Posts about European Union Privacy by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
This is a momentous week. On Friday, May 25, 2018, the General Data Protection Regulation (GDPR) will begin being enforced. Organizations are racing against the clock to be prepared. What will the day look like when the sun rises on May 25?
The General Data Protection Regulation (GDPR) has actually been with us for quite a long time (in various forms), but this month is the moment of truth. On May 25, the GDPR will start being enforced. Here’s a quick timeline of the evolution of the GDPR: October 1995: Data Protection Directive (95/46/EC) is adopted. The […]
I have a confession to make, one that is difficult to fess up to on the US side of the pond: I love the GDPR. There, I said it. . . In the United States, a common refrain about GDPR is that it is unreasonable, unworkable, an insane piece of legislation that doesn’t understand how […]
This cartoon makes fun of the fact that these days, there seem to be so many GDPR experts. There are, indeed, many experts who know a lot about GDPR. The problem is that there are a lot more “experts” out there who know only a little about GDPR.
Organizations are racing to get ready for the GDPR implementation date of May 25, 2018. Complete GDPR compliance in a few months is likely not feasible for many organizations, but this shouldn’t mean that these organizations should give up. Making a good-faith effort and continuing to strive to improve are quite worthwhile.
Recently, I created two new GDPR training resources. GDPR Whiteboard I created a 1-page visual summary of the GDPR, which I call the GDPR Whiteboard. The idea was to capture the key points of the General Data Protection Regulation (GDPR) in a succinct and visually-engaging way. It has become quite popular, receiving thousands of downloads. You […]
The GDPR Article 17 provides for a right to erasure — commonly known as the “right to be forgotten.” Data subjects may request that an organization erase their personal data “without undue delay” under a number of circumstances. These circumstances include when the data is no longer relevant to the purposes of collection, when consent […]
The International Privacy+Security Forum (February 26-27, 2018 in Washington DC) is next week. The International Forum is a new annual sister event to the Privacy+Security Forum, an annual event held in October at George Washington University in Washington, DC. The regular Privacy+Security Forum will be in its 4th year in 2018. This past year, we […]
I turned my short GDPR vignette about GDPR’s territorial scope into a cartoon. The GDPR applies not just to all EU organizations that process personal data. The GDPR also applies to non-EU established organizations that offer goods and services to EU citizens or that monitor behavior within the EU. The GDPR thus has quite a long […]
This cartoon focuses on the lawful processing requirement. Under the EU’s General Data Protection Regulation G(DPR), the collection and processing of personal data must be for “specified, explicit and legitimate purposes.” This is in contrast to the United States where the processing of personal information is permitted unless a law forbids it. Under the GDPR, […]