It is no longer news that EU-US data transfers have become increasingly challenging given the invalidation of the EU-US Privacy Shield Framework in 2020. Since then, companies have had to rely on standard contractual clauses and in other cases, data subjects have had to give consent for such transfers to happen knowing the risk of […]
Tag: GDPR
Data protection & privacy digest 1 – 15 Dec 2022: draft US adequacy decision, Microsoft ‘data boundary’ for the EU, Age-appropriate design code
In this issue, you will find updates on the draft US adequacy decision, Standard Data Protection Model, HIPAA rules, multimedia boxes security, code of practice for app market, Microsoft ‘data boundary’ for the EU, Apple’s E2EE, and more. Legal processes: draft US adequacy decision, EDPB’s binding decisions, draft AI Act The EU issued a draft […]
Data protection & privacy digest 9 – 30 Nov 2022: Microsoft 365 non-compliance, Meta “data scraping” fine, Amazon Prime class action
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes: Microsoft Office 365 cloud services, privacy complaints, lead supervisory authority, NIS2 Directive, Australia data breach penalties The German Data Protection Conference negatively assessed the data processing agreements for Microsoft 365 cloud services, regarding the requirements of Art. 28 of the GDPR. The […]
Data protection & privacy digest 13 – 26 Sept 2022: Google Analytics clash, caller identification, commercial practices & GDPR
TechGDPR’s review of international data-related stories from press and analytical reports. Official guidance: Google Analytics, risk assessment tool, work monitoring, privacy policy check-list, machine learning, APIs The Danish data protection authority, following several other European counterparts’ decisions, concludes that the Google Analytics tool cannot be used legally without implementing several additional measures, (eg, effective pseudonymisation […]
GDPR Training Modes for Technology Teams
Though there are a wide range of training options, all of which will help guide GDPR compliance efforts, there are key differences between the different training methods which must be taken into account.
Privacy by Design for Technology Development Teams
The principle of Privacy by Design builds privacy into the heart of data processing operations and systems, while Privacy by Default ensures that the data subject’s rights are protected as a matter of standard operations. These concepts were created long before the GDPR came into fruition, but under the GDPR became important requirements.
Weekly digest 25 July – 1 August 2022: UK publishes new data protection draft bill and updates BCRs
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes: UK new data protection draft bill, rules to prevent child abuse online A UK new data protection draft bill was published on a parliamentary website. This document is intended to update and simplify the UK’s data protection framework to reduce organisational burdens […]
Why is GDPR training important for technology teams?
Individuals working in positions directly relating to technology or software development often view GDPR compliance as being outside of their domain, and thus might not see the value in GDPR training. Though the extensive requirements of the GDPR can be difficult to fully comprehend, those working in technology development have a special role in ensuring […]
Weekly digest 4 – 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers
TechGDPR’s review of international data-related stories from press and analytical reports. Legal processes: DSA and DMA, China’s data exporters, ransom payments, CASPs Last week, the European Parliament adopted the new Digital Services Act (DSA) and Digital Markets Act (DMA), following a deal reached between Parliament and Council. The two bills aim to address the societal […]
Weekly digest 27 June – 03 July 2022: credential stuffing, misconfigured cloud storage, mobile devices at work, drones & privacy
TechGDPR’s review of international data-related stories from press and analytical reports. Official guidance: credential stuffing, patient privacy, use of drones The latest report from international data protection and privacy authorities has identified credential stuffing as a significant and growing cyber threat to personal information. A credential stuffing attack is a cyber-attack method that exploits an […]
Do you need support on data protection, privacy or GDPR? TechGDPR can help.
Request your free consultation