GDPR

A couple of months ago I made a wild statement about the Facebook-Cambridge Analytical incident being the catalyst for stronger privacy regulation around the use of personal data for business purposes.  A few people found some merit on this idea – usually the ones from my own generation whose sense of adventure is a bit tempered by the reality of the past. And then lately, a few new events (think California’s CCPA) are showing that people and governments around the globe are more interested in the protection of personal data.  Most importantly, the appropriate use of personal data in a […]

GDPR came into effect on May 25th. Granted, the world didn’t come to an end but there is certainly awareness around the EU people whose personal data GDPR protects and they are making their voices heard. According to a report released by the IAPP, complaints have started pouring in across the different EU member states with as little as 2 in Sweden and 3 in Belgium and as many as 426 in France. Ireland to date has also had 547 data breach notifications! It is obvious that the Data Protection Authorities in the different EU states have a limited number […]

This is the last installment on the virtues and requirements of GDPR. In this series you learned a few things, like whether or not you need to comply, what to do if you actually need to comply and what to take into account when you are prioritizing your activities towards GDPR compliance. Now you should feel comfortable knowing that at least you understand what this new data compliance regulation is about and, based on your business, what the key areas are that you need to take care of. On May 25 you will certainly be in a better place than […]

In the last few weeks, we have been talking about what GDPR is, who needs to be compliant with it and what things to keep in mind if you have to comply. Now we are going to discuss what is the best way to go about prioritizing GDPR requirements for your organization. It’s all about the risk First off, let me say that GDPR is not a step-by-step prescription on what to do with regards to the management and protection of personal data. If it were that way, we would all have been compliant long ago! Just tick the boxes on […]

Last week we discussed what GDPR is in very broad terms. We also discussed what are the general parameters used to determine whether an organization needs to comply with GDPR or not. Just to refresh our memories, these are the criteria used to make such determination: If you have any physical presence in the EU (even if it is a small sales and marketing office). If you don’t have a physical presence but you offer products or services to EU residents. If you don’t offer products or services but you monitor EU residents online behaviour. You need to comply… now […]

The requirements around this new regulation and who it will apply to The General Data Protection Regulation or GDPR is the new data protection legislation enacted by the European Union that will come into effect on May 25, 2018. This is a very important regulation, not only for European residents but for everyone around the world. The main reason is because it is the first privacy and data protection regulation that ensures that individuals rights and freedoms are the top priority. It also unifies all the different regulations under one rule. The EU data protection directive from 1995 is replaced […]

As I take some time to read the news on a Sunday afternoon, I start realizing that news of GDPR compliance is gaining traction. I even cleared all my cookies to ensure that it was not just showing on my different feeds because of what I’ve read before. No, GDPR is showing up more and more. I’m glad that it is beginning to get the attention it needs. What worries me is that, at this point in time, it leaves very little time left for organizations to get their house in order in time for May 25 (you can check […]

2017 is over and it was certainly a year where data breaches were front and center for organizations and the public in general. There is a renewed interest around what personal data protection should entail, and in multiple cases, organizations are not there yet. This interest stems from a clear concern from consumers about how their data is being managed and protected. It has also become a top priority for regulators, as we can attest from the implementation of GDPR in Europe. Therefore, what can we expect in 2018? In my opinion, more of the same… but on steroids. Cybersecurity, […]