Learn about the context and implications of the fine levied by the Irish Data Protection Commission.
Learn about recent laws and regulations in China on the use of data and protection of cross-border data transfers.
On March 7, 2023, the Data Protection Commission (“DPC”) published its Annual Report for 2022 (the “Report”). 2022 marked the fourth full year of the implementation of the GDPR and saw significant effort by the DPC to ensure compliance with the GDPR across Ireland. The most frequent GDPR queries and complaints received by the DPC related to Access Requests; Fair Processing; Disclosure; Direct Marketing; and the Right to be Forgotten.
Check out ACC's selection of curated insights, samples and events in the ACC Privacy and Cybersecurity Resource Center
Now that some of the hype and uncertainty around the Protection of Personal Information Act (POPIA) has settled, and data privacy and protection has become an integral part of our personal and professional lives, we can take some time to reflect on some of the aspects of data privacy legislation that are required for organisations to be compliant. No organisation operates in isolation, and organisations generally require some assistance or services from third parties in their day-to-day operations.
This article highlights what firms need to consider during their journey of digital transformation and investments in data opportunities, more specifically in the context of corporate transactions and reorganizations.
It can be costly to hold on to information that is obsolete, expired, either legal, regulatory, and not needed for or business reasons. An organization must determine what needs to be saved (meaning, it can identify what can be disposed). Policies can be developed that include both the business justification and process for deleting electronic documents, and establish consistent, repeatable, defensible processes that allow for the routine deletion of data not under a legal hold.
Deleting emails and files is a type of initiative that looks easy at the outset but become difficult. Emails and files are retained, and month after month, can quickly year after year they accumulate creating digital layers called information horizons. These information horizons contain a little bit of everything: records, non-records, copies containing high-value value information, personal information, intellectual property, and even documents subject to legal hold.
Organization’s records retention schedules need to be synchronized with assurance current and emerging privacy laws . Records retention laws and regulations may require companies to retain records for a certain number of years, driven by literally thousands of record retention regulations. These requirements may override consumer deletion requests of their personal information.
In development or update of a records program it may appear that once a company has its policies and processes, roadmap, tools, and technology in place, some may believe they are done. However, here is still a critical task remaining: employee behavior change management.