Video surveillance is used on streets, vehicles, shops, offices – pretty much everywhere. Whenever anyone leaves home – and as soon as they close the door behind them – they can wind up on someone else’s camera footage. Even when hiking in the woods, it’s possible to be captured by a wildlife camera.
Having data protection affairs in order at a company ensures reliable and trustworthy relations with businesspartners and a stronger position at the negotiating table. On the other hand, problems can mean fines running into the millions of euros even long after the issues are resolved.
Many employers have questions about whether and to what extent personal data can be requested from employees in the context of the coronavirus pandemic. In this article, I highlight some practical questions and concepts that employers should factor into processing of employee personal data and provide advice on how to mitigate the main risks for both employer and employee.
In certain cases, companies have an obligation to appoint a data protection officer. This obligation applies both to companies that process data themselves and to companies that process data from other companies. The data protection officer must also be recruited or outsourced by public authorities.
In January WhatsApp announced that it is changing its data policies so that the users only options are either to agree to their data policy and make data about them available to Facebook, the owner of WhatsApp, and any of its chosen third parties or not use the service. Grant Thornton Baltic's Head of Data Protection and Cybersecurity Maili Torma opens up the subject.
Cookies can't read data off your hard drive or cookie files created by other sites; they are one of the technologies tracking people’s behavior on the web.
On 16 July 2020, the European Union Court of Justice (CJEU) passed judgment C-311/18 (Schrems II), invalidating the US-EU certificate programme Privacy Shield, which ensures data transmission security.
In addition to the pandemic the 2020 is memorable as the year or record growth in cybercrime. According to the FBI the USA companies have reported a 400% growth in cyber-attacks and 68% more companies reported of fraud.
Most companies view an IT audit as an expense, but experts say in reality, it helps companies to save money – especially if it’s conducted at the right time. An IT audit is a possibility to obtain an external view of the information system in current use.
A new concept in Estonian legal system, administrative fine, was sent to coordination round to the relevant ministries by the Ministry of Justice. The new fine would enable a more effective response to violations of financial services, competition and data protection regulation in the future. Grant Thornton Baltic data protection officer Maili Torma and legal adviser Lee Laanemäe write about the potential changes awaiting us in the near future.
When you read about the draft ePrivacy Regulation it may appear as though all it does is regulate the use of cookies and manage direct marketing; but the draft ePrivacy Regulation also proposes more regulation of over-the-top (OTT) communications provides, such as Skype or WhatsApp.
Despite one of the main goals of the EU General Data Protection Regulation (GDPR) being to harmonise data protection law across the EU, it does allow the individual member states to introduce broad derogations concerning national security, the prevention of crime and the enforcement of civil claims, when fundamental rights to data protection are guaranteed and derogations themselves are necessary and proportionate.
Although it is cold as I am writing this, spring is here and summer is right around the corner. A number of important events are on the way – the wildly popular Game of Thrones wrapped up its last season and the GDPR celebrated first birthday. What is the temperature like in Estonia in the field of personal data protection – lukewarm, ice-cold or smoking hot?
How to protect your company? Five most important recommendations for ensuring cyber security. The biggest targets of these new brand of bandits are companies that own and process large amounts of data and companies whose cybersecurity measures are lagging behind the times.
A year has passed since the General Data Protection Regulation (GDPR) entered into force on 25 May 2018. The main purpose of the regulation is to give individuals more control over what data about them is processed. The GDPR also applies to employment relations where the employer processes personal data of employees.
The most talked about legislative piece last spring was undoubtedly the General Data Protection Regulation, or GDPR as it is known, which came in force 25 May 2018. As a regulation, it applies directly to all of the EU member states. Why did we need the GDPR, which if to believe popular opinion is an act of pointless bureaucracy, doesn’t improve the protection of privacy rights of individuals and increases the administrative burden of companies?