Life with GDPR

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider EU courts reducing fines and penalties assessed by data protection regulators. The case reminds us that, as we said before, data protection authorities are likely to face challenges to high fines in the courts. In some respects, the fine mechanism in GDPR is based on the system in use in competition law cases where the success rate in appeals has been high. Some of the highlights are:

1. Background to several cases.
2. What did the court say?
3. What did the regulators say?
4. What are the lessons learned for the data protection/data privacy compliance specialist?
5. What steps can your organization take?

Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the Experian enforcement action. Recently, the UK Data Protection Authority, the Information Commissioner’s Office (ICO), slapped Experian with an enforcement notice requiring the company to make major changes to how it processes personal data in its UK marketing services business. The main themes in the investigation, which targeted various players in the credit referencing industry, centered on “invisible processing”, “over processing”, providing insufficiently clear privacy information and using certain lawful bases incorrectly for processing people’s data. Some of the highlights are:

1. Background to the case.
2. Why did the other credit rating agencies agree to the ICO terms?
3. This matter is about the Enforcement Notice and not fines and penalties.
4. Why is transparency essential in data processing?
5. How does big data make all this more difficult?
6. What are ‘legitimate interests’?

Check out the Cordery Compliance, client alert on the Experience matter, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the increase in subject access requests (SARs) and other liability issues under GDPR. Recently, the UK Data Protection Authority, the Information Commissioner’s Office (ICO), issued new guidance on handling SARs. The guidance follows responses from organization of all shapes and sizes however and is clearly an indication of what the ICO is thinking. Cordery also took part in the consultation process for this new guidance.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode, we consider recent decision by the Hamburg Data Protection Authority which fined H&M Germany €35.2m for GDPR violations. The case concerned excessive use of employee data and is the largest fine so far imposed by regulators for the handling of employee data. We are likely to see more pressure on employers to justify the handling of employee data as a result of today’s fine. Some of the highlights are: 

1. What did the regulator say?
2. What did H&M do after the investigation began?
3. What about the current pandemic?
4. What are the implications going forward?
5. What is this decision’s precedential value?
6. What are some practical tips for compliance?

Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, I am joined by Jed Gardner of Linedata to discuss some of the practical aspects the Schrems III case, where the Court invalidated Privacy Shield. Some of the highlights are:

• Why was this and what are the wider impacts to transatlantic digital trade? 
• When does this come into effect? Is there any grace period? 
• Let’s look at a transatlantic organization (Investment Firm). What risks are they now dealing with? 
• What should businesses be doing with their technology to address the ruling and ensure they can meet the EU GDPR data privacy regulations? 

Check out the Linedata on their homepage here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we do our first emergency podcast based upon the European Court of Justice’s decision handed down July 16 on the Schrems III case, where the Court invalidated Privacy Shield. Some of the highlights are: 

1. What were the issues involved in this case?
2. What did the Court find wanting in Privacy Shield?
3. What are the differences in the European and American approach that led to this result?
4. What was the ruling around standard contract clauses for data transfer?
5. What are the implications going forward?

Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider recent decision by the Swedish Data Protection Authority recently imposed a fine of 200,000 Swedish kronor (approximately €18,700 or $21,320) on the Swedish National Government Service Centre (“the NGSC”) for failing to notify both the Data Protection Authority and others about a personal data breach in sufficient time.  Some of the highlights are:

1. What were the issues and interests involved in this case?
2. What are the requirements for a reporting of a data breach under GDPR?
3. What are the differences in duties of the Data Processor and Data Controller?
4. What are the implications going forward?
5. What is this decision’s precedential value?
6. Is the decision Kafkaesque in its reasoning?

Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider recent decision by the Belgian Data Protection Authority which imposed a fine of €50,000 ($54,203) on an un-named organization for non-compliance with the GDPR conflict of interest requirement; in the selection of its Data Protection Officer.  Some of the highlights are:

1. What were the issues and interests involved in this case?
2. What are the requirements for a DPO under GDPR?
3. How and why was the company ‘seriously negligent’?
4. What are the implications going forward?
5. What is this decision’s precedential value?
6. How much expertise, authority and autonomy must a DPO have going forward?

Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode I visit with Jonathan Armstrong are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the issue of verbal reporting under GDPR, in the context of the case of Scott v. LGBT Foundation. Some of the highlights are:

1. What were the issues and interests involved in this case?
2. What is a relevant filing system for automated data under GPDR?
3. When does the public health and safety outweigh data privacy?
4. Was Scott’s data processed by the LGBT Foundation?
5. What is the necessity test?

Check out the Cordery Compliance, client alert on the case of Scott v. LGBT Foundation, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode I visit with Jonathan Armstrong are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the intersection of Closed Circuit Television (CCTV) and data privacy. Some of the highlights are:

1. CCTV is ubiquitous in the UK. Why is a DPIA so critical in GDPR compliance around this issue?
2. What about the safety implications for CCTV?
3. What about Subject Access Requests?
4. Transparency is critical. This means full notice to all employees.
5. What should be your retention policy?

Check out the Cordery Compliance, client alert on the CCTV and data privacy, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices