European Data Protection Board’s Post

🇺🇸 🇪🇺 U.S. companies looking to expand to Europe and comply with evolving U.S. regulations, take note: data mapping is your friend. Not only does it facilitate compliance under the General Data Protection Regulation (GDPR) and US state regs like the CCPA/CPRA, but it's also a strategic business decision that enhances operational efficiency and paves the way for sustainable growth. Data mapping involves examining data sources, storage locations, and flow to third parties, underpinned by the GDPR principles of data minimization and legal basis identification. By embracing data mapping, companies can navigate the complex regulatory landscape and foster trust and transparency with consumers. Moreover, data mapping facilitates the management of privacy and security risks and aids in the efficient handling of data subject rights requests, a common ground for regulatory complaints. BTW, this can also be (or help avoid) a due diligence item in a financing or M&A transaction that could effect valuation or pricing. 🔎 Good read to see how software can help: https://lnkd.in/eGReCu7e #DataMapping #GDPRCompliance #USCompaniesInEU #PrivacyMatters Transcend IAPP - International Association of Privacy Professionals US International Chamber of Commerce The Data Protection and Privacy Hub™ Ben Franklin Technology Partners of Central & Northern PA #GDPR Husch Blackwell Data Privacy, Cybersecurity & Breach Response

Cross-Border Transferring of Personal Data Author: Panisa Suwanmatajarn #PersonalDataProtection #PDPA #DataTransfers #CrossBorderData #PDPCThailand #PrivacyRegulation #DataCompliance #DataSecurity #LegalUpdates #PDPA2024 #ModelContractualClause #BCR #GDPR #DataPrivacy

🚀 Urgent Update Required: The Clock is Ticking on Old EU SCCs! 🚀 Attention all professionals involved in data management and international data transfers! The deadline of 21 March 2024 to replace the old EU Standard Contractual Clauses (SCCs) is fast approaching. If your organisation utilised these clauses for international data transfers and your agreements were entered into before September 2022, it's time to take immediate action! Why is this crucial? Adhering to the updated SCCs is not just about compliance; it's about safeguarding your reputation, maintaining trust, and ensuring seamless global operations. The transition to the new SCCs represents a significant shift, aligning your data transfer practices with the stringent standards of today's data privacy landscape. Don't let this deadline catch you off guard! Dive into our latest article where we break down the essentials of this update and outline the proactive steps you can take to ensure a smooth transition. It's time to turn this legal requirement into an opportunity to strengthen your commitment to data privacy and enhance trust in your business practices. 🔗 Read the full article here https://lnkd.in/exVEvCV3 #DataProtection #GDPR #EU_SCCs #Compliance #DataPrivacy #InternationalDataTransfers #DeadlineAlert

Dear connections, I am pleased to inform you, that my article related to Data Protection is been published in AXIS JURIS INTERNATIONAL JOURNAL on topic "Impact of Personal Data protection bill on Data Processing in India business" Data protection and privacy law are important domain of law which is emerging in India and globally with effect of DPDPA 2023 and GDPR 2016 which created impact of business around the world, this article talks about antecedent to DPDPA as the Personal Data Protection Bill,2019 and its impact on India business. kindly give it a read :) #dataprotection #dpdpact #gdpr #law #privacylaw https://lnkd.in/gQwb8rZQ

The Dutch data protection authority, known as the Autoriteit Persoonsgegevens (AP), imposed a fine on ICS (International Card Services) for failing to conduct a Data Protection Impact Assessment (DPIA) in accordance with the General Data Protection Regulation (GDPR). The GDPR requires organizations to assess the potential risks associated with processing personal data and to conduct a DPIA when necessary. The AP found that ICS had not adequately assessed the risks to individuals' privacy rights when implementing a new system for processing credit card data. As a result, ICS was fined for non-compliance with the GDPR's DPIA requirements. It is important for organizations to conduct DPIAs to ensure they are proactively addressing privacy risks and complying with the GDPR's data protection principles. You may find mote details on the article by DataGuidance below 👇:

“More generally, the AP outlined that ICS failed to recognize that large-scale processing was involved, thereby violating Article 35 of the GDPR.” Large scale processing seem to be the soft belly of many organizations when determining a DPIA threshold, which might seem a very basic concept to a privacy professional, its not always often that the organizations listen. #gdprcompliance #largescaleprocessing #privacyprotection

🚀 Urgent Update Required: The Clock is Ticking on Old EU SCCs! 🚀 Attention all professionals involved in data management and international data transfers! The deadline of 21 March 2024 to replace the old EU Standard Contractual Clauses (SCCs) is fast approaching. If your organisation utilised these clauses for international data transfers and your agreements were entered into before September 2022, it's time to take immediate action! Why is this crucial? Adhering to the updated SCCs is not just about compliance; it's about safeguarding your reputation, maintaining trust, and ensuring seamless global operations. The transition to the new SCCs represents a significant shift, aligning your data transfer practices with the stringent standards of today's data privacy landscape. Don't let this deadline catch you off guard! Dive into our latest article where we break down the essentials of this update and outline the proactive steps you can take to ensure a smooth transition. It's time to turn this legal requirement into an opportunity to strengthen your commitment to data privacy and enhance trust in your business practices. 🔗 Read the full article here https://lnkd.in/edB9vrd6 #DataProtection #GDPR #EU_SCCs #Compliance #DataPrivacy #InternationalDataTransfers #DeadlineAlert

The Digital Personal Data Protection Act, 2023 (DPDP Act) will soon redefine India's data protection landscape. Upon notification by the Central Government, the current regime will become obsolete, requiring organizations to swiftly adapt to new rules. The DPDP Act protects digital personal data of identifiable individuals ("data principals") by imposing obligations on entities ("data fiduciaries") responsible for data processing. These organizations must prepare compliance strategies, including comprehensive data inventories and internal data mapping to track data storage, form, purpose, and related individuals. The Government may also designate some entities as 'significant data fiduciaries' (SDFs), imposing additional obligations based on their data processing activities. With significant financial penalties for non-compliance, organizations should use this transitional phase to audit their data trails and ensure third-party compliance. In summary, the DPDP Act demands major changes in data management. Data fiduciaries must develop robust compliance roadmaps and engage relevant parties to adopt sophisticated data handling practices. #DigitalDataProtection #PersonalData #GDPR #SignificantDataFiduciary

While it appears that draft rules under the DPDP Act, 2023 - India’s new data protection law - may be released soon for public comments, it is possible that provisions of the Act and their corresponding rules will be notified in tranches over the next few months. Given that the entirety of the DPDP Act has already been approved and published, the rules, which are required to be consistent with the Act, will likely provide clarity about various operational aspects of the Act’s provisions. Pending further updates under India’s new central government, and given expected trends of policy continuity in the country, here’s an overview of the DPDP Act along with key suggestions to prepare for compliance. #dataprotectionlaw #personaldata #digitalindia #dpdpact #privacylaw

With more and more activities and transactions going digital, a growing number of workers find themselves handling sensitive personal data. It is more important than ever that the people working with personal data have the skills to do so securely and legally. The personal consequences for individuals of a breach of the security of their personal data can be substantial, as can be the legal and commercial consequences for organisations. An understanding of data protection concepts is increasingly valued by employers. #privacymatters #dataprotection #dataprivacy #gdpr #pdpa