Why Organizations Need to Start Implementing Data Minimization

When the European Union (EU) enacted the General Data Protection Regulation (GDPR) on May 2, 2018, the world was introduced to the concept of data minimization. According to Article 5 of the GDPR, data minimization means “personal data shall be…

Read More
GDPR

What Your Organization Can Learn From GDPR Enforcement

Since The General Data Protection Regulation (GDPR) became enforceable in 2018, enforcement has ramped up across Europe. Data acquired by Finbold indicates that the cumulative number of GDPR violations has surged 113.5% over the last 12 months between July 2020 and July 2021. The website GDPR Enforcement Tracker – list of GDPR fines has shown…
Read More
EDPB

What counts as a “transfer” of data under the EU GDPR? New draft EU Guidelines released

Summary It is well known that the EU GDPR (specifically, Chapter V) restricts transfers of personal data from the EU to a “third country” (i.e. a jurisdiction outside the EEA) or to an international organisation. But what is meant by a “transfer”? And how does this apply where the extra-territorial reach of the EU GDPR…
Read More
Payments

CNIL Publishes White Paper on Digital Payments and Data Privacy

The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly increased in recent years, fueled by the immediate impacts of the ongoing COVID-19 pandemic and the longer-term growth of e-commerce and open banking. In this…
Read More
Collective Redress

The EU’s Collective Redress Directive — An Analysis of the Interplay with EU General Data Protection (GDPR)

In this fourth alert in our series regarding the European Parliament’s formal endorsement of a new collective actions legislation titled the Directive of the European Parliament and of the Council on Representative Actions for the Protection of the Collective Interests of Consumers, we analyze the interplay between this new Directive and EU General Data Protection 2016/679, also known…
Read More
Rights

Lessons Learned from Implementing Privacy Rights Request Processes

Over the last three years, several data privacy regulations have been adopted around the world which include requirements related to the collection, processing, and use of personal information. The list includes the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the Lei Geral de Proteção de Dados Pessoais (LGPD) for Brazil,…
Read More
Back To Top