Data Protection Conference in Tirana Forecasts an International Focus in 2020 on Converging Privacy Laws and Accountability

Last fall, the International Data Protection and Privacy Commissioners’ Conference convened in Tirana, Albania. Achieved Compliance once again participated in this annual meeting, which brings together regulators, experts, advocates and practitioners from around the globe. By attending this meeting, Achieved Compliance benefits from the opportunity to understand what concerns data protection authorities and on what issues they will focus their attention over the coming year. The theme of this year’s meeting was Convergence and Connectivity:  Raising Global Data Protection Standards in the Digital Age. The conference posed the questions – How are laws converging, and what factors are driving convergence? What are the challenges in building more convergence…

Dutch DPA Report

Dutch Report Provides a Window on GDPR-Related Complaints and DPA Response

On September 9, 2019, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the Dutch DPA) published a report on privacy complaints it received between January 2019 and June 2019. The report reviews the rate of consumer complaint activity since the enactment of the GDPR, the nature of those complaints, and how they are handled by the Dutch data authority. Overview of the Dutch DPA Report During the first half of 2019, just over 19,000 individuals and organizations contacted the Dutch DPA with concerns and questions related to the European Union’s (EU) General Data Protection Regulation (GDPR) or other privacy-related concerns. Of these, the Dutch DPA identified 15,313 inquiries as privacy complaints,…

GDPR Identity Verification

Loose Identity Verification Puts You at Risk for Fraud

Subject Access Requests (SARs) under the GDPR Now is the time to tighten up your identity verification methods. Without tight verification methods, you open yourself up to GDPR regulators and you put your customers at risk of being a victim of fraud. Individuals Can Request Access to Their Personal Data Article 15 of the GDPR gives individuals a “right of access” to their personal data, under which they can request specifics about the personal data a business holds about them, or the organization’s purpose for processing the data, the categories of personal data held, who has access to the data, whether or not it will be transferred outside of…


Technology for GDPR Compliance Will Cost Top U.S. Firms $1 Million

A new survey conducted by Paul Hastings LLP provides a serious reminder that the cost associated with EU General Data Protection Regulation (GDPR) compliance is staggering, and that to be ready to comply when the regulation goes into effect on May 25, 2018, U.S. companies must act now. U.S. firms in the Fortune 500 will spend an average of $1 million on GDPR compliance technology alone. Currently, only 9 percent of U.S. companies surveyed have purchased new technology and just 34 percent have allocated the appropriate budget to hire the additional staff necessary to meet regulatory demands. The consequences of GDPR violation are immense, with fines of up to $22.4…


Sequel Announces PrivacyMinder™ Platform

I am pleased to announce the launch of PrivacyMinder™, a new tool Sequel Technology & IP Law is offering to help you comply with data protection laws. PrivacyMinder brings together our deep experience in client counseling with the benefits of easy-to-use technology, a suite of educational videos, and a robust template database. PrivacyMinder is specially designed to meet the needs of companies that do not have the benefit of a compliance staff or legal counsel skilled in this area. PrivacyMinder was originally designed to assist companies in meeting the requirements of new laws like the EU’s General Data Protection Regulation. But it does more: PrivacyMinder helps you understand…


The Genesis for Achieved Compliance & PrivacyMinder™

I admit that, for many years I’d been skeptical about privacy and data protection regulation as too prescriptive and intrusive – as making too many demands on those who don’t have the benefit of extensive compliance staffs and well-funded resources. But after working with clients – companies like yours – I now am convinced that data protection and responsible data management are critical not only to legal compliance, but to business success. I believe that companies that take the steps necessary to meet the requirements of regulations like the General Data Protection Regulation (GDPR), the expectations of the U.S. Federal Trade Commission, or agreements like the Privacy Shield…