Rather than just staying compliant with GDPR, companies should instead implement stronger security protocols, abandon old business practices and take on new way of doing business that embraces data privacy.
Estonia takes over presidency of EU and hosts major Digital Single Market conference on free movement of data, touching on data flow and data localization.
Financial market regulators from outside the EU are now seeking GDPR exemptions for the purpose of "public interest", for example cracking down on securities fraud, including the SEC in the U.S. as well as regulators in Japan and Hong Kong.
This article is based on a presentation made during the Data Privacy Asia 2016 conference held on 9-11 November 2016. The new EU General Data Protection Regulation aims to implement uniform data protection rules within the EU, boost the Digital Single Market and increase cooperation across its member states. The current rules have been sharpened to provide more enforcement teeth with penalties up to 4% of annual global turnover or EUR 20 million for firms in breach with the GDPR. In this article Héloïse Bock, a Partner at Arendt & Medernach, a law firm located in Luxembourg, examines the core principles and applicability of the GDPR, and discusses what companies in Asia must do to avoid missteps.
Privacy regulators have said they will take seriously anything that puts the twin principles of openness and honesty into jeopardy, and with the GDPR honeymoon period set to end, trust and reputation will be central going forward.
Simply following the law is not enough to meet ethical data mining standards. Businesses need to be proactive not just because it’s the right thing to do but also for the enormous business benefits.
In our first article on the European Union General Data Protection Regulation (Regulation (EU) 2016/679 or ‘GDPR’) we focused on the global territorial scope of the new rules and how they could affect businesses based in Asia. In particular, we highlighted how the enhanced rights of data subjects in the EU and the expanded obligations on data controllers and data processors — even if they are located outside the EU — provide much for businesses to consider as they become compliant with the new rules. In this second article, we will focus on the new regulatory-enforcement regime and international data transfers, and then draw comparisons with the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system.
The 21st of June 2017 saw UK’s Queen Elizabeth give what is generally known as ‘The Queen’s Speech’ in which Her Majesty gave some insights into just how seriously the UK government is taking issues of online privacy and data protection.
Less than 100 days to go, and so far only two European countries have adapted their laws to be ready for GDPR. While the GDPR aims to harmonize rules across the European Union and to benefit companies to deal with just one law, many member states are eyeing possible exemptions as they change their national laws.
The size of today's GDPR penalties has set the level against which all future data breach fines will be judged as global data breaches are pursued by multiple regulatory authorities and private citizens alike.