Facebook is under pressure as a result of a €1.2-million fine by the Spanish Data Protection Authority for not adequately collecting the consent of its user and non-users. This infringement of data privacy is the second in a matter of months, following a €150 000 fine from the French privacy regulators for a violation along similar lines.
The volume of data you have on your computer system grows by the day. But do you need it all and how will you manage the storage of it as it increases? Since backing up has become vital to business continuity, you need to be smart about what you keep and what you don’t. Redstor looks at the question in their data management article: Archive or delete – What should you do with your data?
In a move that spotlights the accelerating importance of data protection and privacy worldwide, Ireland’s High Court will ask the EU’s Court of Justice for a ruling on whether business enterprises operating via the Internet, such as social media giant Facebook, will be allowed to transfer users’ data to the United States.
Needless to say, a ban on data transfers would have huge consequences not only for social media, but for all US enterprises that process data on EU residents, whether for online purchases, accommodation bookings or moving employee data between countries. Just think of all the US websites that are used heavily by Europeans every day: Amazon, Google, HomeExchange, Airbnb, Whatsapp and Booking.com.
Time is marching on to May 2018, when the EU’s data protection law will be revamped to give individuals much more control over their personal data.
You probably already know that organisations need to show compliance with the General Data Protection Regulation (GDPR) and that many will need to employ a Data Protection Officer. But who can be a DPO? What do you need to do to become one?
The role of a DPO has been relatively informal in the past but has now been formalised by the regulation. Still, the regulation doesn’t give hard and fast rules on the requirements or qualifications a DPO needs to have.
To this end, the Irish Data Protection commissioner released guidance on what it sees as appropriate qualification.
On 7 August 2017 the UK Government committed to a new Data Protection Bill that will bring the UK’s laws into line with the EU’s General Data Protection Regulation, which comes into effect in May 2018.
So finally (you can hear my audible sigh of relief), a couple of weeks ago, we received absolute clarity on what data protection will look like in the UK post-Brexit. If you’re based in the UK and have not yet read the Department for Digital, Culture Media & Sport statement of intent, please do so! Here is the link. It removes any uncertainty about what the data protection law will be post-Brexit.
Understanding the principles of the General Data Protection Regulation (GDPR) is vital to becoming compliant with it.
The principles of the GDPR expand on those of the Data Protection Directive of 1995 and introduce a new “accountability” requirement, which specifies that holders of personal information are responsible for compliance and must be able to demonstrate how they comply with the law.
Every organisation that holds or uses European personal data inside or outside Europe – no matter the nature of its business or the sector in which it operates – is affected by the new data protection law.
Yes, even if you’re not based in the European Union (EU) the General Data Protection Regulation (GDPR) applies to you.
Really? Even if I’m not in the EU? Yes, it doesn’t matter whether you have a physical presence in the EU.
The EU’s GDPR affects all countries and applies to any business or organisation that holds personal data on or provides goods or services to EU citizens or EU residents.
So, if you hold information about present or past employees, clients or suppliers who are EU citizens or EU residents you need to comply with the GDPR. Even if you don’t offer your product or service directly to consumers, but rather provide a service to an EU company that leads to you in some way processing personal data on EU citizens or residents, you’ll need to comply.
The General Data Protection Regulation (GDPR) has come about as a result of the digital age, which has resulted in a proliferation of easily accessible and shareable personal data.
The regulation was adopted on 27 April 2016 with the intention that it will strengthen and unify data protection for all individuals in the European Union. When it becomes law on 25 May 2018 it will replace the current Data Protection Directive of 1995.
By harmonising data protection and privacy laws across the European Union, the GDPR will strengthen the rights of EU citizens and residents and give them control over their personal data. Businesses and organisations will have a single regulatory environment throughout the EU specifying how to collect, hold and process personal data.