Podcasts about under gdpr

Ireland's privacy watchdog has fined Facebook's parent company, Meta, 17 million euros, or about $19 million, for violating Europe's privacy law. The regulator, the Data Protection Commission, has been investigating how Meta Platforms Inc. complied with the requirements of the law, known as General Data Protection Regulation, in how it handled personal data in twelve data breach notifications between June and December 2018. The agency said Tuesday that it found that Meta didn't have the right measures in place to show it could protect EU users' data. “This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people's information,” the company said in an emailed statement. “We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.” Under GDPR, the Irish regulator leads cross-border data privacy cases for big tech companies that have their European headquarters in Dublin. It has investigated Meta for a number of data and privacy issues and fined the company's WhatsApp communications service 225 million euros, or $267 million at the time, in September, for another GDPR violation. This article was provided by The Associated Press.

The European Union (EU) General Data Protection Regulation (GDPR) took effect on May 25, 2018. The regulation is designed to protect the privacy rights and freedoms of individuals residing in the EU. However, the regulation is being deemed the new “gold standard” for privacy protection globally. Under GDPR, individuals have specific data subject rights relating to data erasure/deletion and organizations have defined data retention and destruction responsibilities. In this session, Lisa will introduce attendees to GDPR and share how to facilitate a path towards records/information management compliance under the regulation. Access the captioned version of this webcast at https://youtu.be/BSOTXei9J9s

This week, Adrian sits down for a long, in-depth discussion with Data Protection Commissioner Helen Dixon on why she stopped the government from making its Public Services Card into a national identity card through the backdoor. After years of controversy, this week her office ruled that the PSC card cannot be used as a necessary form of identification for services outside the Department of Employment Affairs and Social Protection. The move effectively puts a halt to any plans the government had of making the Public Services Card a ‘national identity card' through stealth. “The Department does not have a legal basis for processing personal data when it's in the case of a person who's seeking to avail of a service with the public sector body other than the Department itself,” she tells Adrian. However, she stopped short of saying that the Public Services Card must be scrapped. “Any cards that have been issued, their validity is not in question by anything we've found in this report,” she said. “They can continue to be used in the context of availing of free travel or availing of benefits that a person is claiming from the Department.” Dixon qualifies this by saying that the PSC can be used voluntarily by a citizen as a valid proof. “If someone optionally brings their public services card to renew their driver's license, there is no issue with that. But what we're saying is that it must be an option. A public sector body cannot now require someone who doesn't already have one, to go and procure one in order to avail of their service.” The PSC has been criticised by civil liberties groups who claim it is an attempt by the government to create a national identity card by stealth. Earlier this year, UN special rapporteur on poverty, Professor Philip Alston, said that the PSC “runs the risk of becoming a centralised database containing intimate, personal information” that was unsafe. Government ministers have repeatedly claimed that the PSC is a protection against fraud, identity theft and helps to cut costs. They say that the card simplifies identity registration for public services and reduces the need for duplicate forms and the repetition of processes. However, Dixon tells Adrian that the PSC as currently constructed is overarching and is sometimes being used without good reason or legal justification. “An example is the Department of Education's appeal system around school transport,” she said. “It now says that you have to procure a PSC card to make an appeal. It's very difficult to see why that's a requirement.” Dixon also tells Adrian that she has opened a new investigation into the owner of The Huffington Post, Techcrunch and Yahoo. The Irish DPC office is now probing Verizon Media, formerly known as Oath, around complaints that its online media properties do not give users choice around online ‘cookies' that track user activity online. Meanwhile, Dixon tells Adrian that her office's first major GDPR decision relating to a multinational tech firm looks set to be about Whatsapp. “I expect that file to land on my desk in the next fortnight,” she said. However, it is then likely to take “months” to arrive at a formal decision due to a statutory process of “examination and analysis”. Dixon's office currently has 61 statutory enquiries underway under GDPR law, 21 of which are focused on tech multinational firms. These include Facebook (8), Twitter (3), Apple (3), Whatsapp (2), Instagram (1), Google (1), Linkedin (1), Quantcast (1) and Verizon Media (1). Under GDPR law, the Irish DPC can fine a company up to 4pc of its annual turnover.

In this episode I visit with Miller & Chevalier lawyers James Tillen and Marc Bohn on the firm’s FCPA Winter Review 2019. Miller releases a FCPA review quarterly each year and it is one of the top reports on what is going on in both FCPA enforcement and wider international anti-corruption enforcement and developments. Highlights from the podcast include: What do the overall numbers of newly opened FCPA investigations look like under the Trump Administration? What are interpretations of this amount of new cases reported?What are some of the key issues  which a CCO should consider on a proactive basis given the current state of FCPA investigations and enforcement?Did the release by the DOJ of the Anti-Piling Policy, the M&A addition to the FCPA Corporate Enforcement Policy and modification to the Yates Memo change the approach a compliance program should consider?One interpretation of the Benczkowski Memo is that it lays out a road map for companies who get into FCPA hot water on how to avoid a monitor. Is that interpretation valid?Regime change overseas has more often brought investigations from the new regime into the old regime. From a corporate perspective, what should a Board, senior management or CCO-type do to prepare for democratically elected regime change?Under GDPR, have investigations in the EU/UK changed for the firm or your clients? You can check out a copy of Miller & Chevalier’s FCPA Winter Review 2019 by clicking here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Last week we had the pleasure of talking to Dr. Markus Kaulartz, lawyer at CMS Germany, discuss with us the very hot topic of Blockchain & GDPR. We will try to answer the question of how does GDPR, drafted in a world in which centralised and identifiable actors control personal data, sit within a decentralised world like blockchain? Markus is the co-author of "The tension between GDPR and the rise of blockchain technologies". Markus works in the IT law department of CMS Germany with a focus on innovative topics such as blockchain, AI, cyber security and all the data protection issues. Previously to becoming a lawyer, Markus used to work as a software developer.   What is Blockchain? From a pure legal point of view there are two aspects: Blockchain is a database which is distributed and synchronised, whose data cannot be deleted. This definition however is controversial within some quarters as blockchain isn't considered as a database but it is used to simplify defining it for a non-IT audience. Blockchain enables us to move digital assets. This is very important because a receiver of a digital token for example will always know that the sender of the token doesn't own it anymore. In other words the tokens transfer of ownership emulates the transfer of ownership of real life offline assets. If we look at the transfer of ownership of paper share certificates they presently use a bank as a central intermediary to help identify who is the present owner of a share. In a blockchain world we can theoretically eliminate the need of the bank. What is GDPR? General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It was enacted in May 2016 but only applied from May 2018. It replaced the former EU Data Protection Directive with a big difference that it applied directly to the member states of the EU without the need for it to be transformed into national laws. The other big difference of GDPR with the former EU Data Protection Directive is the amount of the fines. Under GDPR the fines are up to 4% of the global turnover of a company. What is key is that GDPR also applies to companies outside of the EU that works with the EU. For example if you're an Indian or American company who offers services to EU citizen you will have to comply with GDPR regulation.   Personal Data & Application of GDPR GDPR only applies where personal data is being processed. Personal data is defined as any information relating, directly or indirectly, to a natural living person, whether the data identifies the person or makes him or her identifiable. Article 4 of GDPR defines Personal Data - "as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person." The key implication is that a person, not a company, can be identified or identifiable. Being identifiable means you don't necessarily need to have their name, or address of the person, it suffices to have their unique ID and even their IP address. In a blockchain world the public key is considered as personal data as it is related to an identifiable person. Having any of these identifiable data points means that GDRP applies. If GDPR applies an assessment needs to be carried out to identify which obligations are applicable: Inform data subjects with what to do with the data Maintain records of processing activities Implement technical and organisational measures Review in which country the data is stored (i.e. EU or non EU)

Are you ready for GDPR? Wondering how it will affect your agency and/or your clients? Even if you’re not in Europe, you are required to be in compliance with these new data privacy regulations. In this episode, learn what you need to do to protect your agency and stay in compliance with GDPR. In this episode, we’ll cover: What is GDPR? What does GDPR mean for agencies? 3 Steps to GDPR compliance. What happens if your agency is non-compliant? I’m super excited to talk to today’s guest, Suzanne Dibble the small business law expert based in The UK. She’s got 20+ years experience and has worked some big time entrepreneurs, like Richard Branson. She has been living, breathing, and consuming everything related to GDPR and how it affect small businesses for the past 3 months. Suzanne is on the show today to explain the ins and outs of GDPR so you can keep your agency in compliance and continue to generate leads despite stricter guidelines. What is GDPR? The GDPR (General Data Protection Regulation) is a set of rules imposed by the European Union (EU) who seek to create a harmonized data protection law framework across the EU and aims to give back to data subjects, control of their personal data. GDPR imposes strict rules on businesses hosting and processing this type of data, anywhere in the world. Suzanne says GDPR comes from a place of good intention, and isn’t just a new set of regulations to make our lives miserable. The good news is that there’s just a few steps to take that will keep you compliant by May 25, 2018. And the really good news is that there’s no enforcement agency waiting to haul you off to prison for non-compliance. :) What Does GDPR Mean for Agencies? Basically, this will affect your lead magnets and automated marketing campaign sequences. It’s all about transparency. Under these regulations, when people opt-in for something (like a lead magnet) that’s the only thing you can send them. If you want to continue to use their email address for marketing purposes, this will require additional consent. 3 Steps to GDPR Compliance Compliance does not have to be an overwhelming process. Suzanne top lined the three steps we can take to make sure we stay compliant: 1. Decide whether GDPR is relevant to your agency. It affects businesses who either (A.) process data of people in the EU with the intent to offer goods or services, and (B.) businesses monitoring the behaviors of those in the EU. If you’ve answered yes to either of these criteria, then you need to send a re-consent email to your lists to those recipients in the EU. 2. Determine if you have lawful grounds of processing data. There are 6 criteria that fall under the definition of being lawful under GDPR, though most small businesses will fall under one of the first four. Consent. The real issue is obtaining re-consent after May 25. With that, you have lawful grounds. Contractual agreement. If you’re already under contract with a client, you’re all set and new consent is not required. Compliance with the law. Record keeping or maintaining data on clients, employees, and contractors is consensual and therefore no new consent is required. Legitimate interest. Many of us will fall into this category, where you’re marketing to someone with legitimate interest in your service you can lawfully process their data with consent to do so. Vital interest. Public interest. 3. Write a new privacy policy and a cookies notice. Under GDPR you must be completely transparent about what you data you’re holding and why. Additionally, you must rationalize what you’re doing with any data, where it comes from, where you’re transferring it to, etc. GDPR has 13 points that must be addressed in your privacy policy so be sure you’re fully covered. Cookies are considered an extension of personal data. Therefore, businesses are also required to be transparent with their use and handling of cookie data with a cookies policy. What Happens If You’re Non-Compliant? As Suzanne explained, there’s no governing agency that’s enforcing these regulations or hunting down offenders. Basically, it just all comes down to a risk analysis. The real risks are to your brand reputation. Breaking compliance may upset people who are knowledgable on the subject. They may choose to take direct action and make a legal claim. And even if they don’t take action, you risk losing their trust and respect. There are over 250 pages to the Articles and Recitals of GDPR. If you are unsure whether this relates to you, or you’d like to dig in deeper you can learn more in Suzanne’s exclusive GDPR for Online Entrepreneurs Facebook group. She also has a ton of information on her website here: SuzanneDibble.com/GDPR Need Guidance and Support to Grow Your Agency 3X Faster? Need Guidance and Support to Grow Your Agency 3X Faster? Are you overwhelmed by all the information out there on various ways to grow your agency? Do you want direction on how you can grow your agency faster and easier? Then you’re in luck! I've created an innovative agency owner mastermind called Agency University. Agency University is a program which provides 1-on-1 mentorship, coupled with the ongoing group support that is crucial to the success of your agency. Click here to see if it’s the right fit for you!  

Whether it’s cloud hosting, a lifecycle engagement platform, or an email service provider, more companies are using third party vendors than ever before. If you’re one of them, do you have a complete view on how and where your data is being processed and stored? Under GDPR, being compliant means that your third party vendors also need to be compliant, or you both will be at risk. Hear from popular vendors to discover the best ways to understand manage risks. Be sure to check our Mailjet.com/GDPR for all of your GDPR needs.

If you haven't heard of GDPR, get ready. Like the term "data," you're going to be hearing this buzzword a LOT. I've got several posts on it already and will likely have more to say. In this post and podcast episode I'll share why all this data talk is significant, why we need to think about it to not be smarmy, and tips for GDRP compliance. I'm also running a free workshop this week on Freebies + GDPR you won't want to miss. REGISTER NOW!   WHY DATA MATTERS Did anyone else catch all those memes and silly videos about Congress questioning Zuckerberg? Many of us laughed at that, but here's the thing: were you surprised by anything he said? Like maybe how Facebook might be tracking you on a website that's not Facebook even if you don't USE Facebook? Here's reality: Data has long  been overlooked and it's about to change. People haven't realized how precious data is and the common user of the internet has very little idea what is being tracked and how. These data conversations are really GOOD because they are forcing transparency. I think this is going to have massive ramifications and this whole data buzz word will be around for a while. It also may have long-reaching impact on your business, if you are doing things like running Facebook ads or having a website or email list. I think that there will be some pushback from the typical users who may not like that your blog is storing their info or sharing with third parties. Oh- you didn't know your website was doing that? Let's look at what it IS doing. WHAT DATA YOU MIGHT BE STORING If you have Google Analytics on your site, the Facebook tracking pixel, or run advertisements with third parties, accept comments on your blog, or have comment forms, you are collecting data. How much depends on what you're using. Even if you don't KNOW it, you are tracking data. If you head into the back end of your blog, you'll find that commenters have email addresses stored on your site. That's data that you've collected and GDPR says you are responsible for it. WHAT. Same with contact and other forms on your site. It goes deeper with Google Analytics, even though that typically is using ip addresses and has lots of anonymity (from my understanding). And if you have the Facebook pixel on your site or are using Google ads or other advertisers, you may be sharing your readers' data with third parties EVEN IF YOU DON'T KNOW IT. So if this sounds creepy to you at all, you'll understand why I said that there is going to be long-term fallout and some people are really going to balk at this. DATA, GDPR, AND BEING SMARMY Y'all know I'm all for not being smarmy. So in one sense, I LOVE that this is being brought to light. As bloggers and people using the internet, we need to KNOW that we are storing data. We should know what is being tracked and we should be up front about that with our readers. It's not smarmy if you don't know and don't tell your readers because you simply didn't know. However, as this data conversation continues, ignorance will not keep you from potential fines or from being responsible for the data you're (unknowingly) collecting. I like that now we are creating some accountability. I don't always like some of the specific ways this is playing out with GDPR, but I think that we are moving in a good direction by making all of this more transparent and honest. It's not going to be the wild west of data anymore. Now you know and knowing is half the battle. The other half is doing something with that knowledge. So let's get into specific tips for GDPR compliance. TIPS FOR GRPR COMPLIANCE Here are a few very actionable and fairly simple items you can do: Get the GDPR COMPLIANCE plugin. This will add a checkbox for consent on your comments and also any forms on your site. Update your privacy policy. I know...BORING. There are templates out there, so you might find a good one, but if you want to be SURE you're covered, I'm an affiliate for the products over at Businessese. They JUST updated their privacy policy to have GDRP compliance. Add a banner or overlay asking consent for cookies. I used a widget called EU Cookie Law Banner that I found in my Wordpress site under appearance/widgets. Likely you will see this banner floating along the bottom. I updated it with custom GDPR language. You can also check out the free option from Cookiebot...but I found it a little more robust than I think (hope) is needed. Find out what your email service provider is doing. If you are not using a trustworthy email service provider, this is the time to switch. Under GDPR, you are the data controller, but a lot of the heavy lifting will fall to your data processor. You are responsible, but they do a lot of the tech stuff. Email them to ask. I know that Convertkit, Mailerlite, and Mailchimp have things in place and have already heard from a sad listener who is losing tons of subscribers because of her email service provider and GDRP. Sign up for my free workshop on GDPR and freebies. I think this is going to be one of the biggest areas of impact, so I'm going to dive DEEP into what this looks like. If you are using freebies, lead magnets, or reader magnets to get people to sign up for your email list, you need to come. (If you don't know what those things are, read my post on freebies.) Sign up for the workshop HERE!   Links mentioned in the episode: Data being more precious than oil GDPR FAQs Which Email Service Provider You Should Use Disclosure - You're Doing It Wrong Amazon Disclosure Affiliate Programs and Disclosure GDPR Compliance Plugin Cookiebot Businessese Privacy Policy (this is my affiliate link!) ConvertKit - get 30 days free! (this is my affiliate link- message me so I can give you my bonus freebies when you sign up)   I hope you found these tips for GDPR compliance helpful and that you are not too freaked out by the whole data situation and what you are collecting and what is being collected by other people when you go to mom blogs on the internet, for example. This is the world we live in!

New regulations from the EU are impacting customer data around the world and causing companies to make big changes or risk getting hit with heavy fines. But instead of fearing the change and just throwing money at the problem, complying with the regulations can be thought of as an opportunity to rethink and improve the customer experience.             The General Data Privacy Regulation (GDPR) is creating a buzz that Jeff Nicholson, VP CRM Product Marketing at Pegasystems, likens to the anticipation surrounding Y2K. Essentially, the new regulation requires any company anywhere in the world that uses EU residents' personal data to re-think their data strategy. That means that companies in the US are still affected if they have ever done anything like collect email addresses or names of people who live in the EU. If companies don't comply with the regulations, they could be fined up to 4% of their total global revenue. Under GDPR, individual customers can approach companies to find out what personal data they have, and organizations have to provide the data to the customer. Essentially, the new rules change who owns personal data—instead of companies, the power is now in the hands of customers.             The new rules come at a time when data breaches are found every day and affect millions of people a year. People around the world are more aware of their personal data and want to find ways to protect it and know who has access to it. Companies must take safeguarding their customers' data very seriously. If customers don't feel their information is being protected, they will take their business elsewhere, which can lead to huge PR and financial consequences for companies.             A recent survey found that more than 90% of multinational companies consider GDPR to be a top priority, and many are allocating significant budget to solve data problems and come into compliance. The majority of large companies say they plan to spend at least a million dollars on their new data strategy.             If the money is being spent anyway, smart companies will put it to good use and do more than just put their data practices in compliance with GDPR—they will use it as an opportunity to transform customer experience and become a leader in their fields. This is a great chance for companies to combine compliance with marketing. Instead of simply just plugging a hole in the data stream, think of how you collect data and how it can be better used and targeted. Now that customers have more control over what companies have their information, irrelevant communication from companies puts those brands at risk of losing the customer. All it takes is one bad communication for the customer to opt out and have their data removed.             The best companies not only respect and safeguard customer information but also use it to create open lines of communication that really help the customer. With all the data available, companies have the potential to create targeted outreach that meets the needs of every individual customer. This can be done a number of ways, but Jeff recommends getting people from across the company, especially from compliance and marketing, involved. Investing in the right technology to monitor, track, and safeguard customer data is also incredibly important. Being transparent with the customer information you have can also build a better relationship with customers. Many people are wary about who has their personal data, and they will likely be more trusting of companies that can show where they gathered the data, what they are using it for, and who has access to it. Data plays a huge role in customer experience, and being able to monitor and target it better can lead to better relationships between companies and customers.             GDPR is changing how companies handle customer data, but it is much more than just a compliance issue. In order to lead the new data conversation, companies should use the opportunity to re-think their customer experience and find new, relevant ways to reach out to customers.