Posts about European Union Privacy by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
Organizations are racing to get ready for the GDPR implementation date of May 25, 2018. Complete GDPR compliance in a few months is likely not feasible for many organizations, but this shouldn’t mean that these organizations should give up. Making a good-faith effort and continuing to strive to improve are quite worthwhile.
Recently, I created two new GDPR training resources. GDPR Whiteboard I created a 1-page visual summary of the GDPR, which I call the GDPR Whiteboard. The idea was to capture the key points of the General Data Protection Regulation (GDPR) in a succinct and visually-engaging way. It has become quite popular, receiving thousands of downloads. You […]
The GDPR Article 17 provides for a right to erasure — commonly known as the “right to be forgotten.” Data subjects may request that an organization erase their personal data “without undue delay” under a number of circumstances. These circumstances include when the data is no longer relevant to the purposes of collection, when consent […]
I turned my short GDPR vignette about GDPR’s territorial scope into a cartoon. The GDPR applies not just to all EU organizations that process personal data. The GDPR also applies to non-EU established organizations that offer goods and services to EU citizens or that monitor behavior within the EU. The GDPR thus has quite a long […]
The International Privacy+Security Forum (February 26-27, 2018 in Washington DC) is next week. The International Forum is a new annual sister event to the Privacy+Security Forum, an annual event held in October at George Washington University in Washington, DC. The regular Privacy+Security Forum will be in its 4th year in 2018. This past year, we […]
This cartoon focuses on the lawful processing requirement. Under the EU’s General Data Protection Regulation G(DPR), the collection and processing of personal data must be for “specified, explicit and legitimate purposes.” This is in contrast to the United States where the processing of personal information is permitted unless a law forbids it. Under the GDPR, […]
The General Data Protection Regulation (GDPR) is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs. In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task. GDPR Whiteboard 200+ pages of […]
For multinational organizations in an increasingly global economy, privacy law compliance can be bewildering these days. There is a tangle of international privacy laws of all shapes and sizes, with strict new laws popping up at a staggering speed. Federal US law continues to fade in its influence, with laws and regulators from abroad taking the […]
I created this cartoon to illustrate the fact that despite the increasing risk that privacy violations pose to an organization, many organizations are not increasing the funding and resources devoted to privacy. More work gets thrown onto the shoulders of under-resourced privacy departments. It is time that the C-Suite (upper management) wakes up to the […]
I have produced a new Privacy Shield training course that provides a short introduction to the EU-US Privacy Shield Framework. Privacy Shield is an arrangement reached between the EU and US for companies to transfer data about EU citizens to the US. Privacy Shield replaces the Safe Harbor Arrangement, which was invalidated in 2015 in […]