Join James Tumbridge, a lawyer with the specialist law firm Venner Shipley and one of the authors of the UK Data Protection Act 2018, and Ivan Tsarynny, CEO & Founder of Feroot Privacy, to discuss the unique data protection laws of EU jurisdictions and the potential impact regulations can have on your business operations, expansion plans and governance structure.
Topics for discussion include:
- Lessons learned from the courts, regulator inquiries and fines over the past year
- How to stay informed of current privacy regulations by learning about those who have been impacted already
- Significant trends in GDPR behaviours
- An overview of jurisdictional regulations & how to best prepare
- Key issues to keep in mind for governance, corporate structures and domiciles in data protection terms
The document summarizes data from a DLA Piper survey on GDPR data breaches from May 2018 to January 2020 across Europe. Some key findings:
- Over 160,000 data breaches were notified in the period surveyed. On average, 278 breaches were notified per day in the past year, a 12.6% increase.
- The Netherlands, Germany, and UK had the most notified breaches, while Latvia, Cyprus, and Liechtenstein had the fewest. When adjusted for population, the Netherlands, Ireland, and Denmark still had the most breaches per capita.
- Total reported GDPR fines in the period were just over €114 million, with France, Germany, and Austria imposing
This presentation explores the risk facing all charities and businesses if adequate thought is not given to the protection and security of one of its most treasured assets, its website.
This document provides an overview of the General Data Protection Regulation (GDPR). It defines key terms such as personal data, data controllers, data processors, and data subject requests. It outlines the six principles of GDPR regarding transparent, specific, limited, accurate, time limited and secure processing of personal data. It discusses how GDPR applies to organizations in Europe and the UK, potential fines for non-compliance, and rights of data subjects. It also provides guidance to ASL staff on handling data subject requests and directing customers to information on ASL's GDPR compliance.
This document summarizes key findings from DLA Piper's third annual survey of GDPR fines and data breaches from January 2020 to January 2021. It finds that regulators issued €158.5 million in fines over the past year, a 39% increase over the previous 20 months. However, some fines have been reduced or overturned on appeal. France's data protection authority issued the highest individual fine of €50 million to Google. Open legal questions remain around how fines should be calculated and capped.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
The document summarizes data from a DLA Piper survey on GDPR data breaches from May 2018 to January 2020 across Europe. Some key findings:
- Over 160,000 data breaches were notified in the period surveyed. On average, 278 breaches were notified per day in the past year, a 12.6% increase.
- The Netherlands, Germany, and UK had the most notified breaches, while Latvia, Cyprus, and Liechtenstein had the fewest. When adjusted for population, the Netherlands, Ireland, and Denmark still had the most breaches per capita.
- Total reported GDPR fines in the period were just over €114 million, with France, Germany, and Austria imposing
This presentation explores the risk facing all charities and businesses if adequate thought is not given to the protection and security of one of its most treasured assets, its website.
This document provides an overview of the General Data Protection Regulation (GDPR). It defines key terms such as personal data, data controllers, data processors, and data subject requests. It outlines the six principles of GDPR regarding transparent, specific, limited, accurate, time limited and secure processing of personal data. It discusses how GDPR applies to organizations in Europe and the UK, potential fines for non-compliance, and rights of data subjects. It also provides guidance to ASL staff on handling data subject requests and directing customers to information on ASL's GDPR compliance.
This document summarizes key findings from DLA Piper's third annual survey of GDPR fines and data breaches from January 2020 to January 2021. It finds that regulators issued €158.5 million in fines over the past year, a 39% increase over the previous 20 months. However, some fines have been reduced or overturned on appeal. France's data protection authority issued the highest individual fine of €50 million to Google. Open legal questions remain around how fines should be calculated and capped.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
Research Data Codes of Conduct - Status and RoadmapEUDAT
This document discusses research data codes of conduct under the EU's General Data Protection Regulation (GDPR). It provides an overview of GDPR requirements for codes of conduct, explains why they are needed to help harmonize practices across countries, and outlines the approval process for EU-wide codes. It also describes the Code of Conduct for Health Research project currently in development, which aims to clarify GDPR rules for health research and help demonstrate compliance.
ESET Quick Guide to the EU General Data Protection RegulationESET
The General Data Protection Regulation (GDPR) is an EU-wide reform of data protection laws and policies that will take effect in 2018. It aims to strengthen and unify data protection for individuals within the EU. Key changes include requirements for companies to notify customers of data breaches, higher fines for noncompliance, and "data protection by design" where privacy is built into products from the start. The GDPR requires organizations to implement encryption and other security measures to protect personal data and ensure its confidentiality.
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
This document provides an overview of key aspects of the General Data Protection Regulation (GDPR) that will take effect in May 2018. It highlights major changes such as significantly increased fines for non-compliance, new individual rights around consent and access to personal data, mandatory privacy impact assessments, and data breach reporting requirements. Managers are provided checklists and guidance to help prepare for and comply with GDPR. Employees are encouraged to ask any questions on the questions sheet which will be answered and posted online.
No Man is an Island: The Battle for Data PrivacyKate Chan
The document discusses upcoming changes to data protection legislation in Europe and the implications for companies. The EU General Data Protection Regulation (GDPR) will replace the 1995 Data Protection Directive in May 2018, imposing stricter rules around data collection, use, and transfers. It also discusses the replacement of the invalidated US-EU Safe Harbor agreement with the new EU-US Privacy Shield framework and the uncertainty caused by Brexit. The implications are that companies will need to devote more resources to data compliance and mobile ediscovery solutions may help address issues around cross-border data transfers and GDPR requirements.
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
The document discusses the new EU General Data Protection Regulation (GDPR) which significantly strengthens data protection laws for individuals and businesses. It will apply to any company that handles European citizens' data. Key implications of the GDPR include stricter rules around data breaches, privacy policies, consent procedures, and significantly increased fines for non-compliance. Businesses need to take action to be prepared and comply with the new regulations which take effect in 2018. Cloud security and access will be increasingly important areas to address under the GDPR's requirements.
GDPR and Data Privacy in the EU - A Rhetorik Guide for B2B Technology MarketersKevinSavage1
A B2B technology marketer's introduction to GDPR and data privacy legislation across the EU, exploring what you need to know to know to run email marketing campaigns successfully and compliantly .
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
The GDPR Compliance Primer has been prepared by the members of the IAB Europe GDPR Implementation Wroking Group, under the leadership of Improve Digital.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
This document discusses the current and upcoming data privacy regulations in the EU and how they will impact data driven marketing. It notes that the current EU privacy directives are over 20 years old and no longer fit with modern technology and data practices. The EU is working on a new regulation to replace the directives and create a uniform set of privacy rules across all member states, but the process has been ongoing since 2012 and is still in progress. The new regulation is expected to further restrict data collection and use, require more explicit consumer consent, and impose higher penalties for noncompliance. It advises marketers to begin preparing for these changes to policies, processes, and systems.
The document discusses the EU General Data Protection Regulation (GDPR), which took effect in May 2018. It provides the following key points:
- The GDPR replaced the previous EU data protection directive and directly applies across all EU member states. It aims to give individuals more control over their personal data.
- Key aspects of the GDPR include expanded territorial reach, requirements for data protection officers, increased accountability and privacy by design principles, strengthened rights for data subjects, and larger maximum fines for noncompliance.
- Companies need to review their data processing activities, legal bases for processing, consent mechanisms, security, breach response plans, and privacy notices to ensure compliance with the extensive new obligations and standards introduced by the GD
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Dr. Donald Macfarlane
The document discusses how Britain's decision to exit the EU makes compliance with the General Data Protection Regulation (GDPR) even more important for businesses. The GDPR will apply from May 2018 and regulates how personal data of EU citizens is handled. It creates unified data protection across EU countries and non-compliance can result in large fines. The Brexit vote occurred after the GDPR was published, so businesses processing EU citizens' data will still need to comply with the GDPR whether they operate inside or outside the EU. The document provides examples of best practices for complying with GDPR rights like access, rectification, erasure, and outlines how understanding where data resides is crucial.
How will your business be affected and what you can do to stay ahead of the n...Carrenza
Topics covered include:
Key highlights of the new GDPR (General Data Protection Regulation)
Who is affected
‘Privacy Shield’ proposals versus US-EU Safe Harbour framework
Timeline for implementation and enforcement of GDPR
What should you be doing to prepare for the new legislation
Speaker line up
Martin Hoskins, Associate Director at Grant Thornton UK LLP
Matthew McGrory, Managing Director at Carrenza Ltd
A business that is not GDPR compliant by May 2018 may face a fine of 4% of its annual turnover
Reasons to attend
This session delivered in partnership with Grant Thornton will give you the knowledge on how to ensure compliance with GDPR and avoid penalties and highlight what companies can do now in light of the new legislation; what types of cascade effects there will be on operations and businesses; the impact of the privacy shield; and further discussion on what Brexit means for the GDPR.
The basic elements of GDPR put together in bullet points. This summary has many sources from many experts and official documents. Let DPIA and DPO not be an unknown for you.
The third output of the GDPR Implementation Group focuses on the topic of consent, and its implications as for online advertising companies when used as a legal basis for processing.
The document discusses the upcoming changes to data protection laws with the introduction of the General Data Protection Regulation (GDPR) in 2018. It summarizes some of the key changes including increased fines, strengthened consent requirements, data breach reporting obligations, additional data subject rights, and an increased focus on accountability, data protection by design, and data protection audits. It advises organizations to prepare for these changes by auditing their personal data handling practices, reviewing fundraising procedures and legal bases for processing, communicating policies to donors, and ensuring employees are trained on data protection.
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019Burton Lee
Talk by Mirena Taskova, Fieldfisher (San Francisco), at Stanford Engineering on January 14 2019, Session #2: 'Berlin : Mobile Banking Unicorns || EU GDPR Personal Data Privacy Update & Roadmap 2019'.
Website: http://www.StanfordEuropreneurs.org
YouTube Channel: https://www.youtube.com/user/StanfordEuropreneurs
Twitter: @Europreneurs
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
Research Data Codes of Conduct - Status and RoadmapEUDAT
This document discusses research data codes of conduct under the EU's General Data Protection Regulation (GDPR). It provides an overview of GDPR requirements for codes of conduct, explains why they are needed to help harmonize practices across countries, and outlines the approval process for EU-wide codes. It also describes the Code of Conduct for Health Research project currently in development, which aims to clarify GDPR rules for health research and help demonstrate compliance.
ESET Quick Guide to the EU General Data Protection RegulationESET
The General Data Protection Regulation (GDPR) is an EU-wide reform of data protection laws and policies that will take effect in 2018. It aims to strengthen and unify data protection for individuals within the EU. Key changes include requirements for companies to notify customers of data breaches, higher fines for noncompliance, and "data protection by design" where privacy is built into products from the start. The GDPR requires organizations to implement encryption and other security measures to protect personal data and ensure its confidentiality.
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
This document provides an overview of key aspects of the General Data Protection Regulation (GDPR) that will take effect in May 2018. It highlights major changes such as significantly increased fines for non-compliance, new individual rights around consent and access to personal data, mandatory privacy impact assessments, and data breach reporting requirements. Managers are provided checklists and guidance to help prepare for and comply with GDPR. Employees are encouraged to ask any questions on the questions sheet which will be answered and posted online.
No Man is an Island: The Battle for Data PrivacyKate Chan
The document discusses upcoming changes to data protection legislation in Europe and the implications for companies. The EU General Data Protection Regulation (GDPR) will replace the 1995 Data Protection Directive in May 2018, imposing stricter rules around data collection, use, and transfers. It also discusses the replacement of the invalidated US-EU Safe Harbor agreement with the new EU-US Privacy Shield framework and the uncertainty caused by Brexit. The implications are that companies will need to devote more resources to data compliance and mobile ediscovery solutions may help address issues around cross-border data transfers and GDPR requirements.
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
The document discusses the new EU General Data Protection Regulation (GDPR) which significantly strengthens data protection laws for individuals and businesses. It will apply to any company that handles European citizens' data. Key implications of the GDPR include stricter rules around data breaches, privacy policies, consent procedures, and significantly increased fines for non-compliance. Businesses need to take action to be prepared and comply with the new regulations which take effect in 2018. Cloud security and access will be increasingly important areas to address under the GDPR's requirements.
GDPR and Data Privacy in the EU - A Rhetorik Guide for B2B Technology MarketersKevinSavage1
A B2B technology marketer's introduction to GDPR and data privacy legislation across the EU, exploring what you need to know to know to run email marketing campaigns successfully and compliantly .
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
The GDPR Compliance Primer has been prepared by the members of the IAB Europe GDPR Implementation Wroking Group, under the leadership of Improve Digital.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
This document discusses the current and upcoming data privacy regulations in the EU and how they will impact data driven marketing. It notes that the current EU privacy directives are over 20 years old and no longer fit with modern technology and data practices. The EU is working on a new regulation to replace the directives and create a uniform set of privacy rules across all member states, but the process has been ongoing since 2012 and is still in progress. The new regulation is expected to further restrict data collection and use, require more explicit consumer consent, and impose higher penalties for noncompliance. It advises marketers to begin preparing for these changes to policies, processes, and systems.
The document discusses the EU General Data Protection Regulation (GDPR), which took effect in May 2018. It provides the following key points:
- The GDPR replaced the previous EU data protection directive and directly applies across all EU member states. It aims to give individuals more control over their personal data.
- Key aspects of the GDPR include expanded territorial reach, requirements for data protection officers, increased accountability and privacy by design principles, strengthened rights for data subjects, and larger maximum fines for noncompliance.
- Companies need to review their data processing activities, legal bases for processing, consent mechanisms, security, breach response plans, and privacy notices to ensure compliance with the extensive new obligations and standards introduced by the GD
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
With General Data Protection Regulation (GDPR) a legal requirement for all UK companies from May 2018, there have been numerous articles written either demonstrating the confusion surrounding the new regulations, or detailing the downsides of the legislation.
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Dr. Donald Macfarlane
The document discusses how Britain's decision to exit the EU makes compliance with the General Data Protection Regulation (GDPR) even more important for businesses. The GDPR will apply from May 2018 and regulates how personal data of EU citizens is handled. It creates unified data protection across EU countries and non-compliance can result in large fines. The Brexit vote occurred after the GDPR was published, so businesses processing EU citizens' data will still need to comply with the GDPR whether they operate inside or outside the EU. The document provides examples of best practices for complying with GDPR rights like access, rectification, erasure, and outlines how understanding where data resides is crucial.
How will your business be affected and what you can do to stay ahead of the n...Carrenza
Topics covered include:
Key highlights of the new GDPR (General Data Protection Regulation)
Who is affected
‘Privacy Shield’ proposals versus US-EU Safe Harbour framework
Timeline for implementation and enforcement of GDPR
What should you be doing to prepare for the new legislation
Speaker line up
Martin Hoskins, Associate Director at Grant Thornton UK LLP
Matthew McGrory, Managing Director at Carrenza Ltd
A business that is not GDPR compliant by May 2018 may face a fine of 4% of its annual turnover
Reasons to attend
This session delivered in partnership with Grant Thornton will give you the knowledge on how to ensure compliance with GDPR and avoid penalties and highlight what companies can do now in light of the new legislation; what types of cascade effects there will be on operations and businesses; the impact of the privacy shield; and further discussion on what Brexit means for the GDPR.
The basic elements of GDPR put together in bullet points. This summary has many sources from many experts and official documents. Let DPIA and DPO not be an unknown for you.
The third output of the GDPR Implementation Group focuses on the topic of consent, and its implications as for online advertising companies when used as a legal basis for processing.
The document discusses the upcoming changes to data protection laws with the introduction of the General Data Protection Regulation (GDPR) in 2018. It summarizes some of the key changes including increased fines, strengthened consent requirements, data breach reporting obligations, additional data subject rights, and an increased focus on accountability, data protection by design, and data protection audits. It advises organizations to prepare for these changes by auditing their personal data handling practices, reviewing fundraising procedures and legal bases for processing, communicating policies to donors, and ensuring employees are trained on data protection.
Mirena Taskova - EU GDPR Intro & Update - Stanford Engineering - 14 Jan 2019Burton Lee
Talk by Mirena Taskova, Fieldfisher (San Francisco), at Stanford Engineering on January 14 2019, Session #2: 'Berlin : Mobile Banking Unicorns || EU GDPR Personal Data Privacy Update & Roadmap 2019'.
Website: http://www.StanfordEuropreneurs.org
YouTube Channel: https://www.youtube.com/user/StanfordEuropreneurs
Twitter: @Europreneurs
On Wednesday 10th October, we hosted a panel discussion in Dublin Institute of Technology to look at GDPR’s impact so far, who is benefiting from it, how it is being implemented and why it should still be on marketers’ list of priorities. Here is the presentation from Robert Dunne, barrister specialising in data protection and employment law.
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
Before 25 May, 2020, the European Commission will present the first official evaluation of the GDPR, two years after the entry into application of the new regulation. The European Data Protection Board has given their view, as have the EU Member States. During this webinar, we will discuss the first lessons learned from the GDPR, including from the private sector.
In addition, as is custom during the quarterly updates, we will provide you with an overview of the new guidelines from the European Data Protection Board and enforcement action from the various supervisory authorities. In addition, we will take a look beyond the European Union’s borders at what is happening in the Middle East and Africa.
This webinar will review:
- The lessons learned in the first two years the GDPR has been in effect;
- The guidelines of the European Data Protection Board;
- The enforcement of the GDPR at national and European level;
- Data protection developments in Africa and the Middle East;
- How TrustArc can support you stay up-to-date on data protection and privacy compliance in the EMEA region.
The document discusses key priorities for boards to consider regarding implementation of the General Data Protection Regulation (GDPR). It provides an overview of the new requirements under GDPR, including expanded individual data rights for EU citizens, increased fines for noncompliance, and broader territorial scope. The document advises boards to ensure proper oversight of their organization's GDPR compliance programs, including regular reporting on status, audits, investigations and market developments. Directors could face liability for failing to oversee GDPR compliance risks.
Everything you need to know about the GDPRSpoon London
The frequency of data-related incidents could change with the impending General Data Protection Regulation (GDPR) – the EU’s law that comes into effect in May. The major update to the previous EU data protection law aims to regulate the use and treatment of an individual’s personal data.
A new regulation means organisations that use data will need to be more careful and explicit with gaining consent. After May, companies that maintain poor data protection practices will not only be breaking the law, but could face a hefty €20 million fine or four per cent of a company’s annual turnover.
Needless to say, the GDPR is a pretty big deal with even bigger consequences. Still, no need to panic. Here's everything you need to know about the GDPR.
Legal challenges of the current digital times by Catalin Suliman | SemDays 2015SEO monitor
The document discusses several legal challenges surrounding competition law and data protection in the digital world. It summarizes key cases involving Google, including finding that Google abused its dominant position in search results and acted as a controller of personal data subject to EU laws. It also discusses issues around big data, online sales, and protecting intellectual property rights on the internet.
CASE STUDY: New EU legislation: how to avoid data disasterB2B Marketing
This document summarizes new EU data protection laws that will take effect in February 2017 and provides recommendations for businesses to avoid penalties for non-compliance. The key changes include stricter consent requirements, increased fines up to 2% of global revenue, enhanced data subject rights, and additional obligations like data protection officers and breach notifications. The document advises businesses to assign responsibility, provide training, review policies and supplier agreements, ensure registrations are up to date, assess intra-group transfers, and plan for security breach responses.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
The document discusses the General Data Protection Regulation (GDPR) which regulates how companies handle personal data of EU citizens. It provides an overview of GDPR including key events leading to its adoption and how it strengthens data protection rights. It highlights some notable differences between GDPR and the previous UK Data Protection Act. The document also outlines an approach for companies to become GDPR compliant including conducting a data assessment, updating policies and processes, and appointing a data protection officer if needed. It notes both the penalties for non-compliance and opportunities that GDPR presents organizations.
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
Short description:
In this webinar, we will be exploring the current trends, predictions and other things of relevance to GDPR enforcement. Further, we will touch on the big fines such as Facebook, Google, Experian as well as guide you how to stay out of trouble with the regulation.
Main points covered:
• A summary of ICO enforcement action in the UK over the past 12 months
• What organizations got wrong?
• The big fines – Facebook and Experian
• Trends and predictions
• How to keep out of trouble with the regulator
Presenter:
Our presenter for this webinar, James Castro-Edwards is a partner and Head of Data Protection at Wedlake Bell LLP. James advises domestic and multinational organizations on data protection issues. His experience includes managing global data protection compliance projects for multinationals and advising domestic companies on complex data protection issues. He has also developed and delivered innovative data protection training programs for multinational clients, including a data protection officers’ training course which was accredited by a European government. James leads the firm’s outsourced data protection officer service, ProDPO.
James frequently speaks on data protection and cybersecurity issues and is widely published, having written articles for a wide variety of titles including The Times and The Guardian, and wrote The Law Society textbook on the General Data Protection Regulation (GDPR).
Recorded Webinar: https://youtu.be/QAF1XXTBFyg
The report analyzes approximately 500 fines and penalties imposed by EU data protection authorities in 2022 under GDPR. Some key findings include:
- Total fines amounted to over €831 million, a 166x increase from 2018. Meta (Facebook) accounted for 82.6% of total fines.
- Top violated articles were Article 5 (data minimization), Article 6 (lawful basis for processing), Article 12 (transparent communication), Article 13 (information to be provided), and Article 32 (security of processing).
- Media, telecom, and broadcasting industry received 86% of total fines, while finance, insurance, and consulting saw most Article 5 violations.
Increasing regulatory complexity for technology companiesNichole Jordan
A brief overview of the ever-evolving regulatory landscape in the tech industry—including: recent tech transformation, U.S. and international regulations, tech compliance, shaping public policy for the technology industry. If you find this presentation useful, connect with me on LinkedIn: http://bit.ly/NJGTLI
Ipswitch and cordery on the road " All you need to know about GDPR but are t...Sébastien Roques
In October we organised an event in Amsterdam with our partner Scos and Jonathan Armstrong where we covered the changes on GDPR and challenges ahead for businesses.
Presentation of reseach of GDPR enforcement practice, based on information of 86 cases, vailaible publicly. The event, where the research was presented, has taken place in Kyiv, Ukraine on October, 10, 2019.
Forensic Science Informatics Computers & The Law PowerpointSteve Bishop
The document summarizes the key points of the UK Data Protection Act, which protects personal data stored on computers or in organized filing systems. It establishes eight principles for handling data, such as ensuring data is kept accurate and secure. Non-compliance can result in penalties like fines between £50-150 per offense. One case in Spain resulted in a record €1.08 million fine for failing to protect personal data in a TV show. The Act is also proposed to be updated with changes like allowing 2-year imprisonment for violations. However, critics argue the Act is outdated and penalties may not deter large companies due to negligible impact on their revenues.
The document summarizes key points from a legal update seminar on the proposed EU Data Protection Regulation. It discusses proposed changes such as expanded definitions of personal data, the need for explicit consent, the right to be forgotten, data breach notification requirements, and enhanced sanctions for noncompliance. The proposed regulation would significantly impact how companies process and protect personal data.
This document summarizes a legal update meeting on the EU Data Protection Regulation. The meeting agenda included presentations on the future of the EU Data Protection Regulation and how it will impact direct marketing practices. Key points from the presentations include:
- The current EU Data Protection Directive is outdated and a new Regulation is being negotiated that would impose stricter consent requirements, rights for individuals, and sanctions for non-compliance.
- Explicit consent may be required for all data processing and marketing under the new Regulation.
- Individuals may have new rights like "the right to be forgotten" and easier access to their personal data.
- Businesses need to prepare for potential fines of up to 2% of global annual turnover for violations
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...Nick Stringer
The EU General Data Protection Regulation (GDPR) aims to update existing EU data protection laws to reflect today's digital world, give citizens greater control over personal data, and streamline rules across EU markets. Key aspects of the GDPR include a broader definition of personal data, new obligations for transparency and accountability, tougher user consent requirements, and fines of up to 20 million euros or 4% of annual global turnover for non-compliance. The GDPR will apply directly in all EU markets from May 2018 and have global significance by applying to individuals located in the EU regardless of where data is processed.
This document summarizes a conference on emerging technology law held in Barcelona, Spain on September 28, 2012. It included presentations on data protection, cloud computing, social media, and cookies under Spanish law, as well as proposed EU regulations. Speakers discussed strengthening individual rights and business processes, extending liability, and imposing stiffer sanctions under the new regulations. Presenters also addressed recent developments in US data protection law, including government initiatives and enforcement actions by the Federal Trade Commission.
Similar to EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations and Penalties? (20)
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations and Penalties?
1. GDPR One Year Later: What can we learn
from the investigations & penalties?
| FEROOT EXPERT WEBINAR SERIES Tuesday, May 14, 2019
James Tumbridge
Partner
Venner Shipley LLP
Ivan Tsarynny
Co-founder & CEO
Feroot Privacy
2. Optimize Your Webinar Experience
Raise Your Hand if you…
Can’t You Hear?
Having Trouble?
Chat your thoughts or
questions
Ask Questions
See Answers
4. Next Webinar: June 2019
Hidden Data Collection
Ungoverned third-parties
Data Leakage
@FerootPrivacy
linkedin.com/company/feroot/
5. Coming Soon! 2019 Data Collection Study
Hidden Data Collection
Ungoverned third-parties
Data Leakage
@FerootPrivacy
linkedin.com/company/feroot/
2019 Data Collection
Research Report
7. Agenda
1. The New Data Economy: What Privacy Regulation
Means for Business Operations & Growth
2. Significant Trends in GDPR Behaviours
3. *Lessons Learned from EU Regulators & Fines (and
how this impacts you!)
4. How Best to Prepare (legally & operationally)
5. Q&A (10 mins)
8. Turmoil in the Data Economy
Regions Organizations Regulations Details
Europe 94,000+ GDPR General Data Protection Regulation
UK 19,000+ DPA Data Protection Act
California 2,000+ (est.) CCPA California Consumer Privacy Act
Canada 10,000+ PIPEDA
Personal Information Protection and Electronic
Documents Act
USA 102,000+ TBD Rumored Federal Privacy Regulation in the U.S.
+ Brand Reputation Damage
+ Loss of Customer Trust
+ Fines and penalties
9. Organizations are using more SaaS products than ever before.
There are over 7,000 marketing SaaS tools in 2019, up from ~350 in 2012
Marketing SaaS products used by an average enterprise
121 2018 Netscope Cloud Report
17. Awareness of the new law
A) Annual worldwide mentions in the media B) Google searches for GDPR
Source: Factiva Source: Google Trends
• In 2018, the GDPR received more attention than certain celebrities
• And featured in Google searches more often than certain American superstars!
18. Most common types of complaints
under the GDPR
Telemarketing Promotional
emails
Videosurveillance
and CCTV
19. Complaints to Data Protection Authorities
under the GDPR
• Steady increase in complaints
• Complaints can come from
any individual
• GDPR introduced mandatory
data breach notification for all
data controllers
20. Number of data breach notifications
• Prior to GDPR there was no
single breach-notification
regulation for the European Union
• Data Protection Officer obliged to
report breach within 72 hours
• Sharp and steady increase
observed
Accumulated over time from all data
protection authorities in Europe
Source: European Data Protection Board
21. • Sharp increase in breach notifications to ICO:
• 8,000 between May -Dec 2018
– Compare with 3,311 and 2,565 notifications in the years ending 31st March
2017 and 2018, respectively
• UK is third behind the Netherlands and Germany in the data breach
reporting league table
• Despite this increase, so far there reports are limited on enforcement–
but it is growing
• However, as investigations take place, enforcement action likely to
increase
Breach notifications under the GDPR
22. Cross-border cases under GDPR
Investigations initiated by Data Protection
Authorities
Investigations by Data Protection Authorities
on the basis of individual complaints
• Many companies (e.g. social media
platforms) provide services in more
than one country
• GDPR provides that in most cases one
national authority takes the lead to
investigate (‘one-stop shop’)
• In the vent of disagreement the
European Data Protection Board will
arbitrate
23. Data Subject Access Requests (SARS)
• The introduction of the GDPR saw an immediate rise in SARS (possibly due
to abolition of fee under the GDPR)
• In particular as a first move in the context of a potential claim in
employment disputes
• Recent guidance from the court states SARS cannot be refused even when
only motivated by potential litigation
• Organisations should be ready to respond to SARS and fully understand
how the exemptions available may apply
25. Fines issued under the GDPR
• Fines up to 4% of worldwide
turnover
• Google fined 50 million euros
by French authority (largest
fine so far, and represents
90% of total fines issued to
date)Source: European Commission
55, 955 871 euros – the total value of penalties imposed in
the first 9 months*
*European Data Protection Board
26. Fines under the GDPR – a reminder
• Two tiers of penalties:
• Lower level:
– 10 million euros or 2 % of annual turnover (whichever is higher)
– (for infringements of Controllers and processors, Certification body and Monitoring body)
• Upper level:
– Up to 20 million euros or 4% of annual turnover (whichever is higher)
– For infringements of the basic principles of processing, the data subjects’ rights, non-
compliant transfers to third countries, and non-compliance with an order by a supervisory
authority)
• Remember, under the DPA 1998 the maximum fine was £500 K
27. How are fines assessed under GDPR?
• The UK ICO has said that fines under the GDPR are to be ‘effective,
proportionate and dissuasive’
• Each case assessed individually. Factors to be taken into account:
– Nature, gravity and duration of the breach
– Number of data subjects involved
– Categories of personal data affected (e.g. special category data0
– Damage caused and action taken to mitigate the damage
– Any relevant previous infringements
– Degree of cooperation with the regulator
28. The Google fine
• Google fined 50 million euros for lack of transparency, inadequate information and lack of
valid consent in relation to its use of personal data used for personalising ads
• French authority justified fine on basis that:
– Google would otherwise continue to infringe the essential principles of GDPR
(transparency and consent)
– Infringements were not a one-off and were ongoing
– The number of people affected
– Google’s economic model partly based on ad personalisation, therefore vital it
complies
29. Fines in the UK
• The ICO has issued numerous six-figure penalties, but none have exceeded
£500K – the maximum penalty under DPA 1998
• While no enforcement fines have yet been made under the DPA 2018, the
ICO has issued over 100 fines for non-payment of data protection fees.
Under the DPA 2018, all non-exempt organisations must pay an annual fee
to the ICO, and failing to do so may result in fines of up to £4,350
• Under the DPA 2018, fees for small organisations are only £35, while fees
for larger organisations have risen to £2,900
30. Fines in the UK
• Equifax: Fined the maximum £500,000 in September 2018 after 15 million
customers’ data was hacked in 2017.
• Had the breach happened and been enforced under the GDPR, the
maximum fine could have reached £100 million.
• Facebook: Fine the maximum £500,000 in October 2018 for sharing
personal data with other organisations, including the parent company of
Cambridge Analytica, between 2007 and 2014.
• Under the GDPR, the maximum possible fine would have been roughly
£1.25 billion.
31. Fines –Selling customer data
UK -
• Bounty: Fined £400,000 on April 11th 2019 for selling information to data
brokers and sharing the personal data of 14 million individuals without
proper consent.
Issued under DPA 1998, but if made under the GDPR, the maximum
fine could have reached £17 million.
• Hall and Hanley: Most recent ICO fine – Fined £120,000 on May 7th for
sending over 3 million unlawful spam text messages without valid consent,
as is required under the Privacy and Electronic Communications
Regulations (PECR)
32. Fines – failure to minimise
Denmark
• First GDPR penalty notice in Denmark 1.2 million kroner fine
recommended by Danish DPA (approx. 2.8% turnover).
• DPA found that Taxa did not adhere to the GDPR’s data minimisation
principle by over-retaining personal data long after the envisioned retention
period.
• Taxa had deleted customers’ names and addresses but had retained
customers’ telephone numbers for an additional three years
• Shows readiness of authorities to get closer to the 4% annual turnover cap,
and to question your retention and review systems.
33. Fines – did you inform/check consent?
Poland :
• Polish DPA issued € 220,000 fine to Swedish marketing firm Bisnode.
• DPA found Bisnode failed to comply with the GDPR’s transparency
obligations (Article 14).
• Bisnode obtained the personal data of almost 8 million people from public
registers but did not inform them how their data would be processed.
• In addition to the fine, Bisnode was ordered to contact over 6 million
people it has not previously notified (at an estimated € 8 million in postal
costs alone).
34. Fines – Video Surveillance
Austria:
• € 4,800 fine imposed by Austrian DPA on a retail establishment for illegal video
surveillance activities.
• The retailer was found to have monitored a public space without proper
transparency and notice.
• The fine is noteworthy as the Austrian Data Protection Act states that the
DPA will exercise only remedial powers (and, in particular, to issue
reprimands) for first-time infringers.
35. Fines on processors too
Italy
• Several websites affiliated to Italian political party ‘Movimento 5 Stelle’ were run
through the Rousseau web platform.
• The platform suffered a data breach in 2017 which led to the DPA requiring the
implementation of many security measures, in addition to the obligation to update
the privacy information notice.
• Rousseau did not fully comply - fined €50,000 - It is noteworthy that this fine was
issued against the data processor and not the data controller (Movimento 5 Stelle).
• Interestingly, the regulator initiated proceedings before May 2018, but issued a fine
under the GDPR since Rousseau had not adopted security measures required
though an order issued only after the 25th of May 2018 (Unique to Italy?)
36. Fines even when you are hacked
Germany
• Following a hacking attack large amounts of users’ personal information
were compromised, including over 800,000 email addresses.
• Knuddels.de informed the German regulatorand the users affected.
• The investigation found that passwords were stored in an unencrypted an
plain text form.
– Violation of Article 32(1)(a) – the pseudonymisation and encryption of data
• € 20,000 fine. It is understood that the immediate reporting of the breach
and notification of users resulted in a fine at the lower end of the
spectrum.
37. Fines medical data and staff miss use
Portugal:
• € 400,000 fine imposed by Portuguese DPA on Centro Hospitalar Barreiro Montijo
after staff members illicitly accessed patient data:
– Violation of Article 5(1)(c) – data minimisation principle
– Violation of Article 83(5)(a) – processing principles
– Violation of Article 5(1)(f) – effective organisational measures (‘integrity and confidentiality’)
• The striking fact about this fine is that the regulator acted upon a newspaper
article and not a complaint.
38. Fines – Lessons to Learn?
• Selling data – dangerous
• You need consent/clear informing of data subjects
• Retention decisions - Fines for not auditing and removing unnecessary
personal data, not using minimisation
• Biometric data – HMRC voice example – do you have adequate consent?
• Medical data – it is treated with more severity
• Good policies and prompt notice reduce fines
• Processors have risks too
• Get your security and anonymising in order
40. • Policies and procedures - Essential - comply with guidance on transparency and
consent from the European Data Protection Board
– Do you have a policy to handle Subject Access Requests (SARs)?
– Do you have annual training/records?
• Customer & supplier relationships - Review contracts with customers and suppliers
– Consider if data being transferred outside EU/EEA and make sure you comply
• Privacy Impact Assessments
– Is there a process in place to carry them out?
• Security breaches – be prepared – who is in charge what are your actions
How to prepare from legal point of view
42. 1. Get an up to date policy
2. Assess data flows
3. Do an impact assessment
4. Get training and audit records
5. Have a response plan to breaches
Check list
51. “What are the best companies doing that the merely
good ones are not?”
“Which is the best strategy for GDPR compliance for a
medium size organization?”
“What is the best method (or the #1 thing) I should do
to effectively reduce risk and fines?”
Best Practices?
Hi everyone, and welcome to Feroot’s Expert Webinar Series.
If you do have any questions, sound issues, or just want to say a friendly hello, we encourage you to use the bar along the bottom of your screen to chat with us.
Let’s test it out now, raise your hand if you can hear me okay?
Raise your hand if any of you attended the Smart Technology Summit we hosted with Ann others this September?
And stay tuned for our next webinar in January 2019 on Best Practices for Transparency Notices, Managing Consent, Data Mapping and more.
We are also releasing a study very soon on automated data collection, in particular 3rd party trackers, hidden data collection and side-loaded code that puts you at risk of privacy and security breaches.
Today we have James Tumbridge with us.
James is one of the authors of the UK Data Protection Act 2018 that implemented the GDPR in the UK. He is a lawyer with the specialist law firm Venner Shipley and regularly advises clients on a global basis on the structure and approach to data collection and holding, as well as international data transfers and compliance issues.
And my name is Ivan Tsarynny and I will be your moderator
Here is our agenda today.
We’ll be analyzing each fine and how this impacts business operations.
Make sure to stay till the end for Q&A because we’ve taken all your questions from registration and hope to address them in this final section. Feel free to ask questions throughout the webinar as well using your chat box.
Problem is much bigger than you thought.
130 tools used on avg by HR
And now…onto you James!
Look for 2018 stats
Practical ways to prepare? What does the marketing and sales team need to know?
If marketing department is buying a list for prospecting, what does it mean? How do they do it properly?
If your company uses a CRM and they bought another tool and has access to your customer records and CRM and needs to copy and transfer the data without your knowledge, how do you ensure you’re doing everything in the right way?
If you’re using analytics or ads on your site and they transfer the data outside of EU or even engage subprocessers you’re not aware of, that collect personal data on your behalf.
Feroot Global Privacy Database allows you to quickly and efficiently manage third-party vendors across applications, both dynamically and automatically. No more chasing down vendors for their latest privacy agreements. No more updating stale spreadsheets. Enter information once, connect to third-party party vendors, and everything from consent management to documentation flows appropriately and continually to the key stakeholders. Your organization will save time, resources, and money, and avoid the tedious task of updating data flow charts every time a new vendor is added to your tech stack.
Feroot Privacy platform helps implement PrivacyOps frameworks that will unify, automate and coordinate all aspects of GDPR Subject Access Request compliance obligations. Feroot effectively manages all stakeholder touch-points and supports an organization’s ability to process requests efficiently and to document responses for compliance and legal purposes.
Look for 2018 stats
Look for 2018 stats
Look for 2018 stats
Look for 2018 stats
Look for 2018 stats
Look for 2018 stats
Look for 2018 stats
Look for 2018 stats
And it looks like we have time or 1 or 2 quick questions from the audience.
1.
2.
OR
Okay, it looks like we’ve run out of time for more questions, but we will get back to you!
In the meantime, keep em coming. Email us questions@feroot.com
If there is something you really want to know, we have a community of experts we can tap into for the answers and we will get back to you.
Great, thank you everyone. We will follow up with a recording tomorrow as well as some links to resources.
Feroot Global Privacy Database allows you to quickly and efficiently manage third-party vendors across applications, both dynamically and automatically. No more chasing down vendors for their latest privacy agreements. No more updating stale spreadsheets. Enter information once, connect to third-party party vendors, and everything from consent management to documentation flows appropriately and continually to the key stakeholders. Your organization will save time, resources, and money, and avoid the tedious task of updating data flow charts every time a new vendor is added to your tech stack.
Feroot Privacy platform helps implement PrivacyOps frameworks that will unify, automate and coordinate all aspects of GDPR Subject Access Request compliance obligations. Feroot effectively manages all stakeholder touch-points and supports an organization’s ability to process requests efficiently and to document responses for compliance and legal purposes.
CLICK TO NEXT SLIDE