Search

Tuesday, May 24, 2016

GDPR: Potential fines for data security breaches more severe for data controllers than processors

GDPR: Potential fines for data security breaches more severe for data controllers than processors • The Register:

"One of the many changes that the new Regulation will deliver when it comes into force on 25 May 2018 is a new statutory obligation on data security that data processors must observe above and beyond contractual duties agreed with data controller customers."

How to handle the new US-EU data regulations: Model contracts and punishments | TechRadar

How to handle the new US-EU data regulations: Model contracts and punishments | TechRadar:

"Many businesses have implemented alternative methods of data protection compliance, including the use of model contracts," says Ashley Winton, Partner and UK head of data protection and privacy at international law firm Paul Hastings LLP, and Chairman of the UK Data Protection Forum.

Sunday, May 15, 2016

GDPR: Getting Ready for the New EU General Data Protection Regulation

GDPR: Getting Ready for the New EU General Data Protection Regulation | Information Law Group: The GDPR goes into effect "beginning on May 25, 2018, replacing the national laws and regulations based on the venerable 1995 EU Data Protection Directive and reaching companies that target EU consumers from outside the EU."

Save the Date: GDPR goes into effect May 25, 2018 - Lexology

Save the Date: GDPR goes into effect May 25, 2018 - Lexology: "We now have a precise date for the European Union’s General Data Protection Regulation to go into effect: May 25, 2018. The official version has been published and is available here. The GDPR, in its official published version, contains 87 densely-packed pages of recitals and articles..."



'via Blog this'

Monday, May 9, 2016

Privacy Counsel High Demand, Low Supply Raises Costs | Bloomberg BNA

Privacy Counsel High Demand, Low Supply Raises Costs

Is there a GDPR effect yet, or will GDPR make this an even tougher problem?

http://www.bna.com/privacy-counsel-high-n57982070848/

Saturday, May 7, 2016

A Global Privacy Rights Movement Poses New Business and Economic Risks | Intralinks

A Global Privacy Rights Movement Poses New Business and Economic Risks | Intralinks: "Over 70% of respondents expect to increase spending in order to meet data sovereignty requirements, 30% expect budgets to rise by more than 10% over the next two years"



'via Blog this'

Monday, April 4, 2016

British mobile phone users’ movements 'could be sold for profit’ | World news | The Guardian

"Customers do have a legal right to opt out of location tracking for marketing purposes and, with the forthcoming European General Data Protection Regulation, will soon be able to demand that their location data is deleted"

http://www.theguardian.com/world/2016/apr/04/mobile-phone-users-movements-are-tracked-and-sold-for-profit

Saturday, February 27, 2016

Tuesday, February 9, 2016

The Tort of Intrusion Upon Seclusion Meets Class Action Certification: Part II

Helpful Canadian perspective from Consumer & Retail Advisor

http://www.consumerretailadvisor.com/2014/07/the-tort-of-intrusion-upon-seclusion-meets-class-action-certification-part-ii/

From Safe to Schrems to Shield - MoFo on the EU Privacy Landscape

From Safe to Schrems to Shield - Shifting Grounds in the EU Privacy Landscape > Morrison Foerster: "Last week, in the midst of WP29 meetings that could have led to the invalidation of data transfers to the United States under the alternative data transfer mechanisms, the EU and U.S. authorities announced that they had reached an agreement on a revised Safe Harbor. The WP29 immediately reacted. This alert examines these developments and their implications in the near term."



'via Blog this'

UK lawmakers criticise surveillance bill over privacy concerns

UK lawmakers criticise surveillance bill over privacy concerns

http://in.mobile.reuters.com/article/idINKCN0VI0YD?irpc=932

Saturday, February 6, 2016

Safe Harbor 2.0: Confusion Reigns As US, EU Send Mixed Messages Over ‘Privacy Shield’ Data-Sharing Rules

"So with Safe Harbor invalidated, alternatives simply too onerous to implement and the details of Privacy Shield still to be finalized, it's unclear whether thousands of companies potentially still using Safe Harbor are going to face enforcement actions."

Safe Harbor 2.0: Confusion Reigns As US, EU Send Mixed Messages Over ‘Privacy Shield’ Data-Sharing Rules

“What we actually have here is a desperate PR effort to buy more time before the EU Commission and the U.S. have to face the consequences of the legal incompatibility between the EU’s Charter of Fundamental Rights and the U.S.’ commitment to mass surveillance,” Simon McGarr, an Irish lawyer specializing in internet protocol and law, said

What businesses need to know about Privacy Shield | PCWorld

What businesses need to know about Privacy Shield | PCWorld: "April is the soonest Europe's data-protection authorities are likely to be able to finish their legal analysis, according to the Article 29 Working Party, the EU body representing those DPAs."



'via Blog this'

The New “EU-US Privacy Shield” | Information Law Group

"According to today’s press release from the European Commission, the new focus is on transparency and recourse for government surveillance, but there is also a commitment to more rigorous enforcement. "

The New “EU-US Privacy Shield” | Information Law Group

From the press release: “For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement."

Saturday, January 30, 2016

Tuesday deadline looms over US-EU privacy pact

Tuesday deadline looms over US-EU privacy pact | TheHill: "Negotiators have only until Feb. 2 to strike a deal ensuring that commercial data transfers between Europe and the U.S. are able to continue after a critical 2000 agreement was struck down over privacy concerns last fall."



'via Blog this'

Tuesday, January 26, 2016

Four key factors businesses need to know about privacy in 2016 | Econsultancy

"This year will see privacy transition from the conceptual to the concrete as businesses are forced to understand how to make privacy a core business process, something that hasn't been done on a wide scale before."

https://econsultancy.com/blog/67432-four-key-factors-businesses-need-to-know-about-privacy-in-2016/

Friday, January 22, 2016

The new EU GDPR – what’s it all about?

The new EU GDPR – what’s it all about?: "The stick in all of this is that penalties are changing – significantly. Currently the absolute maximum theoretical penalty for a breach of the data protection legislation is €250,000."



'via Blog this'

How To Prepare Your Organisation For EU Data Protection Reform

How To Prepare Your Organisation For EU Data Protection Reform | TechWeekEurope UK: "Whether you are part of a European company or a non-European company that trades or stores data inside Europe, it is likely that the new European data protection regulations coming into play will affect the way you handle employee and customer data."



'via Blog this'

The GDPR text as a PDF (Regulation (EU) No XXX/2016

This seems to be the latest version, in PDF format, 204 pages



Regulation_consolidated_text_EN_47uW.pdf

Thursday, January 21, 2016

New EU data protection legislation will challenge U.S. IT execs

"Thanks to an extraterritoriality clause, even a company or service provider with no physical EU footprint still has to comply with the EU data protection legislation if it processes EU citizens' data, Brown said, making it of global concern."

http://searchcio.techtarget.com/news/4500267769/New-EU-data-protection-legislation-will-challenge-US-IT-execs

Ready Or Not, Here It Comes - EU General Data Protection Regulation

Ready Or Not, Here It Comes - EU General Data Protection Regulation — BakerINFORM - Legal Insights on Data & Technology Trends from Baker & McKenzie: "The GDPR will apply directly in each of the 28 EU Member States. With its wide territorial scope, the GDPR will not only apply to the data processing activities of EU-based businesses, but also to various data processing activities of businesses not established in the EU to the extent they target EU data subjects."

AIIM Industry Watch: Data Privacy - living by new rules

AIIM Industry Watch: Data Privacy - living by new rules: 36% of smaller organizations, 43% of mid-sized and 52% of large organizations have reported a data breach in the past 12 months – more due to staff intent or negligence than from external hackers.

Canada Moves Forward with Mandatory Federal Security Breach Notification Law

Canada Moves Forward with Mandatory Federal Security Breach Notification Law | Data Privacy Monitor: "The Digital Privacy Act provides for fines of up to CA$100,000 for knowing violations of the breach notification requirements, or the requirement that organizations “keep and maintain a record of every breach of security safeguards involving personal information under [the organization’s] control.”"



'via Blog this'

U.S. lawmakers delay bill on European data privacy deal

U.S. lawmakers delay bill on European data privacy deal | Reuters: "EU privacy regulators are due to meet on Feb. 2 to decide if they should begin enforcement action against companies if they determine all transfer mechanisms violate EU law and there is no new framework in place."



'via Blog this'

Assessing IT Security Standards Against the Upcoming GDPR for Cloud Systems

"This work in progress aims at identifying a mapping between the current security standards (in particular, but not limited to, ISO 27001-2013) and the upcoming regulations in data protection. "

What the end of Safe Harbor means for the digital economy - CSMonitor.com

"The Article 29 Working Group, which advises EU data protection authorities (DPAs), has said that after Jan. 31 companies that cannot comply with privacy rules could face enforcement action."

http://m.csmonitor.com/World/Passcode/2016/0120/What-the-end-of-Safe-Harbor-means-for-the-digital-economy

Wednesday, January 20, 2016

Key globally relevant data protection developments in 2015 and trends for 2016

Key globally relevant data protection developments in 2015 and trends for 2016 | Global Compliance News: "The Schrems decision of the European Court of Justice invalidating the European Commission’s 2000 Safe Harbor adequacy decision must be the 2015 event that shook up the privacy world the most." (Interesting interplay with GDPR.)

EU Parliament and Council’s Agreement on the GDPR and What It Means for Businesses

EU Parliament and Council’s Agreement on the GDPR and What It Means for Businesses | Resources | Morrison Foerster: "When the GDPR goes into effect, it will have wide ranging implications for companies operating in Europe as well as companies who have no operations at all in Europe."

New EU Data Protection Regime Set to Have Big Impact | The National Law Review

New EU Data Protection Regime Set to Have Big Impact | The National Law Review: "The GDPR will apply to all companies that offer services in the EU or monitor behavior of data subjects in the EU..."

EU Data Regulations Tough On Social Nets 01/19/2016

EU Data Regulations Tough On Social Nets 01/19/2016: “The changes to the General Data Protection Regulations will be felt globally," Khatibloo explains ahead of a new report to be released by Forrester later this month.

Privacy will hit tipping point in 2016

Privacy will hit tipping point in 2016: "Concerns about online privacy will reach a tipping point in 2016, prompting regulators to crack down on companies, and consumers to demand greater protection, a new study by Forrester Research predicts." (Not directly GDPR related)

12-step action plan for GDPR - Enterprise Times

12-step action plan for GDPR - Enterprise Times: "40% of the respondents admitted to being unprepared for GDPR despite the fact that privacy has been a headline item for years."

12-step action plan for GDPR - Enterprise Times

12-step action plan for GDPR - Enterprise Times: 40% of the respondents admitted to being unprepared for GDPR despite the fact that privacy has been a headline item for years.

GDPR: How will the EU data protection law impact U.S. industry? - IT Compliance Advisor

GDPR: How will the EU data protection law impact U.S. industry? - IT Compliance Advisor: "While the new rule package won’t go into effect until 2018, cybersecurity experts are already forecasting greater discussion around data privacy, particularly among U.S. companies, because of GDPR."

GDPR passes and gains infosec approval - Infosecurity Magazine

GDPR passes and gains infosec approval - Infosecurity Magazine: "The agreement for the GDPR could lead to fines of up to 4% of annual turnover for firms which break the rules"

A Primer on the GDPR: What You Need to Know | Privacy Law Blog

A Primer on the GDPR: What You Need to Know | Privacy Law Blog: "Although it won’t officially become law until it receives the approval of the EU Parliament, now is the time to study the most important aspects of the GDPR so you can be prepared for the new regime."

EU Court Rejects “Safe Harbor” Agreement Permitting Customer Data Transfers to U.S.

EU Court Rejects “Safe Harbor” Agreement Permitting Customer Data Transfers to U.S. | The National Law Review: "The case, entitled Maximillian Schrems v. Data Protection Commissioner, was decided on October 6, 2015 and has an immediate effect on European courts. See here."

What is the GDPR?

The General Data Protection Regulation (GDPR) is a set of rules created by the European Commission in an attempt to improve data protection for individuals within the European Union (EU). The EC is looking to get companies compliant with the GDPR by 2018. The GDPR imposes significantly higher privacy and data protection standards than those already in place in the EU.

The GDPR also addresses export of personal data outside the EU, which in turn affects US companies in the wake of the breakdown of Safe Harbor.

The complex approval process for the regulation should not lead US companies to hold out hope that these rules will not come to pass. The time for companies to begin preparing is now. This article has a link to the latest GDPR draft and a description of its implications.

News About the GDPR: the EU General Data Protection Regulation

Welcome! I popped up this site to aggregate news clippings and other information about the EU GDPR. I expect a lot of entries will be very short, mainly just a link and a few words of description. Hopefully people will find it useful.