General Data Protection Regulation (GDPR)

The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR.

Key takeaways:

  • Data minimization:
    • Collect only the information you need. If you only need name, identification code, bank account number, currency, balance, purpose of

“C’est tres complique aujourd’hui de se declarer 100% conforme”

“In reality, it’s very complicated to declare in total and perfect conformity [with GDPR], be it today, in five or ten years, because it’s a continuous process. A company never really achieves 100% compliance, it works on it every day. It seeks to have compliance champions,

How has GDPR enforcement played out in the past year?

The Dutch Data Protection Authority (Autoriteitpersoonsgegevens, or AP) recently published a report on its 2018 activities.

The report highlights the growth of GDPR enforcement actions:

  • 27,000 people contacted the AP by telephone about the Privacy Act (2017: 9,500).
  • AP received more than 11,000 complaints.
  • AP

The UK Information Commissioner’s Office (ICO) has issued several new guidance documents on Data Controllers, Data Processors and the interaction among them.

Key points of the Contracts guidance include:

  • Whenever a controller uses a processor, there must be a written contract (or other legal act) in place.
  • If a processor uses another organization (ie. a

For your GDPR compliance: Have a plan. Try your best. Embrace privacy.

UK Information Commissioner Elizabeth Denham spoke recently in New Zealand about data breaches and the state of the EU General Data Protection Regulation (GDPR) after six months.

Key takeaways included:

  • “EU data protection regulators [are] going to prioritize …enforcement activity towards those bad

If at first they don’t consent, try, try again?

A new form of privacy fraud further complicates the relationship between the Ad Tech industry and GDPR.

As Ad Tech vendors struggle to comply with the strict requirements of the EU General Data Protection Regulation (GDPR), especially around the acquisition of freely given, specific, informed and

The European Parliament Committee on Civil Liberties, Justice and Home Affairs has weighed in on blockchain with the following key points:

  • If you want to use a blockchain structure to handle personal data you need to specifically design the blockchain platform to support data sovereignty.
  • Personal data in the blockchain is generally not anonymous and

Keep your passwords close…and complex, and encrypted and unique, and ever-changing.

In the wake of recent data breaches involving passwords, the French data protection authority, the CNIL, has published guidelines for adequate passwords.

Some highlights include:

  • If you use a password as your sole method of authentication, it needs to be at least 12 characters

Don’t store users’ passwords in cleartext. Really.

It’s not a good idea. Also, it may be deemed a ‘knowing violation’ of the EU General Data Protection Regulation (GDPR) requirement to adequately protect personal data.

That is one key takeaway from the GDPR enforcement action by the State Commissioner for Data Protection and Freedom of Information

Does the EU General Data Protection Regulation (GDPR) apply to me?

The European Data Protection Board (EDPB) published for public comment its much awaited guidelines on the extraterritorial effect of GDPR.

Some highlights include:

  • In some circumstances, the presence of one employee or agent of the non-EU entity may be sufficient to constitute a stable