Belgian Data Protection Authority Imposes Fines on Non-Profit Organization

In a decision issued on May 29, 2020, the Belgian data protection authority (DPA) turned its attention to the practices of non-profit organizations when it imposed a fine for violations of the EU’s General Data Protection Regulation (GDPR).  The DPA’s decision responded to an individual who complained that he continued to receive promotional materials from the organization after he had objected to the processing of his contact details for direct marketing. He had also requested that the organization delete his data from its database. The DPA stated that under the GDPR, unsolicited postal communications sent by non-profit organizations to promote their services and to fundraise qualify as “direct…

READ MORE

Data Protection Conference in Tirana Forecasts an International Focus in 2020 on Converging Privacy Laws and Accountability

Last fall, the International Data Protection and Privacy Commissioners’ Conference convened in Tirana, Albania. Achieved Compliance once again participated in this annual meeting, which brings together regulators, experts, advocates and practitioners from around the globe. By attending this meeting, Achieved Compliance benefits from the opportunity to understand what concerns data protection authorities and on what issues they will focus their attention over the coming year. The theme of this year’s meeting was Convergence and Connectivity:  Raising Global Data Protection Standards in the Digital Age. The conference posed the questions – How are laws converging, and what factors are driving convergence? What are the challenges in building more convergence…

READ MORE
Privacy Guidelines

New Privacy Guidance From NIST and ISO

National Institute of Standards and Technology, ISO Release Privacy Guidance Companies seeking guidance about how to understand privacy risks and to implement measures to address them should be aware of two new resources – The National Institute of Standards and Technology’s (“NIST”) draft Privacy Framework and the International Organization for Standardization’s (“ISO”) International Standard for privacy information management. These tools are designed to work alongside existing guidelines for cybersecurity and the requirements of emerging law such as the General Data Protection Regulation and the California Consumer Privacy Act. The NIST Privacy Framework   In September, NIST, an agency of the U.S. Department of Commerce, released a preliminary draft of…

READ MORE

EU-U.S. Privacy Shield Review Report Outlines Steps To Improve Enforcement and Monitor Compliance

The Privacy Shield – a mechanism by which U.S. companies can legally transfer data to the European Union, continues to draw the attention of regulators and policymakers. On December 19, 2018, the European Commission (the Commission) announced the publication of its report on the second annual review of the EU-U.S. Privacy Shield. The report offers companies insight into what aspects of the Privacy Shield officials find most important and what steps are planned to strengthen enforcement and oversee compliance. Background The EU-U.S. Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. Companies must self-certify that they meet the requirements of…

READ MORE

Data Regulators Focus on Artificial Intelligence and Data Ethics at Annual International Meeting in Brussels

Achieved Compliance attended the 40th Annual International Conference of Data Protection and Privacy Commissioners which convened this year in Brussels. This meeting is the largest and most significant gathering of data protection authorities in the world. It provides an important window on the status of data protection law and regulation, the impact of new technology on privacy and what is top of mind for regulators. While companies continue to grapple with the requirements of the General Data Protection Regulation (GDPR), which took effect in May of this year, the law did not take center stage at the annual meeting of regulators. Instead, the focus of this year’s conference was artificial…

READ MORE