Anotehr consulting firm having a webinar on the EU GDPR – on 5/10/2017.
A check-list on the to-do’s from HSF.
US regulators are picking up on their European counterparts.09
For failure to include a procedure to request erasure and for the excessive interference in human’s privacy.
A successful case of right to oblivion at the Amsterdam Court.
A Gym owner had been associated with Money Laundry by a Maltese newspaper. The lawsuit didn’t take off for lack of evidence and the plaintiff demanded Google to remove such article from its results.
Replacing the 1998 UK DPA to implement the upcoming EU GDPR, some exceptions have, nevertheless, been kept.
Some Key takeaways:
- Liability upon directors (section 177).
- Child’s consent (if younger than 13) in relation to information society services (section 8).
- Sensitive personal data (Schedule 1, Part 2, sections 14 and 15) is lawfully processed if (a) this is necessary for the purpose, (b) it is of data concerning health which relates to a data subject who is the parent, grandparent, great-grandparent or sibling of an insured person, among the other.
- Transfers of personal data to third countries, etc. (section 17) is managed by the secretary of state.
- Access rights, with some exceptions : (a) information is covered by legal professional privilege; (b) information used for management planning by the employer; (c) information about the employer’s intentions during negotiations with the employee; and (d) confidential references given (but not those received) by the employer. The Bill also creates a number of new offences, e.g., the offence of altering, destroying or concealing information to be provided to an individual through a subject access request.
- Data portability.
Add insult to data breach.
123m clients of Equifax have lost their perosnal data, but luckily the company allows them to check whether their data has gone stolen.
Just check the box to agree on T&Cs that you would only sue them in arbitration and lose your rights to a class action.
The immediate correction allowed ocnsumer to opt out within 30 days from the agreement to the T&Cs.
All of this happened right before the 18th Sep, date by which the CFPB will enforce a law banning class action right waiver for consumers.
Empoyees walking away are actually on of the first reasons for data leakage.
In the first place, access to such data should be carefully limited.
Then data-retention policies could also do.
Also, what about beefing up confidentiality agreements with employees?
- stressing importance of not leaking such data, during exit interviews,
- audit/track employees’ changes, to forecome potential issues.
A more management-wise perspective on how to handle the EU GDPR.
The EU GDPR has been recently passed into law in the UK.