Data Protection News, Insights and Resources

Some ad tech vendors appear to be engaging in a form GDPR consent string fraud by knowingly tampering with the consent information found in a publisher’s consent string, in order to give them the ability to deliver personalized ads.

The pace of cross-industry fraud is accelerating and becoming more costly and this is exacerbating the identity theft problem. New fraud study from LexisNexis reports that 84% of organizations had been the victim of cross-industry fraud.

The GDPR has influenced the future of corporate compliance at a global level. As we see the CCPA, the USCDPA, and bills in other jurisdictions like India and Brazil being passed, it is evident that all companies soon will be required to comply with some consumer data privacy measure.

Since June 1, eight U.S. states have either amended or enacted tougher new data breach notification laws requiring notification anywhere between 30 to 60 days. While still a far cry from the 72 hours required under the European GDPR, tougher notification laws will no doubt be adopted around the world.

Recent PwC survey results indicate that half of respondents were not confident that their organizations would meet the 2020 deadline for CCPA compliance. What are the lessons learnt from the GDPR compliance exercise that can help companies approach CCPA and other upcoming requlations?

While the practical interpretation and implementation of the GDPR has been heavily discussed, it is sometimes overlooked that the GDPR itself offers solutions to handle the legal uncertainty: Codes of Conduct and Certifications.

There will be grey areas in GDPR for a while to come and certainly in the early stages there will be test cases and adjustments to the Articles to clarify and ratify their use in real world practice.

Faced with a deluge of complaints regarding violations in terms of general data protection, regulators are expected to levy the first GDPR fines and other sanctions by year end.

Regulatory reporting for GDPR compliance requires effectively operationalising the use of appropriate technical and organisational measures to allow for reporting at the enterprise and project level.

Will your website will be in some way impacted by expanded privacy legislation like the GDPR? Do you need to change how you do business online? Much of what’s required is simply good data hygiene.