Free tools and resources for Data Protection Officers!

Tag Archives for " GDPR "

Latest bits on privacy and cybersecurity #3

This weeks collection of latest privacy, data protection and cyber-security news and interesting articles. Enjoy the reading!

Six month prison sentence to employee for data misuse

A motor industry employee has been sentenced to six months in prison in the first prosecution to be brought by the Information Commissioner’s Office (ICO) under legislation which carries a potential prison sentence.

Continue reading »

Best picks on privacy

Collection of latest and most interesting news pieces, articles and publications from around the internet. You may also want to check all latest privacy and data protection news.

Facebook fined £500,000 for data breaches in Cambridge Analytica scandal

United Kingdom’s data protection authority ICO fined Facebook with maximum penalty of £500,000 for lack of transparency and failing to protect users’ information.

Continue reading »

The GDPR is on its way towards implementation into French law following a constitutional challenge

Following on from the article published on the dataprotection.blog on 24 January 2018 “French GDPR Implementation Bill – for French Data Protection Authority (“CNIL”) it could not come soon enough!”, Charlotte Gerrish provides us with the latest update on the status of the French GDPR Implementation Bill which, after surviving an attack of “unconstitutionality” before the French Constitutional Council, is now on its way into force.

As we stated back in January 2018, the French legislature had been fairly slow in pushing forward with the implementation of the GDPR into French national law. The progress of the Bill had not been without issues. On 16 May 2018, just 9 days before the GDPR was due to come into force, at least 60 French senators referred the Bill to the Constitutional Council claiming that certain provisions were unconstitutional and therefore contrary to French law and public policy (Affaire No. 2018-765 DC).

Continue reading »

What changes GDPR will bring?

While some tend to portray new European Union (EU) General Data Protection Regulation (“GDPR”) as menacing Apocalypse coming from nowhere, fact is that GDPR is an “upgrade” of existing EU data protection laws. EU Data Protection Directive (Directive 95/46/EC) was adopted already in 1995. In some countries – like Germany and Sweden – data protection laws were introduced even much earlier – in 1970s and 1980s.

GDPR keeps the basic principles of Data Protection Directive and ads new “layer” to it, aiming to unify data protection in all EU countries and bring more rights and control over data use back to individuals. In fact, GDPR incorporates guidance of data protection authorities and best practice in data protection. There almost nothing in GDPR that wouldn’t already exist somewhere. For example, data protection by design and by default principle originated back in 1980s, data protection officers already are mandatory requirement in Germany, and breach notification exist in communication sector for years.

But let’s look what exactly are the changes GDPR brings us.

Continue reading »

French GDPR Implementation Bill – for French Data Protection Authority (“CNIL”) it could not come soon enough!

If you are a regular reader of the dataprotection.blog, you probably already have a high level understanding of the EU General Data Protection Regulation, otherwise known as the “GDPR”.

The development of the digital era has forced us to rethink the framework that is applicable to personal data.
– French Minister of Justice, Nicole Belloubet, 13th December 2017

As you may be aware, the Member States are slowly but surely debating implementing legislation in order to transpose the GDPR into national law, in accordance with their own procedural requirements. France is no exception. As such, on 13th December 2017, Nicole Belloubet, the Minister of Justice presented the bill which sets out how France shall implement the provisions of the GDPR into existing French Data Protection Law to the French Council of Ministers.

Continue reading »

Latest papers on privacy and data protection – June

Recommendations for Implementing Transparency, Consent and Legitimate Interest under the GDPR

Centre for Information Policy Leadership (CIPL) published its paper on transparency, consent and legitimate interest under the GDPR.

Download paper

Designing Without Privacy

This Article presents findings from an ethnographic study of how, if at all, technologists doing the work of technology product design think about privacy, integrate privacy into their work, and consider user needs in the design process.

Access paper

Privacy and Human Behavior In the Age of Information

This review summarizes and draws connections between diverse streams of empirical research on
privacy behavior.

Read the review

User-Centered Privacy Communication Design

This paper describes a user-centered privacy policy design project at Stanford Legal Design Lab aimed to generate new models of business-to-consumer communications around data privacy.

Read paper

Internet of Things. Status and implications of an increasingly connected world.

US Government Accountability Office (GAO) released a technology assessment of the Internet of Things (IoT) for Congressional members of the IoT Caucus.

Read assessment

Latest papers on privacy and data protection – May

Kaleidoscope on the Internet of Toys

Report by the Joint Research Centre (JRC) on safety, security, privacy and societal questions emerging from the rise of the Internet of Toys – “Internet Connected Toys that constitute, along with the wave of other domestic connected objects, the Internet of Things”.

Read report

Who Watches the Watchers?

Report from Citi GPS: Global Perspectives & Solutions on how consumers are tracked, and how the data that is collected and analyzed, and how consumers feel about that.

Read report

Practical Guide to Efficient Security Response

Whitepaper on data breaches with proposals how to decrease response time. It includes seven security operations capabilities you need, a handy checklist to evaluate your security operations capabilities, and best practices for efficient security response.

Download whitepaper

Assessing Mobile App Data Privacy Risk

paper on mobile-risk scoring and how to do that in practice. It was carried out by IAPP and Kryptowire and is based on input of 400 privacy professionals.

Read summary of paper

UN Report on Governmental Surveillance

UN Special Rapporteur on the Right to Privacy, Joseph Cannataci, presented his report on governmental surveillance and access to personal data from a national and international perspective.

Read report

How  to Talk About the Right to Privacy at the UN

A brief guide on United Nations stand on privacy. Guide is prepared by Privacy International.

Read guide

Be Compromise Ready: Go Back to the Basics. 2017 Data Security
Incident Response Report

Survey on data security and incident response trends, and how to minimise data breach risks.

Read survey

Annual Report of the Data Protection Commissioner of Ireland

Annual report of the Data Protection Commissioner of Ireland for yer 2016.

Read report

Certifications, Seals and Marks under the GDPR and Their
Roles as Accountability Tools and Cross-Border Data Transfer
Mechanisms

Discussion paper on Certifications, seals and marks under the GDPR prepared by Centre for Information Policy Leadership. It looks at regulation provided in GDPR and benefits of such mechanisms.

Read paper

>