Tag: Jonathan Armstrong

Blog

Cookies, Compliance and GDPR

Post author By admin
Post date February 27, 2023
No Comments on Cookies, Compliance and GDPR

Are you feeling overwhelmed by GDPR enforcement and data privacy regulations? Are you concerned about the implications of big tech companies, such as Facebook and Instagram, on the data privacy of your customers? The recent fines imposed on Meta, formerly known as Facebook, of €210,000,000 for Facebook and €180,000,000 for Instagram has created a ripple of concern across the globe. I recently had the opportunity to visit with Jonathan Armstrong, partner at Cordery Compliance to explore the implications of this ruling and provide practical steps that organizations can take to ensure they are abiding by GDPR compliance. Be prepared to take a deep dive into the world of Cookie and Online Behavioral Advertising, and learn how to protect your customer data.

Armstrong outline the three steps you need to follow to also get compliance and transparency:

Be transparent about how you handle personal data.
Look at your legal basis for processing data.
Look at any argument based on necessity carefully.

Be transparent about how you handle personal data.

Step 1 for GDPR compliance is to be transparent about how you handle personal data. In order to do this, organizations need to understand what data is being processed, where it is being stored, and how it is being used. Transparency is a core element of GDPR and companies need to ensure that they are providing clear information about their data processing activities to customers and other users of their services. Organizations need to look at the data flows to and from their services, as well as any third parties they are working with, in order to be fully transparent about what personal data they are collecting and how they are using it.

Companies should also look at the legal basis for processing data to ensure that it is compliant with GDPR. Furthermore, organizations should be careful to make sure that any arguments they make based on necessity are supported with evidence to prove that their use of data is necessary. Finally, companies should be aware of the potential risks of online advertising, particularly with big tech companies like Facebook and Instagram, and be cautious when booking online advertising campaigns.

Look at your legal basis for processing data.

Step 2 is to review the legal basis for processing data. To do so, you will need to go through your data processing activities and determine what the legal basis is for each of them. This can be done through a data inventory, which is a list of all the data you are collecting and using. This will help you to identify if you are processing data based on consent, contractual obligation, or some other legal basis.

Once you have identified the legal basis, you will need to make sure that the basis is GDPR compliant. This means that you must ensure that the legal basis is legitimate, freely given, and specific. You must also make sure that you are transparent with individuals about how their data is being used, that they have the right to access and control their data, and that you are providing adequate security for the data. Finally, you must ensure that you have the right processes in place to ensure that any data you are processing is done so in accordance with GDPR.

Look at any argument based on necessity carefully.

When looking at any argument based on necessity, it is important to look at it carefully in order to determine if it meets the requirements of GDPR. Necessity is defined in GDPR as the process of processing personal data necessary for the performance of a contract, or necessary for compliance with a legal obligation, or necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

When analyzing an argument based on necessity, it is important to take into account the specifics of the situation, and to ensure that the data processing is indeed necessary for the purpose it is being used for. Additionally, it is important to consider the rights of the data subject, and to ensure that any processing of their data does not override their fundamental rights and freedoms. If the argument is found to be valid and necessary, it is important to ensure that the data is processed in a transparent and secure manner, in accordance with the GDPR requirements.

For more information, check the podcast I did with Jonathan on this topic on Life with GDPR. Check out Cordery Compliance here.

Tags cookies, GDPR, Jonathan Armstrong, Meta

Life with GDPR

Cookies, Cookies & More Cookies

Post author By admin
Post date February 2, 2023
No Comments on Cookies, Cookies & More Cookies

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. Data protection has become a priority for many authorities with the French regulator, CNIL, recently issuing fines and penalties to Microsoft for not complying with the data protection laws. Changes were made to their practices in March 2022, and similar action was taken against Google and Amazon.

In this episode, we discuss the regulatory landscape for cookies which has become difficult for businesses to maneuver, requiring board-level oversight of data privacy, data protection, and data security. Together, these measures are deemed necessary in order to mitigate the biggest risks to organizations. Max Schrems and his pressure group were two of the key adjutants and had filed a substantial number of complaints. This eventually led to a large fine at the end of 2022, announced this month, from CNIL, the French Data Protection Regulator, against Microsoft, for €60 million. This fine highlighted the fact that cookies had been on the agenda for many Data Protection Authorities and the severity of the consequences for not following GDPR requirements. The implications of this case will have a lasting effect on the relations between European Data Protection Authorities and corporations, as well as the resources necessary to stay compliant.

Highlights include:

· [00:04:16] Microsoft’s Changes to Cookie Practices

· [00:09:21] Navigating Regulatory Landscapes for Businesses

· [00:14:21] The Importance of Data Privacy Board Oversight

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Tags CNIL, GDPR, Jonathan Armstrong, Max Schrems

FCPA Compliance Report

A Dark Day for Dechert

In this episode, I visit with Jonathan Armstrong, partner at Cordery Compliance in London. We consider the recent payment by the international law firm Dechert of £20 million for its conduct and that of its former partner Neil Gerrard in the ENCR affair. The matter was a dark day for Dechert and a black eye on the legal profession. Some of the highlights include:

Key areas we discuss on this podcast are:

· What were the failures of the law firm?

· What led to the £20 million interim payment?

· Will there be discipline against the law firm?

· What is the role of a law firm in overseeing investigations?

· How are the implications of holding investigative data under GDPR going forward?

· Who watches the watchers (and investigators)?

Resources

Jonathan Armstrong on Cordery Compliance

Hannah Walker in Law.com on the scandal

Tags Dechert, ENRC, Jonathan Armstrong, Neil Gerrard, SFO

FCPA Compliance Report

The EC Gang on the Monaco Doctrine

Post author By admin
Post date September 30, 2022
No Comments on The EC Gang on the Monaco Doctrine

In this special 5 part podcast series, I am deeply diving into the Monaco Memo and analyzing it from various angles. In this episode of the FCPA Compliance Report, we have the Award-Winning Everything Compliance quartet of Jonathan Marks, Jonathan Armstrong, Karen Woody, and Tom Fox on the Monaco Memo.

1. Tom Fox looks at the Monaco Memo through the monitorship language and answers a listener’s questions about compliance programs under the Monaco Memo.

2. Karen Woody reviews the Monaco Memo, the self-disclosure angle, and investigatory considerations and ponders the role of defense counsel going forward.

3. Jonathan Marks also looks at investigatory issues under the Monaco Memo, the role of the Board of Directors, and the role of the forensic auditor under the Monaco Memo.

4. Jonathan Armstrong’s self-disclosure from a UK angle joins Karen Woody in questioning how defense counsel should move forward.

Resources

Tom 5-Part blog post series in the FCPA Compliance and Ethics Blog

1. A Jolt for Compliance

2. Timely Self-Disclosure

3. Corporate Compliance Programs

4. Monitors

5. The Heat is On

Monaco Memo

Tags Board of Directors, BOD, Caremark Doctrine, CCO, compliance programs, DOJ, FCPA, investigations, Jonathan Armstrong, Jonathan Marks, Monaco Doctrine, Monaco Memo, monitors, SFO

Everything Compliance

Episode 104 – the Back to School Edition

Post author By admin
Post date September 8, 2022
No Comments on Episode 104 – the Back to School Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In 2021, Everything Compliance was honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jonathan Marks, Jonathan Armstrong, Jay Rosen and Matt Kelly on a variety of topics. We conclude with our fan Shout Outs and Rants section.

1. Jay Rosen looks at a recent report about the number and quality of SEC whistleblower awards. Rosen shouts out to scientists who are trying to create Oxygen from CO2 so that life can exist on Mars.

2. Matt Kelly discusses the Mudge whistleblower allegations regarding Twitter. Kelly shouts out to NASA engineers who scrubbed the space shuttle launch due to safety concerns.

3. Jonathan Marks considers the role of internal audit in M&A work specifically and how the Board should utilize internal audit more generally. Marks shouts out the 30the anniversary of the US Sentencing Guidelines.

4. Tom Fox shouts out the American League leading Houston Astros.

5. Jonathan Armstrong looks at the newly released Lloyd’s regulations around denial of coverage for cyber-attacks made by foreign governments and state actors. He shouts out to the British television show “Have I Got News” for skewering Boris Johnson with his own words.

The members of the Everything Compliance are:

• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

• Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

• Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

• Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

• Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Tags cyber-insurancy, internal audit, Jay Rosen, Jonathan Armstrong, Jonathan Marks, Lloyd's Of London, M&A, Matt Kelly, Mudge, SEC whistleblowers, twitter

Recent Posts

Recent Comments

Categories

What are you looking for?