The Dutch Data Protection Authority makes six recommendations on drafting your data protection policy, based on its audits of privacy policies of blood banks, IVF clinics and political parties. A good data protection policy shows the individuals and the Supervisory Authority that it complies with GDPR. Three mandatory components were examined: a description of the (categories of) personal data a description of the purposes of data processing the rights of data subjects. Recommendations: Assess whether…

“Rather than view data protection as a box-ticking exercise, it should be a key priority and integrated into every aspect of the business to ensure comprehensive coverage and consistency.” “Regulation can only go so far – if businesses focus on best practices for cybersecurity, data protection and combine this with compliance they will be giving themselves the best chance of business success, whilst protecting their customers and their data.” Businesses “should strive to have an…

“I have long advocated for privacy protections that include the principles of knowledge, notice and the right to say ‘no’ to companies that want our information. But it is increasingly clear that a true 21st-century comprehensive privacy bill must do more than simply enshrine notice and consent standards,” said Sen. Edward Markey (D-Mass.), the author of the Privacy Bill of Rights Act. Markey said the bill was crafted in response to the continuing number of…

The French Data Protection Agency CNIL received 11,077 complaints in 2018, up 32.5 percent compared to 2017. Other highlights from the CNIL 2018 report CNIL carried out 310 investigations in 2018, of which 204 were onsite, 51 online and 51 on the basis of documentation. 49 orders were adopted in 2018, of which five were in the insurance sector; and four concerned companies specialized in advertising targeting via a technology (Software Development Kit) installed in…

“Where the sponsor processes personal data of data subjects in the EU, including in the context of managing the clinical trial, GDPR is fully applicable, including the obligation to designate a representative in the EU.” The European Commission has updated FAQs on the interplay between the forthcoming Clinical Trials Regulation (CTR) and GDPR. Key Takeaways: Each trial subject should receive information related to the clinical trial as required by the CTR as well as GDPR.…

The “agree button is one of the biggest lies on the internet. This is not consent. This is not notice,” said U.K. Information Commissioner’s Office Executive Director for Technology Policy and Innovation Simon McDougall. People are now living in an “age of unhappiness” and are not feeling empowered, says McDougall. With large tech companies, the balance of power has shifted, and “people are feeling unhappy about that.” “But at the same time… people are still…