by Tom Pendergast Many of the impacts of the EU’s wide-reaching General Data Protection Regulation (GDPR) are still being hemmed and hawed about, but one thing is clear: more Data Protection Officers will be needed. The IAPP estimated last year that an estimated 28,000 new DPOs will be needed to oversee data handling for organizations subject to the GDPR. The mandatory DPO is one of many provisions within the GDPR going into effect in May 2018. (Check out our white paper here for a primer and some industry expert input). While the requirements for getting in compliance with the GDPR are … Continue reading The GDPR is Coming: 3 Things for DPOs to Consider About Privacy Awareness
EU General Data Protection Regulation (GDPR) The EU GDPR is a law designed to enhance data protection for EU residents and provide a consolidated framework to guide business usage of personal data across the EU, replacing the patchwork of existing regulations and frameworks. The 200-plus page GDPR replaces the 20 year old Directive (95/46/EC). This new law has received a lot of attention due to its complexity and the associated penalties for noncompliance. Fines can be up to 20,000,000 EUR or 4% of total worldwide annual turnover of the preceding year (whichever is higher). As a result, many organizations are … Continue reading 1 Year Until EU GDPR Enforcement Begins
The EU GDPR goes into effect in May, 2018. While that may seem far away, for many organizations the changes required to become compliant with the new law will take several quarters to implement. Some of the larger changes required will deal with the new “Right to Data Portability”, Identifying a lead supervisory authority, and appointing a “Data Protection Officer.” The Article 29 Working Party (WP29) has just released guidance on these three requirements. The guidance is summarized below, along with links to the full documents. 1) Right to Data Portability Article 20 provides data subjects with the right to … Continue reading Newly Released EU GDPR Guidance
Sr Product Counsel | TRUSTe
I recently travelled to Brussels for the Computers, Privacy and Data Protection (CPDP) Conference. With the proposed update to the EU’s privacy laws still under debate, the conference was full of politicians, academics and business people all discussing the future of privacy in the Europe.
While many topics were discussed at the conference, one of the most interesting questions that appeared over the week in Brussels was: what will be the impact of the new regulation on Small and Medium Enterprises (SMEs)? Some policy leaders suggested there would be little, if any impact, while others simply did not answer the question directly and/or did not care in any way about the issue. The SMEs themselves were generally fearful of the costs of compliance and the possibility of high fines. Read more “Small Business and the Future of Privacy in the EU”