If you are a GDPR-compliant company, does that mean you can start doing business in the United States with no additional thoughts about privacy?
As Simon Cowell says: “It’s a
Continue Reading What Does the EU-US “Draftequacy” Decision Mean for Companies Right Now?
Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian
Continue Reading Caveat Employer? In the EU and California, Employers Must Beware!
Spanish Agencia Española de Protección de Datos – AEPD has issued a press release on the data protection implications of’IoB’ (internet of body) devices. These are devices connected to the
Continue Reading Spain Issues Advisory on Privacy for ‘Internet of Body’ Connected Technology
In a landmark decision in what is popularly known as the “Schrems II” case, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield, the framework that
Continue Reading Ten Steps Companies Can Take Now to Handle US-EU Data Transfers
Data protection by design and by default (DPbDD): The complexity of this GDPR obligation is apparent even from acronym itself.
It was my pleasure to try to simplify this concept
Continue Reading EDPB’s Draft Guidelines on Privacy by Design and by Default
European Union Data Protection Authorities discussed enforcement priorities at the International Association of Privacy Professionals (IAPP) Data Protection Intensive.
Continue Reading EU Data Protection Authorities Discuss Enforcement Priorities
Wherefore art thou GDPR?
Some EU supervisory authorities are voicing dissatisfaction with enforcement of GDPR to date.
“After nearly one and a half years we must concede that we have
Continue Reading Politico: Some EU Data Protection Leaders Voicing Concerns About GDPR Enforcement
The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of
Continue Reading Lithuanian Data Protection Inspectorate Levies Fine for GDPR Data Management Violations
If you de-identify end user data, this may be a use compatible with the original purpose for which the data was provided and not require seeking consent from the individual.
Continue Reading Is Consent Required To De-Identify Users’ Data? The Case for No
The EU General Data Protection Regulation (GDPR) did NOT make all processing of personal data unlawful, though it seems than many think this, says Michael Kaiser, data protection officer at
Continue Reading GDPR: European Data Protection Authorities Inundated With Complaints and Breach Notifications