NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Compliance Perspectives: The Privacy and Data Security Track at the 2020 Compliance & Ethics Institute
Compliance Perspectives: Regulatory Conflicts in Data Privacy Laws
E14: The Three Pillars of GDPR
E12: GDPR Article 22 and Automated Decision Making
As of September 22, 2024, the final provision of Law 25, An Act to modernize legislative provisions as regards the protection of personal information will take effect, establishing a new right to data portability for...more
An in-depth exploration of Data Subject Access Request (DSAR) workflows and discover best practices for managing privacy requirements efficiently and effectively. In this educational webinar, we'll delve into the intricacies...more
Join our enlightening webinar to explore the critical role of data discovery in constructing a comprehensive and accurate data inventory, essential for streamlining privacy compliance and enhancing data governance. In this...more
All journeys have a beginning and end point, and some of them have a meandering, convoluted pathway. This is certainly the case with Disclosures. FOI, DSAR and DSRR all have a journey to travel but some traverse more...more
As many employers will be aware, data subject access requests (DSARs) can take up a significant amount of business resources and are a common tactic used by disgruntled employees. A recent decision from the Court of Justice...more
Organisations must provide individuals with information on the specific recipients of their data upon request. The Court of Justice of the European Union (CJEU) has ruled that organisations must generally disclose the...more
Both the EU and UK GDPR grant data subjects rights in relation to their personal data. Article 15 gives data subjects the right to access their personal data and increasingly, data subjects are exercising this right by...more
For the most part, businesses gather employee data without too much thought. Sure, some data is obviously private, like employee social security numbers, but other than that, businesses can pretty much do what they want with...more
The Advocate General (AG) Pikamäe of the Court of Justice of the European Union (CJEU) issued his opinions in three cases concerning the credit rating agency SCHUFA Holding AG (SCHUFA) on 16 March 2023....more
We’re now approaching the five-year anniversary of the General Data Protection Regulation (GDPR) taking full effect. In the run-up to 2018 and the period afterwards, there were many predictions about the likely direction of...more
Data is what makes the modern business world go around. But as the amount of data that organizations collect and process grows, so, too, do concerns about data security and how organizations respond to DSARs. These...more
State and international laws provide consumers and employees (including job applicants and former employees) with certain rights, such as the right to find out what personal information a business has about the individual,...more
With the use of Data Subject Access Requests (DSARs) becoming increasingly common, it is important that anyone dealing with personal data understands what a DSAR is, when it can be used, how an organisation should respond to...more
Thanks to GDPR, every individual has the right to request and access data that organizations hold about them. This poses a significant challenge for organizations, as this information can be located anywhere your organization...more
Data protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are a major cause for concern for organizations. While the biggest fines garner headlines, such as...more
The “right of access” recognized by art.15 GDPR is one of the most fervently exercised rights by individuals. Nowadays, where companies tend to amass considerable amounts of information and carry out data processing...more
On January 28, 2022, the European Data Protection Board (“EDPB”) published draft regulatory guidelines (“draft guidance”) on the right of data subjects to have access to their personal data under the EU General Data...more
Certain Colorado companies and others targeting Coloradans will soon be subject to the newly enacted Colorado Privacy Act (“CPA”), signed into law by Gov. Jared Polis on July 8, 2021. Colorado joins California and Virginia as...more
Learn More About: - The Biggest Threats to Organizations - What 2021 Will Bring for Data Subject Requests - Aligning Privacy Approaches to Ensure Global Compliance - The Outlook on Future New Regulations - Steps...more
When it comes to data privacy law, change is the only constant. The global pandemic unleashed a new set of risks related to data privacy that companies will have to confront in 2021. But despite the COVID chaos, data privacy...more
The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of...more
In my latest post, I outlined the process involved in the actual response to DSAR requests. In my last article of this series, I will discuss the best practices and workflows that your organization should follow when...more
In a previous post, I discussed what a DSAR is, the laws that such requests arose from, and the importance of having a systematic approach to dealing with a request. Now let us outline the process involved in the actual...more
For any organization that deals with privacy issues in the European Union and other privacy-centric jurisdictions like the United Kingdom, an effective information governance program is a must. A program that includes a...more
The words “hodgepodge” and “patchwork” are overused in the world of risk and compliance, but they’re certainly appropriate for describing the myriad data privacy regulations popping up around the world. In 2018, the world...more