💥 The French data protection watchdog CNIL revealed a major security breach affecting almost half of the French population.
Attackers targeted two third-party healthcare payment services, reportedly compromising the data of more than 33 million citizens.
The breach includes sensitive information such as the names of health insurers, dates of birth, marital status, social security numbers and details of individuals' insurance packages.
CNIL assures the public that no bank details, medical records, postal addresses, telephone numbers or email addresses were compromised… read more
📜 This major piece of legislation - the EU Data Act - came into force on 11 January 2024, and will apply from 12 September 2025.
Similar to the General Data Protection Regulation (GDPR), it applies equally to EU and non-EU businesses, even if they are not established in the European Union. However, unlike the GDPR, it applies to both personal and non-personal data.
Companies should not delay their implementation efforts ☝️ as the far-reaching data access/sharing and contractual obligations will affect their current internal business processes. This article by McDermott provides a good overview of the background, purpose and scope of the EU Data Act, key provisions, challenges and considerations… read more
Additional information on the Data Act and implications for the medical industry: https://www.fieldfisher.com/en/insights/the-data-act-20-month-count-down-has-started-how-does-it-affect-data-in-medical-devices
💣In 2023, more than 2,800 data breaches were reported. More than 8 billion records were compromised. Even when organisations have proactive security measures in place, many are missing critical controls - leaving corporate data vulnerable to breaches.
As a result, data must be 🛡️protected throughout its lifecycle (when it's created, accessed, shared, edited, etc.). This is a significant challenge for organisations as they scale and produce more data, requiring automation to be built into the tools that attempt to protect data. This article discusses best practices for comprehensive data protection…. read more
💡 Related content: Check out this Lexology article by Bird & Bird on Cybersecurity rules, as well as the Cyber Resilience Act (CRA), which will introduce new cyber security and cyber resilience obligations to protect digital products in the EU from cyber threats.
🕵️The recent €32 million fine imposed on Amazon by the French data protection authority for violating employees' privacy rights in the workplace is reigniting discussions about the 🚫 boundaries of acceptable employee monitoring practices and why companies often miss warning signs.
While workplace monitoring is permissible, it must be justified, proportionate and based on a lawful basis… read more
This Lexology article by Bird & Bird compares the EDPB and ICO's draft guidance on the calculation of GDPR fines.
The authors argue that the UK GDPR is still in line with the EU GDPR post-Brexit. Areas such as the seriousness of the breach, the amount of damage suffered, the intentional or negligent nature of the breach, the categories of personal data affected by the breach and the calculation of the appropriate fine are aspects that are discussed in more detail.
The ICO's public consultation closed in November 2023. The ICO will take the feedback into account in deciding whether any changes need to be made to the draft Data Protection Fining Guidance… read more
Stay tuned for more by 📌 connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.