GDPR

‘Brexit dividend’ rule change prompts fears over data flow with EU

by Kate Beioley - Financial Times

Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
https://www.ft.com/content/8da85688-76f0-4a97-9e58-f701f3488d78

Four years ago, UK businesses were scrambling to overhaul the way they collected workers’ personal information before sweeping new data protection rules came into force, in May 2018. Now, business leaders wonder if they will have to rip up the rule books again — as a result of the British government’s plans for an independent, post-Brexit, data regime.

Read more: https://www.ft.com/content/8da85688-76f0-4a97-9e58-f701f3488d78

Why US-based companies should care about the Norway DPA's interpretation of GDPR consent

by Odia Kagan - IAPP

U.S.-based companies and regulators should fully understand the impact of a decision from Norway’s data protection authority, Datatilyset, regarding how consent is “done,” what constitutes special category data and what “manifestly made public” means. With the new U.S. privacy laws in California, Virginia and Colorado borrowing the definitions of “consent” and “sensitive data” verbatim from EU General Data Protection Regulation, as well as adopting a consumer intent-based standard for determining what constitutes “publicly available information,” the devil will be in the details of how these get interpreted. 

Read more: https://iapp.org/news/a/why-should-us-based-companies-care-about-this-recent-decision-in-norway/

7 Tips for International Recruiting Programs in the Era of GDPR and Emerging U.S. Laws

by Morrison Foerster

When your organization is searching to fill a new position, you understandably want to find out as much as possible about the candidates who apply. Aside from determining whether the candidate has the specific skill set, education, and experience necessary to do the job, you want to make sure that the person will fit in with the team. Do they have a positive attitude and integrity? Are they flexible and hard working? Are they a good communicator and team player? Are they dependable and creative? If possible, you want to hear from references provided by the candidate to confirm that the candidate was sincere and meets your organization’s needs. You might even want to check how they behave on the Internet.

Read more: https://www.mofo.com/resources/insights/201030-international-recruiting-programs.html

E.U. Court Strikes Down Trans-Atlantic Data Transfer Pact

by Adam Satariano - The New York Times

LONDON — Europe’s top court on Thursday struck down a trans-Atlantic agreement that allows scores of companies to move data between the European Union and the United States, causing uncertainty for businesses that rely on moving digital information seamlessly around the world.

Read more: https://www.nytimes.com/2020/07/16/business/eu-data-transfer-pact-rejected.html

GDPR One Year On: How Have Data Companies Fared?

by Amnon Drori - International Business Times

For some, it was a time of concern and even panic. The European Union's GDPR was coming, and companies were given the clear message: Make sure you follow privacy protection rules, or you could end up like Google – which was about to be fined a record $5 billion for violating EU antitrust regulations. GDPR had teeth, and it was set to bite anyone who pushed it.

In early 2018, firms had copious amounts of data on people stored on long-forgotten servers and databases. Properly known as the General Data Protection Regulation, the rules require that companies that have data on individuals grant them the right to data portability or erasure. Companies are also required to hire a dedicated data officer, and to notify customers almost immediately if there is a breach that leads to a leak of their data. Violators could be fined €20 million ($22 million), or 4 percent annual global turnover – whichever is greater.

The regulations loomed especially large for data companies that relied on machine learning to gather data. They meant that these companies would need to be much more careful about their data collection, whereas many had previously engaged in massive, careless hoarding and sharing of data.

GDPR went into effect on May 25, 2018, so we've had more than a year to judge its impact. There's no doubt that the regulations have already had an impact on both consumers and businesses. In a nine-month summary of the effects of GDPR, the European Data Protection Board said that as of March, there were 206,326 complaints reported, with nearly 100,000 complaints relating to data privacy. GDPR supervisory agencies in 11 countries issued fines, totaling €55,955,871 (over $6.3 million).

https://www.ibtimes.com/gdpr-one-year-how-have-data-companies-fared-2815083