Tag: GDPR

Categories
Daily Compliance News

Daily Compliance News: July 12, 2023 – The US-EU Data Sharing Agreement Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • EU-US agree on data sharing pact. (NYT)
  • EU privacy advocates slam pact.  (BBC)
  • Max Schrems slams back, vows legal challenge.  (YaHooNews)
  • Challenges to data sharing pact likely.  (Reuters)
Categories
Compliance and AI

Mastering ChatGPT: Part 2 – ChatGPT and Ethical AI

Welcome to a special five-part podcast series on mastering ChatGPT. My special guest throughout this journey is Larry Roberts, an accomplished professional with over 25 years of multifaceted experience. Having initiated his career in the corporate training sphere, he exhibited a remarkable shift to IT, contributing greatly as a Business Intelligence Analyst. His proficiency lies in harnessing predictive analytics for inventory and sales projections, which led him to tap into the realm of AI. In 2021, Larry chose to cozy up with podcasting and content creation. His tryst with ChatGPT began in November of the same year, and he has been fully engrossed with it since then. His insights into data models, large language models, and his overall passion for AI are certain to illuminate any forum.

In this Episode 2, we look at the ethical considerations of AI models such as ChatGPT.

In the age of AI, the ethical consequences of this transformative technology present pressing concerns for developers and industry professionals alike. In this episode 2, Tom and Larry shed light on the myriad ethical issues surrounding AI, from securing data privacy and GDPR compliance to mitigating the misuse of AI tools and addressing job displacement. There is a wealth of information and best practices to guide your ethical approach to AI, ensuring transparency, user control, and adaptability in a rapidly evolving landscape. Embark on this journey with us to ensure that the power of AI is harnessed responsibly, respecting every stakeholder’s rights and privacy.

In this episode, you will be able to:

  • Discover the crucial ethical questions surrounding AI and ChatGPT.
  • Uncover hidden truths about data privacy concerns and your control options.
  • Explore the significant role of GDPR and the collective effort required for privacy.
  • Understand how to combat the misuse of AI instruments through user collaboration.
  • Learn about AI ethics and why transparency, bias evaluation, and human supervision are paramount.

Key Highlights:    

  • Data Privacy
  • AI and Disinformation
  • Human in the Loop

Resources:

Larry Roberts

Larry Roberts on LinkedIn

Red Hat Media

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Life with GDPR

Life With GDPR – Joe Sullivan Sentence

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. Matt Kelly and Jonathan Marks join Tom and Jonathan Armstrong on this episode, as they explore the case of former Uber CISO Joe Sullivan and the lessons compliance officers can learn from his lenient sentence. From growing trends of personal accountability to conflict of interests, the hosts provide six tips for chief compliance officers to protect themselves, including rehearsing responses and seeking external advice when necessary. This eye-opening episode also delves into the challenges faced by compliance officers in situations like Etsy’s ransomware scheme and how they must be cautious with threat actors’ demands. Don’t miss out on this insightful episode that will leave you questioning whether Sullivan was unfairly punished and whether executives’ remuneration packages will receive greater scrutiny going forward. Tune in now to Life With GDPR.

 Key Takeaways:

·      The Joe Sullivan Uber Case and Lessons Learned

·      Individual Liability in Corporate Malpractice

·      Compensation and Conflicts of Interest

·      The Challenges of Compliance Officers in Wrongdoing Incidents

 Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn

Categories
Life with GDPR

Life with GDPR-$1 Billion Fine: Meta’s GDPR Violation

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they discuss the recent billion-dollar fine imposed on Meta (formerly Facebook) for violating data protection laws. They break down the significance of this ruling, which limits standard contractual clauses and requires due diligence checks when transferring data from the EU to the US. Discover the consequences and potential appeal arguments of the European Court of Justice’s ruling on data privacy. They delve into the challenges of harmonizing data protection authorities in the EU and how this affects corporations. Find out why the lack of consistency among regulators cannot be fixed overnight. Take advantage of the engaging and informative discussion that can help organizations navigate the complex landscape of GDPR and data privacy. Tune in to “Life with GDPR” now!

 Key Takeaways:

·      Facebook fined $1 billion for data transfer

·      Meta’s GDPR Noncompliance and Data Transfer Suspension

·      Irish Data Protection decision overruled by EDPB

·      Challenging GDPR court order in Ireland

·      Data Transfer from EU to US: Safe or Unsafe?

·      GDPR differences in privacy enforcement

 Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn

Categories
Life with GDPR

Life With GDPR: Class Action Update

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. Join them in this episode as they discuss the recent court decision in the Austrian case and its implications on GDPR claims. Discover the guidelines for GDPR damage compensation, assessment of damages, liability provisions, and how businesses can make themselves more robust to avoid such claims. They also delve into the importance of acting quickly in the event of a breach and insurers’ sophistication in cyberattack policies. Tune in to learn more, and check out the article on the quarterly compliance website. Don’t miss out on their engaging conversation and valuable insights!

 

Key Takeaways:

  • Understanding GDPR compensation claims
  • Insurance Claims and Breach Response Strategy
  • Cyber insurance is becoming more selective in writing cover

Notable Quotes:

“I would say when you have a title like that, you get the attention of many class action lawyers.”

“Not every infringement of GDPR automatically gives rise to compensation.”

“The right to compensation under GDPR needs 3 things. Firstly, an infringement of GDPR; secondly, material damage resulting; and thirdly, a causal link between the damage and the infringement.”

“If you haven’t got the right team in place, Even on New Year’s Day or Christmas day, Easter or Passover or, you know, during fasting, then that’s your fault, not ours, and regulators are not forgiving.”

 Resources:

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Connect with Tom Fox

Connect with Jonathan Armstrong

Categories
Daily Compliance News

Daily Compliance News: May 23, 2023 – The €1.2 Bn Fine Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Succession (in real life). (NYT)
  • Fired SFO investigator wins wrongful termination suit. (MLex)
  • Meta fined €1.2 billion by EU over GDPR violations (Cordery Compliance)
  • Court decision unsealed in whistleblower decision. (Bloomberg Law)
Categories
Life with GDPR

Life With GDPR: Data Transfer Update

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. Join them in this episode as they delve into the hot-button issue of data transfers from the EU to the US. With potential new rulings looming, the replacement for privacy shield is said to be doomed to fail. The European data protection board is investigating complaints against Google and Facebook that could affect up to 95% of US corporations using Google Analytics! How can your organization comply with GDPR regulations while avoiding the nearly €3 billion in fines levied since 2018, including practical tips such as conducting compliance checks and due diligence? Don’t miss the explosive potential of this episode and what it could mean for businesses around the world.

Key Takeaways:

·      Data transfers from the EU to the US and privacy concerns

·      Data Transfer Regulations & Compliance

·      Data Protection Compliance for Business Websites

·      Impending Large GDPR Fine

Notable Quotes:

“It is not going to get any easier anytime soon, unfortunately.”

“This case is likely to affect, I think, 95% of corporate America.”

“Regulators definitely have an appetite to investigate this.”

“I expect that the find that I’m hearing rumors of will tip us over the €300MM level.”

 Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go to their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Maria D’Avanzo on Privacy Issues in the US and Beyond

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Join Tom Fox, the host of FCPA Compliance Report, as he speaks with Maria D’Avanzo, Chief Evangelist Officer at Traliant about privacy issues in the US and around the world. Discover the challenges businesses face due to the lack of national law in the US, with multiple state laws led by California. Compare this to the EU, where GDPR has been in place since 2018, and similar laws have been implemented in other countries such as Singapore, Australia, and Brazil. Learn how GDPR has changed the way businesses handle privacy by making it a part of business processes. Discover the importance of consulting with a good outside counsel, especially for global privacy policy implementation.

Explore how to handle cybersecurity incidents and disclosure of information, as regulations on this topic are still developing. Hear from Maria on how to address these incidents internally and the importance of an incident response plan. Find out how collaborating with the Chief Information Security Officer is crucial in developing a specific plan for these incidents, including a group effort from various departments.

Hear about instances where organizations share confidential information or data, leading to legal backlash and damage to reputation. This section discusses the Tesla case and suggests a broader conversation about company culture may be necessary to prevent such privacy infringements. Don’t miss out on this insightful podcast and tune in now to get important insights into privacy and cybersecurity from two industry experts!

Key Highlights

·      The Evolution of Privacy Issues Post-GDPR

·      Navigating Privacy Laws and Meeting Legal Standards

·      Cybersecurity Incident Disclosure Decision Making

·      Importance of Cybersecurity Incident Response Plan

·      The Impact of Sharing Sensitive Information

Resources

Maria D’Avanzo on LinkedIn

Traliant

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Man Chooses the Target

Compliance Man Takes a EuroTrip – Geert Vermeulen on EU Whistleblower Directive

Compliance Man is back for a new season! Get ready for a EuroTrip with Tom Fox and Tim Khasanov-Batirov on their hit podcast, Compliance Man! In this episode, Compliance Man podcast hosts, Tom Fox, and Tim Khasanov-Batirov, speak with a compliance professional and founder of the Integrity Coordinator, Geert Vermeulen, about the challenges of implementing effective whistleblower policies in Europe. They discuss cultural differences, strict requirements on external whistleblowing, and the burden of proof on companies to show that retaliation did not occur. The speakers emphasize the importance of understanding cultural differences and developing precise policies to promote a speak-up culture. The conversation ends with a reflection on the evolution of whistleblower procedures in Europe and thoughts on where things might be headed in the future. This is a must-listen podcast for anyone interested in compliance and corporate culture.

Vermeulen highlights the challenge of implementing the directives into the national laws of member states, which has resulted in differences between states. Each state has its own specifications about what can be reported and what must not be reported. For instance, every state has different rules regarding protection against retaliation.

Here are some tips to help cope with this challenge:

1. Get familiarized with the national laws of the member states where your organization operates.

2. Set up a streamlined procedure and ensure that all employees are aware of the internal complaints and whistleblowing process.

3. Ensure that your whistleblowing process is confidential and that whistleblowers are protected against retaliation. 

Key Highlights

·      Lack of tradition of whistleblowing in Europe

·      Whistleblowing in emerging markets

·      One worldwide whistleblowing program?

·      Whistleblower protection and communication

·      Interplay of EU Whistleblower Directive and GDPR

·      The evolution of whistleblowing in Europe

 Resources

Geert Vermeulen on LinkedIn

The Integrity Coordinator

Tim Khasanov-Batirov on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Life with GDPR

DPO Update

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, host the award-winning Life with GDPR. In this episode, Tom and Jonathan discuss the Data Protection Officer (DPO) role in light of GDPR – an important requirement outlined in Article 37. They discuss how the European Court of Justice views the role, how Germany had a DPO system in place before GDPR, and that DPOs should be supported by their employer and protected against any potential conflicts of interest. They touch on the shortage of suitable DPOs due to the price and resource requirements of the role, as well as the example of a data protection authority showing up to an organization and finding a person who had been recently trained. Tune in to discover more key insights about the role of the DPO as you stay knowledgeable on GDPR compliance with Life with GDPR.

Key Takeaways:

European Court of Justice and the GDPR System [00:05:46]

DPO Roles and Responsibilities [00:10:50]

Data Protection Authority Visit to an Organization [00:15:26]

Notable Quotes:

  1. “The Role of a DPO, in simple terms, is to sort of act as a sort of police officer to police the organization’s handling of data.”
  2. “If you look at GDPR article 37 5, it says that a data protection officer must be designated on the basis of professional qualities. In particular, expert knowledge of data protection law and practices, and there’s a number of duties in Article 39 they have to be able to perform.”
  3. “Regulators will expect to see competency. And it’s probably easier for a regulator to judge competency than it is to judge conflict of interest.”
  4. “I think it is definitely worthwhile putting resources in training and also currency.”

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Connect with Tom Fox

Connect with Jonathan Armstrong