On 7 September the The Washington Post reported that a security breach at Equifax, a US credit rating bureau, resulted in hackers gaining access to personal data belonging to an estimated 143 million individuals. Apparently, the breach was due to an 11-year-old website application flaw that compromised the personal information of not only Americans, but British and Canadian consumers.
Amongst the stolen personal data are names, driver’s license details, credit card numbers, social security numbers and birth dates – basically the key ingredients for identity fraud.
Time is marching on to May 2018, when the EU’s data protection law will be revamped to give individuals much more control over their personal data.
You probably already know that organisations need to show compliance with the General Data Protection Regulation (GDPR) and that many will need to employ a Data Protection Officer. But who can be a DPO? What do you need to do to become one?
The role of a DPO has been relatively informal in the past but has now been formalised by the regulation. Still, the regulation doesn’t give hard and fast rules on the requirements or qualifications a DPO needs to have.
To this end, the Irish Data Protection commissioner released guidance on what it sees as appropriate qualification.
On 7 August 2017 the UK Government committed to a new Data Protection Bill that will bring the UK’s laws into line with the EU’s General Data Protection Regulation, which comes into effect in May 2018.
So finally (you can hear my audible sigh of relief), a couple of weeks ago, we received absolute clarity on what data protection will look like in the UK post-Brexit. If you’re based in the UK and have not yet read the Department for Digital, Culture Media & Sport statement of intent, please do so! Here is the link. It removes any uncertainty about what the data protection law will be post-Brexit.
DPO is an acronym for Data Protection Officer. A DPO is a person who is given formal responsibility for data protection compliance within an organisation.
Under the EU’s General Data Protection Regulation (GDPR), some organisations will be required to appoint a DPO. When appointed, the GDPR prescribes a framework around the roles and responsibilities of the DPO. But it is important to note that not all organisations will have to appoint DPOs and that the DPOs themselves will not personally be responsible for an organisations non-compliance with the GDPR. Data protection compliance is ultimately the responsibility of the controller or processor of the personal data.
Understanding the principles of the General Data Protection Regulation (GDPR) is vital to becoming compliant with it.
The principles of the GDPR expand on those of the Data Protection Directive of 1995 and introduce a new “accountability” requirement, which specifies that holders of personal information are responsible for compliance and must be able to demonstrate how they comply with the law.
Every organisation that holds or uses European personal data inside or outside Europe – no matter the nature of its business or the sector in which it operates – is affected by the new data protection law.
Yes, even if you’re not based in the European Union (EU) the General Data Protection Regulation (GDPR) applies to you.
Really? Even if I’m not in the EU? Yes, it doesn’t matter whether you have a physical presence in the EU.
The EU’s GDPR affects all countries and applies to any business or organisation that holds personal data on or provides goods or services to EU citizens or EU residents.
So, if you hold information about present or past employees, clients or suppliers who are EU citizens or EU residents you need to comply with the GDPR. Even if you don’t offer your product or service directly to consumers, but rather provide a service to an EU company that leads to you in some way processing personal data on EU citizens or residents, you’ll need to comply.
If you own or manage an organisation in the EU and are concerned about the imminent General Data Protection Regulation (GDPR), read on for an overview of what will be required of you to achieve compliance.
The GDPR was approved by the EU Parliament on 14 April 2016 after four years of discussion and planning. The regulation sought to replace the Data Protection Directive of 1995 and to harmonise data protection regulations across the European Union.
The General Data Protection Regulation (GDPR) has come about as a result of the digital age, which has resulted in a proliferation of easily accessible and shareable personal data.
The regulation was adopted on 27 April 2016 with the intention that it will strengthen and unify data protection for all individuals in the European Union. When it becomes law on 25 May 2018 it will replace the current Data Protection Directive of 1995.
By harmonising data protection and privacy laws across the European Union, the GDPR will strengthen the rights of EU citizens and residents and give them control over their personal data. Businesses and organisations will have a single regulatory environment throughout the EU specifying how to collect, hold and process personal data.
There has been an explosion of global data protection regulations.
We’ve expanded our compliance framework to enable multiple regulations.
We’ve outgrown GDPR alone, so we’re changing our name to PrivIQ to reflect that and to focus on providing “Intelligent Compliance, Simply.”