largest challenges to corporate governance. Boards of directors and team leaders have also failed to implement an ideal correlation between business and information technology targets. 69% of the respondents in the survey stated that they feel believe that there is no of connection...
Companies Prepared for GDPR will gain a Competitive Advantage
There is a competitive advantage for companies that prepare adequately for the GDPR compliance. The European Union’s new data privacy regulation builds on the foundations of the current data protection regulations. Consequently, GDPR should not be viewed as a burden to businesses. Although the new law demands for accountability for personal data handling and enhances individuals’ rights, it is fundamentally about trust. Companies that...
WHOIS Registry Likely to Suffer with GDPR
The European Union’s new General Data Protection Regulation (GDPR) takes effect on May 25 2018 and is likely have serious effects on the manner that businesses who process and control EU citizens’ data conduct their operations. WHOIS is one such company, a member of Domain Name industry, that will probably be affected by the regulations. The firm will need to move quickly if it is be in compliance with the from the European Union and...
GDPR will be Incorporated in UK Data Protection Bill
The British Government has recently published the Data Protection Bill, devised to bring UK data protection up to date. The Bill will give UK citizens more control over their personal data and allow stricter penalties to be sanctioned on the groups that violate the law. This Bill is being introduced as part of National Cyber Security Strategy and incorporates the European Union data protection regulations, GDPR, that come into force...
Human Resources Departments will have GDPR Requirements to Meet
With the introduction of GDPR the fundamental right for employees to access the personal data held by their employers come sharply into focus. The Subject Access Right (SAR) entitles an employee, to be aware or all personal data their employer keeps in relation to them. They can know if it is being processed, the purpose of processing as well as to who has access to the data. Employees may also obtain copies of this data. Under GDPR...
Fines for Banking Sector Data Breaches Face Increase Banking with GDPR
Banks and other financial institutions are familiar with tackling constant threats caused by data security negligence. The rising rate of cyber-attacks and hacking campaigns have made banks reevaluate their security measures to guard against external attacks on the data that they store. The, soon to be active, General Data Protection Regulation (GDPR) has been devised by the European Union to reward better protection standards and...
Does GDPR Apply to US Companies?
The General Data Protection Regulation (GDPR) comes into effect in the EU in May 2018, but does GDPR apply to US companies, and if so, how? What is the General Data Protection Regulation (GDPR)? The General Data Protection Regulation is a new law in the European Union that was approved by the EU Parliament on April 14, 2016. GDPR – Regulation (EU) 2016/679 – will come into effect on May 25, 2018 – the deadline for ensuring...