Last week, I attended the 40th ICDPPC in Brussels, which is the global meeting of all privacy and data security regulators. The theme of the conference was “Debating Ethics,” and it was a deep dive into the interplay between digital commerce, regulation, and human dignity. There were representatives from around the globe, of course, but… Read More
In this episode of the “Are You DataSmart?” podcast, the Ward brothers discuss the first court ruling on GDPR that went against ICANN, the non-profit domains platform that powers the internet. What is so fascinating about this first decision is that it specifically puts “data minimization” on display. It isn’t a theory anymore! PODCAST TRANSCRIPT… Read More
Episode 16 of the “Are You DataSmart” Podcast covers the major operational issues caused Article 17 of the GDPR, Right to erasure (‘right to be forgotten’). Deleting records causes amnesia-like symptoms for businesses and will afflict every business that receives a withdrawal of consent or a notice to erase data about an individual or data subject. Specifically: The… Read More
We’ve reached that time of year when everyone is basically in summer mode – non-work plans being made, last day of school or first day of camp lunches being packed, the inevitable first sunburn (for me, not the kids). It’s the time of year when there’s also a downshift in activity, and (even in the… Read More
The race is on! California jumped to an early lead to get the California Consumer Privacy Act (CCPA 2018) onto their November ballot, but look out! Here comes Vermont, from out of nowhere, to try to be the first State with a GDPR-like law on the books. In this episode of the Are You DataSmart?… Read More
And so, at long last, the GDPR is the law, and we leave behind the relatively lower standards under the Data Protection Directive. The Directive, which has been on the books for more than two decades, now passes into obsolescence, like beepers or, in Miami, traffic laws. Now, we’ll all start to learn what the… Read More
There are 72 hours to go until GDPR Day (#privmas), and you can almost feel CISOs hoping that, if there’s going to be a breach, it happens today and not on Monday. We noted once before that Andrea Jelinek, chair of the (very important) Article 29 Working Party deadpanned that “there will be a two… Read More
The three pillars of GDPR are transparency, security, and consistency. Regulators have stated they see transparency as the central point, but the other two are equally important. When a natural person asks your company for a Data Subject Access Requests (DSAR), how will you react? The Ward brothers explain what companies need to expect within… Read More
One of the best analogies this week will be that May 25th is the big wedding day where GDPR gets “hitched” to businesses and their privacy platforms forevermore. Unfortunately, as in real-life, the long marriage may not be as festive as the wedding day. The Ward brothers outline how businesses need a stronger approach for… Read More
One of the most popular memes in recent years has been the “distracted boyfriend” meme. The coverage has been amazing, including the identification of an 18th Century equivalent painting. One of the most striking things about the meme is that the presumably current girlfriend has a similar look to the presumably new girl that is… Read More
Two years ago, when the European Commission approved the GDPR and set an effective date for May 25, 2018, I thought “that is such a long time to wait.” It was a choice out of keeping with American legislative methods, where Congress passes a law and maybe gives an effective date of the following January 1, but… Read More
It has been amazing to watch the GDPR grip public attention in a way that no data security or privacy law ever has. I mean, when GQ is writing articles about it, you know something big is going on. The coverage has ranged from the thoughtful to the paranoid, and most of it really misses… Read More
As we roll into the final two weeks of our countdown, we’re going to take something of a step back and look at issues more broadly. Yesterday, we discussed Google’s AI, and how we’re all going to be living in the Duplex, as it were. I am (clearly) pretty hung up on this, and have… Read More
It’s May, which means we’re now in that frantic time period leading up to the GDPR where the biggest concerns loom largest. For some, that’s the documentary obligations under the Regulation, for others it is whether to hire a DPO, but it seems that everyone I talk to is worried about Article 20’s requirement for… Read More
It’s easy to think about data as a depersonalized set of information that we can use for whatever purpose we want. But complying with GDPR will require a change of mind and a change of approach to data, and especially data subjects. Businesses that cannot navigate between unrestrained use of information and the lofty — and potentially unachievable — goals of the GDPR will struggle after May 25. How will you chart your course? Read More
There were quite a few data breaches in the news this week, and the media makes it seem there’s a breach a day. That’s fake news, folks: there are way more than one a day.
It’s no secret that the GDPR imposes strict new requirements for preventing, detecting, resolving, and reporting data breaches, and similarly strict penalties when companies fall short. Sometimes it may appear like you’re facing risks from hackers and regulators alike. But it doesn’t have to be so. Taking a datasmart approach to security and compliance can help keep you out of the crosshairs and out of the courtroom. Read More
So I’m buying some Under Armour shorts at Saks when I suddenly get a craving for Panera.
What a difference a week makes. With new breaches and investigations beginning seemingly every day (Under Armour, Saks, Panera, all in the last five days), it raises a critical, and practical, issue: how are regulators going to approach data security enforcement after May 25?
We’re entering the home stretch of the GDPR countdown now, with just about two months to go. At this point, you may or may not have realized that you need good advice about what to do and how to do it. Ideally, you’ve started the process of implementing a thoughtful data security plan (or have at least thought about thinking about it). Read More
Do you have cookies on your website?
Of course, you do! [In fact, almost every website in existence utilizes cookies now]
With GDPR on the way, the time to come into compliance is now, and the Ward brothers are interviewing a great SaaS solution Founder and CEO, Daniel Johannsen.
Mr. Johannsen explains how Cookiebot can analyze any site and identify the necessary changes to be compliant while ensuring a great user experience. Read More
I was working with my son on his homework last night, and before we began, I had to look in his backpack to find a pencil. I assumed it would be a fairly simple task: open a compartment and there it would be. In fact, it was a ten minute exercise of sorting through a nearly unbelievable assortment of items. His bag included (I’m not kidding), about twenty small heart-shaped erasers (a Valentine’s gift, no doubt), eight medium-large rocks, five small rubber balls, a Highlights magazine, two handfuls of pine tree bark, the entire Narnia series, and a fruit roll-up wrapper. Which brings me to the perfect analogy for how companies treat data. Read More
One of the most frequently discussed aspects of the GDPR is its global scope – if a data controller is established in the EU or if it markets its goods or services in the EU, then the Regulation generally applies. For the most part, practical and scholarly analysis has focused on how that will affect businesses in the United States. Given the drama surrounding the end of the Safe Harbor and the (likely) drama surrounding Privacy Shield, there’s no shortage of interesting things to say on EU-US data issues. Read More