Numerous privacy laws are requiring that companies provide individuals with data rights — rights to access their data, correct their data, learn about uses of their data, delete their data, and more. Administering these rights can be quite complicated for organizations.
Archive of all posts about GDPR by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
The Impact of the Schrems II Decision: An Interview with Wim Nauwelaerts
In Facebook Ireland Ltd. v. Maximillian Schrems (Schrems II) (July 16, 2020), the European Court of Justice (CJEU) invalidated the Privacy Shield, a widely-used method to transfer personal data from the EU to the US. The decision also put other data transfer mechanisms—Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCRs)—into significant doubt. The court’s concern was the deficiency of […]
GDPR Humor: A Collection of GDPR Cartoons and More
Feeling stressed out about GDPR? I can help! Here are all of my GDPR cartoons and attempts at GDPR humor in one post. It’s much better to laugh than to cry . . .
Key EDPB (European Data Protection Board) Documents for GDPR
The EDPB (European Data Protection Board) was created by the EU Data Protection Directive in 1996. Its purpose is to provide advice, opinions, and guidance about data protection. The EDPB (European Data Protection Board) is composed of a representative from each EU member state. Below are some of the most important guidelines to be issued […]
Key WP29 Documents for GDPR
The Article 29 Working Party was created by the EU Data Protection Directive in 1996. Its purpose is to provide advice, opinions, and guidance about data protection. The Article 29 Working Party is composed of a representative from each EU member state. The General Data Protection Regulation (GDPR) will replace the Working Party with the […]
Cartoon on GDPR Vendor Management
This cartoon depicts the challenges of complying with GDPR’s requirements for vendor management. Under the GDPR, there are serious responsibilities when using a vendor to process personal data. Broadly, there are three things that data controllers must do: 1. Data controllers must perform due diligence in selecting vendors and that are complaint with GDPR. […]
GDPR Training, Writings, and Resources: Roundup from the Past Year
The General Data Protection Regulation (GDPR) is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs. In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task. GDPR Whiteboard 200+ pages of […]
Beyond GDPR: The Challenge of Global Privacy Compliance — An Interview with Lothar Determann
For multinational organizations in an increasingly global economy, privacy law compliance can be bewildering these days. There is a tangle of international privacy laws of all shapes and sizes, with strict new laws popping up at a staggering speed. Federal US law continues to fade in its influence, with laws and regulators from abroad taking the […]
The Hidden Force That Will Drive GDPR Privacy Compliance
The clock is ticking on getting ready to comply with the EU General Data Protection Regulation (GDPR). EU regulators will start enforcing it on May 25, 2018. GDPR is less than a year away, and it’s quite a challenge to get ready for. Becoming compliant is not something that can be achieved overnight, or in a […]
Preparing for GDPR: A Year to Batten Down the Hatches
The General Data Protection Regulation (GDPR) will go into effect on May 25, 2018. The GDPR strengthens privacy protections in the EU and includes a number of additional rights and responsibilities.