The European Commission has carefully analyzed the law and practice of the United Kingdom (UK). Based on the findings the Commission concludes that the UK ensures an adequate level of protection for personal data transferred within the scope of Regulation (EU) 2016/679 from the European Union to the UK. Additionally, the Commission concludes that the UK ensures an adequate level of protection for personal data transferred from competent authorities in the Union, falling within the scope of Directive (EU) 2016/680, to competent authorities in the UK falling within the scope of Part 3 of the Data Protection Act 2018 (DPA 2018).
According to European Commission Vice-President for Values and Transparency, Vera Jourová, “In Europe, we want to remain open and allow data to flow, provided that the protection flows with it. The modernised Standard Contractual Clauses will help to achieve this objective: they offer businesses a useful tool to ensure they comply with data protection laws, both for their activities within the EU and for international transfers. This is a needed solution in the interconnected digital world where transferring data takes a click or two.”
According to EDPB Chair, Andrea Jelinek, “2020 and the COVID-19 pandemic significantly altered how we live and work. Given the increasing presence of data-driven technologies in addressing the pandemic, the awareness of data protection rights among individuals and organizations has never been more critical.”
In this presentation, experts will share insight into the automation of unique workflows to better engage with these rapid-response projects. The timelines are short, the data volumes are larger than ever, and the reporting obligations are becoming increasingly onerous. Clients are asking for alternatives and technical solutions to a problem that is not going away any time soon.
According to the recent article from European Digital Rights (EDRi), biometric surveillance dehumanizes us into lifeless bits of data, depriving us of our autonomy and the ability to express who we are. This is even more dangerous when applied to people who reach our countries escaping from violence, economic disasters, and environmental catastrophes. Meeting human beings with biometric surveillance technologies destroys our humanity.
According to Monique Verdier, the deputy chairperson for the Dutch Data Protection Authority, “Facial recognition makes us all walking bar codes. Your face is scanned every time you enter a store, a stadium, or an arena that uses this technology. And it’s done without your consent. By putting your face through a search engine, there is a possibility that your face could be linked to your name and other personal data. This could be done by cross-checking your face with your social media profile, for example.”
The recently adopted EDPB guidelines on examples regarding data breach notification complement the Article 29 Working Party guidance on data breach notification by introducing more practice-orientated guidance and recommendations. The guidelines, adopted on January 14, 2021, and available for public commentary, aim to help data controllers in deciding how to handle data breaches and what factors to consider during risk assessment.
According to Karen Wetzel, Manager of the NICE Framework, “The NICE Framework building blocks (Tasks, Knowledge, and Skill statements) will unleash a variety of ways in which organizations can use and apply the NICE Framework within their unique context and in a manner that is consistent with the attributes of agility, flexibility, interoperability, and modularity. The introduction of Competencies, a mechanism for organizations to assess learners, is designed to increase alignment among employers, learners, and education and training providers and close the cybersecurity skills gap.”
According to the European Commission, the proposed Regulation on Data Governance (Data Protection Act) will create the basis for a new European way of data governance that is in line with EU values and principles, such as personal data protection (GDPR), consumer protection and competition rules. It offers an alternative model to the data-handling practices of the big tech platforms, which can acquire a high degree of market power because of their business models that imply control of large amounts of data.
A steady rise in the number of sensitive data discovery requirements driven by events ranging from Data Subject Access Requests (DSARs) to data breaches are adding to the current ‘where’s my data’ problem; a problem increasingly complicated by enormous amounts of unstructured data widely spread across organizational systems. The ability to rapidly locate information across an organization’s digital estate and to easily review, collate, and extract that data into one central repository, is essential when faced with regulatory time constraints. Ascema, a sensitive data discovery and extraction platform from UK-based cybersecurity provider GeoLang, may be able to help eDiscovery professionals as they consider proactive detection and reactive data breach review of data.