The GDPR Article 17 provides for a right to erasure — commonly known as the “right to be forgotten.” Data subjects may request that an organization erase their personal data “without undue delay” under a number of circumstances. These circumstances include when the data is no longer relevant to the purposes of collection, when consent […]
Category: GDPR
Posts about GDPR by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
The International Privacy+Security Forum
The International Privacy+Security Forum (February 26-27, 2018 in Washington DC) is next week. The International Forum is a new annual sister event to the Privacy+Security Forum, an annual event held in October at George Washington University in Washington, DC. The regular Privacy+Security Forum will be in its 4th year in 2018. This past year, we […]
Cartoon: GDPR’s Scope
I turned my short GDPR vignette about GDPR’s territorial scope into a cartoon. The GDPR applies not just to all EU organizations that process personal data. The GDPR also applies to non-EU established organizations that offer goods and services to EU citizens or that monitor behavior within the EU. The GDPR thus has quite a long […]
GDPR Cartoon: Lawful Processing
This cartoon focuses on the lawful processing requirement. Under the EU’s General Data Protection Regulation G(DPR), the collection and processing of personal data must be for “specified, explicit and legitimate purposes.” This is in contrast to the United States where the processing of personal information is permitted unless a law forbids it. Under the GDPR, […]
Key WP29 Documents for GDPR
The Article 29 Working Party was created by the EU Data Protection Directive in 1996. Its purpose is to provide advice, opinions, and guidance about data protection. The Article 29 Working Party is composed of a representative from each EU member state. The General Data Protection Regulation (GDPR) will replace the Working Party with the […]
Cartoon on GDPR Vendor Management
This cartoon depicts the challenges of complying with GDPR’s requirements for vendor management. Under the GDPR, there are serious responsibilities when using a vendor to process personal data. Broadly, there are three things that data controllers must do: 1. Data controllers must perform due diligence in selecting vendors and that are complaint with GDPR. […]
GDPR Training, Writings, and Resources: Roundup from the Past Year
The General Data Protection Regulation (GDPR) is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs. In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task. GDPR Whiteboard 200+ pages of […]
Beyond GDPR: The Challenge of Global Privacy Compliance — An Interview with Lothar Determann
For multinational organizations in an increasingly global economy, privacy law compliance can be bewildering these days. There is a tangle of international privacy laws of all shapes and sizes, with strict new laws popping up at a staggering speed. Federal US law continues to fade in its influence, with laws and regulators from abroad taking the […]
The Hidden Force That Will Drive GDPR Privacy Compliance
The clock is ticking on getting ready to comply with the EU General Data Protection Regulation (GDPR). EU regulators will start enforcing it on May 25, 2018. GDPR is less than a year away, and it’s quite a challenge to get ready for. Becoming compliant is not something that can be achieved overnight, or in a […]
Preparing for GDPR: A Year to Batten Down the Hatches
The General Data Protection Regulation (GDPR) will go into effect on May 25, 2018. The GDPR strengthens privacy protections in the EU and includes a number of additional rights and responsibilities.