Showing 11 posts in GDPR.
Businesses not located in the European Union have tried to understand whether the General Data Protection Regulation (GDPR), which became law on May 25, 2018, applies to them. And if it does, or if it might, one of the puzzles has been whether a non-EU business needs to appoint a natural person or legal entity to be its “representative” or a natural person to be its “Data Protection Officer” for dealing with EU and its Member States’ Data Protection Authorities (DPAs). This podcast focuses on that question. Read More ›
It’s June 1, 2018, one week after the General Data Protection Regulation of the European Union became law, not only in the EU but also for businesses subject to its global grasp. How did U.S. businesses deal with it? And what’s its immediate impact on how U.S. businesses address personal information they have? The Data Privacy Detective turns the magnifying glass to this question, focusing on small and mid-sized (SME) U.S. businesses that hold personal data of Europeans. Read More ›
GDPR, the European Union’s effort to protect personal data, has dominated the efforts of businesses to deal with personal data across borders. Less noticed is China’s evolving system of controlling, regulating and protecting the personal information of its people. On May 1, 2018, China issued standards for personal information protection. Read More ›
In our prior podcast, the Data Privacy Detective explored how non-EU businesses can determine if they are subject to the General Data Protection Regulation of the EU and how they can comply regarding the transfer of personal data from sources in the European Union. One approach of U.S. businesses is to sign up for the U.S./EU Privacy Shield and its Swiss companion. Read More ›
Data Privacy Detective Podcast - Episode 18 - How businesses outside the EU can comply with the GDPR
In this and the next podcast, the Data Privacy Detective turns a magnifying glass to how businesses located outside the EU can gather and use personal data that originates in the EU without violating the GDPR. Read More ›
The European Union’s General Data Protection Regulation, the GDPR, becomes directly applicable law on May 25, 2018. The Data Privacy Detective explored in prior podcasts the broad scope of personal data, the differences between controllers and processors and other matters, including how processing can be lawful. That includes several specific, limited instances when acquisition and use of personal data can be legitimate in the absence of express consent of the persons whose data are held. Read More ›
The EU’s GDPR – the General Data Protection Regulation – becomes law on May 25, 2018. This podcast explores what processing of personal data as defined by the GDPR is considered lawful. Read More ›
In this fourth podcast about the General Data Protection Regulation that becomes law in the European Union (EU) on May 25, 2018, we ask what personal data are covered by the GDPR and what are not. The GDPR defines personal data very broadly. But it is not an all-encompassing effort to protect all personal data from every conceivable use or misuse. Read More ›
Businesses collect, use and store personal data. It’s unavoidable. An email address, phone number, birthdate, postal address – these are all personal data that allow someone to identify or contact an individual. Read More ›
Data Privacy Detective Podcast - Episode 13 - Does the GDPR apply to a business outside the European Union?
The General Data Protection Regulation – the GDPR - becomes law throughout the European Union on May 25, 2018, backed by substantial fines and criminal penalties for serious violations. The GDPR applies to the processing of personal data by a data controller or processor established in the EU. Should a business organized outside the EU be concerned? Read More ›
Ask the Blogger
Do you have a topic that you would like discussed in a future blog article? Please let us know. If you have a confidential question regarding a blog article, please feel free to contact the article's author directly, or let us know if you would like for someone to contact you directly.
Jane Hils Shea has lead FBT’s Privacy and Information Security Practice Area since its creation in 2001 and is a Certified Information Privacy Professional (CIPP-US).