General Data Protection Regulation (GDPR)

Spotlight on adequate/reasonable protections to personal information – Part 1 – France.

CNIL fined a real estate company 400,000 EUR for failure to implement adequate protections to personal data in violation of GDPR.

In this case, the URLs on the company’s website were the problem. By changing a character, you could gain access to documents

Risk & Insurance quoted Fox Partner Odia Kagan in an article on on preparing for year two of GDPR.

“GDPR compliance isn’t something that is a snapshot in time, it’s an ongoing process, a ‘chronic condition’ for the skeptics or a ‘healthy routine’ for the advocates… Companies need to complete setting up their key compliance

Standard Contractual Clauses: we’ll see you in (European) Court (of Justice).

“The European Court of Justice (ECJ) will hear a landmark privacy case regarding the transfer of EU citizens’ data to the United States in July, after Facebook’s bid to stop its referral was blocked by Ireland’s Supreme Court on Friday.”

“The Irish High Court,

The Regulation on the free flow of non-personal data went into effect on May 28, 2019.

In a new guidance, the European Commission clarifies how to deal with mixed data sets containing both personal data and non-personal data.

Key takeaways:

  • Non-personal data is (1) data which originally did not relate to an identified or identifiable

GDPR Enforcement is coming says French data protection authority, CNIL.

“According to the head of France’s data protection authority, the period of relative tolerance following the introduction of the General Data Protection Regulation (GDPR) is now over.”

“Going forward, any company that has yet to comply with the rules should expect tough scrutiny and, failing

“European Union privacy regulators are ramping up enforcement of the General Data Protection Regulation as the bloc’s comprehensive privacy regime heads into its second year,” write Bloomberg’s Sara Merken and Daniel R. Stoller Esq.

Businesses “can expect in 2019 is the transition from the warning authority that explains things and conducts campaigns, to also the

“The ad tech sector was and will continue to be a focus for the Irish Data Protection Commissioner due to concerns regarding profiling, particularly using sensitive data, the use of location data, and lack of lawful bases for or individual awareness of processing.”

Additional key takeaways from the IAPP white paper on the first year