All posts in European Union Privacy

Cartoon: GDPR Data Portability

Daniel Solove
Daniel Solove @danielsolove
Founder of TeachPrivacy
July 9, 2018

Cartoon GDPR Data Portability Santa - TeachPrivacy GDPR Training 02 medium

This cartoon is about the GDPR’s right to data portability under Article 20.  This right allows data subjects to take their data from one organization and transfer it easily to other organizations. Pursuant to the GDPR Article 20:

1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

(b) the processing is carried out by automated means.

2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

Continue Reading

July 9, 2018 / Category: Cartoons, Cartoons GDPR, European Union Privacy, GDPR, GDPR Compliance, Humor, Privacy / Tags: , , , /

Cartoon: GDPR Superhero

Daniel Solove
Daniel Solove @danielsolove
Founder of TeachPrivacy
June 3, 2018

Cartoon GDPR Superhero - TeachPrivacy GDPR Training 02 medium

For global organizations as well as organizations in the EU, the GDPR has brought significant attention and resources to privacy.  Finally, many executives are beginning to take privacy seriously.  As I recently wrote in my article, Prime Time for Privacy, at Bloomberg Law:

The GDPR has taken privacy to the next level. Before the GDPR, nothing had fully gelled around what protecting privacy actually entailed. The consequences of poor privacy were also rather vague in many cases. There was no clear blueprint for protecting privacy. Organizations would do just one or two things, such as provide a notice of privacy practices and keep data secure, and then claim they were protecting privacy. But they were only doing a fraction of what was truly needed to protect privacy.

The GDPR has changed all that. It provides a blueprint for protecting data that is more thorough and complete than nearly any other privacy law. The GDPR contains provisions that require governance measures, data mapping, assessment, data protection by design, and vendor management, among other things. It provides for individual rights such as the right to access one’s data, the right to request restrictions on data use, the right to be forgotten, and the right to data portability. The GDPR has a broad definition of personal data, and it applies across different industries, so it provides a comprehensive baseline of privacy protection.

Now, privacy professionals can point to a definitive source of the various norms, best practices, standards, and rules that have long existed in fragmentary form. The GDPR has penalties that will keep the CEO awake at night. Privacy professionals can point to it and say, “This is what we need to do, and this is why.”

Continue Reading

June 3, 2018 / Category: Cartoons, Cartoons GDPR, European Union Privacy, GDPR, GDPR Compliance, Humor, Privacy / Tags: , , /

Cartoon: GDPR Change in Privacy Notices

Daniel Solove
Daniel Solove @danielsolove
Founder of TeachPrivacy
May 27, 2018

Cartoon GDPR Privacy Notice Change - TeachPrivacy GDPR Training 02 medium

In the past few weeks, with enforcement of the General Data Protection Regulation (GDPR) beginning on May 25, countless organizations launched emails and pop up notices about changes in their privacy notices in light of GDPR.  This cartoon pokes a little fun at the blizzard of changed privacy notice notices.

Continue Reading

May 27, 2018 / Category: Cartoons, Cartoons GDPR, European Union Privacy, GDPR, GDPR Compliance, Humor, Privacy / Tags: , , , /

Cartoon: The Post-GDPR World

Daniel Solove
Daniel Solove @danielsolove
Founder of TeachPrivacy
May 23, 2018

Cartoon Post-GDPR World - TeachPrivacy GDPR Training 02 meidum

This is a momentous week.  On Friday, May 25, 2018, the General Data Protection Regulation (GDPR) will begin being enforced. Organizations are racing against the clock to be prepared.  What will the day look like when the sun rises on May 25?

Continue Reading

May 23, 2018 / Category: Cartoons, Cartoons GDPR, European Union Privacy, GDPR, GDPR Compliance, Humor, Privacy / Tags: , , /

Cartoon: The Four Phases of Developing a GDPR Program

Daniel Solove
Daniel Solove @danielsolove
Founder of TeachPrivacy
May 5, 2018

Cartoon Four Phases of GDPR Program - TeachPrivacy GDPR Training

The General Data Protection Regulation (GDPR) has actually been with us for quite a long time (in various forms), but this month is the moment of truth.  On May 25, the GDPR will start being enforced.

Here’s a quick timeline of the evolution of the GDPR:

October 1995: Data Protection Directive (95/46/EC) is adopted.  The majority of the rules of the GDPR are the same or similar to those of the Data Protection Directive. Thus, much of the GDPR has been with us for more than 20 years.

January 2012: First Draft of GDPR is released.

March 2014: European Parliament votes to support the GDPR.

December 2015: The Trilogue (EU Commission, European Parliament, and EU Council of Ministers) reaches an agreement about the GDPR.

April 2016: European Parliament and Council of the EU formally adopt the GDPR.  There will be a 2-year grace period until the GDPR is enforced.

May 2018: GDPR enforcement begins on May 25.

Continue Reading

May 5, 2018 / Category: Cartoons, Cartoons GDPR, European Union Privacy, GDPR, GDPR Compliance, Humor, Privacy / Tags: , , /

Why I Love the GDPR: 10 Reasons

Daniel Solove
Daniel Solove @danielsolove
Founder of TeachPrivacy
May 2, 2018

GDPR Love 01

I have a confession to make, one that is difficult to fess up to on the US side of the pond: I love the GDPR.

There, I said it. . .

In the United States, a common refrain about GDPR is that it is unreasonable, unworkable, an insane piece of legislation that doesn’t understand how the Internet works, and a dinosaur romping around in the Digital Age.

But the GDPR isn’t designed to be followed as precisely as one would build a rocket ship. It’s an aspirational law.  Although perfect compliance isn’t likely, the practical goal of the GDPR is for organizations to try hard, to get as much of the way there as possible.

The GDPR is the most profound privacy law of our generation.  Of course, it’s not perfect, but it has more packed into it than any other privacy law I’ve seen. The GDPR is quite majestic in its scope and ambition.  Rather than shy away from tough issues, rather than tiptoe cautiously, the GDPR tackles nearly everything.

Here are 10 reasons why I love the GDPR:

(1) Omnibus and Comprehensive

EU GDPRUnlike the law in the US, which is sectoral (each law focuses on specific economic sectors), the GDPR is omnibus – it sets a baseline of privacy protections for all personal data.

This baseline is important.  In the US, protection depends upon not just the type of data but the entities that hold it.  For example, HIPAA doesn’t protect all health data, only health data created or maintained by specific types of entities.  Health data people share with a health app, for example, might not be protected at all by HIPAA.  This is quite confusing to individuals.  In the EU, the baseline protections ensure that nothing falls through the cracks.

Continue Reading

May 2, 2018 / Category: European Union Privacy, FTC, GDPR, GDPR Compliance, Global Privacy, Harm, Privacy, Privacy Laws / Tags: , /

Cartoon: GDPR Experts

Daniel Solove
Daniel Solove @danielsolove
Founder of TeachPrivacy
April 24, 2018

Cartoon GDPR Experts - TeachPrivacy GDPR Training 02 medium

This cartoon makes fun of the fact that these days, there seem to be so many GDPR experts.  There are, indeed, many experts who know a lot about GDPR.  The problem is that there are a lot more “experts” out there who know only a little about GDPR.

Continue Reading

April 24, 2018 / Category: Cartoons, Cartoons GDPR, European Union Privacy, GDPR, GDPR Compliance, Humor, Privacy / Tags: , , /

Cartoon: GDPR Compliance

Daniel Solove
Daniel Solove @danielsolove
Founder of TeachPrivacy
April 2, 2018

Cartoon GDPR Compliance - TeachPrivacy GDPR Training 02 medium

Organizations are racing to get ready for the GDPR implementation date of May 25, 2018.  Complete GDPR compliance in a few months is likely not feasible for many organizations, but this shouldn’t mean that these organizations should give up.  Making a good-faith effort and continuing to strive to improve are quite worthwhile.

Continue Reading

April 2, 2018 / Category: Cartoons, Cartoons GDPR, European Union Privacy, GDPR, GDPR Compliance, GDPR Training, Humor, International Privacy, Privacy / Tags: , , /

GDPR Whiteboard and GDPR Interactive Whiteboard

Daniel Solove
Daniel Solove @danielsolove
Founder of TeachPrivacy
March 17, 2018

GDPR Whiteboard - TeachPrivacy GDPR Training

Recently, I created two new GDPR training resources.

GDPR Whiteboard

I created a 1-page visual summary of the GDPR, which I call the GDPR WhiteboardThe idea was to capture the key points of the General Data Protection Regulation (GDPR) in a succinct and visually-engaging way.  It has become quite popular, receiving thousands of downloads.  You can download a PDF handout version here.  We’ve been licensing it to many organizations for training and awareness purposes.

GDPR Whiteboard - TeachPrivacy Privacy Awareness Training 02 small

GDPR Interactive Whiteboard

I subsequently created a new training module — an interactive version of the GDPR Whiteboard – the GDPR Interactive Whiteboard.  When people click on each topic, the program provides brief narrated background information, presented in a very understandable and memorable way.  Trainees can learn at their own pace.  This program is designed to be very short — it is about 5 minutes long.

It can readily be used on internal websites to raise awareness and teach basic information about GDPR. It can also be used in learning management systems.

GDPR Whiteboard Interactive - TeachPrivacy GDPR Training

GDPR Whiteboard Interactive - TeachPrivacy GDPR Training

Continue Reading

March 17, 2018 / Category: European Union Privacy, GDPR, GDPR Compliance, GDPR Training, Privacy, Training, Training GDPR / Tags: , , , , /

Cartoon: GDPR Right to Be Forgotten

Daniel Solove
Daniel Solove @danielsolove
Founder of TeachPrivacy
March 4, 2018

Cartoon GDPR Right to Be Forgotten - TeachPrivacy GDPR Training

The GDPR Article 17 provides for a right to erasure — commonly known as the “right to be forgotten.”  Data subjects may request that an organization erase their personal data “without undue delay” under a number of circumstances.  These circumstances include when the data is no longer relevant to the purposes of collection, when consent is withdrawn and there is no other legal ground for processing, or when the data has been unlawfully processed, among other things.

Continue Reading

March 4, 2018 / Category: Cartoons, Cartoons GDPR, European Union Privacy, GDPR, Humor, International Privacy, Privacy / Tags: , , , /