The General Data Protection Regulation (GDPR) has transformed the way companies manage personal data, introducing stringent requirements for data deletion. In accordance with the GDPR, personal data cannot be stored indefinitely, and companies must develop comprehensive deletion frameworks as explained in detail here. However, creating and implementing these frameworks presents significant challenges for organizations. In […]
GDPR
Roadmap to the Development of a Deletion Framework
A data deletion framework refers to a structured set of guidelines and procedures governing an organization’s adherence to deletion obligations according to data protection and statutory laws, as well as its processes for managing and executing the deletion of personal data. Essentially, a data deletion framework entails the systematic classification of personal data along with […]
Insurance company receives significant fine from Swedish SA
Another significant fine for the lack of adequate security measures on personal data was recently issued by a European Supervisory Authority (SA) to a controller responsible for private customers´ data. In the present case, the Swedish Supervisory Authority (IMY) imposed a fine of SEK 35 million (approx. EUR 2.9 million) to the insurance company Trygg-Hansa, […]
Italian DPA imposes €240,000 fine on Benetton Group
In April 2023 the Italian Data Protection Authority (Garante per la protezione dei dati personali) has fined the famous fashion brand Benetton with 240,000 Euros for violations of the GDPR related to marketing practices involving consumer data. The Garante’s investigation started in 2019 during the course of a scheduled investigation related to marketing activities and […]
Data Protection in (Mental) Health Apps
Mental health matters – and with global crises such as the Covid pandemic shaping our lives in the 2020s, everyone has been talking about it. A common piece of advice for people who are struggling with their mental health is to get help: Find a therapist or speak to a coach or counselor. However, these […]
Google Bard released in the EU after privacy concerns were addressed
Google has finally released its AI chatbot Bard in the European Union, after previously delaying the launch due to privacy concerns. The company said that it has addressed the concerns of the Irish Data Protection Commission (DPC), which is the lead regulator for Google’s data privacy practices in the EU. Bard can be considered Google’s […]
Why Strong Identity Verification is Vital in Data Protection
In the realm of data protection, identity verification plays a crucial role in safeguarding personal information. In this article, we explore a recent incident involving Vodafone España, shedding light on the significance of strong identity verification procedures. We’ll examine the case, discuss the consequences faced by Vodafone, and delve into best practices for verifying someone’s […]
Insights from the BfDI on how to navigate Privacy Challenges in the Era of Generative AI
The Federal Commissioner for Data Protection and Freedom of Information of Germany, also known as BfDI (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit), recently published an opinion on the topic of Generative Artificial Intelligence (AI). In a previous article, we discussed Generative AI, which refers to artificial intelligence applications capable of generating new content, rather […]
Meta Platforms Faced with Largest Fine in GDPR History for Unlawful Personal Data Transfer to the United States
In a remarkable development that has sent shockwaves across the digital domain, Ireland’s Data Protection Commission (DPC) has imposed a €1.2 billion fine to conclude its long-term investigation into Meta Platforms Ireland Limited – formerly Facebook Ireland – over its data transfers from the EU/EEA to the United States. Let us take a look at […]
“Decreto Trasparenza”: Italian businesses to comply with new obligations for automated processing of employee data
In August 2022, Italy implemented the EU Directive No. 2019/1152 of the European Parliament and of the Council of 20 June 2019 on transparent and predictable working conditions in the European Union by adopting the new Legislative Decree 2022/104 (so called “Decreto Trasparenza”, meaning the “Transparency Decree”). What areas does the Decree cover? The new […]
The Artificial Intelligence Revolution Taking the World by Storm – Are You Ready?
The term “Artificial Intelligence” (AI) has many possible meanings, although a simple one defines it as the ability of a computer to perform tasks that have traditionally required human intelligence. AI has been a part of our lives for many years now as it is used in everyday consumer products such as spam filters for […]
Privacy matters: the intrinsic value of data protection
Records of processing activities. Data processing agreements. Data processing impact assessments. Privacy notices. Cookie banners. Data subject requests. Data flow mapping…The world of data privacy can be overwhelming, even for those of us who work with it professionally. It is especially frustrating when companies feel that they are losing their competitive edge due to limiting […]
Synthetic data and data protection-related challenges
Synthetic data are information artificially generated by computer simulations or algorithms such as AI and ML tools, including ‚deep learning‘ methods. They are generated from real data with the goal to capture, represent and reproduce the characteristics, patterns, and structure observed in the authentic data. Although they are not real data, they allow the same […]
EU – most relevant GDPR fines of the last years
More than four years after the General Data Protection Regulation 2016/679 (GDPR) came into force, companies and organizations that process personal data inside and outside the EU have come to realize the benefits that a privacy-friendly business management can entail. Moreover, in the last years it became evident that processing personal data in violation of […]
Italian Sunshine Act: a GDPR oriented analysis
In June 2022, Law 62/2022 known as the Sunshine Act entered into force in Italy, introducing new transparency regulations on transfers of value established between companies operating in the pharmaceutical and health care sector and health care professionals (HCPs) as well as health care organizations (HCOs). The Italian Sunshine Act is one of the newest […]