The California Consumer Privacy Act (CCPA) is the latest in privacy compliance. Although not as comprehensive as what is provided by the GDPR, there are useful operational overlap that can help with compliance with the CCPA.
Director of Privacy at OneTrust
Andrew Clearwater serves as Director of Privacy at OneTrust. Clearwater is a Certified Information Privacy Professional (CIPP/US) and is a licensed privacy attorney in Maine and Massachusetts. In this role, Clearwater provides counsel, leadership, and guidance on all legal issues relating to OneTrust’s corporate environment. He also provides public policy analysis in the areas of privacy, data security, information policy, and technology transactions.
While privacy by design is not a new concept, the GDPR makes it a legal requirement, and thus practical guidance is needed for putting policy into practice. What are the concepts and requirements in the context of recent guidance published by the EDPS and UK ICO?
Out of all six legal bases for processing offered by the GDPR, consent and legitimate interests are the legal bases most likely to be relied upon to justify direct marketing. Where the direct marketing involves electronic communications, however, is where things get muddy.
With the EU GDPR right around the corner, you have probably heard that there will be six legal bases for processing personal data. For organizations who are currently preparing for GDPR, there is a strong focus on – as well as some confusion around – legitimate interests, in particular. Let's take a closer look.
The concept of consent has had a long history in privacy and data protection. Privacy consent has been evolving, especially under the GDPR. What are the expanded requirements for consent and what actions must organizations begin taking today to prepare for the coming of the GDPR on 25 May 2018?
Data subject rights are being expanded under the EU General Data Protection Regulation (GDPR), impacting the business processes of data controllers and processors. With the increased complexities that lie in within each distinct right, a variety of new issues will need to be considered.
Avoid the common pitfall of using pre-existing approach to Data Protection Impact Assessment (DPIA) without knowing the Article 29 Working Party guidelines.
While one of the primary goals of the GDPR is to harmonize data protection laws across the EU, there are over 50 provisions, which allow GDPR derogations by Member States.
We give some insight into how companies could use a privacy impact assessment (PIA) in conjunction with data mapping practices to understand how data flows through an organisation, making it the perfect tool to document and track new initiatives.
