How has GDPR enforcement played out in the past year?
The Dutch Data Protection Authority (Autoriteitpersoonsgegevens, or AP) recently published a report on its 2018 activities....more
GDPR right of access applies in the work context too.
Four Uber drivers from London, Nottingham and Glasgow claim Uber has breached their rights by failing to disclose personal data the firm holds on them in breach of the...more
EDPB on the ePrivacy Directive and GDPR:
In situations where the ePrivacy Directive renders more specific the rules of the GDPR, the provisions of the ePrivacy Directive take precedence over the provisions of the GDPR....more
Data subject access rights and your medical practice: The UK Information Commissioner’s Office (ICO) issues advice.
Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came...more
GDPR does NOT:
prohibit a hairdresser from telling a customer what hair color they used on their hair -
prevent the fire department from telling a property management company whether there had been a fire in one of its...more
Data protection and political campaigns – European Data Protection Board (EDPB) issues a statement.
Key points:
Personal data revealing political opinions is a special category of data under the GDPR, and, in most...more
Trending: #GDPR.
In 2018, the European General Data Protection Regulation (GDPR) received more media coverage than Mark Zuckerberg, and was searched on Google more often than either Beyonce or Kim Kardashian – say stats...more
Since May 25, 2018, 206,326(!) GDPR cases have been reported by Supervisory Authorities (SAs) from 31 European Economic Area (EEA) countries.
Of those, 94,622 were initiated by individual complaints and 64,684 due to data...more
To better position themselves for foreign trade, on the heels of the EU General Data Protection Regulation (GDPR), many countries in the Asia Pacific are tweaking, implementing or developing their own privacy laws....more
Privacy compliance as a competitive differentiator: 97% of 3,200 companies surveyed say they are receiving auxiliary benefits today from their data privacy investments, beyond just meeting compliance requirements....more
If you de-identify end user data, this may be a use compatible with the original purpose for which the data was provided and not require seeking consent from the individual.
So, that’s between you and the end user. What...more
Now serving complaint #6241…
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has published guidelines on how it will prioritize the handling of complaints filed with it under the EU General Data...more
China is in the early stages of setting up a data protection regulatory framework with rules for consent; personal data collection, use and sharing; and user-requested deletion of data.
The intention is to build a Chinese...more
Are inferences the next frontier of data protection? Social media and other technology companies are increasingly making inferences from data collected from individuals....more
Forget me yes.
The Danish data protection authority has published a practical guide on data minimization and the right of erasure under GDPR:
If you use “soft delete,” a link is deleted but not the personal information...more
Key takeaways from the European Commission (EC) decision holding Japan as providing adequate protection to personal data:
Japan ensures an adequate level of protection for personal data transferred from the EU Japan...more
An unintended consequence of the EU General Data Protection Regulation (GDPR) are fake, or nefarious requests for access to or deletion of information.
Some points to note:
If you received a (badly worded) request for...more
“As California goes, so goes the nation,” said Vermont Attorney General T.J. Donovan.
A group of state attorneys general said Wednesday that they are looking to California for guidance and following how the country’s most...more
A total of 41 fines have reportedly been issued for GDPR violations across the various German states.
Violations included:
A clinic accidentally handed over a copy of a severely handicapped person’s ID card to the wrong...more
Forget me yes, part two.
Austrian Data Protection Authority holds that a data controller can meet its obligations to satisfy a data subject’s erasure request under GDPR by anonymizing personal data....more
If you offer goods or services to individuals in the European Union, have an establishment in the EU or monitor the behavior of individuals in the EU, now would be a good time to review your privacy notices, your process for...more
Japan is the latest country to be recognized by the European Union as providing adequate protection to data. The decision is one of mutual adequacy and creates the world’s largest area of safe data flows....more
Does your company have a processing agreement with each service provider that handles personal information for you as required by the EU General Data Protection Regulation (GDPR)?
If you don’t, it may cost you 5,000 EUR...more
A 50 Million Euro GDPR fine recently issued by French data protection authority CNIL provides actionable lessons for companies handling personal information for advertising purposes. First and foremost, refrain from block...more
If you are a U.S.-based entity that is subject to the EU Data Protection Regulation (GDPR), and you store personal data of EU residents and personally identifiable information of U.S. residents in a commingled database, you...more