Welcome to Our Blog

Are all these GDPR-consent emails even necessary?

In what appears to be panic mode, thousands of companies are pinging mailing lists to get affirmative opt-in consent from data subjects, ostensibly to comply with the EU General Data Protection Regulation. In particular, companies that don’t have clear documentation...

JPMorgan Chase sues Landry’s for $20M in data breach case

The Houston Chronicle reports JPMorgan Chase Bank has filed a breach-of-contract lawsuit against hospitality company Landry’s for $20 million. Several of Landry’s venues suffered a data breach between 2014 and 2015 compromising customers’ credit card...

LifeBridge Health suffers data breach affecting 500K patients

A hacker was able to access the servers belonging to LifeBridge Health, compromising the personal information of 500,000 patients, The Baltimore Sun reports. A forensic firm found the data breach took place Sept. 27, 2016. The affected information includes patients’...

Wheeler: US needs to catch up as GDPR goes into effect

In an op-ed for The Brookings Institution, former Federal Communications Commission Chairman Tom Wheeler writes about the U.S. needing to catch up to the European Union as the General Data Protection Regulation goes into effect. While U.S. citizens experience some of...

Freedom-of-information activists using GDPR in their favor

A team of volunteers is determined to unearth the algorithm used by German personal credit rating agency SCHUFA by requesting masses of data from the company, Reuters reports. Under the EU General Data Protection Regulation, companies are required to provide personal...

Op-ed: Malvertising will win under GDPR

In an article for MediaPost, Kean Graham writes that with the EU General Data Protection Regulation just days away, the real winner will be malvertisers who will now be able to target EU users who have not opted in during this flurry of consent emails. With the ad...

Determining the reporting line of the DPO

The role attributed to the data protection officer is one manifestation of the accountability principle of the General Data Protection Regulation. As such, the GDPR requires that the DPO exercises its functions independently and that he or she “shall directly report...

What role can internal auditors play in GDPR compliance?

Internal auditors ranked EU General Data Protection Regulation compliance as a top priority in the run-up to May 25, 2018. Knowing that penalties under the GDPR can amount to 4 percent of global annual turnover, many heads of internal audit are including a review of...

How to approach DPIAs under the GDPR

The guiding principles of the General Data Protection Regulation stimulate organizations to address the issue of compliance with an approach based on continuous risk assessment. The correct implementation of a GDPR compliance model obliges organizations to review the...

Implementing appropriate security under the GDPR

The GDPR is finally here, and things like data mapping, DPIAs, consent management, and data subject rights have been on everyone’s mind leading up to its arrival. While these operational requirements are obvious for many companies, some others have flown under the...