The arrival of Global Privacy regulation and its enterprise-wide implications means that businesses are building Privacy as a service, not just a UX consideration. Extraterritorial Privacy regulations demand a better understanding of personal data, as well as access to and control of that personal data ..read more

Compliance with Data Privacy regulation is now a universal reality for businesses. It is rare today that a business is not bound by one or more comprehensive regulations, either under its national law, or the extraterritorial scope of regulations such as the GDPR, LGPD or CCPA ..read more

Two years on from the GDPR businesses should by now be familiar with the concept of Data Subject Access Requests (DSRs) – the basic rights and transparency afforded to consumers with respect to how their data is processed. The GDPR, for example, outlines a number of rights for data subjects, including data portability, access, erasure and rectification ..read more

Knowing where data sits in your businesses is a hard question for many companies to answer. Global Privacy regulation now makes this question more prevalent, with the introduction of Data Subject Requests (DSRs), records of processing activities, data retention and breach notification policies, introduced by the GDPR, LGPD, CCPA and more ..read more

November 3rd, 2020 saw the passing of the California Privacy Rights and Enforcement Act into law. Enforcement of the CPRA will itself begin on July 1, 2023 at which stage it will officially replace the existing regulation, the CCPA. Although that date may yet appear some way off, we’ve put together an overview of the things organisations should look out for when thinking about how best to approach the CPRA, and indeed their current approach to the California Privacy Protection Agency (CCPA ..read more

Businesses have had, until recently, little motivation to truly put Privacy strategies at the core of their customer experiences. Although many businesses today say they care about our privacy, it’s often difficult to find clear evidence of this in their actions towards users and customers. For some businesses, it can often feel like Privacy is just another PR plug ..read more

The original intent when creating cookies was apparently somewhat innocent: to allow sites to store persistent information about the user in order to provide services, and to improve User Experience, whilst ushering in the ecommerce revolution. The problem, as it is often said, is that ‘the road to hell is paved with good intentions ..read more

Since the arrival of regulations such as the GDPR, CCPA, LGPD and POPIA, Data Privacy and Ethics teams have become a critically important function within a business. Privacy, Data and Cybersecurity teams now bear a lot of the responsibility of compliance, ensuring the protection of their customer’s data to avoid potentially record-breaking fines, and associated brand damage. With an ever-increasing number of future regulations on the horizon, and continual changes made to existing regulations - Schrems II being a recent example - Privacy and Data teams face a battle to ensure their house remai ..read more

Last week saw confirmation of Morgan Stanley’s $60 million USD fine for having failed to ‘effectively assess or address risks associated with decommissioning its hardware’, having failed to ‘maintain an appropriate inventory of customer data stored on the devices.’ The Morgan Stanley case serves as a cautionary tale for Banks and global businesses ..read more

In a world of budget cuts, in which companies increasingly seem to be asked to do more with less, companies often face the dilemma of build vs buy. For some businesses, there may be no choice but to build, especially if there is no vendor that matches your unique requirements. For others, it may be a cultural choice to build - but is this always the right approach ..read more