GDPR: An impact around the world

A little more than one month after the European Union enacted the General Data Protection Regulation (GDPR) to extend new data privacy rights to its people, the governor of California signed a separate, sweeping data protection law that borrowed several ideas from GDPR, sparking a torch in a legislative data privacy trend that has now spanned at least 10 countries. In Chile, lawmakers are … [Read more...]

How to respond to DSARs (data subject access requests) during the COVID-19 pandemic

As organisations adjust to the chaos that the 2019 novel coronavirus (COVID-19) has brought, they are bound to be limited in the business processes they can perform. Among the problems they face is the ability to comply with the GDPR (General Data Protection Regulation) – and in particular to respond to DSARs (data subject access requests). With many employees working from home – and the … [Read more...]

What does the GDPR mean for B2B marketing?

Two years after the GDPR (General Data Protection Regulation) took effect, a lot of organisations remain unsure of how to approach compliance. This is especially apparent in B2B marketing, which deals with both business information and personal information. Employees often don’t know which details are subject to the GDPR’s rules and how extensive their data protection practices should be. Let’s … [Read more...]

GDPR: third-party data processors’ responsibilities

Under the GDPR (General Data Protection Regulation), your organisation’s compliance requirements depend on whether you are a data controller or data processor.  A data controller is the person or organisation that determines how and why personal data is processed.  A data processor is the person or organisation that processes personal data on behalf of a data controller.  Many … [Read more...]

Polish school fined for processing children’s biometric data

A primary school in Gdańsk, Poland, has been fined PLN 20,000 (about €4,600) for collecting biometric data from its students without a legal basis. The GDPR (General Data Protection Regulation) defines biometric data as “personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the … [Read more...]

A week in security (March 2 – 8)

Last week on Malwarebytes Labs, we fired up part 1 of our series on child identity theft, asked how well law enforcement can deal with cybercriminals, and took a trip down the memory lane of moral panic. We also looked at the positives and negatives of VPNs and examined our own progress in the fight against stalkerware, spyware, and monitoring apps. Other cybersecurity news Trouble strikes for … [Read more...]

Highlights from the Data Protection Commission’s 2020 GDPR report

On 20 February 2020, Ireland’s DPC (Data Protection Commission) published its second Annual Report under the GDPR (General Data Protection Regulation), and the first covering a full calendar year of the Regulation.  Detailing the DPC’s work in 2019, the report revealed that last year:  7,215 complaints were received – a 75% increase on 2018 (4,113 complaints) and a staggering 173% increase … [Read more...]

The GDPR: Legitimate interest – what is it and when does it apply?

The GDPR (General Data Protection Regulation) outlines six conditions under which organisations can process personal data. Contractual requirements, legal obligations, vital interests and tasks carried out in the public interest are all relatively self-explanatory, leaving consent and legitimate interest that need to be unpacked in more detail. We’ve covered consent before, so our focus here will … [Read more...]

How much does GDPR compliance cost in 2020?

We’ve come a long way since the panic and scepticism that accompanied the introduction of the GDPR (General Data Protection Regulation). Several high-profile fines and the continued warnings from regulators have led to a sharp uptick in the number of organisations addressing their compliance requirements. But that doesn’t mean their job is done as far as the GDPR goes; organisations must continue … [Read more...]

The GDPR: How to perform due diligence of Cloud service providers

One overlooked aspect of the GDPR (General Data Protection Regulation) is that it’s now much harder for organisations to pass the blame when a third party suffers a data breach. Data controllers – the organisations that dictate what information is processed – must give instructions for how data processors – the service providers – handle personal information. Unless the third party has explicitly … [Read more...]