Category EU General Data Protection Regulation

December 7, 2015,  EU General Data Protection Regulation, Martin Hickley, News, Thought Leadership  No comments

Research on the increase in secondary costs as a result of new regulatory burdens imposed on organisations as a result of the forthcoming EU General Data Protection Regulation (GDPR) has exposed a hidden danger.

The costs of insuring against a breach of contract, litigation costs incurred as a result of cyber-attacks and compensation claims made by millions of customers for breach of their personal data records is set to escalate insurance premiums by as much as 150%, warns Martin Hickley, Director of Data Protection at GO DPO® EU Compliance, a specialist executive training company.

Hickley says: “It’s well known that most organisations impacted by the GDPR are dangerousl...

November 30, 2015,  data protection, EU General Data Protection Regulation, News  No comments

At this time of year parents all over the world are busy working out what the latest electronic gadget they need to buy for their children before the Christmas rush makes these highly-prized toys out of stock. One of the biggest manufacturers is Chinese consumer giant VTECH that owns the Learning Lodge app store.

But this story doesn’t have a happy ending.

The customers’ secrets stored on the company’s data base have been hacked and according to security experts this amounts to 4.8m unique customer email addresses as well as names and download history.

According to reports, the company database was compromised on 14 November but it took a good 10 days before HKT (the ow...

November 20, 2015,  EU General Data Protection Regulation  No comments

Nike has been collecting too much personal information from customers without correctly obtaining their permission first.

The world’s largest sportswear company has now been issued with a warning to stop this by the Dutch DPA (CBP).

The Nike+ Running app combines GPS information about distance covered with body characteristics such as height and weight to calculate calories and ‘Fuel Points’ for the Nike rankings. Storage of these details for a longer period constitutes handling of sensitive personal health information, CBP found.

Under the forthcoming EU General Data Protection Regulation (GDPR), a key principle is purpose limitation, designed to establish the boundaries...

November 7, 2015,  Council of Ministers, Data Protection Act 1998, EU General Data Protection Regulation, European Commission, European Data Protection Supervisor, European Parliament, Martin Hickley, Thought Leadership  No comments

It’s not as easy as it looks, is it? And that goes for the differences between the Data Protection Act (DPA) 1998 and the forthcoming EU General Data Protection Regulation (GDPR) on course to gain consent from the European Commission, European Parliament and European Council of Ministers in early January2016.

That means it will be fully implemented at the end of 2017 after the 2-year transition period expires.

Once GDPR has achieved agreement, the Data Protection Directive 95/46/EC is repealed and the basis for the DPA 1998 has effectively been removed.

The legal position as to what happens during the transition period is still to be worked out but by far the safest course ...

October 4, 2015,  data protection, EU General Data Protection Regulation, News, Thought Leadership  No comments

Each day more and more comment is emerging on the lack of preparedness of business to deal with the forthcoming EU General Data Protection Regulation (GDPR) and the need to put education and training on the top of the business agenda – and you may find these two very recent news items of interest and helpful.

We’ve been briefing a Member of the Government’s Treasury Select Committee a few weeks’ ago when we highlighted the issue of GDPR is simply much bigger than a digital marketing issue under ICO’s remit reporting into the Department for Culture, Media and Sport (DCMS).

Check out this recent news item

We strongly support the idea of a debate in the British Parliam...

October 3, 2015,  EU General Data Protection Regulation, News  One comment

In the news this week was the much publicised anger of the youthful looking CEO of T-Mobile John Legere at the announcement that Experian, the world’s largest credit rating agency had suffered a sensitive personal data breach affecting 15m T-Mobile customers after its servers were hacked.

Under the forthcoming EU General Data Protection Regulation (GDPR) both data controllers (T-Mobile) and data processors (Experian) are jointly and severally liable in the event of a personal data breach or sensitive personal data breach. So such an incident that took place at Experian will have far reaching consequences for T-Mobile under the new EU Regulation when it comes into force.

Exp...

September 24, 2015,  Council of Ministers, data protection, EU General Data Protection Regulation, European Commission, European Parliament, Legal update, News, Thought Leadership  No comments

This week the blogosphere went into overdrive with the news that the non-binding legal opinion of the Advocate General of the European Court of Justice claims that EU user data transferred to the US by various technology companies is a violation of current EU data protection and privacy laws.

Even before this opinion, the European Commission was already attempting to re-negotiate the Safe Harbor Agreement with the US...

September 9, 2015,  Council of Ministers, EU General Data Protection Regulation, European Commission, European Parliament, News  No comments

This morning (Wed 9 September 2015) European Commission President Jean-Claude Juncker has revealed the priorities in the business of the European Commission and this includes reform of Europe’s data protection and privacy laws against the backdrop of a connected single digital market.

Juncker indicated in his speech today as well as in an open letter to European Parliament, co-signed by Frans Timmermans, first Vice President of the European Commission that “over the next few weeks the Commission will engage actively with the European Parliament and the Council to take forward discussions on these issues.”

In a ten-point priority list, Juncker clearly signalled the refor...

August 31, 2015,  EU General Data Protection Regulation, Thought Leadership  No comments

Yes, how many years can some people exist

Before they’re allowed to be free?

Yes, how many times can a man turn his head

Pretending he just doesn’t see?

Yes, how many times must a man look up

Before he can see the sky?

Yes, how many ears must one man have

Before he can hear people cry?

The answer, according to Dylan is blowin in the wind.

Back in 1962, Blowin’ in the Wind became the anthem of the civil rights movement. In fact, Peter, Paul & Mary performed it on the steps of the Lincoln Memorial in August of that year, a few hours before Dr Martin Luther King delivered his ‘I have a dream’ speech.

Years later, Dylan explained that the song can mean whatever you want it ...

July 29, 2015,  Council of Ministers, EU General Data Protection Regulation, European Commission, European Data Protection Supervisor, European Parliament, News  No comments

This week the EU’s independent privacy watchdog, the European Data Protection Supervisor (EDPS) has declared wide ranging support for the European Parliament’s version of the EU General Data Protection Regulation (GDPR) that’s the subject of trilogue negotiations between the European Commission, European Parliament and Council that may be concluded as early as end of October 2015.

However, a notable difference between the EDPS and the European Parliament’s view is the mandatory appointment by organisations and companies of a Data Protection Officer (DPO).

It’s worth noting that 35% of all EU Member States currently require the appointment of a DPO as a compulsory measur...