Category European Commission

US companies are behind the curve on understanding how GDPR impacts their businesses

There’s an eerie lack of awareness about the impact of the GDPR on US businesses that target consumers in the European Union. According to recent research by the IAPP, complexity of laws, inadequate budget and too little time combined with the lack of qualified and trained staff have conspired to perpetuate this lack of readiness by US companies.

Here in Europe, many companies and organisations have been bracing themselves for the biggest shake-up in data protection, privacy and security for over two decades that’s fully effective from 25 May 2018 – in 13 days’ time.

I’ve been in conversations with senior US-executives who’ve boldly told me that the “GDPR doesn’t apply to them” and in any event they can rely on ‘legitimate interest’ to continue to market goods and services and monitor t...

Read More

GDPR by Royal Appointment

Read More

The joys of data hygiene

Unfortunately, the article in the current edition of my favourite business newspaper The Economist in explaining the GDPR was riddled with errors. Tut tut!

Here’s an example: “Data Subjects can demand a copy of the data held on them (data portability) …” which as we all know is a subject access request (SAR) and isn’t an absolute right under the GDPR.

Another error in the article on GDPR is the bold assertion: “The GDPR is prescriptive about what organisations have to do to comply.”

Er, no it isn’t. Few bits go into detail, like the requirements for a data protection impact assessment (Art.35, GDPR) or a subject access request (Art. 15, GDPR).

The GDPR is a deliberate move away from a ‘tick-box’ approach of the Data Protection Directive 95/46/EC that it replaces and moves to a risk-ba...

Read More

Lack of transparency with Facebook and other social media sites will be forced to come to an end as a result of GDPR

The Economist reports today (7 April 2018) that there’s been a bit of wake up call for Facebook and all other social media giants as a result of the furore over the mis-use of personal data. Mark Zuckerberg is openly admitting that Facebook data of up to 87 million people – 37 million more than previously reported – may have been improperly shared with Cambridge Analytica.

As a result of a data breach on a scale not seen since Yahoo!, Americans are looking enviously at Europe where data protection, privacy and security laws protecting the individual are now the global ‘gold standard’ as a result of the GDPR that’s fully enforceable from 25 May – just 34 working days from today.

Rights over personal data are enshrined in the EU’s Charter of Fundamental Rights and EU citizens now have...

Read More

Follow the leader. Why the US needs to learn the lessons of data protection from Europe

Read More

Not a good start to the New Year for Apple

Apple has just issued a second customer warning for owners of its iPhones, iPads and MAC products that they are affected by a processor flaw that could leave them vulnerable to hackers.

The US tech giant urged its millions of customers to only download software from trusted sources after the security vulnerabilities, known as Meltdown and Spectre, were revealed on Wednesday.

According to the Press Association (PA News), there’s no evidence that the security flaws that affect computer processors built by Intel and ARM – have so far been exploited by hackers, although companies including Microsoft have been working to provide urgent fixes.

Apple says it had released software updates for iOS, the software on its phones and tablets, macOS, which is used by its computers and tvOS for its tele...

Read More

Legality of Standard Contractual Clauses (SCC’s) hangs in the balance awaiting decision by CJEU

Ireland’s High Court has just ruled today (Tuesday 3 October 2017) that the decision to ban the use of Standard Contractual Clauses (SCC) by social media giants like Facebook, Microsoft and Google to transfer users’ personal data to the US must be initially decided by the Court of Justice of the European Union (CJEU).

Giving her judgment in open court, Irish High Court Judge Caroline Costello said: “I have decided to ask the Court of Justice for a preliminary ruling. European Union law guarantees a high level of protection to EU citizens…they are entitled to an equivalent high level of protection when their data is transferred outside of the European Economic Area.”

This of course looks like a spooky re-run of the Safe Harbor legal action brought by Max Schrems that resulted in the...

Read More

Interview with Liberum Investment Bank on the consequences of the GDPR for institutional investors

This is a short 5 minute filmed interview produced by Liberum Investment Bank for its clients in London and New York on the Directive 2016/679 (General Data Protection Regulation). Recorded in London in July 2017.

Copyright Liberum Investment Bank 2017.

 

Read More

FT Cyber Security Summit Europe – Wed 21 Sept 2016 (London)

Debate: “The European Union’s new data protection rules will impose unnecessary burdens on businesses – Yes or No?”

Business leaders are worried that the European Union’s General Data Protection Regulation (GDPR), scheduled to come into effect in early 2018, will seriously harm their commercial interests. It will force them to improve the privacy rights of EU citizens and report data breaches within three days, rules that will be difficult and costly to comply with. Penalties for non-compliance could be as high as 4% of global turnover. However, British businesses could be spared the hassle if Brexit means the UK does not implement the Regulation.

ft-cyber-security-conference-2016In what promises to be a contentious debate, two teams of experts will go head-to-head to argue For (“Yes”) or Against (“No”) the Mot...
Read More

European Parliament adopt GDPR in the last hour

IJuncke gets it sortedn the last 15 minutes, the European Parliament adopted the EU General Data Protection Regulation (GDPR).

In a news statement issued by the European Parliament at 1.12pm (European Time):

New EU data protection rules which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era was given their final approval by MEPs on Thursday. The reform also sets minimum standards on use of data for policing and judicial purposes.

Parliament’s vote ends more than four years of work on a complete overhaul of EU data protection rules.

The reform will replace the current data protection directive, dating back to 1995 when the internet was still in its infancy, with a general regulation designed to give citizens more...

Read More