Research

As 2020 begins, Congress continues on a path toward providing consumers with greater protections for their data, lawmakers have exhibited a rare willingness to work toward consensus on the issue.

The European Data Protection Board (EDPB) has issued new guidelines about the intersection between online services and processing based on the necessity of performance of a contract.

The Dutch Data Protection Authority has announced a new policy for determining the fines to be imposed for violations of the General Data Protection Regulation (GDPR) and its national implementing act. The policy reaffirms the importance given by the GDPR to the Principle of Accountability.

Achieved Compliance joined regulators, policymakers and privacy practitioners gathered in Washington on March 27-28 for the International Association of Privacy Professionals’ (IAPP) Annual Summit.

“Legitimate business interest” is one of several legal bases to process data articulated by the EU’s General Data Protection Regulation (GDPR) – and probably the least understood.

Consumer consent to the collection and processing of their information has been a cornerstone of data protection practices. The General Data Protection Regulation lists it as one of several ways companies can establish a legal basis to process data.

Companies that must meet requirements of the EU’s General Data Protection Regulation face new compliance challenges. The regulation’s provisions on accountability represent a new approach to data protection and management.

Achieved Compliance Solutions makes compliance with the imminent EU General Data Protection Regulation (GDPR) possible for companies regardless of size or revenue.

On August 9, 2017, Nationwide Mutual Insurance Co. (“Nationwide”) settled with attorneys general from 32 states for $5.5 million, in a case involving a 2012 data breach that exposed the personal information of over 1.2 million individuals.