SypherPrivacyTalks - November 2024 - Week 46
by Sypher | Published in News - November 11, 2024
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
GDPR fines are almost never paid, will the AI Act be different?
🤖 The challenges of GDPR enforcement - less than 1% of fines have been collected - raise concerns about the effectiveness of similar regulations, such as the forthcoming AI Act. Speaking at ISACA in Dublin, privacy expert Dr Valerie Lyons emphasised that while businesses are wary of the AI Act, it is largely in line with the GDPR's principles of transparency, security and consent.
For smaller companies primarily using AI, Lyons recommends building on existing GDPR practices, conducting a gap analysis with ISO or NIST standards, and updating ROPA notices, policies, and DPIAs with the AI system by early 2025. This preparation will help organisations establish a strong compliance framework under the new regulation… read more
Clear national policy on GDPR needed for clinical trials expansion
🏥 Ireland's National Clinical Trials Oversight Group (NCTOG) has recommended measures to improve clinical trial activity, including a national policy on data protection compliance, standardised trial contracts and a single cost framework. These steps aim to improve access to trials and support Ireland's position as a hub for clinical research.
Healthcare data protection professionals can benefit from similar clear guidelines to streamline compliance in their countries, thereby facilitating patient access to innovative treatments… read more
Implications of the €310 Million LinkedIn fine for GDPR compliance
complexdiscovery.com • 2 min read
💶 The €310 million fine recently levied against LinkedIn marks a significant moment in GDPR enforcement, highlighting the EU's tough stance on data privacy for global tech companies. Triggered by an investigation into LinkedIn's use of behavioural analytics and targeted advertising, the case underscores the importance of transparency, consent and lawful data processing - key considerations for cybersecurity, data governance and compliance professionals.
For companies in data-sensitive sectors, it's a strong call to ensure that data practices are closely aligned with GDPR requirements, thereby reducing risk and increasing consumer trust… read more
Data protection officer clarifies conditions for video surveillance
🕵️♂️ The president of Germany's Showmen's Association has called for increased CCTV surveillance at Christmas markets to improve security, saying data protection should not shield potential perpetrators. But data protection experts warn that surveillance should strike a careful balance between public safety and civil liberties, with CCTV only justified by specific risks or past security incidents.
This approach underlines a wider EU principle: any extensive surveillance measures at public events must be backed by a clear, evidence-based threat assessment to avoid unnecessary infringements of privacy rights… read more
IT employee in Dresden dismissed on suspicion of data protection breach
💥A potential data breach in Dresden, Germany, was uncovered by the city's IT department during regular checks, which revealed the unauthorised storage of voter data by an IT employee. The employee allegedly transferred approximately 270,000 files, including sensitive data of over 430,000 eligible voters, to private storage devices.
This incident prompted Dresden to re-evaluate and strengthen its data security protocols… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by Markus Spiske on Unsplash
