Category EU General Data Protection Regulation

EDPB launch One-Stop Shop register of decisions

Described as a ‘treasure chest’ of decisions, it will help DPOs and Data Controllers understand what’s happening on the ground.

Unsurprisingly, most decisions on the lead SA pivot on the protection of data subject rights and the legal basis for processing.

Where action by the Lead SA has been taken in the wake of multiple-jurisdiction infringements, this has been more about compliance orders and a ‘slap on the wrist’ for the data controller rather than imposing headline catching fines, trying to find a consensual approach to remedy data privacy breaches.

Read More

Implications for data privacy in the UK in the wake of a deal or ‘no deal’ Brexit

Having left the European Union (EU) on 31 January 2020, the UK is currently in a Brexit transition period that runs out on 31 December 2020. Whilst the other 27 Member States of the EU have been grappling with containing the Covid-19 pandemic, you could be forgiven for thinking these countries as well as the UK have taken their eyes off the ball when it comes to striking a Brexit deal.

If you think that to be the case, think again.

If the UK wants an extension, it will need to ask for this by 30 June 2020 and the European Commission has already indicated that in the circumstances this would be granted...

Read More

European Commission set to call time on Privacy Shield

Time has almost run out for EU-US Privacy Shield. It’s highly probable that by 18 October 2018, the European Commission will agree with the European Parliament vote taken in July 2018 to suspend EU-US Privacy Shield, the international data sharing agreement between the US and the European Union.

This won’t come as any surprise within the data privacy community and in many respects has been on the cards since the Facebook and Cambridge Analytica scandal earlier this year that underlined the importance of monitoring mechanisms intended to protect citizens from the misuse of their personal data on an industrial scale.

But it would be wrong to write off Privacy Shield as ...

Read More

Interviewed for the 6 O’Clock News TRTWorld on GDPR – 25 May 2018

This is an interview on the practical issues facing companies and organisations in complying with the GDPR.

 

To watch again, click here

Read More

TRT World Roundtable with David Foster

Other studio guests: Rhiannon Evans–Young, Director and Co-founder of Crest Communications; Hussein Kanji, Co–founder of Hoxton Ventures and Kate Bevan, the Editor of Which? Computing.

To watch again, click here

 

Read More

Attack of the zombies with “GDPR emails” breaks data protection laws!

This is an all-out attack by the zombies and it’s continuing post-25 May! They follow other zombies by sending us mindless emails saying this kind of crap:

“We’re committed to managing and safeguarding the information you give us when looking for a job. CLICK HERE TO STAY SIGNED UP.”

Or how about this:

“LET’S STAY IN TOUCH. Did you know? New privacy laws come in to effect on 25 May. This landmark new law is designed to improve your privacy rights. This is great news for online shoppers, so if you enjoy getting our promotional emails, just click below…”

Or this:

“We don’t want to lose you, so please take action NOW”

STOP! THINK! LEARN!

These emails are ...

Read More

BSI makes film of Hitachi Consulting becoming the first global brand to achieve BS10012:2017 certification ahead of 25 May 2018

Yesterday, I gave an interview on film about my role as a member of the team that led to Hitachi Consulting Corp becoming the first global brand to achieve BS10012:2017.The new standard was created in the wake of the GDPR and is a Personal Information Management System (PIMS). This is a significant achievement as Hitachi Consulting Corp can now demonstrate – and it’s been independently verified by the oldest standards awarding body in thew world – that it has a world-class  culture of compliance. The PIMS sits at the heart of Hitachi Consulting Corp. efforts to comply with the GDPR.  The short film is available here   It was launched on Friday 25 May to coincide ...
Read More

US companies are behind the curve on understanding how GDPR impacts their businesses

There’s an eerie lack of awareness about the impact of the GDPR on US businesses that target consumers in the European Union. According to recent research by the IAPP, complexity of laws, inadequate budget and too little time combined with the lack of qualified and trained staff have conspired to perpetuate this lack of readiness by US companies.

Here in Europe, many companies and organisations have been bracing themselves for the biggest shake-up in data protection, privacy and security for over two decades that’s fully effective from 25 May 2018 – in 13 days’ time.

I’ve been in conversations with senior US-executives who’ve boldly told me that the “GDPR doesn’t apply...

Read More

Enough already? Fed up with GDPR emails asking for your consent?

You bet!

This is an all-out attack by the zombies! They follow other zombies by sending us mindless emails saying this kind of crap:

“We’re committed to managing and safeguarding the information you give us when looking for a job. CLICK HERE TO STAY SIGNED UP.”

Or how about this:

“LET’S STAY IN TOUCH. Did you know? New privacy laws come in to effect on 25 May. This landmark new law is designed to improve your privacy rights. This is great news for online shoppers, so if you enjoy getting our promotional emails, just click below…”

Or this:

“We don’t want to lose you, so please take action NOW”

STOP! THINK! LEARN!

These emails are pointless!

In the UK,...

Read More

Dot Gone! The end of the road for Whois

It’s the end of the road – and the end of an era – for the Whois service as its US-based parent ICANN fails to find a solution to continue the service that isn’t a breach of the General Data Protection Regulation (GDPR).

According to its Wikipedia entry, Whois is a ‘query and response protocol that’s widely used for querying databases that store the registered users or assignees of anInternet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.’

The Whois system publishes the name, address and ...

Read More