Formiti Data Privacy News deliver all the latest global privacy news articles, including useful how-to articles to help you stay compliant. Subscribe today and we will deliver them straight to your preferred inbox.
Many manufacturers and retailers of IoT devices don’t realise that these devices fall under the purview of data privacy regulations. As data regulators turn their attention to IoT devices, manufacturers and retailers must take steps to stay ahead of developing...
Confidentiality is a mandatory legal and ethical duty in the UK health sector especially when it comes to artificial intelligence and privacy in the use of medical devices. Using artificial intelligence to improve patient care has raised data privacy concerns about...
What Are Data Processing Addendums (DPAs)? Data Processing Addendums (DPAs) are instructional contracts between the Controller and Processor outlining how to process and secure the Controller’s data. DPAs are critical to ensuring third-party...
The proposed U.S. Federal Privacy Law ADPPA was introduced in the U.S. House of Representatives on June 3rd 2022. This represents the first time federal data privacy legislation in the United States has progressed to a full chamber vote. Significant...
Just to quickly reiterate, if the internal DPO is already overseeing, managing or directing a specific department, appointing him/her as a DPO is asking for trouble – it may lead to heavy fines as it is a conflict of interest according to GDPR guidelines.
Security measures in relation to the collection, processing, access, use, modification, disposal, or disclosure of an individual's personal data are substantially similar to the standard that is required under the MDES Notification
Today’s organizations describe their data retention policy as a key element in their data privacy strategy. Industry sectors, whether healthcare, financial services, insurance, government, retail, telecommunications, or education, are valuable information assets...
New technology, regulatory requirements, and new competitive threats can confuse and risk breaching data privacy laws and regulations.
The Thailand PDPA entered into law on the 1st of June 2022 and is already following the trends of other global data protection laws in its first year with PDPA amendments and notifications. Three have already come into force, and companies and PDPA service...
hird-party data breaches pose a significant risk to a company’s reputation. Consider these findings from a survey of 7,500 consumers in France, Germany, Italy, the U.K., and the U.S.:
An LIA is used to determine if an organisation can process data using the legitimate interest lawful basis. This article explains what lawful bases are under GDPR, and how to complete a legitimate interest assessment (LIA).
Much like GDPR and other similar privacy laws, PDPA also requires a highly proactive and risk-based approach. Therefore, in order to train your staff to remain compliant, you must put all the necessary preventive measures in place to protect your school from non-compliance.
As the name suggests, personal sensitive data contains data of the highest sensitivity level to the data subject. It includes personal and sensitive information that cannot be disclosed without the data subject’s consent
Data lifecycle management is a key component of the broader, emerging data culture shift. Business organizations are increasingly realizing that managing data is a top strategic business priority
Data privacy consulting firms simplify the compliance process by focusing solely on data privacy best practices – freeing you up to focus on your business.
The costs begin to accelerate as the attack progresses. Suppose you are lucky and have cyber protection insurance. In that case, your insurers will need to know the full extent of the breach, often calling expensive third parties to help with the exercise.
Most websites and email clients will also provide a list of “cookies” used to identify you if you have signed up or browsed the website. That can include information such as the IP address, location, and device ID,
There are several ways to go about a PDPA gap analysis, but where do you start? This article looks at areas covered by analysis and what tools you can use to perform one. Let’s start with the first step of a PDPA compliance checklist
The PIPEDA came into effect as a law in April 2000, intending to increase consumers’ trust in e-commerce. Parts of the PIPEDA are reviewed by the Parliament every 5 years.
Not all data breaches need to be reported to the relevant supervisory authority (e.g. the Information Commissioner Office (ICO) in the UK).
Although not required for all organisations, we recommend all organisations maintain a living ROPA record because it makes it easier to comply with GDPR.
As per the GDPR, organizations need to establish a structured and thorough approach to ensuring compliance. This requires that security and privacy policies be developed and communicated by data subjects and documented in formalized processes,
To help businesses stay accountable and stay on top of changes, the Personal Data Protection Commission (PDPC) has updated the content of two existing data protection guidelines to align with the changes in the PDPA and to support businesses
The first step that an organization needs to take is to have a representative when it comes to data privacy compliance. There are several people handling the data you collect and process,