Webinar: Appointing a data protection officer DPO under the GDPR

The General Data Protection Regulation (GDPR) imposes a significant number of obligations and responsibilities on controllers and processors.  The GDPR significantly reshapes the data protection landscape for organisations worldwide that collect and process the data of EU residents. The Regulation also imposes fines of up to 4% of annual global turnover or €20 million (whichever is greater), … [Read more...]

German court rules Facebook’s data use is illegal

Facebook’s default privacy settings and use of personal data are against German consumer law, according to a Berlin regional court. The court ruled that Facebook collects and uses personal data without providing enough information to its members for them to give meaningful consent. “Facebook hides default settings that are not privacy-friendly in its privacy centre and does not provide sufficient … [Read more...]

Does your CRM meet the GDPR’s compliance requirements?

Organisations that have a customer relationship management (CRM) system in place will be well-versed in handling large volumes of personal data, and – in theory – prepared for the EU General Data Protection Regulation (GDPR). They will be used to keeping names, email addresses and dates of birth secure, and updating information when it’s out of date, which are central to GDPR compliance. However, … [Read more...]

How the PCI DSS can help you meet the requirements of the GDPR

With just 3 months until the General Data Protection Regulation (GDPR) is enforced, organisations across Europe must consider how the far-reaching changes introduced by the Regulation will affect how they handle and protect personal data. While some will be worried about how to comply with the new law, those that are already compliant with the Payment Card Industry Data Security Standard (PCI DSS) … [Read more...]

The GDPR: Understanding the right to erasure

Article 17 of the EU General Data Protection Regulation (GDPR), the “right to erasure” (also known as the ‘right to be forgotten’), allows individuals to request the removal of personal data that an organisation holds on them. Individuals can exercise this right when:  The controller no longer needs the data for the purpose that it was originally collected;  The individual withdraws consent;  The … [Read more...]

How to transfer data to a ‘third country’ under the GDPR

The European Commission released a notice to stakeholders last week called “Withdrawal of the United Kingdom from the Union and EU rules in the field of data protection”. The notice states that as because the UK has triggered Article 50 and will no longer be part of the EU on 30 March 2019, it will become a ‘third country’. Unless a withdrawal agreement can be established before the withdrawal … [Read more...]

Johnson & Johnson data breach affects hundreds of Irish customers

Hundreds of Irish customers’ home addresses and emails – which may be linked to other online accounts – were leaked online by cosmetics and pharmaceutical giant Johnson & Johnson. To take advantage of a promotion for Aveeno moisturiser, Johnson & Johnson asked customers to fill in an online form. The form was checked against a text file of individuals who had already signed up, in order to … [Read more...]

3 things software engineers need to know about the GDPR

Software engineers, like many other professionals, will face major changes to the way they work when the EU General Data Protection Regulation (GDPR) takes effect from 25 May 2018.  The Regulation strengthens data subjects’ rights related to their personal data, and requires all organisations that handle EU residents’ personal information to follow a long list of requirements. Software engineers … [Read more...]

How can you validate a vendor that claims to be ISO 27001 certified?

As the number of cyber attacks continues to grow, many companies are adding ISO 27001 certification as a requirement on their supplier set-up forms. This is a good idea, especially as the forthcoming General Data Protection Regulation (GDPR) focuses on vendor management. If a vendor has an ISO 27001-compliant information security management system (ISMS) in place, this provides concrete evidence … [Read more...]

How ISO 27001 can help with your GDPR project

Coming into effect on 25 May 2018, the EU General Data Protection Regulation (GDPR) will supersede all EU member states’ current national data protection laws, bringing a standardised approach to data protection throughout the EU. The Regulation also brings with it a new suite of enforcement powers for supervisory authorities throughout Europe to penalise companies that are found to be … [Read more...]