Privacy Compliance Blog
The latest privacy compliance news, issues, resources and expert advice to save you time and mitigate risk
General Data Protection Regulation (GDPR)
Managing Data Breaches, Best Practices for an Accountability Approach
The CCPA, EU’s GDPR, Canada’s PIPEDA, Brazil’s General Data Protection Law, Australia’s notifiable data breach scheme are just a few examples of international data breach notification laws that have come into play in recent years.
CCPA, Nevada and the Ever-Changing US Landscape
When we did our last update on the status of US privacy legislation just a few weeks ago, there were 15 States with consumer privacy laws passed and/or bills on the table, including California (CCPA) and the most recent, Nevada (Act Relating to Internet Privacy).
GDPR to CCPA and beyond: Overcoming Challenges to Timely Privacy Compliance
Would you find it surprising that almost half of privacy officers consider building a privacy program as their top priority? Perhaps one would expect that privacy programs would have been built in the run-up to the GDPR (May 25, 2018).
New Report: Taking the Pulse of the Privacy Office
There has been no rest for privacy professionals coming out of last year’s GDPR compliance activities. With California (CCPA) and other jurisdictions bringing in new and/or amended privacy legislation, putting increasing demands on the privacy office, it isn’t surprising that privacy professionals are feeling anxious.
Reporting to the Board on Privacy: Practical Advice from a Chief Privacy Officer
Corporate directors and senior leaders take on a broad range of responsibilities when they join a company’s board. Privacy is increasingly becoming one of the issues board members are focusing on as part of their compliance and oversight obligations.
Are the CCPA and US state privacy laws causing anxiety? Move from “wait and see” to “take control” of your compliance
New privacy bills, amended bills, bills not making it out of committee, bills in debate in State Houses and Senates. The privacy regulatory environment in the US is changing on an almost daily basis.
Happy Birthday GDPR. At one year on, what have we learned?
Happy Birthday GDPR! It’s been one year since the European Union’s General Data Protection Regulation (GDPR) came into effect (May 25, 2018). What have we learned over this past year?
Recap: 2019 IAPP Global Privacy Summit
Last week, the Nymity team headed to beautiful Washington, DC as a platinum sponsor of the IAPP 2019 Global Privacy Summit.
Nymity Launches Next Generation Solutions Enabling Organizations To Minimize Time To Compliance
Nymity, Inc. announced the availability of its next generation of solutions built on Nymity’s integrated, research-driven, expert privacy platform, enabling organizations to minimize time to compliance with US, European and global privacy legislation.
GDPR, CCPA, LGPD, and more: Staying afloat in the sea of global privacy regulations
Aversion of this post originally appeared in CPO Magazine. The global privacy legislation landscape continues to be a complex sea to navigate. To date we have seen 117 omnibus laws (GDPR) and another 28 sectoral laws (CCPA) come into play.
Research: The Key Ingredient to a Successful Privacy Program
Your organization worked hard to complete compliance activities for the GDPR leading up to the May 25, 2018 deadline.
CCPA: Getting Past Stuck and Getting Started with Consumer Rights Requests
On the heels of the GDPR, The California Consumer Privacy Act (CCPA) is set to be one of the toughest privacy laws enacted in the US.
Reporting Data Privacy Obligations to Your Board
We get a lot of requests on how to report on data privacy obligations, especially as they gain more visibility with boards.
What’s in store for Privacy in 2019? – GDPR Enforcement, CCPA, LGPD & More
The rising wave in privacy regulations prompted by the GDPR is set to begin a new chapter on how personal data is handled.
OUR HIGHLIGHTS OF 2018
I don’t think any of us will soon forget May 25th, 2018. The EU GDPR was the first law with global repercussions, and it required extensive organizational changes.
Tracking The GDPR: How to Keep Up with National Law Developments, Q4 2018
To assist organisations in their ongoing compliance with the GDPR, we held the third in our series of webinars on keeping up with national law developments.
Data Retention Policies Demystified
At Nymity, we often get questions regarding the retention of personal data under various laws.
Making the Transition from Project to Program: How HID Global Complies with Multiple Privacy Laws
For multi-jurisdictional organisations, complying with the GDPR and other applicable laws, such as the upcoming CCPA, may seem daunting, but there is no time to waste.
Brexit – What Does the Future Hold for UK/EU Data Flows and Regulatory Cooperation?
The UK is set to leave the EU on 29 March next year. In the current minefield of UK and EU politics, nothing is absolutely certain, but it would take a minor miracle for this date to change.
How to Acquire Budget for Your Privacy Program
One of the most common questions we are asked is, “How do I make a business case to acquire budget for my privacy program?
The State of Play on GDPR Certifications
Last month we attended the IAPP’s Privacy Security Risk Conference in Austin, Texas. With the GDPR and upcoming CCPA, the conference seemed to focus more heavily on privacy than security.
From Privacy Project to Privacy Program: Learn How GM, Coca-Cola European Partners and Otter Products Leverage GDPR Initiatives to Comply with the CCPA and More
To comply with obligations under the GDPR (and the 700+ other global privacy laws), it is best to take an accountability approach.
Tracking The GDPR: How to Keep Up with National Law Developments 2018, Q3 2018
To assist organisations in their ongoing GDPR compliance journey, we held the second in our series of webinars on tracking the GDPR and how to keep up with national law developments.
Demonstrating Compliance with Multiple Laws, from GDPR to CCPA
The dust has barely settled on GDPR preparation, and another big law is coming down the pipeline that will affect organisations established in the state of California or doing business there.
Part 2: How to Take an Accountability Approach to Compliance with Multiple Laws (GDPR, CCPA and 700 more!)
Some organisations have been treating the GDPR as if it were a one time project with an end date of May 25th.
Part 1: How to Take an Accountability Approach to Compliance with Multiple Laws (GDPR, CCPA and 700 more!)
With the advent of the GDPR and the overwhelming attention it received, the layperson may have assumed it was the first privacy law ever to be passed.
It’s Not Too Late for GDPR Compliance, and There are Tools to Help
As the EU GDPR was coming into effect this year, there was much speculation as to how many companies were going to be prepared and compliant on May 25th.
Applying “Legitimate Interests” in Practice under the GDPR
In previous blogs, we have discussed the legitimate interests as a lawful ground for processing data under the GDPR.
Are You Ready to Report on GDPR Compliance? Part 2: Project Level Reporting
Accountability is the cornerstone of Regulatory Ready reporting, and it means effectively operationalising the use of appropriate technical and organisational measures to allow for reporting at the enterprise and project level.
Are You Ready to Report on GDPR Compliance? Part 1: Enterprise Level Reporting
Organisations had two years to prepare for GDPR compliance in the run-up to May 25, 2018. Now that the GDPR is in force, what will Regulators want to see? The question is no longer theoretical.
Are You Ready to Report on GDPR Compliance? Learn About Regulator Ready Reporting
Do you understand the minimum documentation requirements that a regulator will want to see if/when they come knocking on your door?
Demonstrating Compliance with both GDPR and CCPA
With the dust of the entry into application of the GDPR hardly settled, the data protection community is shaping up to deal with the next challenge: the California Consumer Privacy Act.
GDPR Breach Notification Is Here: What Now?
After years of anticipation, preparation, and countless hours of interpretation, the GDPR went into effect on May 25, 2018 and changed the data protection landscape for companies all around the world.
Large Scale Data Processing
As most people will have realised by now, the General Data Protection Regulation (GDPR) takes a risk-based approach.
TRACKING THE GDPR: How to Keep Up with National Law Developments
Almost three weeks have passed since the GDPR became applicable on May 25th. The days leading up to this date—and following it—have been a bit stressful for some organisations.
Run-up to May 25: The most downloaded resources from Nymity Templates™
The GDPR is now officially enforceable, following the implementation date of May 25, 2018.
The GDPR and Technological Innovation – Interparliamentary Committee Meeting, EU Parliament
In just over a week, the GDPR will finally be in full force. The deadline was a good reason for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs to host a joint session with representatives of the national parliaments of the EU Member States.
Processing Personal Data Under the GDPR Part 4: Lawful Use of “Legitimate Interests”
While the “legitimate interests” ground for processing can be lawfully applied in many cases, the processing must be subjected to a balancing test which involves looking at the nature and source of the legitimate interests on the one hand and the impact on the rights of the data subjects on the other hand.
Processing Personal Data Under the GDPR Part 3: Lawful Use of “Legitimate Interests”
As is the case with any number of principles within the data privacy sector, the concept of “legitimate interests” is not a black-and-white matter.
Processing Personal Data Under the GDPR Part 2: DPA Issued Guidance and Legitimate Interests in CJEU Case Law
The “legitimate interest” grounds for lawful processing is less a cut-and-dried approach.
Processing Personal Data Under the GDPR Part 1: Overview and Background
Organizations processing data have long relied “legitimate interest” as a lawful ground for processing.
Accountability and Demonstrating Compliance Under the GDPR: Two Case Studies
The accountability principle in Article 5 of the GDPR requires organisations to demonstrate compliance with all principles of the legislation.
A Practical Guide to Demonstrating Compliance Part 3: Common Approaches to Prioritising Compliance Tasks
The demonstration of compliance with a regulation like the GDPR is, by nature, an ongoing process that must be tailored to the unique functions of each organisation.
Nymity at the Global Privacy Summit 2018
As a proud platinum sponsor of this year’s Global Privacy Summit in Washington, D.C., the Nymity team was on the ground, actively interacting with attendees at our booth, as well as speaking as subject matter experts throughout the course of the event.
A Practical Guide to Demonstrating Compliance Part 2: Prioritising Accountability Obligations in Two Steps
The General Data Protection Regulation (GDPR) integrates accountability as a principle in Article 5(2) which requires organisations to demonstrate compliance with the principles of the GDPR.
A Practical Guide to Demonstrating Compliance Part 1: Understanding Key Privacy Management Concepts
The concept of “accountability” has emerged as a dominant theme in global privacy and data protection law, policy, and organizational practices and is considered fundamental to privacy management.
How to Choose the Right Privacy Software Vendor
While privacy management software is an invaluable tool for the privacy office, procuring the right solution from the right vendor can be a time-consuming process.
GDPR Article 30: Are you ready for the new records of processing activities requirements?
One of the main tenets of the GDPR is accountability; the obligation that companies be responsibility for the data they process and be able to demonstrate compliance.
GDPR Compliance: Only Four Months to Go. How Will You Prioritize Your Efforts?
By examining our most popular references on Nymity Research™, the status of GDPR compliance using Nymity Benchmarks™ and the most downloaded GDPR resources in Nymity Templates™, we are able to gain a birds-eye view of the issues that are currently top of mind for organisations facing GDPR implementation.
2018 Privacy Compliance Software Buyer’s Guide, Part 3: Privacy Management Software
For many organisations, privacy compliance software has become an invaluable tool in crafting effective privacy programs that span multiple privacy laws and multiple regulators.
2018 Privacy Compliance Software Buyer’s Guide, Part 2: Privacy Office Support Software
In many ways, complying with privacy laws is very straight-forward. Your organisation must: Understand your legal obligations; Build a privacy program made up of policies, procedures, and other relevant accountability mechanisms; and When there is sufficient volume and complexity, implement automated privacy management software.
2018 Privacy Compliance Software Buyer’s Guide, Part 1: Legal Research Software
Privacy Compliance Software is a key tool for organisations with operations across multiple jurisdictions, extensive privacy programs, or complex, high volume privacy management activities.
Nymity Featured in Business Reporter
2018 is officially underway, and for many organisations across the globe, GDPR compliance is being prioritized in anticipation of the May enforcement date.
Nymity Data Privacy Accountability Scorecard™
Accountability was first established as a privacy principle in 1980, when the Organisation for Economic Cooperation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Data Flow made organisations responsible for upholding the principles of the guidelines.
Top 10 Tips from the Nymity GDPR Compliance Webinar Series: Part 2
As we approach the 2018 enforcement date of the GDPR, organisations are swiftly progressing in their compliance preparations.
Top 10 Tips from the Nymity GDPR Compliance Webinar Series: Part 1
Nymity’s GDPR Compliance webinar series has drawn to a close as we reach the end of 2017.
GDPR and Vendor Management
Many organisations are currently struggling with vendor management under the GDPR. One thing is clear: A more detailed and continued scrutiny of your vendors is now required from a data protection perspective.
Top 5 Most-Downloaded Privacy Management Resources
As organisations continue their GDPR readiness, it can be helpful to gain an understanding of the technical and organisational measures that are currently undergoing development within other organisations.
Data Breach Response: Latest News from the European Union
Throughout the EU, member states are producing and updating their individual data security policies to align with the GDPR. One of the most important facets of any data privacy infrastructure is the breach response policy.
Beyond the GDPR: Current News in Regional Legislation
If your organisation is preparing to address GDPR compliance, you will also need to remain informed about the supporting legislation being developed separately in different countries across the EU.
Nymity’s GDPR Compliance Toolkit: A Two-Part Series - Part 2: Getting Down to Details
Addressing GDPR Readiness is a topic that’s front of mind for many organisations as 2017 winds down.
Nymity’s GDPR Compliance Toolkit: A Two-Part Series - Part 1: Are you ready for GDPR compliance?
Accountability is a key concept under the GDPR. An accountable organisation is one that is equipped to show how requirements are being met.
Certifying Your Privacy Program: Why and How?
What does it mean to “certify” under the GDPR? The certification of products, services, and privacy programs under GDPR is detailed in article 42 and 43.
39th International Conference of Data Protection and Privacy Commissioners: Part 2 of a 2-Part Series
In Part 1 of this blog series, we detailed the four main themes of the International Conference of Data Protection and Privacy Commissioners (ICDPPC) that took place recently in Hong Kong.
39th International Conference of Data Protection and Privacy Commissioners: Part 1 of a 2-Part Series
The Nymity team recently had the pleasure of attending the 39th International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Hong Kong.
Leverage Your GDPR Compliance Efforts to Support BCRs
Binding Corporate Rules (BCRs) have existed since 2003. They were developed by the European data protection authorities, to facilitate intra-group data transfers for multinationals.
“Demonstrating Compliance” to Regulators: What does it mean?
The GDPR is very clear on one thing: Organisations need to be able to demonstrate compliance with all requirements of the law.
Less than a Year to GDPR Compliance: Trends and Analysis from Real-World Activity
The GDPR is now less than one year away from coming into effect and organisations are eager to know where they stand compared to others.
The GDPR and Consent
In a recent webinar, we looked at the topic of consent and the GDPR. We discussed best practices for addressing compliance with consent requirements, and in particular we considered the ways in which an accountability approach can embed compliance mechanisms throughout the process of consent management.
How to Get Started and Demonstrate Compliance through an Accountability Approach: Part 3
In today’s final installment of our three-part series on Accountability, we will be examining how taking an accountability approach to privacy management assists in demonstrating compliance.
How to Get Started and Demonstrate Compliance through an Accountability Approach: Part 2
In Part 1 of this three-part series, we took a look at how the concept of Accountability has evolved over the years from simply achieving strict compliance with the laws, to being able to demonstrate compliance through a proactive approach to privacy management.
How to Get Started and Demonstrate Compliance through an Accountability Approach: A Three Part Series
In 1980, the original OECD Guidelines introduced the accountability principle. Twenty-five years later, it was also addressed in the 2005 APEC Privacy Framework.
Does the GDPR Require a Personal Data Inventory?
One of the most common areas where confusion seems to arise for our clients is surrounding the difference between a Personal Data Inventory and a Record of Processing Activities.
Satisfy GDPR PIA Requirements with an Accountability-Focused Approach
In our webinar, “Does the GDPR Require PIA’s? Only Sometimes”, we discussed the GDPR’s requirements, as well as a next generation approach to Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA), which is called an Accountability PIA.
Time-Saving Methods to Prioritise Your GDPR Compliance
Nymity’s approach has always been to focus on the “end goal” of the ability to demonstrate compliance.