Articles about GDPR

UK businesses are spending £1.59 million and 24 person-years annually on processing data subject access requests in compliance with Article 15 of GDPR, according to a new study commissioned by privacy specialist Guardum.

Data Subject Access Requests (DSARs) require data controllers to provide data subjects with a copy of their personal data within 30 days, or risk a fine of €20 million or four percent of turnover.

Continue reading →

The average person's data is held by 350 brands and they probably don't remember 83 percent of them according to a new study.

The research from identity management platform Mine also finds 32 percent of data in people's 'digital footprint' didn’t even require users to open an account to store their information.

Continue reading →

It’s been over a month since CCPA was implemented and businesses are struggling to comply. Smart organizations, however, know that compliance doesn’t have to be a sunk cost; in fact, it can be used as a competitive differentiator. Instead of playing catch up with global, national, and state data privacy regulations, businesses should consider implementing broad policies and protections for consumer information that will prepare the organization for any future legislation.

For all the criticisms of GDPR -- and there are many -- the EU legislation set an important precedent for data privacy laws internationally. Businesses that are already GDPR-compliant are in a good position to satisfy requirements from new national and state data privacy laws.

Continue reading →

For organizations in the EMEA region, the 'dwell time' between the start of a cyber intrusion and it being identified, has fallen from 177 days to 54 days since the introduction of GDPR.

A new report from FireEye Mandiant also shows a decrease in dwell time globally, down 28 percent since the previous report. Median dwell time for organizations that self-detected their incident is 30 days, a 40 percent decrease year on year.

Continue reading →

Google has confirmed that it plans to move data pertaining to its UK users out of Europe, and will instead store user accounts in the US.

The move comes as a result of the UK's departure from the European Union, and it is a side effect of Brexit that few would have predicted. Reuters reports that Google will be placing UK user accounts under US jurisdiction, adding that it "will leave the sensitive personal information of tens of millions with less protection and within easier reach of British law enforcement".

Continue reading →

Today is Data Privacy Day and with CCPA coming into force at the start of this month, the focus is very much on personal data, how it's used and how it needs to be protected.

One of the issues is that there are lots of definitions and terms involved which means it’s vital that everyone understands what they’re dealing with.

Continue reading →

With the California Consumer Privacy Act (CCPA) set to come into force in January, privacy and how companies use data is set to be one of the big themes of 2020. What do some of the industry’s leading figures think this will mean?

Peter Reinhardt, CEO and co-founder of Segment believes, "Though the GDPR roll-out should have given American companies a good taste of what was to come, it's still likely that most will do the bare minimum to comply with the CCPA until the US government starts enforcing it in 2020.

Continue reading →

With the California Consumer Privacy Act (CCPA) coming into force in January and GDPR in Europe having been active for nearly two years, data privacy is something that's being taken more seriously than ever.

But what impact does legislation have on businesses and consumers? And how has GDPR influenced the drafting of CCPA? To find out we spoke to Sophie Stalla-Bourdillon, senior privacy counsel and legal engineer and Dan Wu, privacy counsel and legal engineer, from data governance specialist Immuta.

Continue reading →

Conceding that as a company it "is not perfect at privacy and data protection", Twitter has revealed details of a new Privacy Center. This central repository will serve as the portal through which Twitter will keep users informed about how it handles user data.

Twitter is also introducing updates to its privacy policy on January 1, 2020. These will be compliant with the California Consumer Privacy Act (CCPA) which places numerous obligations on large companies, including giving customer greater control and transparency, and the right to have their data deleted on request.

Continue reading →

When Twitter announced plans to close down accounts that have not been used for a period of six months or more, reaction was mixed. While many people recognized the value in getting rid of the millions of accounts that artificially inflate follower numbers and take up usernames that could be assigned to other people, there were concerns too.

In particular, friends and relatives of deceased Twitter users expressed concern that they would no longer be able to access the old tweets of their loved ones. Now Twitter has said that it will put its plans on hold... at least until it is able to devise an account memorialization feature.

Continue reading →

With multiple privacy regulations and laws having gone into effect over the past year or so and more on the way affecting both consumers and business alike, it’s no wonder people are sometimes confused about how their personal data can be used.

Cisco is releasing the findings of its 2019 Consumer Privacy Survey, highlighting the top areas where consumers continue to struggle to understand how companies are handling their personal data, and how far data privacy trust has progressed.

Continue reading →

Microsoft has announced changes to its Online Services Terms for commercial cloud customers after an EU investigation raise concerns about existing policies' compliance with European regulation.

The company bills the changes as the introduction of "more privacy transparency" in the wake of a probe into potential violations of GDPR relating to telemetry data collected from Office 365 users. Microsoft says the new contractual terms will be offered to customers globally, not just within Europe.

Continue reading →

According to the results of a new survey, 74 percent of organizations say that since GDPR was introduced in 2018 it has had a beneficial impact on consumer trust, and 73 percent claim it has boosted their data security.

The study from Check Point questioned 1,000 CTOs, CIOs, IT and security managers from organizations in the UK, France, Germany, Italy and Spain. It shows that GDPR is delivering a strong positive effect overall for European businesses.

Continue reading →

Google stands accused of using hidden web pages to circumvent EU privacy regulations, secretly sending users' personal data to advertisers.

The accusation comes from the privacy-focused Brave web browser which says it has, "uncovered what appears to be a GDPR workaround that circumvents Google's own publicly stated GDPR data safeguards". Evidence has been handed to the Irish Data Protection Commission that allegedly shows Google using hidden web pages to share data on its Authorized Buyers exhange, formally known as DoubleClick.

Continue reading →

The UK government has always maintained that following Brexit, the European Union’s General Data Protection Regulation (GDPR) will be absorbed into UK law. This means that there will be no material changes to the data protection rules that organizations in the UK will need to follow.

However, the French data protection regulator has recently said that in the event of a no-deal Brexit and absence of an adequacy decision, it will treat the UK like any other country that is outside the European Economic Area. In other words, it will treat the UK as a "third country."  It’s likely that other EU country regulators will take this approach too -- and such decisions have legal implications for organizations.

Continue reading →