dcsimg

A breakdown of the GDPR’s six data processing principles

The Regulation stipulates that infringements of “the basic principles for processing, including conditions for consent” are subject to the highest possible administrative fines – up to €20,000,000 or 4% of global annual turnover, whichever is greater. If any detail can get the attention of the people who need to understand this, it is likely that potential fines of that scale will do the job.  The … [Read more...]

Explained: data enrichment

How do your favorite brands know to use your first name in the subject line of their emails? Why do you seem to get discounts and special offers on products you’ve recently purchased? Businesses are able to personalize their marketing messages thanks to data enrichment. Data enrichment applies to the process of enhancing, refining, and improving on raw data. It is usually the last step … [Read more...]

GDPR compliance and managing personal data internationally

To enforce the Regulation outside the bounds of the EU, the GDPR has a number of elements designed to control how organisations within the EU are able to transfer personal data internationally.  The term “third countries” is not defined in the GDPR but comes from the EU’s primary treaties in order to refer to countries that are not party to those treaties. It is a common term in EU law and is … [Read more...]

Online privacy in 2019: a legislative review

For decades, the United States treated data privacy like an aging home, patching individual leaks and drafts only when a new storm hit. The country passed a law protecting healthcare-related information, and not much else. It then passed a law protecting video rental information, and not much else. It continued this way, repeatedly passing sector-specific laws while failing to address a problem … [Read more...]

Half of small businesses still aren’t GDPR compliant

It’s been more than 18 months since the GDPR (General Data Protection Regulation) took effect, and yet millions of small businesses across Europe have major compliance gaps, a study has found.  The GDPR Small Business Survey, which polled 716 organisations in Ireland, the UK, Spain and France, found that only 56% of organisations were confident that they obtained a lawful basis for processing … [Read more...]

German hospital fined €105,000 for GDPR data breach

A hospital in Rhineland-Palatinate, Germany has been fined €105,000 by the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatine (LfDI).  The fine was based on several breaches of the GDPR (General Data Protection Regulation) concerning patient admittances, resulting in patients receiving incorrect invoices, and exposing issues with the hospital’s patient privacy … [Read more...]

Is your CRM (customer relationship management) system GDPR compliant?

Organisations that use a CRM (customer relationship management) system will have plenty of experience handling large volumes of personal data, which can be both a good and bad thing when it comes to the GDPR (General Data Protection Regulation).  On the one hand, they’ll be familiar with the importance of keeping information such as names, email addresses and dates of birth secure, and updating or … [Read more...]

IT Governance certified training now available in Amsterdam

IT Governance Europe is delighted to announce the launch of our latest classroom training courses in Amsterdam.   Starting in 2020, they offer attendees a structured learning path from foundation to advanced level, and enable IT, privacy and security practitioners to develop the skills needed to deliver best practice and compliance in organisations of all sizes.   Continual professional … [Read more...]

ACCESS Act might improve data privacy through interoperability

Data privacy is back in Congressional lawmakers’ sights, as a new, legislative proposal focuses not on data collection, storage, and selling, but on the idea that Americans should be able to more easily pack up their user data and take it to a competing service—perhaps one that better respects their data privacy. The new bill would also require certain tech companies, including Facebook, … [Read more...]

The GDPR: How the right to be forgotten affects backups

The GDPR (General Data Protection Regulation) is a big, complex law, and, as it’s only natural that some elements appear to contradict each other.  One of those apparent contradictions involves arguably the most notorious aspect of the GDPR: the right to erasure (also known as the ‘right to be forgotten’).  This right – one of eight enshrined in the GDPR – allows individuals to request that … [Read more...]