Sypher Solutions’ Post

Don’t wait for Data Protection Rules: MEITY asks stakeholders to comply with the Digital Personal Data Protection Act, 2023 As the industry awaits for notification of Data Protection Rules, the Ministry of Electronics and Information Technology has recently asked the organisations to start compliance with the Digital Personal Data Protection Act, 2023. Going the GDPR way, organisations, now have to be in compliance with the provisions of the Data Protection Law on the broad principles enshrined in the Act, not to wait for the Rules. In this article Mr. Vikrant Rana, Managing Partner, Ms. Anuradha Gandhi, Managing Associate and Ms. Rachita Thakur, Associate at S.S. Rana & Co., sheds light on to the principles of Data Protection along with the initial steps that the organisations can take to kick-start their compliance journey.   #DPDPAct #DataProtectionRules #Dataprivacy #dataprotection #MEITY #government #Principles #fairness #dataminimization #purposelimitation #GDPR #NationalInformaticsCentre

🚨 New Blog Post Alert! 🚨 📜 The UK’s data protection landscape is rapidly evolving. With the Data Protection and Digital Information (DPDI) Bill making way for the Digital Information and Smart Data (DISD) Bill, what does this mean for businesses and individuals? In her latest blog post, Kate breaks down the key changes and implications of this shift in legislation. Whether you're a business leader, data protection officer, or just curious about the future of digital information in the UK, this is a must-read! 👀 Read the full post here: The Demise of the DPDI Bill and the Rise of the DISD Bill - https://lnkd.in/eDvtTrpC Stay informed, stay compliant! 📧 If you'd like a chat about how we could support you with data protection, please get in touch - we'd love to hear from you. #DataProtection #DataProtectionLegislation #GDPR #UKGDPR #DataProtectionAct #DPDI #DPDIBill #DISD #DISDBill #DigitalTransformation

📣 New data protection legislation is once again on the horizon. 📑 In my latest blog post, I look at the death of the Data Protection and Digital Information Bill and explore the newly announced Digital Information and Smart Data Bill. 🤓 Because I’m a nerd, I can’t wait to see the fully proposed Bill and what changes they might bring. Expect to see more blog posts about the new legislation as details are announced. 📲📧 As ever, please do get in touch if you’d like to discuss data protection support. I’d love to hear from you. #dataprotection #dpdi #disd #gdpr #ukgdpr #blog #blogpost

🗳️ With the polls now open for the 2024 election, many legislations which were previously on the table are, for now, not up for consideration. 📊 One of which is the Data Protection and Digital Information Bill (DPDI), which aimed reform aspects of data protection laws. 🖊️ Richard Bradley, Data Protection Manager, penned his opinion on what this now means for organisations and why it should be a 'do, don't delay approach' to your data protection strategy. Read his article here - https://lnkd.in/eHj__Dmj #dpdibill #dataprotection #gdpr

The UK's proposed Data Protection and Digital Information Bill includes revisions to the right of access under UK GDPR regulations. While aiming to address challenges faced by controllers dealing with substantial DSAR backlogs, some may find that the reforms fall short of expectations. Click here to read more. https://lnkd.in/e-jYuwvX #DPDIB #GDPR #HewardMills #Dataprotection #DPO

“During its October 2024 plenary, the European Data Protection Board (EDPB) selected the topic for its fourth Coordinated Enforcement Action (CEF), which will concern the implementation of the right to erasure (‘right to be forgotten’) by controllers. Data Protection Authorities (DPAs) will join this action on a voluntary basis in the coming weeks and the action itself will be launched during the first semester of 2025. The right to erasure (Art.17 GDPR) is one of the most frequently exercised data protection rights and one about which DPAs frequently receive complaints. The aim of this coordinated action will be, among other objectives, to evaluate the implementation of this right in practice.” #Privacy #GDPR #dataprotection #CEF2025   Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/eJDh6kGQ

Why (and How to) Dispose of Digital Data The stakes are too high for organizations not to comply with data privacy regulations. For example, noncompliance with the EU General Data Protection Regulation (GDPR) can result in a fine of up to €10 million or up to 2% of the organization’s worldwide annual revenue from the preceding financial year, whichever is higher.1 Crucial to data privacy and protection is proper data disposal. Morgan Stanley, a global investment bank and financial services institution headquartered in the United States, was fined US$60 million for improperly disposing of personal data. Disposal is the final step in the personal data life cycle, which begins with collection and ends with disposal. Read more here: https://shorturl.at/fsOVZ #datagovernance #dataanalytics #gdpr #compliance #dataprivacy

𝐑𝐞𝐠𝐮𝐥𝐚𝐭𝐨𝐫𝐲 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐑𝐞𝐬𝐩𝐨𝐧𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐲 The regulatory landscape surrounding data can be overwhelming, but we can use the frameworks established by legislation like the General Data Protection Regulation (GDPR), to further guide us in establishing a robust data access control strategy that aligns with legal requirements. 𝟏. 𝐋𝐚𝐰𝐟𝐮𝐥𝐧𝐞𝐬𝐬, 𝐟𝐚𝐢𝐫𝐧𝐞𝐬𝐬, 𝐚𝐧𝐝 𝐭𝐫𝐚𝐧𝐬𝐩𝐚𝐫𝐞𝐧𝐜𝐲: Personal data must be processed lawfully, fairly, and in a transparent manner in relation to individuals. 𝟐. 𝐏𝐮𝐫𝐩𝐨𝐬𝐞 𝐥𝐢𝐦𝐢𝐭𝐚𝐭𝐢𝐨𝐧: Data should be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. 𝟑. 𝐃𝐚𝐭𝐚 𝐦𝐢𝐧𝐢𝐦𝐢𝐬𝐚𝐭𝐢𝐨𝐧: The data collected should be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. 𝟒. 𝐀𝐜𝐜𝐮𝐫𝐚𝐜𝐲: Personal data should be accurate and, where necessary, kept up to date. 𝟓. 𝐒𝐭𝐨𝐫𝐚𝐠𝐞 𝐥𝐢𝐦𝐢𝐭𝐚𝐭𝐢𝐨𝐧: Personal data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. 𝟔. 𝐈𝐧𝐭𝐞𝐠𝐫𝐢𝐭𝐲 𝐚𝐧𝐝 𝐜𝐨𝐧𝐟𝐢𝐝𝐞𝐧𝐭𝐢𝐚𝐥𝐢𝐭𝐲 (𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲): Personal data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage. 𝟕. 𝐀𝐜𝐜𝐨𝐮𝐧𝐭𝐚𝐛𝐢𝐥𝐢𝐭𝐲: The data controller should be responsible for, and be able to demonstrate compliance with, the above principles. Learn more about strategies for defining digital data responsibilities: https://lnkd.in/e9yyXJ6Z #DataCompliance #GDPR #DataProtection #PrivacyRegulation #DataResponsibility #ComplianceFramework #DataGovernance #DataSecurity #DataPrivacy #LegalCompliance #RegulatoryFramework #TransparencyInData #DataEthics #ComplianceStandards #DataIntegrity #priskaaltorfer

Cross-Border Transferring of Personal Data Author: Panisa Suwanmatajarn #PersonalDataProtection #PDPA #DataTransfers #CrossBorderData #PDPCThailand #PrivacyRegulation #DataCompliance #DataSecurity #LegalUpdates #PDPA2024 #ModelContractualClause #BCR #GDPR #DataPrivacy

☕️📑I don’t want to spoil your morning coffee, but it’s time you reviewed your data processing agreements. The European Data Protection Board cooked up fresh guidance in Opinion 22/2024 on the obligations of processors and sub-processors, and it’s crucial for staying #GDPR compliant. 🔺The EDPB clarifies the need for identifying all parties involved in the data processing chain. This includes not just the processor but also any sub-processors, ensuring transparency about their identities, addresses, and roles. The processor is responsible for keeping the controller informed about all sub-processors involved. This transparency is essential for the controller to fulfil its obligations under the GDPR, including swiftly responding to data access requests (e.g. disclosing subprocessors' identity upon request) and handling data breaches. 🔺Furthermore, processors have to demonstrate that all sub-processors offer sufficient guarantees to implement necessary technical and organisational measures. This applies even when the processing chain becomes long and complex, involving several layers of sub-processors. The controller must ensure that all actors in the processing chain comply with the same data protection standards, regardless of the number of parties involved. 🔻The EDPB emphasises that controllers must carry out due diligence when selecting processors and sub-processors, evaluating the sufficiency of guarantees provided based on the nature of the processing and associated risks. This verification may involve gathering information through questionnaires, documentation, certifications, or audits. The verification level depends on the risk to the rights and freedoms of data subjects; higher-risk processing requires stricter verification. 🔺While controllers don’t need to check every sub-processing contract, they must have processes in place to audit and verify that all contracts with sub-processors comply with GDPR standards. In cases where doubt arises about compliance or breaches occur, the controller should review sub-processing contracts. Ensuring compliance with Article 28(1) and the accountability principle under GDPR may require obtaining and assessing sub-processing agreements to verify that sufficient guarantees are in place. The EDPB also notes that controllers may need to review sub-processing contracts, especially when processing involves international data transfers. 🔻In conclusion, the EDPB underscores that controllers remain responsible for ensuring that all processors and sub-processors in the chain meet GDPR requirements. Even practical difficulties in overseeing sub-processors do not exempt the controller from its obligations. The controller must be able to provide relevant instructions for any transfers of personal data, ensuring that the entire processing chain operates within the boundaries of GDPR #compliance. #dataprotection #contracts #law