Just last week, Google was fined €50m, or over $57 million by Commission Nationale de l’Informatique et des Libertés (CNIL), the French Data Protection Authority, for violating the General Data Protection Regulation (GDPR).
In the midst of posting your name, pictures, and background on social media sites, did you ever consider who your information reaches, beyond your family and friends? Just last week I posted a picture on my Facebook account. It was a picture of my childhood dog and me. I posted the old photo with the caption, “Me and Charlie.” I watched the likes pile up; it is hard to just scroll past a dog as cute as Charlie without showing some sort of appreciation.
As a human resources (HR) professional, you may be groaning at the thought of more, required compliance measures. But no one said this would be easy. Some changes are worth the trouble and the GDPR is among those. Plus, noncompliance can be awfully pricey.
“The right to be forgotten” isn’t just another way to describe ghosting, a practice popular in dating and social circles where uninterested parties disappear without a trace. The right to be forgotten gives individuals the right to have personal data removed or erased from company servers storing their data. The right to be forgotten is one of the fundamental rights protected by the General Data Protection Regulation (GDPR).
In September 2016, Yahoo was poised to be acquired by Verizon when it announced it had suffered the biggest data breach in history in 2014. Later the company estimated that 3 billion user accounts had been compromised. The buy-out went through, but the breach knocked approximately $350 million off Yahoo’s sale price. This is an example of the type of risks data protection impact assessments (DPIAs) are intended to prevent. What are DPIAs? They are one of the five essential strategies an IT department must enact to comply with the General Data Protection Regulation (GDPR).
The General Data Protection Regulation (GDPR) is in full swing. Do you know how your supply chain is managing your company’s personal data? Are they fully compliant with the GDPR? If you answered “yes” to these questions, you can rest easily at night. If not, your company may be at risk of a data breach, a hefty fine, or a public relations debacle.
Did you know that if any third-party vendor your company uses is not compliant with the General Data Protection Regulation (GDPR), you could be held liable for their actions? And even if you aren’t, your company’s reputation could suffer if a data breach occurs. The case for complying with GDPR is indisputable—the penalties are hefty and the public relations damage can derail your company’s performance. One thing is certain: detailed and ongoing vendor monitoring from a data protection perspective is critical. Unfortunately, it’s not as simple as outsourcing data governance and privacy compliance to your vendors.
Despite the hype around GDPR in May of this year, when the EU’s new General Data Protection Legislation came into effect, many companies still do not have a robust GDPR programme or sufficient protection measures and processes in place. As Jonathan Armstrong of compliance lawyers Cordery explained to Interactive Services, “I think there have been various surveys that have said that people were not ready for GDPR when it came in. That is certainly my experience.
As you may already know, one of the biggest changes to EU data protection rules is coming into effect on May 25, 2018. The General Data Protection Regulation (GDPR) is a wide-ranging set of rules you must follow when collecting, processing, and storing an individual’s personal data. Some of its key aims are to strengthen and harmonise data protection legislation throughout the EU and to ensure that individuals are fully informed about, and in control of, their personal data. So, does this mean that data privacy and GDPR are one and the same? Not quite.
“When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.” ― David Brin It seems hardly a week goes by without some news of a data breach or cyberattack, but the latest media firestorm involving Facebook has caught the world’s attention and called into doubt companies’ accountability when it comes to data protection.