Podcasts about uk gdpr

The many impacts of AI extend across business and consumer interests and issues around privacy are some of the broadest. Analyst Paige Bartley returns to the podcast to discuss the results of two recent studies on enterprise and consumer perspectives on AI and privacy with host Eric Hanselman. Enterprise privacy concerns are shifting from regulatory to operational and reputational, as the awareness of the importance of data privacy grows. The landmark UK GDPR legislation was announced in 2016 and most early efforts focused on compliance. That's shifted to building privacy functionality into the foundations of the way businesses operate. PrivacyOps approaches are growing rapidly as organizations come to realize that customer trust has to both be established and maintained in ways that are meaningful to customers. The opportunity for businesses is to move from treating privacy as overhead to making part of supporting business interests. It comes full circle by helping to enable better data use for AI. More S&P Global Content: The 2025 Generative AI Outlook For S&P Global Subscribers: Safeguarding privacy in the AI era – Highlights from VotE: Data & Analytics Consumers' preference for personalization still outweighs desire for data privacy – Highlights from VoCUL: Connected Customer Data Insight: Consumer data privacy in the modern world of generative AI — no going back? Credits: Host/Author: Eric Hanselman Guest: Paige Bartley Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

The Data (Use and Access) Bill (DUAB) is set to transform data protection and privacy in the UK, bringing major updates to UK GDPR and the Data Protection Act 2018. These changes will impact how businesses manage data access, automate decision-making, and comply with evolving regulatory requirements. In this episode, our compliance experts break down the key provisions of DUAB, explore its potential impact on businesses, and share practical steps to help you stay ahead of the changes. Key topics include: What's changing? A deep dive into DUAB's impact on data processing, subject access rights, and automated decision-making Legitimate interests for data processing: Understanding the new lawful bases for data sharing and transfers AI and automated decision-making: How the bill introduces new rules for AI-driven personal data decisions and what safeguards are required The rise of smart data: Preparing for new "smart data" schemes and their effects on industries like finance and healthcare Compliance best practices: Updating privacy notices, re-evaluating AI processes, and ensuring effective complaint-handling mechanisms Stay ahead of the 2025 data landscape with expert insights and actionable strategies. Tune in to ensure your organisation is compliant with the latest data protection reforms!

John McVeigh Today, we have a guest post on the complexities of navigating Brexit and GDPR for companies on both sides of the border- provided by ASSUREMORE. ASSUREMORE is a management consultancy business specialising in GDPR compliance - founded by John McVeigh. To find out more about ASSUREMORE and the services they provide, please click here. When the General Data Protection Regulation (GDPR) came into force in 2018, it applied uniformly to all EU member states - including the United Kingdom and the Republic of Ireland. However, Brexit changed the game. We now have two parallel regimes: The EU GDPR applies to any organisation operating in the European Union. The UK GDPR applies to businesses operating in the United Kingdom. Although the laws are nearly identical in principle, they are legally separate. This means that if you're based in one jurisdiction but process personal data from the other with no local base, you may need to appoint a GDPR representative there. It's a requirement that many businesses are unaware of or have overlooked, despite it coming into effect as soon as the UK fully left the EU. "Two Versions of GDPR" in Practice "Essentially, there are now two versions of GDPR," explains John McVeigh. "If your business is based in only one jurisdiction but still handles personal data from the other, you'll likely need a representative. It's something that was never really spotlighted when Brexit happened - and it catches people out." Before Brexit, a company in Northern Ireland selling services to the Republic of Ireland (and vice versa) faced no additional compliance beyond standard EU GDPR. Once the UK left, businesses in the Republic effectively became "outside" of UK legal territory, and businesses in Northern Ireland or Great Britain likewise became "outside" of the EU's legal territory. As a result, many organisations - large or small, B2C or B2B - now come under Article 27 of the respective GDPR regime. When Do You Need a GDPR Representative? Under Article 27 (EU GDPR or UK GDPR), a non-EU or non-UK organisation that processes the personal data of individuals in the other territory may need to appoint an official GDPR representative if: You do not have an "establishment" (e.g. an office, subsidiary, or physical presence) in the territory where your customers or data subjects reside. You are offering goods or services to individuals in that territory (even free services can count). You process personal data that can identify living individuals (for instance, storing "joe.blogs@companyx.com" rather than simply "info@companyx.com"). If all your data is strictly non-personal (like a generic info@ address or purely anonymous records), or if your activity in the other jurisdiction is truly "occasional" and poses minimal risk, you might be exempt. However, genuine exemptions are rare in practice, especially for consumer-facing businesses or those storing personal details of clients, suppliers, or leads. B2C vs. B2B B2C: Businesses selling directly to consumers in the other jurisdiction face the highest scrutiny - especially if they store names, addresses, payment details, or marketing preferences of private individuals. Consumers are more likely to exercise data protection rights and file complaints if they feel their privacy is being mishandled. B2B: Even if you primarily serve other companies, you typically store personal data for key contacts - e.g. "john.smith@clientcompany.com" - which means GDPR still applies. The risk of complaints may be somewhat lower, but the legal requirement remains. The Cross-Border Example A classic scenario is a manufacturer or retailer in the Republic of Ireland that has always sold products seamlessly into Northern Ireland or Great Britain. Suddenly, that same business is deemed "non-UK" for data protection purposes - even though physically they might be only kilometres away across the border. If they do not have a dedicated office in the UK, they will likely need a UK GDPR r...

Send us a Text Message.How does understanding the legal landscape in cybersecurity elevate your professional game? Join us on this episode of the CISSP Cyber Training Podcast as we unpack the complexities of civil, criminal, administrative, and contractual law. Learn how each legal category influences risk assessments, organizational policies, and legal prosecutions. We'll guide you through the nuances of civil law's role in resolving non-criminal disputes, the severe implications of criminal law, and the critical importance of maintaining proper logs for legal conformance.Discover why precise contractual language is essential for protecting your organization in the event of a data breach. We delve into the importance of collaborating with legal experts when drafting contracts and examine key intellectual property areas like trademarks, patents, and trade secrets. Protect your brand from domain name scams and safeguard valuable business information from impersonation and counterfeiting with practical steps and real-world examples.Finally, we delve into the pivotal laws that shape cybersecurity practices today. From the Computer Fraud and Abuse Act (CFAA) to the Electronic Communications Privacy Act (ECPA), understand how these laws aid in prosecuting unauthorized access and fraudulent activities. Explore the significance of the Economic Espionage Act, the Electronic Funds Transfer Act, and the UK GDPR in modern transactions and international business operations. Don't miss this comprehensive episode packed with invaluable insights for your CISSP preparation and professional growth in the cybersecurity field.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

In the first of our three-part ‘AI Podcast' series, Lucy Densham Brown and Jordan Masters, members of the data protection team at Clarkslegal, discuss how using AI and automated decision-making could conflict with GDPR protections and lead to discrimination. This includes:What is AI?What is GDPR and how does the use of AI relate to it?Examples of how problems can arise from AI learning from historic data.What does Article 22 of the UK GDPR mean for data processers?What are the implications of the Article 22 judgement? If you have any questions or want to discuss data protection law and how it applies to you in more depth, please contact our data protection team, who would be happy to help.

The UK's data privacy landscape has long come with strict responsibilities for businesses, requiring detailed justifications for all customer data stored and processed. After the UK formally exited the European Union in 2020, the UK retained regulations for controllers and processors via the UK GDPR which sits alongside the Data Protection Act 2018.Businesses have often criticized the red tape present within GDPR, arguing that it holds them back from carrying out the core functions of their business model. In response, the UK government has repeatedly backed the creation of a bill that would reform to UK data protection law and while this has been subject to some false starts, it is now underway as the Data Protection and Digital Information (DPDI) Bill.In this episode, Jane and Rory speak to Chris Combemale, CEO at the Data and Marketing Association and chair of the Government's Business Advisory Group on reforms, to learn how the DPDI could improve UK innovation and where it differs from other laws.

La carrera profesional de María Soledad Capozzi está vinculada con la innovación tecnológica, orientada al cumplimiento de la normativa de datos personales. Actualmente es DPO en OpenBank (Banco 100% digital del Banco Santander) y profesora del Máster en Protección de Datos y Seguridad de la Universidad de Nebrija. En sus ratos libres también escribe en la sección de innovación del Santander, así como otros foros para generar concienciación en los ciudadanos en materia de privacidad.  Con nuestra invitada nos hemos zambullido en las profundidades de las políticas de protección de datos para entender qué menciones son necesarias y cómo conseguir un cumplimiento efectivo de ambos, deber de transparencia y principio de responsabilidad proactiva. Desde ahí nos ha dado incluso tiempo a abordar la comunicación de bases legales y el ejercicio de derechos.  Interrogantes abordados a lo largo de esta entrevista:  ¿Es posible conseguir transmitir con claridad los derechos existentes y al mismo tiempo incorporar todas las menciones impuestas por la normativa? ¿Cómo podemos llegar a comunicar el concepto de una base legal (artículo 6 del RGPD)?  ¿Se puede aplicar técnicas de Testing a políticas de protección de datos para comprobar qué partes se leen o entienden y cuáles son mejorables? ¿Cuál es la mejor forma de comunicar un cambio en las bases legales para garantizar la transparencia y al mismo tiempo evitar una polémica injustificada? ¿En qué país nos encontramos clientes más puntillosos con la política de privacidad o reactivos a sus cambios?  ¿Cómo podemos armar una sección de FAQ relacionada con el deber de información? ¿Cuándo podremos simplificar la aplicación del interés legítimo? Referencias:  María Soledad Capozzi en LinkedIn Masters of Privacy: Políticas de protección de datos eficaces con Ito Onojeghuo (inglés) Masters of Privacy: María Vidal - Listas Robinson Directrices sobre el deber de transparencia del Comité Europeo de Protección de Datos Multa a Spotify en Suecia (junio de 2023) relacionada con una política de privacidad insuficiente Multa a Criteo en Francia (junio de 2023, 40 millones de euros), siendo el deber de información uno de los criterios determinantes el incumplimiento de los artículos 12 y 13 del RGPD Modificaciones propuestas al UK GDPR, incluyendo supuestos “precocinados” de interés legítimo (artículo de Hogan Lovells)  Erin Meyer, The Culture Map (no relacionado con la pregunta a María Soledad, pero sí originario del concepto)

Welcome to "AI Lawyer Talking Tech," your daily dose of legal technology news. In today's episode, we delve into the transformative impact of artificial intelligence (AI) in the legal industry. Join us as we explore topics such as AI-powered legal writing, the ethical considerations surrounding AI adoption, the role of AI in legal research, and the use of generative AI in law firms. Stay tuned for fascinating insights and innovations that are shaping the future of law. Let's dive in! Harnessing AI in Legal Writing: An Arkansas School District's Perspective03 Oct 2023Real Lawyers Have BlogsNYSBA's 147th annual meeting to address legal ethics in AI02 Oct 2023Brooklyn Daily EagleNuvolo Agrees to Sell to Trane Technologies02 Oct 2023CooleySources of legal research: Primary, secondary and the role of AI02 Oct 2023Legal.ThomsonReuters.comRICO Lawsuit: H&R Block, Facebook, and Google Passed Around Private Data ‘Like Candy'02 Oct 2023Breitbart.comBiglaw Not As Plugged Into AI As We Thought02 Oct 2023Above The LawUnlocking the secrets to legal innovation in 202302 Oct 2023LexBlogBird & Bird appoints new head of legaltech and innovation02 Oct 2023Legal IT InsiderCalling All Legal Tech Startups: Applications Are Open for the ABA TECHSHOW 2024 Startup Alley and Pitch Competition02 Oct 2023LawSitesWill AI replace paralegals?02 Oct 2023Legal.ThomsonReuters.comThe Truth About Hallucinations in Legal Research AI: How to Avoid Them and Trust Your Sources02 Oct 2023beSpacificLegalMatch Remains Largely Immune to Negative Economic Trends Caused by Recessions02 Oct 2023Morningstar.comTakeaways from our Digital Deep Dive Webinar on AI & Digital Health02 Oct 2023Hogan LovellsKeeping Up With Generative AI in the Law01 Oct 2023LLRXMobile phone providers are threatened with class action lawsuits over data sharing30 Sep 2023TakeToNewsAI in Legal Document Analysis: A Revolution in Legal Profession03 Oct 2023Legaltech on MediumWebcast: Tips for Adopting Generative AI03 Oct 2023Debevoise Data BlogGermany's Role in Climate Policy02 Oct 2023Legal PlanetDSIT publishes draft amendments to the UK GDPR and DPA 201802 Oct 2023Technology Law DispatchAn overview of the European digital strategy26 Sep 2023Inside Tech LawRecent changes to the UK Electronic Communication Code02 Oct 2023Technologys Legal EdgeJoe Cohen on Dentons' fleetAI: ‘It Gives Unique Perspectives'02 Oct 2023Artificial LawyerDevelopments in Legislation and Regulation of Artificial Intelligence28 Sep 2023GenAI-LexologyAnnouncing the Winners of the Berkeley Technology Law Journal 2023 Writing Competition30 Sep 2023BTLJ Blog Archives - Berkeley Technology Law JournalPower Grids and Points of Vulnerability: Keeping the Lights on Amid Cybersecurity Concerns29 Sep 2023Internet & Social Media Law BlogJustia Legal Guides: Consumer Protection Law Center29 Sep 2023Legal Marketing & Technology BlogOpen AI Continues to Blur the Human-Robot Boundary29 Sep 2023Goodmans Technology Blog

On 8 March 2023, the UK Government introduced the long awaited update for the UK GDPR, now called the Data Protection and Digital Information Bill, in the House of Commons. According to the press release, British business will be able to save many billions of pounds when this bill becomes law, but not everybody agrees that is true. In this extra episode of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Outschool talk with Ralph O'Brien, our go-to UK expert and guest co-host, on what the bill entails, and we also hear from Claire Archibald on some of the consequences of the bill. The Annual TrustArc Global Privacy Benchmarks survey is open until March 31st, and we want to hear from you. How is the industry shifting, and what trends do you foresee? This doesn't assess individual or company privacy competency. Rather, it allows you to shape the future of privacy protection initiatives. Please, share your views on how enterprise's manage data protection and privacy. As always, if you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! #heartofprivacy #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO

In this podcast Melanie Pimenta and Sana Nahas members of the Data Protection team at Clarkslegal discuss some of the issues surrounding non-compliance with subject access requests, commonly known as “DSARs”. This is particularly topical given that the ICO has recently announced that it has issued reprimands to seven organisations for repeatedly failing to respond to data subject access requests under the UK GDPR. 

Tässä jaksossa Panu ja Pilvi pääsevät keskustelemaan Leena Kuusniemen kanssa siitä, millaisia vaatimuksia lasten tietosuojalle on eri maailman kolkissa aina Yhdysvalloista ja Brasiliasta Australiaan ja Aasiaan. Pohdimme myös, miten näiden toisistaan poikkeavien lakien joukossa pystyy rakentamaan lapsille suunnattuja globaaleja digitaalisia palveluita. Onko se edes mahdollista? Yllätykseksemme saamme huomata, että lasten tietosuojan näkökulmasta tuttu ja turvallinen GDPR ei olekaan tiukimmassa päässä. Hyppää mukaan kannelle, laiva lähtee pian! Sivuamme myös nauhoitusta edeltävällä viikolla julkaistua Executive Orderia (Executive Order on Enhancing Safeguards for United States Signal Intelligence Activities) joka on uusi yritys mahdollistaa lainmukaisia henkilötietojen siirtoja Yhdysvaltoihin. Kuulemme myös viimeiset kuulumiset Nordic Privacy Forumista.   Leena Kuusniemi on teknologiajuristi, ICTLC Finlandin Managing Director sekä Visiting Fellow Maastrichtin Yliopison European Centre on Privacy and Cybersecurity:ssa. Hän on myös ollut mukana monissa EU komission työryhmissä ja hän on työskennellyt aikaisemmin mm. Nokialla ja Rovio Enterteinmentillä.  Executive Order on Enhancing Safeguards for United States Signal Intelligence Activities: https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/07/executive-order-on-enhancing-safeguards-for-united-states-signals-intelligence-activities/   Children's Online Privacy Protection Rule ("COPPA"): https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa Brazilian General Data Protection Law (LGPD, English translation): https://iapp.org/resources/article/brazilian-data-protection-law-lgpd-english-translation/ ICO Children and the UK GDPR: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/children-and-the-uk-gdpr/ OAIC, Australia, Children and young people: https://www.oaic.gov.au/privacy/your-privacy-rights/children-and-young-people Nothing to Kid About – Children's Data Under the New Data Protection Bill: https://www.ijlt.in/post/nothing-to-kid-about-children-s-data-under-the-new-data-protection-bill  Voit seurata TietosuojaPodia Twitterissä täältä: https://twitter.com/PodPrivacy Voit lähettää meille palautetta Twitterin yksityisviestinä, hashtagilla #tietosuojapod tai sähköpostilla tietosuojapod@protonmail.com Seuraa meitä myös Instagramissa ja LinkedInissä nimellä privacypod!

The Government's Data Protection and Digital Information Bill was introduced to parliament in July 2022 and includes changes to both UK GDPR and amends to the Privacy and Electronic Communications Regulations (PECR), including cutting down on ‘user consent' cookie pop-ups and banners that people encounter when browsing the internet. In this special episode of the IAB UK podcast, James speaks to Eduardo Ustaran, Global Co-Head of Hogan Lovells Privacy and Cybersecurity practice to unpick the details of the bill, understand what it could mean for digital advertising and help your business prepare.Find the latest explainer on the DPDI Bill from IAB UK here. Hosted on Acast. See acast.com/privacy for more information.

Data the new direction is the strategy of the UK Department for Culture, Sports and Media. This is the foundation of new UK data protection reform. In this trailer, it will be discussed why it is important and the changes that are going to happen with the current UK GDPR. This is an extract from the full episode of The FIT4PRIVACY Podcast. If you like this, you would enjoy the full episode. If this is your first time, the FIT4PRIVACY Podcast is a privacy podcast for those who care about privacy. In this podcast, you listen to and learn from industry influencers who share their ideas. The episodes are released as audio every Wednesday and video every Thursday. If you subscribe to our podcast, you will be notified about the new episodes. And, if you have not done it, write a review and share this with someone who will benefit from this. RESOURCES Websites: www.fit4privacy.com, www.punitbhatia.com Take advantage of our Free GDPR training: https://www.fit4privacy.com/course/free Blog www.fit4privacy.com/blog Podcast www.fit4privacy.com/podcast YouTube http://youtube.com/fit4privacy Email hello@fit4privacy.com --- Send in a voice message: https://anchor.fm/fit4privacy/message

UK Data Protection Reform. Or, data the new strategy. Would it set a new standard in the data protection world? Or will it degrade GDPR Standard that the UK has through UK GDPR? Punit is joined by Kuan Hon for a conversation about all these questions relating to UK Data Protection Reform. Take a listen and get to understand the reform from someone who is involved in it. Disclaimer: Although Kuan is a member of the UK's International Data Transfer Expert Council, her views are personal to her alone and should not be taken to represent the views of the Council or any UK government department KEY CONVERSATION POINTS 00:00:00 Intro 00:01:46 Privacy Journey 00:03:14 About Data – The New Direction 00:04:50 Why do we need this 00:06:21 Understand what is changing in data protection 00:09:48 Is it Tougher than EU GDPR? 00:11:09 Categorizing Data will be allowed? 00:15:06 Impact on UK Adequacy 00:19:35 Do we still need DPO to implement this new law? 00:24:09 New builds of laws 00:26:25 Reformed, Change for Cookies 00:29:17 Timeline, Next step to bill for the new direction 00:31:58 Thank you ABOUT THE GUEST Dr. W Kuan Hon is Of Counsel in the Privacy and Cybersecurity Group of leading international law firm Dentons. An English solicitor and New York attorney with degrees in computing science as well as law, Kuan advises not only on data- and security-related laws but also on broader tech law issues, particularly regarding cloud and AI. She is a member of the UK government's International Data Transfer Expert Council, an Editor of the Encyclopedia of Data Protection and Privacy, and a guest lecturer for the Department of Computing at Imperial College London. Kuan previously volunteered for the UK Information Commissioner's Office, the UK National Cyber Security Centre, and the UN Privacy Preserving Techniques Legal Task Team. She is the author of "Data localization laws and policy - the EU data protection international transfers restriction through a cloud computing lens" (Edward Elgar, 2017) and has contributed to other books and written numerous articles.  Although Kuan is a member of the UK's International Data Transfer Expert Council, her views are personal to her alone and should not be taken to represent the views of the Council or any UK government department Link to Bio: https://www.dentons.com/en/kuan-hon ABOUT THE HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organizational culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentoring and coaching privacy professionals. Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How To Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured among the top GDPR and privacy podcasts. As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's values to have joy in life. He has developed the philosophy named ‘ABC for the joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe. RESOURCES Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy --- Send in a voice message: https://anchor.fm/fit4privacy/message

Post by Adam Turteltaub The European General Data Protection Regulation (GDPR) already provides considerable requirements for compliance programs. With Brexit comes a new GDPR for the United Kingdom. Adding to the complexity, the UK GDPR also contains a Children's Code, explains Jeff Kluge (LinkedIn), Founder & CEO of Holistic Ethics. The UK has long led in protecting the data of children, and the new code follows the UN Convention on the Rights of the Child. For companies doing business solely within the United States it is not likely to be an issue but for those operating globally he advises being aware of and in compliance with the Children's Code's requirements. There are standards and rules in place for connected games and toys, for using artificial intelligence (AI) and processing children's data. So, what should compliance teams do? First, they need to understand the algorithm used in the AI their organization employs, ideally while it is still being developed. Second there should be a children's data oversight committee in place. Third the company should be asking whether they should have an ethics committee overseeing their AI-based systems. Also, the compliance team needs to recognize that AI initiatives are often created without their knowledge. It's important to get a handle on what's going on help people understand the importance of closely monitoring artificial intelligence, particularly those systems that are autonomous. He reports that the compliance team can be particularly helpful in identifying what data is being collected and what is the right data to be using. The team particularly needs to be monitoring what decisions are being made based by the AI. Listen in to learn more about the UK GDPR Children's Code and what compliance teams need to do to protect both children and their own organizations.

Coming up in this week's episode: Cornwall Council data breach of children's data, Worcestershire Childrens Services data breach, States of Jersey Information Commissioner Annual Report, ICCL report highlights level of RTB data sharing, Ukraine now has DDOS bot for cyber attackes against Russia, EDPB issues guidance on setting GDPR penalties, Google challenged over NHS data breach, A Stateside look at DPIAs and emerging State legislation, Estate Agents using Whatsapp and breaching UK GDPR, Spanish Data Regulator fines Google over Right to be Forgotten, CISA issues urgent VMWare update notice, BCS views on Data Reform Bill, Elephant Insurance data breach, Chicago Public Schools and Battelle for Kids data breach, Dutch online pharmacies found to be non-compliant with GDPR

Happy Monday to all our followers, with our new Podcast episode! Today, our Data Rockstars talk about the Queen's Speech that look place in parliament on 11th May and the CCTV use. They share their knowledge and offer some suggestions for data protection controls. Enjoy your coffee with our expert data protection tips! --------- Ikea put CCTV above Peterborough toilets to check drug use: https://buff.ly/3yG5bgI ICO CCTV checklist: https://buff.ly/3MiAiTo ICO confirms Human Rights changes undermine UK GDPR: https://buff.ly/3laC2Ca -------- Visit our website: www.dbxuk.com 

Coming up in this week's episode: European oil terminals struck by ransomware, KP Nuts distribution disrupted by hackers, The Sandon School data breach, Dorset NHS Trusts data breaches, British Council 3rd party data breach, Norfolk Dates data breach, FBI warns Winter Olympics athletes to leave their smartphones at home, Equifax data breach settlement agreed, IAB Europe technology found to be non-GDPR compliant, Securitas data breach, Washington Licensing Dept data breach, Artech reach settlement following data breach, Young Men's and Young Women's Hebrew Association data breach, Consel D'Etat confirms CNIL penalty against Google, Greece Telecoms firms fined for data breachs, Brexit Freedom Bill and its impact on UK GDPR, EDPB issues guidance on dealing with Data Subject Access Requests

In this episode, we talk about the first officially approved certification schemes under Art.42 of UK GDPR by the ICO: the Data Protection and Privacy for ID & Age Assurance Services, and the Age Appropriate Design Certification. Our special guest, Tony Allen CEO of The Age Check Certification Scheme (ACCS) talks about the scope and applicability of the certification schemes and what technology companies need to consider. Tony also explains more about the ACCS which is a UKAS-accredited conformity assessment body, comprised of auditors, certification specialists, and data protection experts and how they independently test and certify online and offline systems that check age and identity, such as passport scanners, biometric technology, and age verification software. GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO. www.dpo4business.co.uk www.thisisdpo.co.uk Guest Tony Allen CEO of The Age Check Certification Scheme Contact Tony Allen on: Email: tony.allen@accscheme.com Twitter: @agecheckcert Linkedin: Tony Allen | LinkedIn Special Guest: Tony Allen.

Coming up in this week's episode: Facebook penalty announced by Irish DPC, Footballers demand reward for use of their personal data, Microsoft thwarts largest ever DDOS attack, Local Authority GDPR breach league table, Amazon Ring breaks Data Protection Act 2018, McDonalds data breach, Acer data breach, Imperial College data breach, Thingiverse data breach, Chesterfield Borough Council faces legal action after data breach, Visible data breach, Accenture data breach, Pandemic caused data breaches across UK Business sector, Belgian Covid-19 app data breach, Lithuania journalists take action to stop GDPR hiding names of individuals involved in corruption, BCS gives opinion on proposed UK GDPR changes, Pirate Party opposes changes to Whois data, Trademark Trial and Appeal board rules on GDPR in US court documents

In this latest edition of our Policy Special series, the IAB's Christie Dennehy-Neil and James Davies get into what advertisers and members can expect from the government's plans to change aspects of UK GDPR following Brexit and give an update on the ban on HFSS advertising online - everything from what's exempt through to how it will actually be regulated. The Government has now published its public consultation on reforms to the UK's data protection regime, closing on 19 November, so if you have views please get in touch with the Policy Team via policy@iabuk.com Our GDPR privacy policy was updated on August 8, 2022. Visit acast.com/privacy for more information.

Coming up in this week's episode: Fitbit, Strava and other fitness apps hit by data breach, FTC updates data rules to include fitness apps, Guernsey Data Regulator says human error most common cause of data breaches, Pension Trustees advised re UK GDPR actions, Estate Agents and the GDPR perils of 360 degree photography, Irish Central Bank breaches Credit Union data, New Zealand Reserve Bank censured by Data Commissioner John Edwards, Suspect arrested after Experian South Africa data breach, French Covid-19 Track and Trace data breach, Anonymous breaches Epik web host data, United Nations data breach continues to give problems, The ongoing Standard Contractual Clauses saga, Irish Civil Liberties deeply critical of Data Protection Commission

This week we focus on the GDPR enforcement against WhatsApp and Amazon, as well as the proposed reforms to the UK GDPR and some interesting statistic from ManageEngine.

Coming up in this week's episode: UK Government begins UK GDPR change consultation, Elizabeth Denham asks G7 countries for help with cookie policies, Animal Rights activists target gun owners after Guntrader data breach, Syracuse University sued by student after a data breach, Dotty's data breach, MyRepublic data breach, China passes PIPL into statute, Turkish data penalties

Coming up in this week's episode: New UK ICO preferred candidate announced, Oliver Dowden announces his wishlist for UK GDPR, NHS data grab postponed indefinitely, NHS worker receives compensation after data breach, Northern Ireland historical abuse victims data breach compensation, California State University data breach, SAC Wireless data breach, Singapore eye clinic data breach, Microsoft Azure security breach revealed, Microsoft Power Apps potential for data breach, T-Mobile data breach update

On 28 June 2021, the European Commission announced it has approved two adequacy decisions for the United Kingdom (UK). With these decisions, one under the General Data Protection Regulations (GDPR) and one under the European law enforcement directive, the Commission confirms the UK offers a level of data protection that is essentially equivalent to that in the European Union (EU). With this hurdle out of the way, personal data can continue to flow freely from the EU to the UK, without the need for additional safeguards or regulator approval. The free flow of data in the other direction, from the UK to the EU, had already been confirmed by the British government at the time the UK ceased being a member of the EU. But will the UK adequacy decisions stand the test of time? Not only do they expire automatically after four years, but the opponents are also sharpening their knives for a challenge in court. And the UK Government seems eager to drop the memory of the GDPR, and to replace the UK GDPR with a more trade and business friendly data protection law. This week, Paul Breitbarth and K Royal discuss the details of the UK adequacy decisions and the future of data protection law in Britain with our own UK expert Ralph O'Brien. As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. We also have a LinkedIn page for Serious Privacy, so please follow for more in-depth discussion.Resources:TrustArc Blog on the UK Adequacy DecisionsWebinar on EU International Transfer developmentsTrustArc Microsite on international  data transfers  

Coming up in episode 151: UK GDPR adequacy, Scottish Government and agencies almost 2000 data breaches since May 2018, Trafford Council following Freedom of Information request, LinkedIn says data was scraped and no data breach to report, Mercedes Benz data breach in USA, Lime VPN data breach, Amsterdam court to hear GDPR action against Facebook in October, Yearbook publisher Herff Jones reveals data breach

Coming up in episode 150: Final decision awaited from EU on UK GDPR Adequacy, Matt Hancock makes a statement on NHS data grab, UK High Court clarifies responsibilities of EU Representatives, German court rules employee emails not a reasonable component of employee data subject access request (DSAR), Have you committed a data breach leaving personal data in a car? Technisanct data breach, Abu Dhabi new data law is a GDPR lookalike

Coming up in this week's episode: Carnival Cruises, UK Trade Department data leak exposes existence of Cabinet Office FOI Triage unit, Gateley data breach, CakeBox data breach, Group of MPs suggest changes to UK GDPR, South Korea seeking data adequacy agreement from EU, CJEU asked to rule on GDPR immaterial damages, CJEU rules parallel GDPR investigations  can take place into same organisation by different DPCs, NHS Scotland faces criticism over Data Loch project, Elizabeth Denham, ICO, gives her views on live facial recognition, IAB Tech Labs faces legal action over RTB, CVS Health data breach

Coming up in this week's episode: UK Police reveal data breach figures for last 4 years, Dorset Police data breach involving child data, Canada Post large data breach, Klarna data breach caused by human error, EU and UK GDPR agents - clarification on when you need one, Irish Government departments data breach statistics, GDPR celebrates its 3rd Birthday, EU Parliament fires warning shot at Irish DPC, Bose data breach, Lessons to be learned from Equifax GDPR breaches, Fujitsu data breach, Five Dutch cities seek common mobility data standard

On this week of #SeriousPrivacy, Paul Breitbarth and K Royal discuss the European Union’s General Data Protection Regulation, because three years ago from the day this episode was released (May 25, 2021), the GDPR went into effect.  And whether you consider it three years or or five (per this Twitter debate), it was a world-changing event. In this episode, they talk about the changes seen in the past three years, including the two years before that when the GDPR was passed. They discuss penalties and amounts known, but also the most frequent violations. Companies can learn alot by looking at enforcement to know where to prioritize their compliance activities - or at least what to check to make sure it is properly in place. They discuss the locatemyfamily.com that has been in the news lately, including for not appointing a European representative, and the challenges the data protection authorities faced to investigate the complaints across the ocean.In addition, they discussed how the GDPR impacted US legislation, such as the concept of controllers and processors, and the definition of sensitive personal data. The GDPR influenced the California Consumer Privacy Act (CCPA), or more so the California Consumer Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (CDPA) - the latter two take effect in 2023. There is discussion of the importance of EU representatives - and there is a passing mention of the upcoming standard contractual clauses. As always, if you have any questions or comments, please feel free to contact us at seriousprivacy@trustarc.com. In addition, if you like our podcast, please do rate and comment on our program in your favorite podcast app. 

Coming up in this week's episode: NHS prepares for largest data grab in the history of NHS England, Postbox theft from GP surgery in Norwich, Matt Hancock issues directive for organisations to share data to help fight Covid-19, MyHome.ie data breach, Air India data breach, Microsoft offers users the option  to keep data within the EU, UK GDPR issues the first list of adequate countries, First Court approval CCPA expected following Minted data breach

In this episode of The FIT4PRIVACY episode, Punit Bhatia shares Brexit related changes in data protection area. Key points discussed: ✅ UK GDPR vs EU GDPR ✅ Adequacy decision for UK ✅ Data Trasnfers for now ✅ EU representative role Punit is one of the leading privacy experts who has worked with professionals in over 30 countries. Punit guides business and privacy leaders on GDPR-based privacy compliance through online as well as in-person training and consulting. He is an author of books like "Be Ready for GDPR". Listen to this conversation and share your comments on what you think. You can subscribe to FIT4PRIVACY podcast so that you are notified about new episodes. --- Send in a voice message: https://anchor.fm/fit4privacy/message