Loading...

Follow GDPR Ireland - GDPR.ie | Our Vision Your Data on Feedspot

Continue with Google
Continue with Facebook
or

Valid

Via SkyNews -

The malware was able to penetrate phones using the app's voice calling function, with reports blaming the Israeli-based NSO Group.

WhatsApp has pointed the finger at an Israeli firm after confirming that a sophisticated hacking group had developed a tool which could take control over victim's phones by sending them a call.

The company said the attacks carried the hallmarks of a private surveillance technology firm which reportedly works with governments to deliver spyware that takes over the mobile phone operating systems.

Although the company did not name the NSO Group, its statement matched the organisation which a number of human rights organisations have accused of working with repressive regimes to target dissidents.

Dozens of WhatsApp users, including human rights organisations and a UK-based lawyer, are thought to have been targeted after hackers exploited a major vulnerability in the app.

The attackers were able to install spyware through WhatsApp's voice call function, even if the user did not pick up the call, the company confirmed.

#Hacking, #WhatsApp, #Isreal, #GDPR

The post WhatsApp points finger at Israeli firm over hack appeared first on GDPR.ie.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
1 Day Intensive GDPR Training Course - Reserve your place.
GDPR - ONE YEAR ON

Why is GDPR still in the news?

Are waste paper bins in the GPO really a GDPR issue?

Why did someone believe so?

These questions and more will be answered for you at this one-day, comprehensive foundational course in the GDPR.

Cost of this course will be €395.00

Venue: Clayton Hotel, Leopardstown, Dublin 18 (Onsite Parking).

13th June 2019

The course will both help you to avoid embarrassing episodes such as the above and show you how to become compliant with the law, and how to leverage that knowledge to help your business.

Delivered by a Certified Data Protection Practitioner and practising Barrister, this course is designed to equip you with all the foundational knowledge that is absolutely essential for your organisation or business, of whatever size, avoid costly errors, and stay safe in what can be a data minefield.

That it may also help avoid fines and costly Court appearances is an added bonus!

Just one such occurrence will more than justify the expense.

What this course provides.

The course is aimed at those who have to solve the practical, real-life issues facing organisations and businesses on a daily basis, and to help you put in place realistic achievable solutions to the issues you face every day, and to help you have a clear understanding of what paperwork you require to ensure that you can be compliant, and show that this is so, both to any regulator, but also to your staff and customers alike.

The course is designed for all those who handle personal data, and who need an overall understanding of how GDPR affects their business, and need to know just exactly what they need to know and do, in particular:

This GDPR course is ideal for professionals who handle personal data and who need an overall understanding of how GDPR will affect their business.

Key people mainly include:

  • Sole Traders
  • Company Directors and Managers
  • Professionals & Marketing Managers
  • IT & Project Managers
  • Accountants and HR Managers
  • Safety Health and Quality Managers
  • Risk and Compliance Managers

On completion, you will be given a Certificate of Training – GDPR Fundamentals. This can be used by you or your company as evidence towards the training requirements under the GDPR.

Please note that at present there is no available certification qualification under the GDPR itself.

Full documentation is included, along with a light lunch, and light refreshments during the day.

Course content includes:

  • Brief Background overview
  • Scope of the EU General Data Protection Regulation
  • Key definitions
  • Processing, consent, legitimate business interests, data profiling,
  • What is Personal Data?
  • Data Controllers, Data Processors and Data Subjects
  • What are the obligations of the Data Controller, Joint Controller(s) and Representatives?
  • Data Subjects’ Rights.
  • DPO obligations
  • Anonymisation and Pseudonymisation
  • Data Breach Management
  • Breach Notification requirements
  • Privacy by Design and Privacy by Default
  • What does the Regulation say about transferring data internationally?
  • Why do you need to know about your legal basis for processing data?
  • How must ‘consent’ be obtained under the new rules?
  • What must be included in your Privacy Policy
  • What must be included in a Privacy Notice?
  • How can you demonstrate that you are processing data fairly?
  • How do process data “lawfully”?
  • What are the new rules regarding children?
  • What is data portability?
  • What rights do people have to see, change or restrict the use of information held about them?
  • What is the right to be forgotten?
  • Must I delete someone’s data on request?
  • When must you undertake Data Protection Impact Assessment?
  • Does GDPR make the appointment of a Data Protection Officer compulsory?
  • How can an individual make a complaint about the use of their data?
  • Infringements and penalties.
  • Criminal Offences
  • What remedies are available?
  • How must an organisation respond to complaints?
  • Examples and lessons from GDPR Year 1
  • GDPR Action Plan

Cormac Clancy – Barrister, Course Presenter. 

Cormac Clancy – practises at all levels in the Irish Courts for individuals, partnerships, SMEs and multinationals. He has a background in customer relations and management.

He is a Certified Data Protection Practitioner (Law Society of Ireland Diploma School) and has been advising on and been involved in data protection matters for several years, both as lawyer and consultant.
He presents workshops and training courses for the Data Protection Group and speaks at data privacy events, such as INM’s Dublin Data Sec 2018 in the RDS and the Government Administration and Procurement Summit 2018 in Citywest.

Our GDPR Turnkey Solutions;

Our Intensive GDPR training workshops and courses are an excellent starting point for you to understand and manage your GDPR compliance. We offer a complete GDPR solution and can work with you to build a compliance file for your business, conduct audits, compliance checks, customise policy documents to suit your profession and industry sector.

The post GDPR 1 Day Intensive Course – Dublin appeared first on GDPR.ie.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Date: 07 May 2019
Type: News

Issued by the (UK) Information Commissioners Office

The ICO has fined a PPI claims management company £120,000 for sending unlawful spam texts about its services.

Hall and Hanley Ltd of Devonshire Street North, Manchester were responsible for sending 3,560,211 direct marketing text messages between 1 January 2018 and 26 June 2018 about PPI compensation claims.

The ICO launched an investigation after it became aware of a large number of complaints about the company. It found that Hall and Hanley, which had used a third party for this work, but did not have valid consent as required by law.

Steve Eckersley, ICO Director of Investigations, said:

”Companies which are responsible for generating these types of marketing messages should make sure they are operating legally or face a potential fine. Hall and Hanley should have known better. The laws on these types of marketing messages are strict because they can be very intrusive.”

Read the full piece:

#ICO, #Fines #Spam, #SMS, #TextMessaging, UK, #Consent, #GDPR

The post ICO fines PPI claims company £120,000 for millions of nuisance texts appeared first on GDPR.ie.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Date 03 May 2019
Type Statement

The UK's Information Commissioners Office.

An ICO investigation into HMRC’s Voice ID service was prompted by a complaint from Big Brother Watch about the department’s conduct. The investigation focused on the use of voice authentication for customer verification on some of HMRC’s helplines since January 2017.

The ICO found that HMRC failed to give customers sufficient information about how their biometric data would be processed and failed to give them the chance to give or withhold consent. This is a breach of the General Data Protection Regulation.

The ICO issued a preliminary enforcement notice to HMRC on April 4, 2019, stating the Information Commissioner’s initial decision to compel the department to delete all biometric data held under the Voice ID system for which it does not have explicit consent.

The ICO will issue its final enforcement notice next week giving HMRC 28 days from that date to complete deletion of relevant records.

Steve Wood, Deputy Commissioner at the ICO, said:

Read the Article:

#HMRC, #ICO, #UK, #Voice, #GDPR,

The post ICO says that voice data collected unlawfully by HMRC should be deleted appeared first on GDPR.ie.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Via Angelique Carson, CIPP/US Of IAPP

U.S. lawmakers took the opportunity Wednesday morning to ask consumer groups how they should craft a federal law in a way that gives users tools and resources to control their data in ways that align with their expectations. Also on hand at the "Consumer Perspectives: Policy Principles for a Federal Data Privacy Framework" hearing was EU Data Protection Commissioner Helen Dixon to share her perspectives on enforcing the General Data Protection Regulation in its infancy and how the U.S. might follow or diverge from that strategy. Witnesses at the hearing advocated for algorithmic transparency, special provisions for children and nuanced regulations on data sets depending on their sensitivity.

Full Article here

#Enforcement, #FTC, #Privacy, #HelenDixon, #DPC, #USA, #GDPR

The post Dixon at Senate hearing: Fines are coming, they will be ‘substantial’ appeared first on GDPR.ie.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Press Release Via The Data Protection Commissioner -

02nd May 2019

Since the application of the GDPR significant concerns have been raised by individuals and privacy advocates concerning the conduct of technology companies operating in the online advertising sector and their compliance with the GDPR. Arising from a submission to the Data Protection Commission by Privacy International, a statutory inquiry pursuant to section 110 of the Data Protection Action 2018 has been commenced in respect of Quantcast International Limited. The purpose of the inquiry is to establish whether the company’s processing and aggregating of personal data for the purposes of profiling and utilising the profiles generated for targeted advertising is in compliance with the relevant provisions of the GDPR. The GDPR principle of transparency and retention practices will also be examined.

The Article is published here

#Quantcast, #advertising, #Privacy, #DPC, #GDPR, #Privacy

The post Data Protection Commission opens statutory inquiry into Quantcast International Limited appeared first on GDPR.ie.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Via RTE - Will Goodbody.

The Data Protection Commissioner has told a US Senate Committee that her office has reason to believe that US technology firms may have breached the European Union's new data protection rules.

Speaking in Washington DC, Helen Dixon said in the 11 months since the General Data Protection Regulation came into force, the Data Protection Commission has opened 12 significant investigations into potential infringements by large US tech companies.

"So we have reason to believe then clearly that there are potential infringements of the GDPR arising," she told the US Senate Committee on Commerce, Science and Transportation.

Ms Dixon said the DPC is significantly advanced in a number of those investigations and intends to have a decision on the first of them soon.

So far, she said, no fines had been issued under GDPR because the probes which are complex are still continuing.

She said that overall her office has 51 significant investigations underway currently, with a subset of those related to US tech companies.

The commissioner said she did not think it was a case that GDPR poses a more difficult or easier compliance approach for US companies over European ones.

read the rest of the piece here

#GDPR, #DPC, #Senate, #US, #HelenDixon,

The post Data Protection Commissioner says US tech firms may have breached GDPR appeared first on GDPR.ie.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Via The Irish Data Protection Commissioner April 25th 2019

The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers. We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.

https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-opens-statutory-inquiry-facebook-0

#Facebook, #Security, #Passwords, #Encryption, #Instagram, #FacebookLite, #Privacy

The post Data Protection Commission opens statutory inquiry into Facebook appeared first on GDPR.ie.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Via: The BBC By Ross Hawkins
Political correspondent

The Home Office has apologised to hundreds of EU citizens seeking settled status in the UK after accidentally sharing their details.

It blamed an "administrative error" for sending an email that revealed 240 personal email addresses - a likely breach of the Data Protection Act.

The department may now have to make an apology in Parliament.

In a statement to BBC Radio 4's Today programme, it said it had since improved its systems and procedures.

One recipient of the email told Today that she was outraged and was considering returning to Germany.

The Home Office sent the email on Sunday 7 April asking applicants, who had already struggled with technical problems, to resubmit their information.

But it failed to use the "blind CC" box on the email, revealing the details of other applicants.

#DataBreach, #email, #Brexit, #DPC, #Privacy

The post Brexit: Home Office sorry for EU citizen data breach appeared first on GDPR.ie.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Press Release by the EDPS;

As the supervisory authority for all EU institutions, the European Data Protection Supervisor (EDPS) is responsible for enforcing and monitoring their compliance with data protection rules. In this capacity, the EDPS is undertaking an investigation into the compliance of contractual arrangements concluded between the EU institutions and Microsoft, the European Data Protection Supervisor said today.

Wojciech Wiewiórowski, Assistant EDPS, said: “New data protection rules for the EU institutions and bodies came into force on 11 December 2018. Regulation 2018/1725introduced significant changes to the rules governing outsourcing. Contractors now have direct responsibilities when it comes to ensuring compliance. However, when relying on third parties to provide services, the EU institutions remain accountable for any data processing carried out on their behalf. They also have a duty to ensure that any contractual arrangements respect the new rules and to identify and mitigate any risks. It is with this in mind that the contractual relationship between the EU institutions and Microsoft is now under EDPS scrutiny.”

EU institutions rely on Microsoft services and products to carry out their daily activities. This includes the processing of large amounts of personal data. Considering the nature, scope, context and purposes of this data processing, it is vitally important that appropriate contractual safeguards and risk-mitigating measures are in place to ensure compliance with the new Regulation. The EDPS investigation will, therefore, assess which Microsoft products and services are currently being used by the EU institutions and whether the contractual arrangements concluded between Microsoft and the EU institutions are fully compliant with data protection rules.

Read the whole piece on the EDPS webstite> 

#EDPS, #EU, #Microsoft, #investigation, #Contractors, #GDPR, #Security,

The post EDPS investigates contractual agreements concerning software used by EU institutions appeared first on GDPR.ie.

Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview