The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR.

Key takeaways:

  • Data minimization:
    • Collect only the information you need. If you only need name, identification code, bank account number, currency, balance, purpose of

The EU General Data Protection Regulation (GDPR) did NOT make all processing of personal data unlawful, though it seems than many think this, says Michael Kaiser, data protection officer at the Hesse Data Protection Authority in Germany.

Per Kaiser, said the DPA has been inundated with complaints and breach notifications — up 1,200 percent since

Enforcement is increasing under the EU US Privacy Shield Framework for cross border transfer of personal data. A report published by European regulator, the European Data Protection Board (EDPB), lists enforcement initiatives by the Department of Commerce (DoC) and the FTC.

  • On a quarterly basis the DoC conducts “false claims reviews” to identify organizations that

GDPR is here and is instrumental in bolstering individuals’ rights to their data.

The European Commission has issued a statement in honor of Data Protection Day which will be celebrated worldwide on January 28.

Some highlights:

  • Individuals’ data is one of the most valuable resources in modern economy.
  • One of the main aims of the

When responding to a data subject access request under the EU General Data Protection Regulation (GDPR) you must disclose all the relevant personal data you hold and provide all information required by Article 15 of GDPR – all in a clear, easy-to-understand way.  A new complaint by public interest organization NOYB against media streaming services

A 50 Million Euro GDPR fine recently issued by French data protection authority CNIL provides actionable lessons for companies handling personal information for advertising purposes. First and foremost, refrain from block consents; state your data handling practices clearly:

  • make sure information you provide users is easily accessible
  • tell people why you process their information, for

Does your company have the data processing agreements required by the EU General Data Protection Regulation (GDPR) when it engages third parties to assist with its data processing activities?

The Dutch data protection authority recently asked this question of 30 companies in the energy, media and trade sectors. The agency has also conducted similar exploratory

The UK Information Commissioner’s Office (ICO) has issued expanded guidance on “Personal Data” under the EU General Data Protection Regulation (GDPR).

Here are the highlights:

Pseudonymization does not change the status of the data as personal data. To truly anonymize under the GDPR, you must strip personal data such that the individual can no longer