Category: General Data Protection Regulation (GDPR).

GDPR: A Year Later, Are You Taking It Seriously?

  It’s now been over a year since May 25, 2018 – or “GDPR Day,” as it was known when GDPR finally took effect, about two years after it was passed into law in 2016. Regulators have been slowly easing into using these new data regulations, and some massive fines have already been handed out...

Rudd v Bridle – Subject Access Requests

SARs, Subject Access Requests, are a complicated part of the various data protection regulations that are now prevalent in almost every country. The High Court ruling that was handed down by The Honourable Mr Justice Warby in the High Courts of Justice in London in April 2019 could come as a shock to those who...

Google GDPR fines and the training implications

Just last week, Google was fined €50m, or over $57 million by Commission Nationale de l’Informatique et des Libertés (CNIL), the French Data Protection Authority, for violating the General Data Protection Regulation (GDPR).

Facebook: why data privacy matters

In the midst of posting your name, pictures, and background on social media sites, did you ever consider who your information reaches, beyond your family and friends? Just last week I posted a picture on my Facebook account. It was a picture of my childhood dog and me. I posted the old photo with the caption, “Me and Charlie.” I watched the likes pile up; it is hard to just scroll past a dog as cute as Charlie without showing some sort of appreciation.

Four Principles for Effective Training Systems

By Matt Kelly – a long-time writer and observer of the corporate compliance and GRC scene. Matt runs Radical Compliance, a website and newsletter devoted to corporate compliance, audit, and risk management issues that he launched 2016. He has been working to make the GRC world a better place ever since.        ...

GDPR Miniseries: Top 5 Things for HR in Relation to GDPR

As a human resources (HR) professional, you may be groaning at the thought of more, required compliance measures. But no one said this would be easy. Some changes are worth the trouble and the GDPR is among those. Plus, noncompliance can be awfully pricey.

GDPR Miniseries: Top 5 Things for Marketing in Relation to GDPR

“The right to be forgotten” isn’t just another way to describe ghosting, a practice popular in dating and social circles where uninterested parties disappear without a trace. The right to be forgotten gives individuals the right to have personal data removed or erased from company servers storing their data. The right to be forgotten is one of the fundamental rights protected by the General Data Protection Regulation (GDPR).

GDPR miniseries: Top 5 Things for the IT Department in Relation to the GDPR

In September 2016, Yahoo was poised to be acquired by Verizon when it announced it had suffered the biggest data breach in history in 2014. Later the company estimated that 3 billion user accounts had been compromised. The buy-out went through, but the breach knocked approximately $350 million off Yahoo’s sale price. This is an example of the type of risks data protection impact assessments (DPIAs) are intended to prevent. What are DPIAs? They are one of the five essential strategies an IT department must enact to comply with the General Data Protection Regulation (GDPR).

GDPR Miniseries: Top 5 Things for Supply Chains in Relation to GDPR

The General Data Protection Regulation (GDPR) is in full swing. Do you know how your supply chain is managing your company’s personal data? Are they fully compliant with the GDPR? If you answered “yes” to these questions, you can rest easily at night. If not, your company may be at risk of a data breach, a hefty fine, or a public relations debacle.

GDPR Miniseries: Top 5 Things for Procurement in Relation to GDPR

Did you know that if any third-party vendor your company uses is not compliant with the General Data Protection Regulation (GDPR), you could be held liable for their actions? And even if you aren’t, your company’s reputation could suffer if a data breach occurs. The case for complying with GDPR is indisputable—the penalties are hefty and the public relations damage can derail your company’s performance. One thing is certain: detailed and ongoing vendor monitoring from a data protection perspective is critical. Unfortunately, it’s not as simple as outsourcing data governance and privacy compliance to your vendors.