Podcast

Life with GDPR-$1 Billion Fine: Meta’s GDPR Violation

Post author By admin
Post date June 8, 2023
No Comments on Life with GDPR-$1 Billion Fine: Meta’s GDPR Violation

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they discuss the recent billion-dollar fine imposed on Meta (formerly Facebook) for violating data protection laws. They break down the significance of this ruling, which limits standard contractual clauses and requires due diligence checks when transferring data from the EU to the US. Discover the consequences and potential appeal arguments of the European Court of Justice’s ruling on data privacy. They delve into the challenges of harmonizing data protection authorities in the EU and how this affects corporations. Find out why the lack of consistency among regulators cannot be fixed overnight. Take advantage of the engaging and informative discussion that can help organizations navigate the complex landscape of GDPR and data privacy. Tune in to “Life with GDPR” now!

Key Takeaways:

· Facebook fined $1 billion for data transfer

· Meta’s GDPR Noncompliance and Data Transfer Suspension

· Irish Data Protection decision overruled by EDPB

· Challenging GDPR court order in Ireland

· Data Transfer from EU to US: Safe or Unsafe?

· GDPR differences in privacy enforcement

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Tags European Court of Justice, GDPR, Irish Data Protection, Meta

Life with GDPR

Life With GDPR: Class Action Update

Post author By admin
Post date June 1, 2023
No Comments on Life With GDPR: Class Action Update

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. Join them in this episode as they discuss the recent court decision in the Austrian case and its implications on GDPR claims. Discover the guidelines for GDPR damage compensation, assessment of damages, liability provisions, and how businesses can make themselves more robust to avoid such claims. They also delve into the importance of acting quickly in the event of a breach and insurers’ sophistication in cyberattack policies. Tune in to learn more, and check out the article on the quarterly compliance website. Don’t miss out on their engaging conversation and valuable insights!

Key Takeaways:

Understanding GDPR compensation claims
Insurance Claims and Breach Response Strategy
Cyber insurance is becoming more selective in writing cover

Notable Quotes:

“I would say when you have a title like that, you get the attention of many class action lawyers.”

“Not every infringement of GDPR automatically gives rise to compensation.”

“The right to compensation under GDPR needs 3 things. Firstly, an infringement of GDPR; secondly, material damage resulting; and thirdly, a causal link between the damage and the infringement.”

“If you haven’t got the right team in place, Even on New Year’s Day or Christmas day, Easter or Passover or, you know, during fasting, then that’s your fault, not ours, and regulators are not forgiving.”

Resources:

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Connect with Tom Fox

Connect with Jonathan Armstrong

Tags class actions, Cordery Compliance, GDPR, Jonathan Armstrong

Life with GDPR

Life With GDPR: Data Transfer Update

Post author By admin
Post date May 11, 2023
No Comments on Life With GDPR: Data Transfer Update

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. Join them in this episode as they delve into the hot-button issue of data transfers from the EU to the US. With potential new rulings looming, the replacement for privacy shield is said to be doomed to fail. The European data protection board is investigating complaints against Google and Facebook that could affect up to 95% of US corporations using Google Analytics! How can your organization comply with GDPR regulations while avoiding the nearly €3 billion in fines levied since 2018, including practical tips such as conducting compliance checks and due diligence? Don’t miss the explosive potential of this episode and what it could mean for businesses around the world.

Key Takeaways:

· Data transfers from the EU to the US and privacy concerns

· Data Transfer Regulations & Compliance

· Data Protection Compliance for Business Websites

· Impending Large GDPR Fine

Notable Quotes:

“It is not going to get any easier anytime soon, unfortunately.”

“This case is likely to affect, I think, 95% of corporate America.”

“Regulators definitely have an appetite to investigate this.”

“I expect that the find that I’m hearing rumors of will tip us over the €300MM level.”

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go to their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Tags Cordery Compliance, Data Transfer, GDPR, Max Schrems

Life with GDPR

DPO Update

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, host the award-winning Life with GDPR. In this episode, Tom and Jonathan discuss the Data Protection Officer (DPO) role in light of GDPR – an important requirement outlined in Article 37. They discuss how the European Court of Justice views the role, how Germany had a DPO system in place before GDPR, and that DPOs should be supported by their employer and protected against any potential conflicts of interest. They touch on the shortage of suitable DPOs due to the price and resource requirements of the role, as well as the example of a data protection authority showing up to an organization and finding a person who had been recently trained. Tune in to discover more key insights about the role of the DPO as you stay knowledgeable on GDPR compliance with Life with GDPR.

Key Takeaways:

European Court of Justice and the GDPR System [00:05:46]

DPO Roles and Responsibilities [00:10:50]

Data Protection Authority Visit to an Organization [00:15:26]

Notable Quotes:

“The Role of a DPO, in simple terms, is to sort of act as a sort of police officer to police the organization’s handling of data.”
“If you look at GDPR article 37 5, it says that a data protection officer must be designated on the basis of professional qualities. In particular, expert knowledge of data protection law and practices, and there’s a number of duties in Article 39 they have to be able to perform.”
“Regulators will expect to see competency. And it’s probably easier for a regulator to judge competency than it is to judge conflict of interest.”
“I think it is definitely worthwhile putting resources in training and also currency.”

Resources

Connect with Tom Fox

Connect with Jonathan Armstrong

Tags Cordery Compliance, DPO, GDPR, Jonathan Armstrong

Life with GDPR

SARs Update

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, host the award-winning Life with GDPR. In this episode, Jonathan Armstrong shares that SARs remain a significant area of concern for businesses. He joins Tom to discuss a recent individual’s complaint with the Austrian DPA, in which the response was incomplete and the individual took their case to an Austrian Federal Administrative Court. Jonathan shares that this tactic is being used by those under regulatory and governmental investigation. Tom and Jonathan’s insight is invaluable for staying informed of the most up-to-date news on SARs.

Key Highlights

· Challenges of Filing Data Protection Complaints in Austria [00:057]

· Legal Implications of Acquiring a Business Under Regulatory or Governmental Investigation [00:11:03]

· Ending a Podcast[00:15:50]

Notable Quotes

1. “We know that SARS are onerous, and it may be that the GIST route might be a way of saving some of the effort involved, not in searching for data necessarily, but in the whole redaction task, which is substantial because obviously you have to redact records so as not to expose the data of other individuals in many cases.”

2. “And the officer stream result also seems to be in accordance with guidance from other DPAs as well. So probably the right decisions in both cases but obviously still some complexity involved in dealing with hours.”

3. “We’ve definitely seen [SARs] in the context of regulatory or other governmental investigation. There are the cases in the public domain, for example, which is a case, which involves Russian oligarchs battling it out in the UK courts after group a investigated group b.”

4. “And as I say, we’ve used the gist route previously. We know that people have complained to the ICR to other regulators but so far, that hasn’t been anything that regulators criticized in the cases that we’ve been involved with.””

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Tags GDPR, Jonathan Armstrong, SARs

Life with GDPR

Russian Cyber Attack Gangs Sanctioned

Post author By admin
Post date March 2, 2023
No Comments on Russian Cyber Attack Gangs Sanctioned

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning podcast, Life with GDPR. In the most recent episode, they review the recent sanctions the UK and US have imposed on seven Russia-based individuals linked to ransomware. They explain that there are around 20-30 known vulnerabilities in software that could be responsible for the majority of ransomware attacks, and if these are taken care of, individuals and organizations are less likely to become susceptible. Finally, the host delve into how some ransomware attackers may become public about their actions in order to try and make those affected pay up. Listen to Life with GDPR for the most up-to-date and helpful advice about cyber security and ransomware.

Key Highlights

· Sanctions levied against Russian cyber-attack gangs [00:01:28]

· Steps to take to Protect Against Ransomware Attacks [00:06:12]

· The Dangers of Ransomware Attacks [00:10:49]

Notable Quotes

1. “Sanctioning ransomware gangs is not especially new. The US has done it before, but this is a move that’s a giant move from the UK and the US to sanction 7 Russia based individuals.”

2. “It’s good business sense to payers because x is less than y. So just because GDPR is on the agenda of ransomware gangs, it obviously means that organizations have to take that much more seriously because ransomware gangs trying to push GDPR figures.”

3. “Have a plan to deal with ransomware. It is inevitable a ball that somebody will target you. Maybe create a playbox so that you can work through key considerations in add advance.”

4. “You’re only as strong as your weaker link. And oftentimes, it is suppliers, HR providers, payroll providers, outsourced sales solutions that are a real area of vulnerability.””

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Tags cyber attacks, GDPR, Jonathan Armstrong, Lloyd's Of London

Life with GDPR

Cookies, Cookies & More Cookies

Post author By admin
Post date February 2, 2023
No Comments on Cookies, Cookies & More Cookies

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. Data protection has become a priority for many authorities with the French regulator, CNIL, recently issuing fines and penalties to Microsoft for not complying with the data protection laws. Changes were made to their practices in March 2022, and similar action was taken against Google and Amazon.

In this episode, we discuss the regulatory landscape for cookies which has become difficult for businesses to maneuver, requiring board-level oversight of data privacy, data protection, and data security. Together, these measures are deemed necessary in order to mitigate the biggest risks to organizations. Max Schrems and his pressure group were two of the key adjutants and had filed a substantial number of complaints. This eventually led to a large fine at the end of 2022, announced this month, from CNIL, the French Data Protection Regulator, against Microsoft, for €60 million. This fine highlighted the fact that cookies had been on the agenda for many Data Protection Authorities and the severity of the consequences for not following GDPR requirements. The implications of this case will have a lasting effect on the relations between European Data Protection Authorities and corporations, as well as the resources necessary to stay compliant.