In certain cases, companies have an obligation to appoint a data protection officer. This obligation applies both to companies that process data themselves and to companies that process data from other companies. The data protection officer must also be recruited or outsourced by public authorities.
In January WhatsApp announced that it is changing its data policies so that the users only options are either to agree to their data policy and make data about them available to Facebook, the owner of WhatsApp, and any of its chosen third parties or not use the service. Grant Thornton Baltic's Head of Data Protection and Cybersecurity Maili Torma opens up the subject.
Cookies can't read data off your hard drive or cookie files created by other sites; they are one of the technologies tracking people’s behavior on the web.
On 16 July 2020, the European Union Court of Justice (CJEU) passed judgment C-311/18 (Schrems II), invalidating the US-EU certificate programme Privacy Shield, which ensures data transmission security.
In addition to the pandemic the 2020 is memorable as the year or record growth in cybercrime. According to the FBI the USA companies have reported a 400% growth in cyber-attacks and 68% more companies reported of fraud.
Most companies view an IT audit as an expense, but experts say in reality, it helps companies to save money – especially if it’s conducted at the right time. An IT audit is a possibility to obtain an external view of the information system in current use.
A new concept in Estonian legal system, administrative fine, was sent to coordination round to the relevant ministries by the Ministry of Justice. The new fine would enable a more effective response to violations of financial services, competition and data protection regulation in the future. Grant Thornton Baltic data protection officer Maili Torma and legal adviser Lee Laanemäe write about the potential changes awaiting us in the near future.
When you read about the draft ePrivacy Regulation it may appear as though all it does is regulate the use of cookies and manage direct marketing; but the draft ePrivacy Regulation also proposes more regulation of over-the-top (OTT) communications provides, such as Skype or WhatsApp.
How to protect your company? Five most important recommendations for ensuring cyber security. The biggest targets of these new brand of bandits are companies that own and process large amounts of data and companies whose cybersecurity measures are lagging behind the times.
The most talked about legislative piece last spring was undoubtedly the General Data Protection Regulation, or GDPR as it is known, which came in force 25 May 2018. As a regulation, it applies directly to all of the EU member states. Why did we need the GDPR, which if to believe popular opinion is an act of pointless bureaucracy, doesn’t improve the protection of privacy rights of individuals and increases the administrative burden of companies?
The date when the General Data Protection Regulation (GDPR) entered into force, May 25th, came and went with many companies still unsure about what needs to be done to be compliant with the GDPR.
According to the GDPR people have right to query data processors about the data they hold about them. People have right to ask what data a processor holds about them, for what purpose and what is done to the data. They also have a right to rectify and erase data. Data processor is obliged to reply within 30 days of the request being made to comply with the regulation.