The Class-Action Risk Inherent in California’s New Strict Data Privacy Law 

Right on the heels of GDPR’s compliance deadline and hitting a little closer to home, the governor of California has signed AB 375—the California Consumer Privacy Act of 2018. This is a first-of-its-kind law, at least from a US-perspective, that has been called historic in terms of privacy and consumer protections.  Much like GDPR, the comprehensive law gives users more control over their data and places penalties on companies that fail to comply. There is a…

READ MORE

GDPR Compliance: Special Challenges for Small and Medium-Sized Organizations

The EU’s General Data Protection Regulations (GDPR) came into effect on May 25, and companies collecting and maintaining even limited data about residents of the EU must comply. A U.S.-based company conducting only 5 percent of its business with European customers is still obligated to follow GDPR rules. But GDPR requirements are challenging to meet, and because smaller companies may have limited resources they risk falling short of requirements and facing the law’s serious sanctions…

READ MORE

The Importance of Article 27: Identifying a Representative in Europe

The General Data Protection Regulation came into effect on May 25. In an effort to comply, companies of all sizes have been taking steps to meet requirements. Mapping data, appointing staff to lead data protection work in the organization, reviewing and updating security, developing data governance programs – businesses are investing time and resources to understand and meet GDPR expectations. What is often lost in this flurry of activity is an understanding of GDPR’s Article…

READ MORE

New Guidance for Companies that Transfer Data from the EU to the U.S.

The Article 29 Working Party has recently released several new documents of interest to companies that collect and process data about EU residents and who move data from the EU to the United States. First, the Working Party released “Recommendations on the Standard Application for Approval of Data Controller or Processor Binding Corporate Rules for the Transfer of Personal Data.” Binding Corporate Rules (often referred to as BCRs) are one mechanism available to companies to support the…

READ MORE

Achieved Chats: You’ve Been Appointed to Lead GDPR Compliance. Now What?

Achieved Compliance’s second installment in our “Achieved Chats” series took place on Wednesday, May 9, 2018, where President Melise Blakeslee and Senior Director of Global Privacy Policy Paula Bruening discussed what companies of all sizes need to know as the May 25 compliance deadline for the General Data Protection Regulation approaches, and demonstrated Achieved Compliance’s PrivacyMinder software platform.

READ MORE

Not Just for Large Multinationals: U.K. Information Commissioner’s Office and Article 29 Working Party Issue GDPR Guidance for Small Businesses

Smaller companies take note – the U.K. Information Commissioner’s Office (ICO) and the Article 29 Working Party have highlighted that all companies must comply with the General Data Protection Regulation (GDPR) regardless of size, and recently issued special guidance for smaller businesses. The GDPR, a law that places new obligations on organizations that collect and process data about European residents, comes into effect May 25, 2018. In a recently published set of FAQs, the ICO…

READ MORE

Achieved Chats: Takeaways from the IAPP Global Privacy Summit 2018

Achieved Compliance kicked off our “Achieved Chats” webinar series on Thursday, April 19, 2018 by addressing important takeaways from the recent meeting of regulators, policymakers and privacy professionals at the IAPP Global Privacy Summit 2018, including preparation for GDPR compliance, the Facebook/Cambridge Analytica case, and the shift in governance toward data ethics.

READ MORE