Category Legal update

GDPR accelerator – DPIA Lite

ardi-in-action-at-iapp-conference-2016Last week I had the honour of speaking at the IAPP Europe Data Protection Congress 2016 in Brussels that was the biggest gathering of data protection professionals to date on mainland Europe with over 1100 delegates drawn from across Europe, US and the Far East.

My short talk was about sizing the risk and the GDPR accelerator ‘DPIA Lite’ that was devised by our team led by Martin Hickley, Associate, Henley Business School and Director of Data Protection, GO DPO®.

A significant aspect of the EU General Data Protection Regulation (GDPR) is demonstrating and verifying compliance – making it evident to the Supervisory Authority that the organisation is meeting its obligations under the EU Regulation.

There are three key ways in which an organisation can demonstrate that it’s compliant w...

Read More

Are you a Superhero?

Superman…-Saves-the-DayOne of the biggest changes in data protection and privacy to usher in the New Year with a bang is publication of the EU General Data Protection Regulation (GDPR) later this month. And it’s really important that all companies take the necessary steps to protect themselves from becoming liable for personal data breaches under this EU Regulation.

As reported extensively in this blog over the last 12 months, the GDPR will force all organisations to re-wire their thinking as well as their data protection policies and procedures for handling personal data under a fundamental change in European law.

Experience to date shows that effective training is the first line of defence and by far the best way to mitigate against the risks of being landed with a massive fine – which can be as high as €20m...

Read More

Goodbye to ‘Safe Harbor’ as US companies need to start playing by the same rules

not so safe harborThis week the blogosphere went into overdrive with the news that the non-binding legal opinion of the Advocate General of the European Court of Justice claims that EU user data transferred to the US by various technology companies is a violation of current EU data protection and privacy laws.

Even before this opinion, the European Commission was already attempting to re-negotiate the Safe Harbor Agreement with the US. The Advocate General observed: “If the (European) Commission decided to enter into negotiations with United States, that is because it considered beforehand that the level of protection ensured by that third country, under the safe harbour scheme, was no longer adequate.”

And of course, he’s impeccably right in this regard.

The cornerstone of this highly influential leg...

Read More

What GDPR means for organisations and companies in 2015

Get Ready for GDPRCompanies and organisations that use data at the centre of their sales and marketing activities – and that’s just about everyone reading this blog – will be impacted by the forthcoming EU General Data Protection Regulation (GDPR).

Agreement between the European Parliament, Council of Ministers and European Commission now looks like a distinct possibility in November/December 2015 after which there’ll be a two-year transition period before sanctions begin to bite.

How the GDPR fits into an overall framework of changes within the European Union

EU Charter of Fundamental Rights

The Charter is an important development as it’s the first formal EU document to combine and declare all the values and fundamental rights (economic and social as well as civil and political) to which EU citize...

Read More

Is Google taking the pee out of data protection?

Google taking the pissIt’s no exaggeration to claim but when the history of data protection and privacy is written 10 years from now, one company will be credited with having had the most influence over the shape of data protection and privacy across the European Union (EU).

And it’s Google.

No week goes past without some reference to one of the most powerful digital companies on the planet. And this week just gone has been no exception.

On Thursday 9 July, Google was forced to revise its privacy policy after the Dutch Data Protection Authority (DPA) threatened to fine company €15m. Google will now have to seek new users’ permission to combine their personal data throughout its services...

Read More

European Council of Ministers in “historic step” for GDPR by end of 2015

V Jourova, European Commission describes progress on GDPR as an historic daySpeaking at a news conference a few hours ago, Věra Jourová, the European Union’s Commissioner for Justice, Consumers and Gender Equality announced that an “historic step” had been taken today as the European Council of Ministers reached agreement on the general approach on the General Data Protection Regulation (GDPR).

Latvia’s minister for justice Dzintars Rasnačs added: “We have moved a great step closer to modernised and harmonised data protection framework for the European Union. I am very content that after more than 3 years of negotiations we have finally found a compromise on the text and (GDPR)… will strengthen individual rights of our citizens and ensure a high standard of protection.”

What this means is that the Council of Ministers has political agreement on the basis of...

Read More

Countdown to GDPR

time is tickingThe clock is ticking for reaching agreement on the EU General Data Protection Regulation, according to the European People’s Party (EPP) Group that brings together centre and centre-right pro-European political forces from the Member States and represents the largest group in the European Parliament.

Monday 15 and Tuesday 16 June 2015

The Council of Ministers will meet in Luxembourg to agree the adoption of a general approach to GDPR.

In effect, the Council will declare its own view on the preferred draft for GDPR and GDPR watchers the world over will be able to compare and contrast the various differences that will exist between this version and the one favoured by the European Parliament.

What started life as an ambitious proposal for reform by the European Commission that was amended ...

Read More

Don’t call us. We’ll call you. And steal your data.

AT&T image of data theftWhile the EU General Data Protection Regulation (GDPR) requirements have yet to be finalised, 20 years of European jurisprudence is a strong indication of the direction of travel where the supervisory authorities are going to clamp down hard on those organisations and their outsourcing providers that violate the new minimum standards for data protection.

And if you’re in any doubt how hard this will impact the telecoms sector, then you should look no further than what’s just happened to AT&T earlier this week in the US to get a taste of what we can expect to see here in the EU in the wake of the GDPR.

The US Federal Communications Commission (FCC) reached a settlement with the telecoms giant AT&T to pay close to $25m for a series of consumer data privacy violations following an investi...

Read More

Thought leadership in digital marketing

telepaint

We have two feature articles written by Ardi Kolah:

Data protection rules overhaul – Top Tips for compliance

Extract: Data protection and the security of data is perhaps the biggest issue facing the advertising and marketing sector from a business continuity perspective as to get this badly wrong opens the door to punitive fines of up to five per cent of global turnover or €100m. Ardi Kolah shares his top ten tips for marketers.

Urgent Action is Required as Data Breaches hit Record Highs

Extract: According to global digital security firm Gemalto, 1,541 data breaches in 2014 led to one billion data records being compromised, representing a four per cent increase in data breaches and a 78 per cent increase in data records that were either stolen or lost compared to 2013...

Read More

New FCA rules result in loan sharks losing their teeth to bite borrowers

loan sharksFrom Friday 2 January 2015, payday lenders are now required to be fairer and in many cases cheaper and have had lost the ability to inflict misery on their customers that struggle to pay.

As a result of the new rules introduced by the Financial Conduct Authority (FCA) that regulates the market, it’s estimated that more than 100 payday loan firms have been driven out of business – 30 have closed down and a further 70 have simply stopped offering these products, while 450 high-street payday loan shops have also closed according to media reports.

“The crackdown on the payday lending market comes not a moment too soon. Lenders must now start competing on price and treating their customers fairly,” says consumer-rights boss Richard Lloyd at Which?

New Rules

  • Lenders can’t charge more th...
Read More